SMC Networks Edge-core ES4704BD Manual Download Page 224

Page: 224 / 859

224

port-security violation {protect |

shutdown}

no port-security violation

Set the violation mode for the port;

the “

no port-security violation

”

command restores the default

setting.

7.6.1.3 Command For MAC Address Binding configuration

7.6.1.3.1 clear port-security dynamic

Command: clear port-security dynamic [address <mac-addr> | interface

<interface-id> ]

Function:

Clear the Dynamic MAC addresses of the specified port.

Command mode: Admin Mode

Parameter: <mac-addr>

stands MAC address;

<interface-id>

for specified port number.

Usage Guide:

The secure port must be locked before dynamic MAC clearing operation

can be perform in specified port. If no ports and MAC are specified, then all dynamic

MAC in all locked secure ports will be cleared; if only port but no MAC address is

specified, then all MAC addresses in the specified port will be cleared.

Example:

Delete all dynamic MAC in port1.

Switch#clear port-security dynamic interface Ethernet 1/1

7.6.1.3.2 port-security

Command:port security

no port security

Function:

Enable MAC address binding function for the port and lock the port. When a

port is locked, the MAC address learning function for the port will be disabled: the “

port-security”

command disables the MAC address binding function for the port and

restores the MAC address learning function for the port.

Command mode:

Interface Mode

Default:

MAC address binding is not enabled by default.

Usage Guide:

The MAC address binding function, Spanning Tree and Port Aggregation

functions are mutually exclusive. Therefore, if MAC binding function for a port is to be

enabled, the Spanning Tree and Port Aggregation functions must be disabled, and the

port enabling MAC address binding must not be a Trunk port.

Example:

Enable MAC address binding function for port 1and and lock the port. When a

port is locked, the MAC address learning function for the port will be disabled.

Switch(Config)#interface Ethernet 1/1

Switch(Config-Ethernet1/1)#port security

7.6.1.3.3 port-security convert

Command: port-security convert

Summary of Contents for Edge-core ES4704BD

Page 1: ...1 www smc com ES4700 Series Chassis Core Routing Switch...

Page 2: ...es 4 and 10 slots with support for various types of line cards and can seamlessly support a variety of network interfaces from 100Mb 1000Mb to 10 GB Ethernet We are providing this manual for your bett...

Page 3: ...WEB MANAGEMENT 33 1 3 1 Main Page 33 1 3 2 Module Front Panel 33 CHAPTER 2 BASIC SWITCH CONFIGURATION 35 2 1 COMMANDS FOR BASIC SWITCH CONFIGURATION 35 2 1 1 Command For Basic Configuration 35 2 2 CO...

Page 4: ...bo Introduction 110 2 7 2 Jumbo Configuration Task Sequence 110 2 7 3 Jumbo Command 111 2 8 SFLOW CONFIGURATION 111 2 8 1 sFlow introduction 111 2 8 2 sFlow Configuration Task 112 2 8 3 Commands For s...

Page 5: ...sync 137 3 7 3 force switchover 137 3 7 4 reset slot 137 3 7 5 runcfg sync 138 3 7 6 show fan 138 3 7 7 show power 139 3 7 8 show slot 139 CHAPTER 4 PORT CONFIGURATION 140 4 1 INTRODUCTION TO PORT 140...

Page 6: ...LACP port group configuration 174 5 5 2 LACP port configuration 175 CHAPTER 6 VLAN CONFIGURATION 176 6 1 VLAN CONFIGURATION 176 6 1 1 Introduction to VLAN 176 6 1 2 VLAN Configuration Task List 177 6...

Page 7: ...6 4 Voice VLAN Troubleshooting 215 CHAPTER 7 MAC TABLE CONFIGURATION 216 7 1 INTRODUCTION TO MAC TABLE 216 7 1 1 Obtaining MAC Table 216 7 1 2 Forward or Filter 218 7 2 MAC ADDRESS TABLE CONFIGURATION...

Page 8: ...ing 245 8 3 21 spanning tree tcflush global mode 246 8 3 22 spanning tree tcflush port mode 246 8 4 MSTP EXAMPLE 247 8 5 MSTP TROUBLESHOOTING HELP 252 8 5 1 Monitor And Debug Command 252 8 6 WEB MANAG...

Page 9: ...URPF Configuration Task Sequence 325 10 4 4 Commands For URPF 326 10 4 5 URPF Troubleshooting 327 10 5 ARP 327 10 5 1 Introduction to ARP 327 10 5 2 ARP Configuration Task List 328 10 5 3 Command for...

Page 10: ...366 13 2 PREVENT ARP ND SPOOFING CONFIGURATION 366 13 2 1 Prevent ARP ND Spoofing Configuration Task List 366 13 3 COMMANDS FOR PREVENTING ARP ND SPOOFING 367 13 3 1 ip arp security updateprotect 367...

Page 11: ...iguration Task List 437 14 5 3 Commands For RIPng 440 14 5 4 RIPng Configuration Examples 445 14 5 5 RIPng Troubleshooting Help 447 14 6 OSPF 451 14 6 1 Introduction to OSPF 451 14 6 2 OSPF Configurat...

Page 12: ...ry mrsp 606 15 3 9 ip igmp snooping vlan query robustness 606 15 3 10 ip igmp snooping vlan suppression query time 606 15 4 IGMP SNOOPING EXAMPLE 607 15 5 IGMP SNOOPING TROUBLESHOOTING HELP 609 15 5 1...

Page 13: ...CSCM Configuration Task List 664 17 5 3 Command For ECSCM 667 17 5 4 ECSCM Configuration Examples 672 17 5 5 ECSCM Troubleshooting 673 17 6 IGMP 675 17 6 1 Introduction to IGMP 675 17 6 2 Configuratio...

Page 14: ...3 Access list Action and Global Default Action 747 19 2 ACL CONFIGURATION 747 19 2 1 ACL Configuration Task Sequence 747 19 2 2 Commands for ACL 760 19 3 ACL EXAMPLE 779 19 4 ACL TROUBLESHOOTING 780 1...

Page 15: ...vrrp 823 21 3 11 virtual ip 823 21 4 EXAMPLE OF VRRP 824 21 5 VRRP TROUBLESHOOTING 825 21 6 WEB MANAGEMENT 825 21 6 1 Create VRRP Number 825 21 6 2 configure VRRP Dummy IP 826 21 6 3 configure VRRP Po...

Page 16: ...ER 23 CLUSTER CONFIGURATION 848 23 1 INTRODUCTION TO CLUSTER 848 23 2 CLUSTER MANAGEMENT CONFIGURATION SEQUENCE 848 23 3 COMMANDS FOR CLUSTER 851 23 3 1 cluster run 851 23 3 2 cluster register timer 8...

Page 17: ...17 23 5 2 Cluster Administration Troubleshooting 859...

Page 18: ...address to the switch via the Console interface to be able to access the switch through Telnet The procedures for managing the switch via Console interface are listed below Step 1 setting up the envi...

Page 19: ...The example below is based on the HyperTerminal included in Windows XP 1 Click Start menu All Programs Accessories Communication HyperTerminal Fig 1 2 Opening HyperTerminal 2 Type a name for opening H...

Page 20: ...m 1 for stop bit and none for traffic control or you can also click Revert to default and click OK Fig 1 5 Opening HyperTerminal Step 3 Entering switch CLI interface Power on the switch The following...

Page 21: ...d management refers to the management by login to the switch using Telnet In band management enables management of the switch for some devices attached to the switch In the case when in band managemen...

Page 22: ...m the host and verify the result check for reasons if ping failed The IP address configuration commands for VLAN1 interface are listed below Before in band management the switch must be configured wit...

Page 23: ...ord for authorized Telnet users must be configured with the following command username user password 0 7 password Assume an authorized user in the switch has a username of test and password of test th...

Page 24: ...s such as a router Similar to management via Telnet as soon as the host succeeds to ping an IP address of the switch and to type the right login password it can access the switch via HTTP The configur...

Page 25: ...uld be in the square brackets Step 3 Logon to the switch To logon to the HTTP configuration interface valid login user name and password are required otherwise the switch will reject HTTP access This...

Page 26: ...26 Fig 1 10 Web Login Interface Input the right username and password and then the main Web configuration interface is shown as below Fig 1 11 Main Web Configuration Interface...

Page 27: ...nds are categorized according to their functions in switch configuration and management Each category represents a different configuration mode The Shell for the switch is described below z Configurat...

Page 28: ...return to User Mode When exit command is run it will exit the entry and enter user entry system direct Next users can reenter the system on entering corresponding user name and password Under Admin Mo...

Page 29: ...igure port channel related settings such as duplex mode speed etc Use the exit command to return to Global Mode 1 2 2 5 VLAN Mode Using the vlan vlan id command under Global Mode can enter the corresp...

Page 30: ...p command under Global Mode Switch Config Ext Nacl b Configure parameters for Extended IP ACL Mode Use the exit command to return to Global Mode 1 2 3 Configuration Syntax ES4700 series provides vario...

Page 31: ...ft right and Blank Space If the terminal does not recognize Up and Down keys ctrl p and ctrl n can be used instead Key s Function Back Space Delete a character before the cursor and the cursor moves b...

Page 32: ...eturned if the position should be a keyword then a set of keywords with brief description will be returned if the output is cr then the command is complete press Enter to run the command 3 A immediate...

Page 33: ...g config the system will report a Ambiguous command error if only show r is entered as Shell is unable to tell whether it is show rom or show running config Therefore Shell will only recognize the com...

Page 34: ...on the right of the page system information and command parameter are displayed Click the main menu link to browse other management links and to display configuration and statistic information Fig 1...

Page 35: ...is for exiting admin mode Admin Mode config terminal Enter global mode from admin mode Various Modes exit Exit current mode and enter previous mode such as using this command in global mode to go bac...

Page 36: ...g authentication login radius 2 1 1 2 calendar set Command calendar set HH MM SS DD MON YYYY MON DD YYYY Function Set system date and time Parameter HH MM SS is the current time and the valid scope fo...

Page 37: ...Mode from User Mode Command mode User Mode Usage Guide To prevent unauthorized access of non admin user user authentication is required i e Admin user password is required when entering Admin Mode fro...

Page 38: ...nges between 0 2147483 Command mode Global mode Default Default timeout is 10 minutes Usage guide To secure the switch as well to prevent malicious actions from unauthorized user the time will be coun...

Page 39: ...tch according to their own requirements Example Set the prompt to Test Switch Config hostname Test 2 1 1 12 ip host Command ip host hostname ip_addr no ip host hostname Function Set the mapping relati...

Page 40: ...nfiguation is for supplying a interface configured with HTTP for the user which is straight and visual esay to understand This command functions equal to selection 2 of the main menu in Setup mode to...

Page 41: ...cuting the command it insures that priority of one user is 15 if it uses username command configuration to login Only this can ensure that the user accesses from common mode to admin mode and modify s...

Page 42: ...parameter for ping Switch ping 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echos to 10 1 128 160 timeout is 2 seconds Success rate is 40 percent 2 5 round trip min avg max 0 0 0 ms As shown i...

Page 43: ...g packets on users demands When the ipv6 address is the local link address a vlan interface name is needed to be specified When specifying source IPv6 address the sent icmp query packets will use spec...

Page 44: ...s n Use source IPv6 address not used by default Source IPv6 address Source IPv6 IP address Repeat count 5 Number of ping packets to be sent 5 by default Datagram size in byte 56 Size of Ping packet 56...

Page 45: ...characters displayed in each screen on terminal vty The no service terminal length command cancels the screen shifting operation Parameter Columns of characters displayed on each screen of vty rangin...

Page 46: ...efers to non stop display Command mode Admin mode Default Default columns is 25 Usage guide Set columns of characters displayed in each screen on terminal so that the More message will be shown when d...

Page 47: ...mmand traceroute6 ipv6 addr host hostname hops hops timeout timeout Function This command is for testing the gateways passed by the data packets from the source device to the destination device so to...

Page 48: ...r can log in use name and priority after the command configures before login local command is executed Enable username and password it insures that priority of one user is maximum 15 so that users cou...

Page 49: ...ommand write Function Save the currently configured parameters to the Flash memory Command mode Admin Mode Usage Guide After a set of configuration with desired functions the setting should be saved t...

Page 50: ...ugh TCP connection This is a transparent service as to the user the keyboard and monitor seems to be connected to the remote host directly Telnet employs the Client Server mode the local system is the...

Page 51: ...t shown in dotted decimal notation ipv6 addr is the IPv6 address of the remote host hostname is the name of the remote host containing max 30 characters port is the port number ranging between 0 65535...

Page 52: ...or disable the Telnet client to login to the switch Example Disable the Telnet server function in the switch Switch Config no ip telnet server 2 2 3 3 3 telnet server securityip Command telnet server...

Page 53: ...n Task List 1 SSH Server Configuration Command Explanation Global Mode ssh server enable no ssh server enable Enable SSH function on the switch the no ssh server enable command disables SSH function s...

Page 54: ...ample Set the number of times for retrying SSH authentication to 5 Switch Config ssh server authentication retries 5 2 2 4 3 2 ssh server enable Command ssh server enable no ssh server enable Function...

Page 55: ...l Mode Default SSH authentication timeout is 180 seconds by default Example Set SSH authentication timeout to 240 seconds Switch Config ssh server timeout 240 2 2 4 3 5 ssh user Command ssh user usern...

Page 56: ...ress if the first hop returns an ICMP error message to inform this packet can not be sent due to TTL timeout a data packet with TTL at 2 will be sent Also the send hop may be a TTL timeout return but...

Page 57: ...e show calendar Display current system clock show debugging Display the debugging state dir Display the files and the sizes saved in the flash show history Display the recent user input history comman...

Page 58: ...e and time so that the system clock can be adjusted in time if inaccuracy occurs Example Switch show calendar Current time is TUE AUG 22 11 00 01 2002 2 2 7 1 2 show debugging Command show debugging F...

Page 59: ...of words 64 002100 0000 0000 0000 0000 0000 0000 0000 0000 002110 0000 0000 0000 0000 0000 0000 0000 0000 002120 0000 0000 0000 0000 0000 0000 0000 0000 002130 0000 0000 0000 0000 0000 0000 0000 0000...

Page 60: ...e next power up Default If the configuration parameters read from the Flash are the same as the default operating parameter nothing will be displayed Command mode Admin Mode Usage Guide The show runni...

Page 61: ...on Display all user information that can login the switch Usage Guide This command can be used to check for all user information that can login the switch Example Switch show users User level havePasw...

Page 62: ...rameter where the range of unit is 1 Function Display the switch version Default The default value for unit is 1 Command mode Admin Mode Usage Guide Use this command to view the version information fo...

Page 63: ...maintenance z Assign a proper log buffer zone inside the switch for record the log information permanently or temporarily z Configure the log host the log system will directly send the log informatio...

Page 64: ...log information by severity level is that only the log information with level equal to or higher than the threshold will be outputted So when the severity threshold is set to debugging all information...

Page 65: ...n NVRAM and SDRAM log buffer zone we can use the clear logging command 2 2 9 2 System Log Configuration 2 2 9 2 1 System Log Configuration Task Sequence 1 Display and clear log buffer zone 2 Configure...

Page 66: ...nnel and related to the main control chip M1 with index ID between 940 and 946 Switch show logging buffered slot M1 level critical range 940 946 Log information on Active Master Current messages in NV...

Page 67: ...everity is the severity threshold of the log information severity level The rule of the log information output is explained as follows only those with a level equal to or higher than the threshold wil...

Page 68: ...d save the log in the record equipment local7 Configuration procedure Switch Config interface Ethernet 0 Switch Config Ethernet0 ipv6 address 3ffe 506 1 64 Switch Config Ethernet0 exit Switch Config l...

Page 69: ...face IP address the no ip address ip_address mask secondary command deletes VLAN interface IP address 2 BootP configuration Command Explanation ip address bootp no ip address bootp Enable the switch t...

Page 70: ...128 1 255 255 255 0 Switch Config If Vlan1 exit 2 3 2 2 ip address bootp client Command ip address bootp client no ip address bootp client Function Enable the switch to be a BootP client and obtain I...

Page 71: ...by vast numbers of manufacturers for its simplicity and easy implementation SNMP v2c is an enhanced version of SNMP v1 which supports layered network management SNMP v3 strengthens the security by add...

Page 72: ...the messages can t be viewed on transmission And USM authentication ensures that the messages can t be changed on transmission USM employs DES CBC cryptography And HMAC MD5 and HMAC SHA are used for a...

Page 73: ...ontains sub trees which are called groups Objects in those groups cover all the functional domains in network management NMS obtains the network management information by visiting the MIB of SNMP Agen...

Page 74: ...user 6 Configure group 7 Configure view 8 Configuring TRAP 9 Enable Disable RMON 1 Enable or disable SNMP Agent server function Command Explanation snmp server no snmp server Enable the SNMP Agent fu...

Page 75: ...group string NoauthNopriv AuthNopriv AuthPriv read read string write write string notify notify string no snmp server group group string NoauthNopriv AuthNopriv AuthPriv Set the group information on...

Page 76: ...RMON the no rmon enable command disables RMON Command mode Global Mode Default RMON is disabled by default Example 1 Enable RMON Switch config rmon enable Example 2 Disable RMON Switch config no rmon...

Page 77: ...of encoding error packets number of requested variablest Number of variables requested by NMS number of altered variables Number of variables set by NMS get request PDUs Number of packets received by...

Page 78: ...IP address of the NMS which is allowed to access Agent 2 4 3 4 snmp server community Command snmp server community string ro rw snmp server community string Function Configure the community string for...

Page 79: ...s Command snmp server enable traps no snmp server enable traps Function Enable the switch to send Trap message the no snmp server enable traps command disables the switch to send Trap message Command...

Page 80: ...e RMON event group has no community character string configured the community character string configured in this command will be applied when sending the Trap of RMON and if the community character s...

Page 81: ...mple Switch show snmp engineid SNMP engineID 3138633303f1276c Engine Boots is 1 Displayed Information Explanation SNMP engineID Engine number Engine Boots Engine boot counts 2 4 3 11 show snmp group C...

Page 82: ...Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 2 4 3 14 show snmp vi...

Page 83: ...ion This command is used to configure a new group the no form of this command deletes this group Command Mode Global Mode Parameter group string group name which includes 1 32 characters NoauthNopriv...

Page 84: ...de Global Mode Parameter view string view name containing 1 32 characters oid string is OID number or corresponding node name containing 1 255 characters include exclude include exclude this OID Usage...

Page 85: ...d5 hello deletes an User Switch Config no snmp server user tester UserGroup 2 4 3 20 snmp server securityip Command snmp server securityip ipv4 address ipv6 address no snmp server securityip ipv4 addr...

Page 86: ...to access the switch with read only permission Scenario 2 NMS will receive Trap messages from the switch Note NMS may have community string verification for the Trap messages In this scenario the NMS...

Page 87: ...server securityip command and community string use snmp server community command are correctly configured as any of them fails SNMP will not be able to communicate with NMS properly If Trap function i...

Page 88: ...stem image file and the boot file is the same The switch supplies the user with two modes of updating 1 BootROM mode 2 TFTP and FTP update at Shell mode This two update method will be explained in det...

Page 89: ...8 1 2 24 and PC address is 192 168 1 66 24 and select TFTP upgrade the configuration should like Boot setconfig Host IP Address 10 1 1 1 192 168 1 2 Server IP Address 10 1 1 2 192 168 1 66 FTP 1 or TF...

Page 90: ...01 01 00 00 00 SH boot conf 83 1900 01 01 00 00 00 SH nos img 2 431 631 1980 01 01 00 21 34 startup config 2 922 1980 01 01 00 09 14 temp img 2 431 631 1980 01 01 00 00 32 2 CONFIG RUN command Used to...

Page 91: ...anagement connection notify the server to establish a passive connection The server then create its own data listening port and inform the client about the port and the client establishes data connect...

Page 92: ...tion file stores in FLASH only corresponding to the so called configuration save To prevent illicit file upload and easier configuration ES4700 series mandates the name of start up configuration file...

Page 93: ...rl destination url ascii binary FTP TFTP client upload download file 2 For FTP client server file list can be checked Global Mode dir ftpServerUrl For FTP client server file list can be checked FtpSer...

Page 94: ...es or directories to be copied destination url is the destination address to which the files or directories to be copied forms of source url and destination url vary depending on different locations o...

Page 95: ...3 2 2 2 copy TFTP Command copy source url destination url ascii binary Function Download files to the TFTP client Parameter source url is the location of the source files or directories to be cop ied...

Page 96: ...h copy running config startup config 2 5 3 2 2 3 dir Command dir ftp server url Function Browse the file list on the FTP server Parameter The form of ftp server url is ftp username password ipv4a ddre...

Page 97: ...ds this limit the FTP management connection will be disconnected Example Modify the idle threshold to 100 seconds Switch config Switch Config ftp server timeout 100 2 5 3 2 2 6 show ftp Command show f...

Page 98: ...on number Command tftp server retransmission number number Function Set the retransmission time for TFTP server Parameter number is the time to re transfer the valid range is 1 to 20 Default The defau...

Page 99: ...he computer The configuration procedures of the switch is listed below Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config...

Page 100: ...e computer Scenario 3 The switch is used as TFTP server The switch operates as the TFTP server and connects from one of its ports to a computer which is a TFTP client Transfer the nos img file in the...

Page 101: ...uter downloaded to the FLASH TFTP Configuration Computer side configuration Start TFTP server software on the computer and place nos img boot rom and startup config to the appropriate TFTP server dire...

Page 102: ...shell maintenance statistics xls some display omitted here show txt snmp TXT 226 Transfer complete 2 5 5 FTP TFTP Troubleshooting Help 2 5 5 1 FTP Troubleshooting Help When upload download system fil...

Page 103: ...s successful otherwise the switch may be rendered unable to start If the system file and system start up file upgrade through FTP fails please try to upgrade again or use the BootROM mode to upgrade 2...

Page 104: ...ice which is a simple but effective destructive attack on the internet The server under DoS attack will drop normal user data packet due to non stop processing the attacker s data packet leading to th...

Page 105: ...ent This command has no effect when used separately but if this function is not enabled the switch will not drop the IPv4 fragment packet containing unauthorized TCP labels 2 6 2 3 Anti Port Cheat Fun...

Page 106: ...igure the max permitted ICMPv4 net length This command has not effect when used separately the user have to enable the dosattack check icmp attacking enable dosattack check icmpv6 size size dosattack...

Page 107: ...s destination port Switch Config dosattack check ipv4 first fragment enable Switch Config dosattack check srcport equal dstport enable 2 6 3 3 dosattack check tcp flags enable Command no dosattack che...

Page 108: ...Enable the function by which the switch detects TCP fragment attacks the no form of this command disables this function Parameter None Default This function is not enabled on the switch by default Com...

Page 109: ...ttack check icmpv4 size Command dosattack check icmpv4 size size Function Configure the max net length of the ICMPv4 data packet permitted by the switch Parameter size is the max net length of the ICM...

Page 110: ...r than 100 Configuration procedure Switch Config dosattack check srcip equal dstip enable Switch Config dosattack check srcport equal dstport enable Switch Config dosattack check ipv4 first fragment e...

Page 111: ...sFlow introduction The sFlow RFC 3176 is a protocol based on standard network export and used on monitoring the network traffic information developed by the InMon Company The monitored switch or route...

Page 112: ...Configuration Task 1 Configure sFlow Collector address Command Explanation Global mode and interface mode sflow destionation collector address collector port no sflow destionation Configure the IP add...

Page 113: ...n sFlow the no form of this command restores to the default 6 Configure the sampling rate value Command Explanation Interface Mode sflow rate input input rate output output rate no sflow rate input ou...

Page 114: ...ould be configured to let the sFlow sample proxy work properly Example Configure the analyzer address and port at global mode switch config sflow destionation 192 168 1 200 1025 2 8 3 2 sflow agent ad...

Page 115: ...be identified whether it is IPv4 or IPv6 when sent to the CPU certain length of the head of the group has to be copied to the sFlow packet and sent out The length of the copied content is configured...

Page 116: ...of the sFlow hardware sampling The no form of this command deletes the sampling rate value Parameter input rate is the rate of ingress group sampling the valid range is 1000 16383500 output rate is t...

Page 117: ...is 2 The priority of sFlow when receiving packets from the hardware is 2 Sflow DataSource type 2 index 194 Ethernet3 2 One sample proxy data source of the sFlow is the interface e3 1 and its type is...

Page 118: ...s 10 1 144 2 Switch config sflow destionation 192 168 1 200 Switch config sflow priority 1 Switch config config in e3 1 Switch Config If Ethernet3 1 sflow rate input 10000 Switch Config If Ethernet3 1...

Page 119: ...of TACACS protocol is adopted with TCP protocol further with the packet head except for standard packet head encryption this protocol is of a more reliable transmission and encryption characteristics...

Page 120: ...and deletes TACACS authentication server Parameter ip address is the IPof the server port number is the listening port number of the server the valid range is 0 65535 amongst 0 indicates it will not b...

Page 121: ...cacs server timeout seconds no tacacs server timeout Function Configure a TACACS server authentication timeout timer the no tacacs server timeout command restores the default configuration Parameter s...

Page 122: ...Switch Config interface vlan 1 Switch Config if vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config if vlan1 exit Switch Config tacacs server authentication host 10 1 1 3 Switch Config tacacs serve...

Page 123: ...mpts of command line interface and the mapping address relationship with the host Basic clock configuration configure date and clock of the system Users should configure HH MM SS as 23 0 0 and YY MM D...

Page 124: ...priority as Read only mode and choose State as Valid or configure Community string as private choose Access priority as Read and write mode and choose State as Valid The command will be applied to th...

Page 125: ...s which will be allowed to access to the NMS management station of the switch 5 4 4 2 6 z Security ip address Security IP address of NMS z State Valid to configure Invalid to remove Example configure...

Page 126: ...ate allows device to send Trap messages Example choose Snmp Agent state as Open choose RMON state as Open and choose Trap state as Open Then click on the Apply button 2 10 3 Switch upgrade Users shoul...

Page 127: ...t files by using ASCII standard binary means the files are transmitted in the binary standard Example the Figure below shows how to get the system file from TFTP Server 10 1 1 1 which has server file...

Page 128: ...ocal file name nos img The ftp username is switch and password is switch Click Apply 2 10 3 4 FTP server configuration Users should click Switch basic configuration and FTP server service to enter int...

Page 129: ...telnet login to display the Telnet client messages connected through Telnet with the switch z Show telnet user to display all Telnet client messages with authenticated switch access through Telnet z S...

Page 130: ...asier to configure Users just click a configuration node and the relating messages will appear Example to display the clock to display FLASH files 2 10 5 Basic introduction to switch Users should clic...

Page 131: ...unning config Users should save the current running config by clicking Switch maintenance Save current running config and Apply 2 10 6 3 Reboot Users should reboot the switch by clicking Switch mainte...

Page 132: ...ther the password is encrypted when displaying configuration information Operation includes Remove user and Add user Example set the Telnet user name as switch and password as switch and then click on...

Page 133: ...ter control board in the smaller slot number becomes the Active Master and the other board becomes the Standby Master 3 2 Device Management Configuration 3 2 1 Switch Basic Configuration Command reset...

Page 134: ...ion is RW 1 3 2 hardware version is 1 1 bootrom version is 1 3 1 serialNo is N043900039 manufactureDate is 2004 09 10 temperature is 33 4375 3 3 1 2 show fan Command show fan Function to display wheth...

Page 135: ...ment packets receive displays incoming device management packets state displays card status change information Default Debugging information is disabled by default Command mode Admin Mode 3 4 Card Hot...

Page 136: ...ll be lost upon system restart When the system is operating normally and the user hot inserts a card into a slot with a different card inserted previously the system will not reload configuration if t...

Page 137: ...rce runcfg sync Function Enforce the synchronizing running config from active master to standby master Command Mode Admin mode Usage Guide When the running config varies from the startup configure thi...

Page 138: ...s Command Mode Global mode Default Auto synchronization function disabled by default Usage Guide This command is for configuring the interval between which the active master synchronizes the running c...

Page 139: ...ction Show basic informations of each chips Parameter slotno is the number of the slot the chip resides ranging between 1 4 for 4 slots device or 1 8 for 8 slots device Default All chip information wi...

Page 140: ...l characters such as or can be used to separate ports is used for discrete port numbers and is used for consecutive port numbers Suppose an operation should be performed on ports 2 3 4 5 of the card i...

Page 141: ...le types 5 Configure port speed and duplex mode 6 Configure bandwidth control 7 Configure traffic control 8 Enable Disable port loopback function 9 Configure broadcast storm control function for the s...

Page 142: ...dwidth used for incoming outgoing traffic for specified ports flow control no flow control Enables Disables traffic control function for specified ports loopback no loopback Enables Disables loopback...

Page 143: ...P preferred Fiber connected copper not connected Copper cable port Fiber cable port Fiber cable port Fiber cable port Copper connected fiber not connected Copper cable port Copper cable port Fiber cab...

Page 144: ...h should not exceeds 32 characters Command Mode Port Mode Default No port name by default Usage Guide This command is for helping the use manage switches such as the user assign names according to the...

Page 145: ...interface Ethernet Command interface ethernet interface list Function Enters Ethernet Interface Mode from Global Mode Parameters interface list stands for port number Command mode Global Mode Usage Gu...

Page 146: ...mmand negotiation on off Function Enables Disables the auto negotiation function of a 1000Base T port Parameters on to enable auto negotiation off to disable auto negotiation Command mode Port configu...

Page 147: ...he no rate suppression command disables this traffic throttle function on all ports in the switch i e enables broadcasts multicasts and unknown destination unicasts to pass through the switch at line...

Page 148: ...data packets while for vlan interfaces the port MAC address IP address and the statistic state of the data packet will be shown for aggregated port port speed rate duplex mode flow control switch stat...

Page 149: ...de Port configuration Mode Default Auto negotiation for speed and duplex mode is set by default Usage Guide This command applies to 1000Base TX or 100Base TX ports only speed duplex command is not ava...

Page 150: ...nterface 4 2 2 2 Command For Vlan Interface 4 2 2 2 1 interface vlan Command interface vlan vlan id no interface vlan vlan id Function Enters Interface Mode the no interface vlan vlan id command delet...

Page 151: ...rimary IP address but multiple secondary IP addresses Both primary IP address and secondary IP addresses can be used for SNMP Web Telnet management In addition ES4700 series allows IP addresses to be...

Page 152: ...loopback Enables Disables loopback test function for network management port ip address ip address mask no ip address ip address mask Configures or cancels the IP address for network management port 4...

Page 153: ...t configuration mode from Global Mode Parameters interface name stands for port number the default value is 0 Command mode Global Mode Usage Guide Run the exit command to exit the network management I...

Page 154: ...work management port is shut down no data frames are sent in the port and the port status displayed when the user typed show interface command is down Example Enable the network management interface S...

Page 155: ...nitor and manage the network and diagnostic ES4700 series support one mirror destination port only The number of mirror source ports are not limited one or more may be used Multiple source ports can b...

Page 156: ...everal ports their direction can vary but have to be configured by several times The speed rate of the mirror source port and the destination port should be the same or else the packet may be lost Exa...

Page 157: ...ll mirror destination port SwitchC 1 10 100Mbps full The configurations are listed below SwitchA SwitchA Config interface ethernet 1 7 SwitchA Config If Ethernet1 7 rate limit 150 input SwitchB Switch...

Page 158: ...ent setup port speed duplexes and so on 4 6 1 Ethernet port configuration Click Port configuration Ethernet port configuration to open the Ethernet port configuration management table to configure Eth...

Page 159: ...iguration Ethernet port configuration Bandwidth control and proceed to do port bandwidth control 1 z Port Specifies configuration port z Bandwidth control level port bandwidth control The unit is Mbps...

Page 160: ...on type add delete address Example Assign Port as Vlan10 port IP address as 192 168 1 180 Port network mask as 255 255 255 0 Port status as no shutdown Operation type selection as Add address then cli...

Page 161: ...up source interface list as Ethernet ports 1 1 4 and the mirroring direction as rx Click Apply button and this port will be added into the monitor session Click the Default button to delete this port...

Page 162: ...162 Click Port configuration Port debug and maintenance Show port information to check the statistic information of the receiving sending data packet information of the port...

Page 163: ...t by the user and can not only add network s bandwidth but also provide link backup Port aggregation is usually used when the switch is connected to routers PCs or other switches Fig 5 1 Port aggregat...

Page 164: ...ith switch hardware ES4700 series allow physical port aggregation of any two switches maximum 8 port groups and 8 ports in each port group are supported Once ports are aggregated they can be used as a...

Page 165: ...be displayed Example Enable LACP debug Switch debug lacp 5 2 2 2 port group Command port group port group number load balance src mac dst mac dst src mac src ip dst ip dst src ip no port group port g...

Page 166: ...ode active passive on no port group port group number Function Adds a physical port to port channel the no port group port group number removes specified port from the port channel Parameters port gro...

Page 167: ...then the configuration to current port will apply to all member ports in the corresponding port group Example Entering configuration mode for port channel 1 Switch Config interface port channel 1 Swi...

Page 168: ...e as follows mac_type ETH_TYPE speed_type ETH_SPEED_100M duplex_type FULL port_type ACCESS the machine state and port state of the port are as the follow mux_state DETCH rcvm_state P_DIS prm_state NO_...

Page 169: ...uplex mode full duplex and half duplex port_type Port VLAN property access port or trunk port mux_state Status of port binding status machine rcvm_state Status of port receiving status machine prm_sta...

Page 170: ...y LACP activety Whether port is added to the group in active mode 1 for yes LACP timeout Port timeout mode 1 for short timeout Aggregation Whether aggregation is possible for the port 0 for independen...

Page 171: ...rt Port that is in standby status which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit thus the port status is standby instead of selected 5...

Page 172: ...rface port channel 2 SwitchB Config If Port Channel2 Configuration result Shell prompts ports aggregated successfully after a while now ports 1 2 3 4of Switch 1 form an aggregated port named Port Chan...

Page 173: ...joined forcedly switch in other ends won t exchange LACP BPDU to complete aggregation Aggregation finishes immediately when the command to add port 2 to port group 1 is entered port 1 and port 2 aggre...

Page 174: ...her thing to be noted is that if both ends are configured with LACP then at least one of them should be in ACTIVE mode otherwise LACP packet won t be initiated LACP cannot be used on ports with Securi...

Page 175: ...enter configuration page Click Apply button to add port into the group Display port member Select a group num in port configuration and the information of port member will be shown under the configur...

Page 176: ...eries is implemented following IEEE 802 1Q The key idea of VLAN technology is that a large LAN can be partitioned into many separate broadcast domains dynamically to meet the demands Fig 6 1 A VLAN ne...

Page 177: ...et Access port 6 Enable Disable VLAN ingress rules on ports 7 Configure Private VLAN 8 Set Private VLAN association 1 Creating or deleting VLAN 2 Assigning Switch ports for VLAN 3 Set The Switch Port...

Page 178: ...nk native vlan Set delete PVID for Trunk port Command Explanation Interface Mode switchport access vlan vlan id no switchport access vlan Add the current port to specified VLAN the specified VLANs The...

Page 179: ...N configuration Parameter primary set current VLAN to Primary VLAN isolated set current VLAN to Isolated VLAN community set current VLAN to Community VLAN Command Mode VLAN mode Default There are thre...

Page 180: ...ommand can only used for Private VLAN The ports in Secondary VLANs which are associated to Primary VLAN can communicate to the ports in Primary VLAN Before setting Private VLAN association three types...

Page 181: ...s 2 Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN type statically configured or dynamically learned Media VLAN interface type Ethernet Ports Access port within a VLAN Uni...

Page 182: ...are normal ports and can join a VLAN but a port can only join one VLAN for a time Example Assign Ethernet port 1 3 4 7 8 of slot 1 to VLAN100 Switch Config Vlan100 switchport interface ethernet 1 1 3...

Page 183: ...rnet 1 5 Switch Config ethernet1 5 switchport mode trunk Switch Config ethernet1 5 switchport trunk allowed vlan 1 3 5 20 Switch Config ethernet1 5 exit 6 1 3 9 switchport trunk native vlan Command sw...

Page 184: ...ds the data to the destination port if it is a VLAN member port Example Disable VLAN ingress rules on the port Switch Config Ethernet1 1 no switchport ingress filtering 6 1 4 Typical VLAN Application...

Page 185: ...2 switchport interface ethernet 1 2 4 Switch Config Vlan2 exit Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 1 5 7 Switch Config Vlan100 exit Switch Config vlan 200 Switch...

Page 186: ...plication based on GARP working mechanism It is responsible for the maintenance of dynamic VLAN register information and population of such register information to the other switches Switches support...

Page 187: ...P function globally and for Trunk port 1 10 Switch Config bridge ext gvrp Switch Config interface ethernet 1 10 Switch Config Ethernet1 10 bridge ext gvrp Command Explanation Interface Mode bridge ext...

Page 188: ...to 327650 ms Command mode Interface Mode Default The default value for hold timer is 100 ms Usage Guide When GARP application entities receive a join message join message will not be sent immediately...

Page 189: ...Besides the value of leave timer must be twice larger than the join timer Otherwise an error message will be displayed Example Set the GARP leave timer value of port 1 10 to 3000 ms Switch Config Eth...

Page 190: ...tch show garp timer 6 2 3 8 show gvrp configuration Command show gvrp configuration interface name Function Display the global and port information for GVRP Parameter interface nam stands for the name...

Page 191: ...00 entries Configuration Item Configuration description VLAN100 Port 2 6 of Switch A and C Trunk port Port 11 of Switch A and C Port 10 11 of Switch B Global GVRP Switch A B C Port GVRP Port 11 of Swi...

Page 192: ...tchport mode trunk Switch Config Ethernet1 11 bridge ext gvrp Switch Config Ethernet1 11 exit Switch C Switch Config bridge ext gvrp Switch Config vlan 100 Switch Config Vlan100 switchport interface e...

Page 193: ...t reaches PE1 from CE1 it carries the VLAN tag 200 300 of the user internal network Since the dot1q tunnel function is enabled the user port on PE1 will add on the packet another VLAN tag of which the...

Page 194: ...ption on the application and configuration of dot1q tunnel of Switchwill be provided in this section 6 3 2 Dot1q tunnel Configuration 6 3 2 1 Configuration Task Sequence Of Dot1q tunnel 1 Configure th...

Page 195: ...s and also on trunk ports however only when associating the VLAN translation function Example Join port1 into VLAN3 enable dot1q tunnel function Switch Config vlan 3 Switch Config Vlan3 switchport int...

Page 196: ...1 dot1q tunnel is enable Interface Ethernet1 3 dot1q tunnel is enable 6 3 4 Typical Applications Of The Dot1q tunnel Scenario Edge switch PE1 and PE2 of the ISP internet forward the VLAN200 300 data b...

Page 197: ...n 3 Switch Config Vlan3 switchport interface ethernet 1 1 Switch Config Vlan3 exit Switch Config interface ethernet 1 1 Switch Config Ethernet1 1 dot1q tunnel enable Switch Config Ethernet1 1 dot1q tu...

Page 198: ...s section 6 4 2 Configuration Task Sequence Of VLAN translation 1 Configure the VLAN translation function on the port 2 Configure the VLAN translation relations on the port 3 Configure the VLAN transl...

Page 199: ...lan id to new vlan id in out no vlan translation old vlan id in out Function Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID the no form of this command deletes...

Page 200: ...switch the no vlan translation enable command restores to the default value Parameter None Command Mode Port Mode Default VLAN translation has not been enabled on the port by default Usage Guide To a...

Page 201: ...lic network port1 of PE2 is connected to CE2 port10 is connected to public network as shown in Fig 6 4 Configuration Item Configuration Explanation VLAN translation Port1 of PE1 and PE2 Trunk port Por...

Page 202: ...t the VLAN does not have to be re configured when the user physic location change namely shift from one switch to another which is because it is user based not switch port based The IP subnet based VL...

Page 203: ...subnet and the VLAN Command Explanation Port Mode switchport mac vlan enable no switchport mac vlan enable Enable disable the MAC based VLAN function on the port Command Explanation Global Mode mac v...

Page 204: ...and the user wish to restore to preferring the MAC based VLAN please use this command Example Set the MAC based VLAN preferred Switch config dynamic vlan mac vlan prefer 6 5 2 2 2 dynamic vlan subnet...

Page 205: ...Default No MAC address joins the VLAN by default Usage Guide With this command user can add specified MAC address to specified VLAN If there is a non VLAN label data packet enters from the switch por...

Page 206: ...eled data packets It is recommended to configure ARP protocol together with the IP protocol or else some application may be affected Example Assign the IP protocol data packet encapsulated by the Ethe...

Page 207: ...tch Parameter None Command Mode Admin Mode Usage Guide Display the configuration of Protocol based VLAN on the switch Example Display the configuration of the current Protocol based VLAN Switch show p...

Page 208: ...s the IPv4 address shown in dotted decimal notation the valid range of each section is 0 255 subnet mask is the subnet mask code shown in dotted decimal notation the valid range of each section is 0 2...

Page 209: ...subnet vlan enable no switchport subnet vlan enable Function Enable the IP subnet based VLAN on the port the no form of this command disables the IP subnet based VLAN function on the port Parameter No...

Page 210: ...h B Switch C Switch Config mac vlan mac 00 03 0f 11 22 33 vlan 100 priority 0 Switch Config exit 6 5 4 Dynamic VLAN Troubleshooting On the switch configured with dynamic VLAN if the two connected equi...

Page 211: ...MAC address acquiring a mechanism in which every voice equipment transmitting information through the network has got its unique MAC address VLAN will trace the address belongs to specified MAC By Th...

Page 212: ...net4 1 ethernet4 3 Voice name MAC Address Mask Priority financePhone 00 e0 4c 77 ab 9d 0xff 5 manager 00 0a eb 26 8d f3 0xfe 6 Mr_Lee 00 03 0f 11 22 33 0x80 5 NULL 00 03 0f 11 22 33 0x0 5 6 6 2 2 2 sw...

Page 213: ...oice VLAN Parameter Mac address is the voice equipment MAC address shown in xx xx xx xx xx xx format mac mask is the last eight digit of the mask code of the MAC address the valid values are 0xff 0xfe...

Page 214: ...one Voice VLAN at the same time The voice VLAN can not be applied concurrently with MAC based VLAN Example Set VLAN100 to Voice VLAN Switch config Switch config voice vlan vlan 100 6 6 3 Typical Appl...

Page 215: ...thernet 1 10 Switch Config If Ethernet1 10 switchport mode trunk Switch Config If Ethernet1 10 exit 6 6 4 Voice VLAN Troubleshooting Voice VLAN can not be applied concurrently with MAC base VLAN The V...

Page 216: ...mapping to the destination port Then the MAC table is queried for the destination MAC address if hit the data frame is forwarded in the associated port otherwise the switch forwards the data frame to...

Page 217: ...01 11 11 11 11 and port 1 5 and no port mapping for 00 01 33 33 33 33 present the switch broadcast this message to all the ports in the switch assuming all ports belong to the default VLAN1 3 PC3 and...

Page 218: ...ree types of frames can be forwarded by the switch Broadcast frame Multicast frame Unicast frame The following describes how the switch deals with all the three types of frames 1 Broadcast frame The s...

Page 219: ...ter entry 1 Configure the MAC aging time Command Explanation Global Mode mac address table aging time 0 aging time no mac address table aging time Configure the MAC address aging time 2 Configure stat...

Page 220: ...dress users can use this command to manually establish mapping relation between the MAC address and port and VLAN no mac address table command is for deleting all dynamic static filter MAC address ent...

Page 221: ...11 11 11 11 of PC1 as a filter address Switch Config mac address table static 00 01 11 11 11 11 discard vlan 1 2 Set the static mapping relationship for PC2 and PC3 to port 7 and port 9 respectively...

Page 222: ...a port will be used for forwarding in that port if the connection is changed to another port the switch will learn the MAC address again to forward data in the new port However in some cases security...

Page 223: ...secure MAC addresses learned by the port to static secure MAC addresses port security timeout value no port security timeout Enable port locking timer function the no port security timeout restores t...

Page 224: ...dynamic interface Ethernet 1 1 7 6 1 3 2 port security Command port security no port security Function Enable MAC address binding function for the port and lock the port When a port is locked the MAC...

Page 225: ...r the MAC address to be added deleted Usage Guide The MAC address binding function must be enabled before static secure MAC address can be added Example Adding MAC 00 03 0F FE 2E D3 to port1 Switch Co...

Page 226: ...1 1 Switch Config Ethernet1 1 port security timeout 30 7 6 1 3 7 port security violation Command port security violation protect shutdown no port security violation Function Configure the port violat...

Page 227: ...ress Type Secure MAC address type Ports The port that the secure MAC address belongs to Total Addresses Current secure MAC address number in the system 7 6 1 3 9 show port security address Command sho...

Page 228: ...ault Usage Guide This command displays the detailed configuration information for the secure port Example Switch show port security interface ethernet 1 1 Ethernet1 1 Port Security Enabled Port status...

Page 229: ...MAC address binding cannot be enabled for a port make sure the port is not enabling Spanning tree or port aggregation and is not configured as a Trunk port MAC address binding is exclusive to such co...

Page 230: ...he number of spanning tree instances which consumes less CPU resources and reduces the bandwidth consumption 8 1 1 MSTP Region Because multiple VLANs can be mapped to a single spanning tree instance I...

Page 231: ...t of the CST and the IST master with both of the path costs to the CST root and to the IST master set to zero The bridge also initializes all of its MST instances and claims to be the root for all of...

Page 232: ...TP Load Balance In a MSTP region VLANs can by mapped to various instances That can form various topologies Each instance is independent from the others and each distance can has its own attributes suc...

Page 233: ...mst instance id priority bridge priority no spanning tree mst instance id priority Set bridge priority for specified instance Interface Mode spanning tree mst instance id cost cost no spanning tree ms...

Page 234: ...level no revision level Set MSTP region revision level Abort Quit MSTP region mode and return to Global mode without saving MSTP region configuration Exit Quit MSTP region mode and return to Global mo...

Page 235: ...Command Explanation Interface Mode spanning tree format standard spanning tree format privacy spanning tree format auto no spanning tree format Configure the format of port spanning tree packet stand...

Page 236: ...region configuration quit MSTP region mode and return to global mode Command Explanation Global Mode spanning tree tcflush enable spanning tree tcflush disable spanning tree tcflush protect no spannin...

Page 237: ...non consecutive VLAN numbers refers to consecutive numbers and refers to non consecutive numbers Command mode MSTP Region Mode Default Before creating any Instances there is only the instance 0 and V...

Page 238: ...MSTP Region Mode Default The default revision level is 0 Usage Guide This command is to set revision level for MSTP configuration The bridges with same MSTP revision level and same other attributes ar...

Page 239: ...e AUTO configuration will be preferred so to identify the format by the packets they sent The privacy packet format is set by default in the concern of better compatibility with previous products and...

Page 240: ...seconds Switch Config spanning tree forward time 20 8 3 9 spanning tree hello time Command spanning tree hello time time no spanning tree hello time Function Set switch Hello time The command no span...

Page 241: ...es the default setting Parameter time is max aging time in seconds The valid range is from 6 to 40 Command mode Global Mode Default The max age is 20 seconds by default Usage Guide The lifetime of BPD...

Page 242: ...the MSTP mode But once the port receives STP messages it changes to work in the STP mode again This command can only be used when the switch is running in IEEE802 1s MSTP mode If the switch is runnin...

Page 243: ...ation identifier according to the MSTP configuration Only if the switches with the same MST configuration identifier are considered as in the same MSTP region Example Enter MSTP region mode Switch Con...

Page 244: ...to 48 port priority sets port priority The valid range is from 0 to 240 The value should be the multiples of 16 such as 0 16 32 240 Command mode Interface Mode Default The default port priority is 12...

Page 245: ...tus from discarding to forwarding without bearing forward delay Once the boundary port receives the BPDU the port becomes a non boundary port Example Set port 1 5 6 as boundary ports Switch Config int...

Page 246: ...ges no spanning tree tcflush restores to default setting Parameter Enable the spanning tree flush once the topology changes Disable the spanning tree don t flush when the topology changes Protect the...

Page 247: ...SH with every topology change At the same time as a method to avoid network assault we allow the network administrator to configure FLUSH mode by the command Note For the complicated network especiall...

Page 248: ...itchA The ports marked with x are in the discarding status and the other ports are in the forwarding status Configurations Steps Step 1 Configure port to VLAN mapping z Create VLAN 20 30 40 50 in Swit...

Page 249: ...tchport mode trunk SwitchB Config Port Range exit SwitchB Config spanning tree SwitchC SwitchC Config vlan 20 SwitchC Config Vlan20 exit SwitchC Config vlan 30 SwitchC Config Vlan30 exit SwitchC Confi...

Page 250: ...he entire network In the MSTP region which SwitchB SwitchC and SwitchD belong to SwitchB is the region root of the instance 0 SwitchC is the region root of the instance 3 and SwitchD is the region roo...

Page 251: ...the Instance 3 after the MSTP Calculation Fig 8 5 The Topology Of the Instance 4 after the MSTP Calculation SwitchB SwitchC SwitchD 2 3 5 4 2 3 6 7 5 4 6 7 x x x x SwitchB SwitchC SwitchD 2 3 5 4 2 3...

Page 252: ...nding and IEEE 802 1x on the switch port If MAC binding or IEEE 802 1x is enabled on the port the MSTP can t apply to this port 8 5 1 Monitor And Debug Command 8 5 1 1 show spanning tree Command show...

Page 253: ...Ethernet1 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort Ethernet1 1 128 001 0 FWD MSTR 0 00030f010e30 128 001 Ethernet1 2 128 002 0 BLK ALTR 0 00030f010e30 128 002 Instance 4 Self Bridge I...

Page 254: ...root of the entire network IntRPC Cost from the current port to the region root of the current instance State Port status of the current instance Role Port role of the current instance DsgBridge Upwar...

Page 255: ...guration Switch Config Mstp Region show mst pending Name switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4093 03 30 04 40 05 4094 Switch Config Mstp Region 8 5 1 4 debug spanning tree Command...

Page 256: ...able entry mapping to specified Instance Configure mapping between VLAN1 10 100 110 and Instance 1 Equivalent command 1 2 1 3 Set Instance name to 1 VLAN name to VLAN1 10 100 110 Click Apply to commit...

Page 257: ...ty for the current port on specified instance Set the priority for port 1 2 of instance1 to 32 8 6 2 3 Port route cost setting Click MSTP control to enter MSTP port operation then Port Cost Config Set...

Page 258: ...e MSTP for port 1 2 8 6 3 MSTP global control 8 6 3 1 MSTP global protocol port configuration Click MSTP control to enter MSTP Global control then MSTP Global Agreement Port Config Run MSTP enable com...

Page 259: ...n set the BPDU Max Hop Time Config to support transmission in MSTP field Set the max hop count support for BPDU transmitting in MSTP field Set the max hop count to 32 8 6 3 6 Set bridge priority of th...

Page 260: ...260 Display Instance0 MSTP information 8 6 4 2 MSTP field information Click MSTP control show MSTP setting enter MSTP Field Information Display effective MSTP field parameter configurations...

Page 261: ...ements QoS cannot generate extra bandwidth but provides more effective bandwidth management according to the application requirement and network management policy 9 1 1 1 QoS Terms QoS Class of Servic...

Page 262: ...oS a general mature reference model should be given QoS can not create new bandwidth but can maximize the adjustment and configuration for the current bandwidth resource Fully implemented QoS can achi...

Page 263: ...3 Basic QoS Model Classification Classify traffic according to packet classification information and generate internal DSCP value based on the classification information For different packet types an...

Page 264: ...different policies that allocate bandwidth to classified traffic If the traffic exceeds the bandwidth set in the policy out of profile the out of profile traffic can be allowed discarded or remarked R...

Page 265: ...ernal DSCP value to CoS value the queuing operation assigns packets to appropriate queues of priority according to the CoS value while the scheduling operation performs packet forwarding according to...

Page 266: ...abled or disabled in Global Mode QoS must be enabled first in Global Mode to configure the other QoS commands 2 Configure class map Set up a classification rule according to ACL VLAN ID IP Precedence...

Page 267: ...from internal priority to egress queue 6 Configure QoS mapping Configure the mapping from CoS to DSCP DSCP to CoS DSCP to DSCP mutation IP precedence to DSCP and policed DSCP 1 Enable QoS Command Exp...

Page 268: ...yte exceed action drop policed dscp transmit no police rate kbps burst kbyte exceed action drop policed dscp transmit Configure a policy to classify traffic data stream exceeding the limit will be dro...

Page 269: ...e output policy map name Apply a policy map to the specified port the no service policy input policy map name output policy map name command deletes the specified policy map applied to the port Egress...

Page 270: ...cp cos dscp list to cos dscp mutation dscp mutation name in dscp to out dscp ip prec dscp dscp1 dscp8 policed dscp dscp list to mark down dscp no mls qos map cos dscp dscp cos dscp mutation dscp mutat...

Page 271: ...specified match standard Parameter access group acl index or name match specified ACL the parameters are the number or name of the ACL ip dscp dscp list and ipv6 dscp dscp list match specified DSCP va...

Page 272: ...e Usage Guide Only the classified traffic which matches the matching standard will be assigned with the new values Example Set the IP Precedence of the packets matching the c1 class rule to 3 Switch c...

Page 273: ...le Setting the default CoS value of Ethernet port 1 1 to 5 i e packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present Switch Config interface ethernet 1...

Page 274: ...es the current trust status of the port Parameters cos configures the port to trust CoS value cos pass through dscp configures the port to trust CoS value but does not change packet DSCP value dscp co...

Page 275: ...rough cos Switch Config Ethernet1 1 mls qos dscp mutation mu1 9 1 3 10 mls qos map Command mls qos map cos dscp dscp1 dscp8 dscp cos dscp list to cos dscp mutation dscp mutation name in dscp to out ds...

Page 276: ...6 Default DSCP to CoS Map DSCP Value 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 CoS Value 0 1 2 3 4 5 6 7 Default IP Precedence to DSCP Map IP Precedence Value 0 1 2 3 4 5 6 7 DSCP Value 0 8 16 24 3...

Page 277: ...1 Switch Config Policy Class police 20000 2000 exceed action drop Switch Config Policy Class exit Switch Config PolicyMap exit 9 1 3 12 police aggregate Command police aggregate aggregate policer name...

Page 278: ...algorithm but send packets queue after queue Example Set the queue out mode to strict priority queue Switch Config Ethernet queue mode strict 9 1 3 15 service policy Command service policy input polic...

Page 279: ...ht is 0 then the queue has the highest priority when the weights of multiple queues are set to 0 then the queue of higher order has the higher priority Example Setting the bandwidth weight proportion...

Page 280: ...et 1 1 is 1 1 2 2 4 4 8 8 When packets have CoS value coming in through port ethernet 1 1 it will be map to the queue out according to the CoS value CoS value 0 to 7 correspond to queue out 1 2 3 4 5...

Page 281: ...t appropriate policies to limit bandwidth and burst value Apply this policy map on port ethernet 1 2 After the above settings done bandwidth for packets from segment 192 168 1 0 through port ethernet...

Page 282: ...ion in SwitchB SWITCH CONFIG Switch Config mls qos Switch Config interface ethernet 1 1 Switch Config Ethernet1 1 mls qos trust ip precedence pass through cos 9 1 5 QoS Troubleshooting Help QoS is dis...

Page 283: ...isplayed information Explanation Class map name c1 Name of the Class map Match acl name 1 Classifying rule for the class map 9 1 5 1 2 show policy map Command show policy map policy map name Function...

Page 284: ...os interface Command show mls qos interface interface id buffers policers queueing statistics Function Displays QoS configuration information on a port Parameters interface id is the port ID buffers i...

Page 285: ...queueing ethernet 1 2 Switch show mls qos int queue e 1 2 Cos queue map Cos 0 1 2 3 4 5 6 7 Queue 1 2 3 4 5 6 7 8 Queue and weight type Port q1 q2 q3 q4 q5 q6 q7 q8 QType Ethernet1 2 1 2 3 4 5 6 7 8...

Page 286: ...for QoS Parameters cos dscp CoS for CoS DSCP dscp cos DSCP for DSCP CoS dscp mutation dscp mutation name for DSCP DSCP mutation dscp mutation name is the name of mutation ip prec dscp IP for IP prece...

Page 287: ...hether QoS is enabled or not Example Switch show mls qos Qos is enabled Displayed information Explanation Qos is enabled QoS is enabled 9 2 PBR Configuration 9 2 1 Introduction to PBR PBR Policy Based...

Page 288: ...twork ranges within 192 168 0 0 16 To assure normal communication in local network messages from 192 168 1 0 24 to local IP 192 168 0 0 16 are not applied with policy routing Configuration procedure i...

Page 289: ...on QoS function in global mode and create a class map c1 in which matches ACL a1 and create a policy map in which quote c1 Set the next hop IP as 218 31 1 119 and apply the policy map at port ethernet...

Page 290: ...ware not like router forwarding by CPU As a result forwarding efficiency can be greatly improved even to wire speed 10 1 Layer 3 Interface 10 1 1 Introduction to Layer 3 Interface Layer 3 interface ca...

Page 291: ...the VLAN chapters When VLAN interface Layer 3 interface is created with this command the VLAN interface Layer 3 interface configuration mode will be entered After the creation of the VLAN interface La...

Page 292: ...original intention of IP design by making it necessary for router devices that serve as network intermediate nodes to maintain every connection status which increases network delay greatly and decreas...

Page 293: ...eed Foreign Agent Furthermore this kind of binding process enables Correspondent Node communicate with Mobile Node directly thereby avoids the extra system cost caused by triangle routing choice requi...

Page 294: ...ess is slave IP address Command Mode Interface Mode Default The system default is no IP address configuration Usage Guide This command configures IP address on VLAN interface manually If optional para...

Page 295: ...e entries 9 Clear neighbor table entries 3 IPv6 Tunnel configuration 1 Create Delete Tunnel 2 Configure Tunnel Source 3 Configure Tunnel Destination 4 Configure Tunnel Next Hop 5 Configure 6to4 Tunnel...

Page 296: ...hop Ipv6 address interface type interface number nexthop Ipv6 address interface type interface number distance Configure IPv6 static routing The NO command cancels IPv6 static routing z IPv6 Neighbor...

Page 297: ...guration Mode no ipv6 nd ra lifetime seconds Configure Router Announce Lifespan The NO command resumes default value 1800 seconds 5 Configure Router Announce Minimum Interval Command Description Inter...

Page 298: ...n Mode ipv6 neighbor ipv6 address hardware address interface interface type interface number Set static neighbor table entries including neighbor IPv6 address MAC address and two layer port no ipv6 ne...

Page 299: ...cription Tunnel Configuration Mode no tunnel nexthop ipv4 daddress Configure tunnel next hop IPv4 address The NO command deletes the IPv4 address of tunnel next hop end 5 Configure Tunnel 6to4 Relay C...

Page 300: ...global unicast address local site address and local link address for the interface Parameter Parameter ipv6 address is the prefix of IPv6 address parameter prefix length is the distance of the prefix...

Page 301: ...ddress of the next hop and the address of some interface of the switch must be in the same network segment Interface name can be specified directly for tunnel router Example Configure static router 1...

Page 302: ...terface to send out Neighbor Request Message time interval to be 8 seconds Switch Config if Vlan1 ipv6 nd ns interval 8 10 2 3 2 6 ipv6 nd suppress ra Command no ipv6 nd suppress ra Function Prohibit...

Page 303: ...ceed 3 4 of the maximum time interval Example Set the minimum time interval of sending routing announcement is 10 seconds Switch Config if Vlan1 ipv6 nd min ra interval 10 10 2 3 2 9 ipv6 nd max ra in...

Page 304: ...Example Configure IPv6 announcement prefix as 2001 410 0 1 64 on Vlan1 the valid lifetime of this prefix is 8640 seconds and its preferred lifetime is 4320 seconds Switch Config if Vlan1 ipv6 nd prefi...

Page 305: ...ce name Command Mode Interface Configuration Mode Default Situation There is not static neighbor table entry Usage Guide IPv6 address and multicast address for specific purpose and local address can n...

Page 306: ...0 0203 0fff fe01 2786 timeout is 2 seconds Success rate is 100 percent 1 1 round trip min avg max 1 1 1 ms Displayed information Explanation ping6 Execute ping6 function Target IPv6 address Destinatio...

Page 307: ...nd is for ISATAP tunnel other tunnels won t check the configuration of nexhop Example Configure tunnel next hop 178 99 156 8 Switch Config if Tunnel1 tunnel nexthop 178 99 156 8 10 2 3 2 18 tunnel 6to...

Page 308: ...Command clear ipv6 neighbors Function Clear the neighbor cache of IPv6 Parameter None Command Mode Admin Mode Default None Usage Guide This command can not clear static neighbor Example Clear neighbo...

Page 309: ...sure PC A and Switch can access each other by ping and PC B and SwitchB can access each other by ping The configuration procedure is as follows SwitchA Config interface vlan 1 SwitchA Config if Vlan1...

Page 310: ...Configure static routing 2003 33 64 on SwitchA and configure static routing 2001 11 64 on SwitchB 7 ping6 2003 33 Note First make sure PC A and Switch can access each other by ping and PC B and Switc...

Page 311: ...pv6 address 2002 2 64 interface Loopback mtu 3924 ipv6 route 2003 64 2002 2 no login end SwitchB show run interface Vlan2 ipv6 address 2002 2 64 interface Vlan3 ipv6 address 2003 1 64 interface Loopba...

Page 312: ...v4 domain 4 Configure IPv6 address 2002 cbcb cb01 2 1 64 in vlan4 of SwitchB and turn on RA function configure IPv4 address 203 203 203 1 on vlan3 5 Configure tunnel on SwitchA the source IPv4 address...

Page 313: ...ipv4 address 203 203 203 1 255 255 255 0 SwitchB Config if Vlan1 exit SwitchB Config interface tunnel 1 SwitchB Config if Tunnel1 tunnel source 203 203 203 1 SwitchB Config if Tunnel1 tunnel destinati...

Page 314: ...nt 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP statistics TcpActiveOpens 0...

Page 315: ...mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies Statistics of total ICMP packets received and classified information Sent 0 total 0 errors 0 time exceeded 0 redirects...

Page 316: ...yed information Explanation IPv6 PACKET rcvd Receive IPv6 data report src fe80 203 fff fe01 2786 Source IPv6 address dst fe80 1 Destination IPv6 address size 64 Size of data report proto 58 Protocol f...

Page 317: ...0 203 fff fe01 2786 Source IPv6 address dst fe80 203 fff fe01 59ba Destination IPv6 address 10 2 5 1 6 debug ipv6 tunnel packet Command no debug ipv6 tunnel packet Function tunnel data packets receive...

Page 318: ...6 interface Vlan1 Vlan1 is up line protocol is up dev index is 2004 Device flag 0x1203 UP BROADCAST ALLMULTI MULTICAST IPv6 is enabled Link local address es fe80 203 fff fe00 10 PERMANENT Global unica...

Page 319: ...ress plus prefix length connected is directly connected router static is static router rip is RIP router ospf is OSPF router bgp is BGP router isis is ISIS router kernel is kernel router statistics sh...

Page 320: ...s Codes K kernel route C connected S static R RIP O OSPF I IS IS B BGP selected route FIB route p stale info Abbreviation display sign of every entry S 2009 1 64 via fe80 250 baff fef2 a4f4 Vlan1 1024...

Page 321: ...01 27 86 Vlan1 reachable fe80 203 fff fefe 3045 00 03 0f fe 30 45 Vlan2 reachable fe80 20c ceff fe13 eac1 00 0c ce 13 ea c1 Vlan12 reachable fe80 250 baff fef2 a4f4 00 50 ba f2 a4 f4 Vlan1 reachable...

Page 322: ...ata report statistics Rcvd 90 total 17 local destination0 header errors 0 address errors0 unknown protocol 13 discards IPv6 received packets statistics Frags 0 reassembled 0 timeouts 0 fragment rcvd 0...

Page 323: ...Mode Tunnel type Source Tunnel source ipv4 address Destination Tunnel destination ipv4 address Nexthop Tunnel next hop only applies to ISATAP tunnel 10 3 IP Forwarding 10 3 1 Introduction to IP Forwa...

Page 324: ...on algorithm if the route table contains no default route the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result This method has...

Page 325: ...y route in the hardware forwarding table in the switch which goes out from a port under this layer 3 interface then apply ACL rule on this port in which permitting address of the packets is the destin...

Page 326: ...is command disables the URPF enabled on this interface Command Mode Interface Mode Default URPF protocol not enabled by system default Usage Guide None Example Enable urpf on interface vlan2 Switch Co...

Page 327: ...iguration is done and the function does not meet the expectation Check if the switch has been configured with the rules conflicting with URPF URPF priority is lower than ACL the ACL rules will validat...

Page 328: ...the same IP segment ignores the physical separation and communicate via proxy ARP interface as if in the same physical network 10 5 2 ARP Configuration Task List 1 Configure static ARP 2 Configure pr...

Page 329: ...arp no ip proxy arp Function Enables proxy ARP for VLAN interface the no ip proxy arp command disables proxy ARP Default Proxy ARP is disabled by default Command mode Interface Mode Usage Guide When...

Page 330: ...eived sent including type source and destination address etc Example Enable ARP debugging Switch debug arp ip arp debug is on Switch Apr 19 15 59 42 2005 IP ARP rcvd type 1 src 192 168 2 100 000A EB5B...

Page 331: ...Explanation Total arp items Total number of Arp entries the matched ARP entry number matching the filter conditions InCompleted ARP entries have ARP request sent without ARP reply Address IP address o...

Page 332: ...and configuration parameters for the clients if DHCP server and clients are located in different subnets DHCP relay is required for DHCP packets to be transferred between the DHCP client and DHCP ser...

Page 333: ...The lease period of IP address obtained dynamically is the same as the lease period of the address pool and is limited the lease of manually bound IP address is theoretically endless 3 Dynamically al...

Page 334: ...in name command deletes the domain name netbios name server address1 address2 address8 no netbios name server Configures the address for WINS server netbios node type b node h node m node p node typ e...

Page 335: ...ue identifier no client identifier Specifies the unique ID of the user when binding address manually client name name no client name Configures a client name when binding address manually 3 Enable log...

Page 336: ...entifier matches the specified identifier DHCP server assigns the IP address defined in host command to the client Example Specifying the IP address 10 1 128 160 to be bound to user with the unique id...

Page 337: ...dns server command deletes the default gateway Parameters address1 address8 are IP addresses in decimal format Default No DNS server is configured for DHCP clients by default Command Mode DHCP Address...

Page 338: ...mask prefix length no host Function Specifies the IP address to be assigned to the user when binding addresses manually the no host command deletes the IP address Parameters address is the IP address...

Page 339: ...excluded address low address high address command cancels the setting Parameters low address is the starting IP address high address is the ending IP address Default Only individual address is exclude...

Page 340: ...23 hours 0 59 minutes no lease Function Sets the lease time for addresses in the address pool the no lease command restores the default setting Parameters days is number of days from 0 to 365 hours is...

Page 341: ...ient node type is specified by default Command Mode DHCP Address Pool Mode Usage Guide If client node type is to be specified it is recommended to set the client node type to h node that broadcasts af...

Page 342: ...together with bootfile Example Setting the hosting server address as 10 1 128 4 Switch dhcp 1 config next server 10 1 128 4 11 2 2 18 option Command option code ascii string hex hex ipaddress ipaddres...

Page 343: ...also management effective DHCP Server DHCP Client DHCPDiscover Broadcast DHCPOFFER Unicast DHCPREQUEST Broadcast DHCPACK Unicast DHCPDiscover DHCP Relay DHCPOFFER DHCPREQUEST DHCPACK Fig 11 2 DHCP re...

Page 344: ...protocol udp port The UDP port 67 is used for DHCP broadcast packet forwarding Interface Mode ip helper address ipaddress no ip helper address ipaddress Set the destination IP address for DHCP relay f...

Page 345: ...sing the assigned IP address for some reason before the lease period expires the DHCP server would not remove the binding information automatically The system administrator can use this command to del...

Page 346: ...bug ip dhcp server Command debug ip dhcp server events linkage packets no debug ip dhcp server events linkage packets Function Enables DHCP server debug information the no debug ip dhcp server events...

Page 347: ...p port command and this command should be used for configuration 11 3 2 7 ip dhcp relay information policy drop Command ip dhcp relay information policy drop no ip dhcp relay information policy drop F...

Page 348: ...onfig network 10 16 1 0 24 Switch dhcp A config lease 3 Switch dhcp A config default route 10 16 1 200 10 16 1 201 Switch dhcp A config dns server 10 16 1 202 Switch dhcp A config netbios name server...

Page 349: ...ch Config Erthernet1 2 switchport access vlan 2 Switch Config Erthernet1 2 exit Switch Config interface vlan 2 Switch Config if Vlan2 ip address 10 1 1 1 255 255 255 0 Switch Config if Vlan2 exit Swit...

Page 350: ...g procedures can be followed when DHCP client hardware and cables have been verified ok Verify the DHCP server is running start the related DHCP server if not running If the DHCP clients and servers a...

Page 351: ...tic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP addre...

Page 352: ...QUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST 6 DHCPDECLINE 0 DHCPRELEASE 1 DHCPINFORM 1 Message Send BOOTREPLY 1911 DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch Displayed informatio...

Page 353: ...Number of DHCPRELAY packets DHCPFORWARD Number of DHCPFORWARD packets 11 6 Web Management Click DHCP configuration Users can configure DHCP on the switch 11 6 1 DHCP server configuration Click DHCP c...

Page 354: ...onfigure DHCP client s default gateway The default gateway IP address should be in the same subnet as DHCP clients Users can configure maximum eight gateway addresses Gateway 1 has the highest priorit...

Page 355: ...ns server Users can configure maximum eight WINS server WINS server 1 has the highest priority and WINS server 8 has the lowest priority For example Select DHCP pool name to 1 set WINS server 1 to 10...

Page 356: ...k parameters 1 128 240 set Operation type to Set network parameter and then click Apply The configuration is applied on the switch 11 6 1 8 Manual address pool configuration Click DHCP configuration D...

Page 357: ...iguration DHCP packet statistics Users can display DHCP packet statistics Users can configure DHCP relay 11 6 1 11 DHCP relay configuration Click DHCP configuration DHCP relay configuration DHCP relay...

Page 358: ...deleted 11 6 2 2 Delete conflict log Click DHCP configuration DHCP debugging Delete conflict log Users can delete conflict log For example Delete all conflict address to Yes and then click Apply All...

Page 359: ...359 11 6 2 5 Show conflict logging Click DHCP configuration DHCP debugging Show conflict logging Users can display conflict logging...

Page 360: ...e simplified version of NTP removing the complex algorithm of NTP SNTP is used for hosts who do not require full NTP functions it is a subset of NTP It is common practice to synchronize the clocks of...

Page 361: ...Command Mode Global Mode Example set the customer timezone 10 hours before utc Switch Config clock timezone customer10 before utc 12 2 2 sntp server Command sntp server server_address server_ipv6_addr...

Page 362: ...ery 128 seconds Switch config Switch Config sntp poll 128 12 2 4 debug sntp Command debug sntp adjust packets select no debug sntp adjust packets select Function Displays or disables SNTP debug inform...

Page 363: ...ectively and SNTP NTP server function such as NTP master is enabled then configurations for any ES4700 series should like the following Switch config Switch Config sntp server 10 1 1 1 Switch Config s...

Page 364: ...e configuration in the switch 12 4 3 Time difference Click SNTP configuration Time difference to configure the SNTP client time zone and UTC time difference z Time zone configures time zone z Time dif...

Page 365: ...networks even though a host computer receives an ARP reply which is not requested by itself it will also insert an entry to its ARP cache table so it creates a possibility of ARP spoofing If the hacke...

Page 366: ...tack other switches host computers or network equipment What the essential method on preventing attack and spoofing switches based on ARP in networks is to disable switch automatic update function the...

Page 367: ...static ARP ND Command Explanation Admin Mode and Interface Mode ip arp security convert ipv6 nd security convert Change dynamic ARP ND to static ARP ND 4 Clear dynamic ARP ND Command Explanation Admi...

Page 368: ...p security learnprotect Command ip arp security learnprotect no ip arp security learnprotect Function Forbid ARP automatic learning function of IPv4 Version the no ip arp security learning command re...

Page 369: ...y convert Function Change all of dynamic nd to static nd Parameter None Command Mode Global Mode Interface Configuration Example Switch Config if Vlan1 ipv6 nd security convert Switch Config ipv6 nd s...

Page 370: ...MAC address to C s IP so the switch changes IP address when it updates ARP list then data packet of 192 168 2 3 is transferred to 01 01 01 01 01 01 address A MAC address In further A transfers its rec...

Page 371: ...ronment changing it enable to forbid ARP refresh once it learns ARP property it wont be refreshed by new ARP reply package and protect use data from sniffing Switch config Switch config ip arp securit...

Page 372: ...t route static route and dynamic route Direct route refer to the path directly connects to the layer3 switch and can be obtained with no calculation Static route is the manually specified path to a ne...

Page 373: ...ination address with network mask we can get the network address for the destination host or the network the layer3 switch resides For example the network address of a host or the segment the layer3 s...

Page 374: ...s The matching rules can be previously configured to be applied in the routing publishing receiving and distributing policies Five filters are provided in ES4700 series route map acl as path community...

Page 375: ...refix list acts similarly to acl while more flexible and more understandable The match object of ip prefix is the destination address messages field of routing messages when applied in routing message...

Page 376: ...uence_num command deletes the route map 2 Define the match clause in route map Command Explanation Route map configuration mode match as path list name no match as path list name Match the autonomous...

Page 377: ...o match metric metric val Match the routing metric value The no match metric metric val command deletes match condition match origin egp igp incomplete no match origin egp igp incomplete Match the rou...

Page 378: ...P atomic aggregate property The no set atomic aggregate command deletes the configuration set comm list community list name community list num delete no set comm list community list name community lis...

Page 379: ...set metric metric_val metric_val Set routing metric value The no set metric metric_val metric_val command deletes the configuration set metric type type 1 type 2 no set metric type type 1 type 2 Set...

Page 380: ...e seq sequence_number deny permit any ip_addr mask_length ge min_prefix_len le max_prefix_len no ip prefix list list_name seq sequence_number deny permit any ip_addr mask_length ge min_prefix_len le m...

Page 381: ...dress dotted decimal notation and the length of mask ge means greater than or equal to min_prefix_len is the minimum length of prefix to be matched ranging between 0 32 le means less than or equal to...

Page 382: ...te map match as path 60 14 2 3 4 match community Command match community community list name community list num exact match no match community community list name community list num exact match Functi...

Page 383: ...ch ip address next hop ip ACL name ip ACL num prefix list list name Function Configure the routing prefix or next hop The no match ip address next hop ip ACL name ip ACL num prefix list list name dele...

Page 384: ...ncomplete deletes the configuration Parameter egp means the route is learnt from the external gateway protocols IGP means the route is learnt from the internal gateway protocols incomplete means the r...

Page 385: ...action in the route map is performed Example Switch config terminal Switch config route map r1 permit 5 Switch config route map match tag 60 14 2 3 11 route map Command route map map_name deny permit...

Page 386: ...h 60 Switch config route map set weight 30 14 2 3 12 set aggregator Command set aggregator as as number ip_addr no set aggregator as as number ip_addr Function Assign an AS number for BGP aggregator T...

Page 387: ...command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set atomic aggregate 14 2 3 15 set comm list Command set...

Page 388: ...itive means add following existing community attributes Command Mode route map mode Usage Guide To use this command one match clause should at first be defined Example Switch config terminal Switch co...

Page 389: ...ocal priority level when compared with other route of the same destination will be more preferred than other route The local priority validates only within this AS and will not be transported to EBGP...

Page 390: ...Mode route map mode Usage Guide To use this command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set metric t...

Page 391: ...command deletes this configuration Parameter tag val is the tag value ranging between 0 4294967295 Command Mode route map mode Usage Guide There is a route tag domain at the AS external LSA type LSA...

Page 392: ...nd one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set weight 60 14 2 4 Configuration Examples The figure below s...

Page 393: ...Troubleshooting Help Faq The routing protocol could not achieve the routing messages study under normal protocol running state Troubleshooting check following errors Each node of route map should at...

Page 394: ...nd the length of mask first match stands for the first route table matched with specified ip address longer means longer prefix is required seq means show by sequence number sequence number is the seq...

Page 395: ...equences 5 10 Displayed information Explanation ip prefix list mylist Show the prefix list named mylist count 2 range entries 0 sequences 5 10 count 2 means two prefix list entries sequences 5 10 show...

Page 396: ...ailure and manual configuration is required on such occasions therefore it is not suitable for mid and large scale networks Static route is mainly used in the following two conditions 1 in stable netw...

Page 397: ...ateway interface distance no ip route ip prefix mask ip prefix prefix length gateway address gateway interface distance Set static routing the no ip route ip prefix mask ip prefix prefix length gatewa...

Page 398: ...face is the next hop interface distance is the manage distance of route management ranging between 1 255 Default The management distance of static routing is defaulted at 1 Command Mode Global Mode Us...

Page 399: ...ample Switch show ip route fib Codes C connected S static R RIP derived O OSPF derived A OSPF ASE B BGP derived Destination Mask Nexthop Interface Preference C 2 2 2 0 255 255 255 0 0 0 0 0 vlan2 0 C...

Page 400: ...ress as 6 6 6 0 network mask as 255 255 255 0 next hop address as 2 2 2 9 and Ethernet port vlan1 as its forwarding interface of which the priority is 1 14 3 4 4 show ip route vrf Command show ip rout...

Page 401: ...distance value ranging between 1 255 Default Default static route managing value is 1 Command Mode Global mode Usage Guide VPN route forwarding instances have to be successfully configured before usin...

Page 402: ...boring devices regularly Number of hops to reach the destination network or metrics to use or number of networks to pass What is the next hop or the director vector to use to reach the destination net...

Page 403: ...f those routes to infinite Triggering update mechanism defines whenever route metric changed by the gateway the gateway advertise the update packets immediately regardless of the 30 second update time...

Page 404: ...local route table to their neighbor devices every 30 seconds On receiving the packets neighbor devices maintain their local route table select the best route and advertise the updated information to t...

Page 405: ...configure the segments running RIP namely send and receive the RIP data packet by default RIP configuration The version of data packet sending and receiving is variable when needed allow deny sending...

Page 406: ...ols into the RIP data packet the no redistribute kernel connected static ospf isis bgp metric value route map word command cancels the distributed route of corresponding protocols default information...

Page 407: ...as an authorized time the no accept lifetime command delete it send lifetime start time end time duration seconds infinite no send lifetime Configure the transmitting period of a key on the key chain...

Page 408: ...cancels the split horizon 3 Configure other RIP protocol parameters 1 Configure RIP routing priority 2 Configure the RIP route capacity limit in route table 3 Configure timer for RIP update timeout a...

Page 409: ...ion Interface configuration mode ip rip send version 1 1 compatible 2 no ip rip send version Sets the version of RIP packets to send on all interfaces the no ip rip send version command set the versio...

Page 410: ...ept lifetime start time end time duration seconds infinite no accept lifetime Function Use this command to specify a key accept on the key chain as a valid time period The no accept lifetime command d...

Page 411: ...1 Switch config keychain key accept lifetime 03 03 01 Dec 3 2004 04 04 02 Oct 6 2006 14 4 3 2 address family ipv4 Command address family ipv4 vrf vrf name no address family ipv4 vrf vrf name Function...

Page 412: ...be immediately recovered except for rip route The dynamic learnt RIP route can only be recovered by studying one more time Example Switch clear ip rip route 10 0 0 0 8 Switch clear ip rip route ospf...

Page 413: ...Mode Router mode and address family mode Usage Guide default metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP...

Page 414: ...This command uses access list or prefix list to filter the route update packets sent and received The no distribute list access list number access list name prefix prefix list name in out ifname comma...

Page 415: ...cation key command will cancel the authentication which only cancels the authentication process when sending or receiving data packet other than set non authentication mode Example Switch config termi...

Page 416: ...ancels the authentication process when sending or receiving data packet other than set non authentication mode Input ip rip authentication string aaa aaa to set the password as aaa aaa which is 7 char...

Page 417: ...default version is 2 the no ip rip receive version command restores the value set by using the version command Parameter 1 and 2 respectively stands for RIP version 1 and RIP version 2 1 2 stands for...

Page 418: ...horizon Parameter poisoned means configure the split horizon with poison reverse Default Split Horizon with poison reverse by default Command Mode Interface Mode Usage Guide The split horizon is for p...

Page 419: ...nd delete the corresponding password Parameter text is a character string without length limit However when referred by RIP authentication only the first 16 characters will be used Command Mode Keycha...

Page 420: ...specified destination address for the sending shown in dotted decimal notation Default Not sending to any targeted peer destination address Command Mode Router mode Usage Guide When used accompany wit...

Page 421: ...Router mode and address family mode Example Switch config terminal Switch config router rip Switch config router offset list 1 in 5 vlan 1 14 4 3 26 passive interface Command passive interface ifname...

Page 422: ...value is the metric value assigned to the introduced route ranging between 0 16 word is the probe pointing to the route map for introducing routes Command Mode Router mode and address family mode Usa...

Page 423: ...lifetime Function Use this command to specify a key on the keychain as the time period of sending keys The no send lifetime cancels this configuration Parameter start time parameter specifies the star...

Page 424: ...timer update timeout and garbage collecting time The no timers basic command restores each parameters to their default values Parameter update time interval of sending update packet shown in seconds a...

Page 425: ...on of all RIP data packets sent received by router interfaces to version 2 Switch config router version 2 14 4 4 RIP Examples 14 4 4 1 Typical RIP Examples Fig 14 3 RIP example In the figure shown abo...

Page 426: ...that the interface vlan 2 do not transmit RIP messages to SwitchC SwitchA config router rip SwitchA config router passive interface vlan 2 SwitchA config router exit SwitchA config b Layer 3 switch S...

Page 427: ...tchA config vrf SwitchA config vrf exit SwitchA config SwitchA config ip vrf vpnc SwitchA config vrf SwitchA config vrf exit associate the vlan 1and vlan 2 respectively with vpnb and vpnc while config...

Page 428: ...RIP protocol and configure the RIP segments SwitchB config router rip SwitchB config router rip network Vlan1 SwitchB config router rip exit c CE2 Layer 3 switch SwitchC Configure the IP address of Et...

Page 429: ...messages with CE using RIP protocol on the PE router we should first create corresponding VPN routing transmitting examples to associate with corresponding interfaces Then enter the RIP address family...

Page 430: ...seconds Sending update every 30 secs Timeout after 180 seconds garbage collect after 120 seconds The route time out event period is 180 secs the garbage collect time is 120 seconds Outgoing update fi...

Page 431: ...etric From If Time R 12 1 1 0 24 20 1 1 1 2 20 1 1 1 Vlan1 02 51 R 20 1 1 0 24 1 Vlan1 Amongst R stands for RIP route namely a RIP route with the destination network address 12 1 1 0 the network prefi...

Page 432: ...ages Command Mode Any mode Example Switch show ip rip interface vlan 1 Vlan1 is up line protocol is up Routing Protocol RIP Receive RIP packets Send RIP packets Passive interface Disabled Split horizo...

Page 433: ...ed Reversed Configure a split horizon with poison reversed IP interface address 11 1 1 1 24 The IP address of the interface 14 4 5 1 8 show ip vrf Command show ip vrf vrf name Function This command sh...

Page 434: ...434 Name Default RD Interfaces IPI Vlan1...

Page 435: ...ayer3 switches running RIPng send their route table to all neighbor layer3 switches every 30 seconds for update If no information from the partner is received in 180 seconds then the device is deemed...

Page 436: ...ocol is shown below Enable RIPng The switch sends request packets to the neighbor layer3 switches by broadcasting on receiving the request the neighbor devices reply with the packets containing their...

Page 437: ...Configure timer for RIPng update timeout and hold down 4 Delete the specified route in RIPng route table 1 Enable RIPng protocol Applying RIPng route protocol with basic configuration in ES4700 serie...

Page 438: ...uced in RIPng Command Explanation Router configuration mode default metric value no default metric Configure the default metric of distributed route the default metric value no default metric command...

Page 439: ...ber access list name prefix prefix list name in out ifname command means do not set the route filter no aggregate address IPv6 address Configure route aggregation the no aggregate address IPv6 address...

Page 440: ...6 rip Switch config router aggregate address 3ffe 8088 32 14 5 3 2 clear ipv6 route Command clear ipv6 rip route ipv6 address kernel static connected rip ospf isis bgp all Function Clear specific rout...

Page 441: ...ric value no default metric Function Set the default metric route value of the introduced route the no default metric restores the default value Parameter value is the route metric value to be set ran...

Page 442: ...st name in out ifname Function This command uses access list or prefix list to filter the route renews messages sent and received The no distribute list access list name prefix prefix list name in out...

Page 443: ...mode Usage Guide When used associating passive interface command it would be able to send routing messages to specified neighbor only Example Switch config terminal Switch config router ipv6 rip Swit...

Page 444: ...Function Introduce the routes learnt from other routing protocols into RIP Parameter kernel introduce from kernel routes connected introduce from direct routes static introduce from static routes osp...

Page 445: ...5678 1 64 14 5 3 13 router ipv6 rip Command router ipv6 rip no router ipv6 rip Function Enable RIPng routing process and entering RIPng mode the no router ipv6 rip of this command disables the RIPng r...

Page 446: ...6 address 2000 1 1 1 64 SwitchA config if Vlan1 IPv6 router rip SwitchA config if Vlan1 exit Configure the IPv6 address and interfaces of Ethernet port vlan2 to run RIPng SwitchA config interface Vlan...

Page 447: ...ing interfaces After that a RIPng protocol feature should be noticed the Layer 3 switch running RIPng transmits the route updating messages every 30 seconds A Layer 3 switch is considered inaccessible...

Page 448: ...5 09 IMI RECV Ethernet1 10 3ffe 1 1 64 is filtered by access list dclist 1970 01 01 21 15 15 IMI RECV Ethernet1 2 Receive from fe80 203 fff fe01 257c 521 14 5 5 1 2 show debugging ipv6 rip Command sho...

Page 449: ...ages Command Mode Any mode Example Routing Protocol is RIPng Sending updates every 30 seconds with 50 next due in 1 second Timeout after 180 seconds garbage collect after 120 seconds Outgoing update f...

Page 450: ...Hop If Met Tag Time R 2000 1 1 64 Vlan2 1 0 R 2001 1 1 64 fe80 203 fff fe01 257c Vlan2 2 0 02 40 R 3000 1 1 64 Vlan10 1 0 R 3010 1 1 64 1 0 Amongst R stands for RIPng route namely a RIPng route with...

Page 451: ...the other host on the Internet are not managed by those AS and they don t share interior routing information with the layer3 switches on the Internet Each link state Layer3 switch can provide informa...

Page 452: ...cted network is very fast once the routing topology changes updates will be flooded throughout the network very soon Those advantages release some layer3 switch resources as the process ability and ba...

Page 453: ...ute corresponds to the information introduced by OSPF from the other interior routing protocols the costs of those routes are comparable with the costs of OSPF routes the second type of external route...

Page 454: ...ink state advertisement according to its surrounding network topology structure router LSA and sends the LSA to other layer3 switches through link state update LSU packages Thus each layer3 switches r...

Page 455: ...package to poll timer of neighboring layer3 switch invalid timeout timer of LSA transmission delay and timer of LSA retransmission 2 Configure OSPF route introduction parameters 1 Configure default p...

Page 456: ...on 2 Configure OSPF protocol parameters 1 Configure OSPF package sending mechanism parameters 1 Configure OSPF package verification 2 Set the OSPF interface to receive only 3 Configure the cost for se...

Page 457: ...time no ip ospf retransmit Sets the interval for retransmission of link state advertisement among neighbor layer3 switches the no ip ospf retransmit command restores the default setting 2 Configure O...

Page 458: ...t access prefix WORD in out nssa default information originate no redistribution no summary translator role range range shortcut disable enable stub no summary virtual link neighbor Configure the para...

Page 459: ...e configured at the interface and the area is plaintext authentication and use ip sopf message digest key command to configure MD5 key if is MD5 authentication The are authentication mode could not af...

Page 460: ...ospf 100 Switch config router area 1 filter list access 1 in 14 6 3 4 area nssa Command area id nssa TRANSLATOR no redistribution DEFAULT ORIGINATE no summary no area id nssa Function Set the area to...

Page 461: ...ea which is the default not advertise Not advertise this area substitute substitute A B C D M advertise this area as another prefix A B C D M Replace the network prefix to be advertised in this area D...

Page 462: ...ction Define a area to a stub area The no area id stub no summary command cancels this function Parameter id is the area number which could be digits ranging between 0 4294967295 and also as an IP add...

Page 463: ...neighbor is considered offline for certain dead interval without its group messages which the default is 40 seconds hello interval The time interval before the router sends a hello group message defa...

Page 464: ...itch config router ospf 100 Switch config router auto cost reference bandwidth 50 14 6 3 10 capability opaque Command no capability opaque Function This command enables opaque LSA The no capability op...

Page 465: ...re the distance learnt from other routing area external distance distance value ranging between 1 255 ROUTE2 inter area inter distance configure the distance value from one area to another area inter...

Page 466: ...itch config access list l1 permit 172 10 0 0 0 0 255 255 Switch config router ospf 100 Switch config router distribute list 1 out bgp Switch config router redistribute bgp 14 6 3 15 host area Command...

Page 467: ...Default Authentication not required in receiving OSPF packets on the interface Command Mode Interface Mode Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf...

Page 468: ...ion The command opens LSA database filter switch on specific interface the no ip ospf ip address database filter command closes the filter switch Parameter ip address is the interface IP address shown...

Page 469: ...ode Interface Mode Usage Guide This command resets the network area command and stops group process on specific interface Example Switch config terminal Switch config interface vlan 1 Switch Config if...

Page 470: ...e Mode Usage Guide MD5 key encrypted authentication is used for ensure the safety between the OSPF routers on the network Same key id and key should be configured between neighbors when using this com...

Page 471: ...ignore 14 6 3 26 ip ospf network Command ip ospf network broadcast non broadcast point to point point to multipoint no ip ospf network Function This command configure the OSPF network type of the int...

Page 472: ...g terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf priority 0 14 6 3 28 ip ospf retransmit interval Command ip ospf ip address retransmit interval time no ip ospf ip address retr...

Page 473: ...y prior to sending the LSA the LSA will be sent before aged Example Set the LSA transmit delay of interface vlan1 to 3 seconds Switch config terminal Switch config interface vlan 1 Switch Config if Vl...

Page 474: ...Switch config router ospf 100 Switch config router neighbor 1 2 3 4 priority 1 poll interval 90 Switch config router neighbor 1 2 3 4 cost 15 14 6 3 32 network area Command network NETWORKADDRESS are...

Page 475: ...vironment Example Configure abr as standard Switch config terminal Switch config router ospf 100 Switch config router ospf abr type standard 14 6 3 34 ospf router id Command ospf router id address no...

Page 476: ...Parameter maxdbsize size of external link database ranging between 0 4294967294 defaulted at 4294967294 maxtime the seconds the router has to wait before exiting the database overflow ranging between...

Page 477: ...rnal_LSAs Example Switch config terminal Switch config router ospf Switch config router redistribute bgp metric 12 14 6 3 39 router ospf Command no router ospf process_id vrf name Function This comman...

Page 478: ...OSPF protocol mode Usage Guide When introducing route into OSPF route area with this command the system will behaves like an ASBR Example Switch config terminal Switch config router ospf 100 Switch c...

Page 479: ...command is for advertise one summary route for those introduced routes contained in specific network address and masks which could greatly reduces the size of the link state database Example Switch co...

Page 480: ...he IP address for interface vlan1 SwitchA config SwitchA config interface vlan 1 SwitchA config if vlan1 ip address 10 1 1 1 255 255 255 0 SwitchA config if vlan1 exit Configuration of the IP address...

Page 481: ...tchC config interface vlan 3 SwitchC config if vlan1 ip address 20 1 1 2 255 255 255 0 SwitchC config if vlan3 exit Enable OSPF protocol configure the OSPF area interfaces vlan3 resides in Initiate th...

Page 482: ...fig router network 100 1 1 0 24 area 0 SwitchE config router exit SwitchE config exit Scenario 2 Typical OSPF protocol complex topology Fig 14 7 Typical complex OSPF autonomous system This scenario is...

Page 483: ...tual link can not only maintain the connectivity of the backbone area but also strengthen the backbone area For example if the connection between backbone layer3 switch SwitchG and SwitchJ is cut down...

Page 484: ...authentication key DCS SwitchA config If Vlan2 exit Configure IP address and area number for interface vlan1 SwitchA config interface vlan 1 SwitchA config If Vlan1 ip address 20 1 1 1 255 255 255 0 S...

Page 485: ...rea number for interface vlan2 SwitchC config router ospf SwitchC config router network 10 1 1 0 24 area 1 SwitchC config router exit Configure simple key authentication SwitchC config interface vlan...

Page 486: ...ork 10 1 1 0 24 area 1 SwitchD config router exit Configure simple key authentication SwitchD config interface vlan 2 SwitchD config If Vlan2 ip ospf authentication SwitchD config If Vlan2 ip ospf aut...

Page 487: ...exit Associate the vlan 1 and vlan 2 respectively with vpnb and vpnc while configuring IP address SwitchA config in vlan1 SwitchA config if Vlan1 ip vrf forwarding vpnb SwitchA config if Vlan1 ip addr...

Page 488: ...PF segments SwitchC config router ospf SwitchC config router network 20 1 1 0 24 area 0 SwitchC config router exit 14 6 5 OSPF Troubleshooting Help The OSPF protocol may not be working properly due to...

Page 489: ...6 5 1 2 debug ospf ifsm Command no debug ospf ifsm status events timers Function Open debugging switches showing the OSPF interface states the no debug ospf ifsm status events timers command closes t...

Page 490: ...il command closes this debugging switch Default Closed Command Mode Admin mode and global mode Example Switch debug ospf packet hello 14 6 5 1 7 debug ospf route Command no debug ospf route ase ia ins...

Page 491: ...Checksum Sum 0x000000 Routing Process ospf 10 with ID 0 0 0 0 Process bound to VRF DC1 Process uptime is 4 days 23 hours 51 minutes Conforms to RFC2328 and RFC1583Compatibility flag is disabled Suppor...

Page 492: ...dvertiser_router linkstate_id opaque area self originate adv router advertiser_router linkstate_id opaque as self originate adv router advertiser_router linkstate_id opaque link self originate adv rou...

Page 493: ...ameter interface is the name of interface Default Not displayed Command Mode All modes Example Switch show ip ospf interface Loopback is up line protocol is up OSPF not enabled on this interface Vlan1...

Page 494: ...how ip ospf route Command show ip ospf process id route Function Display the OSPF routing table messages Parameter process id is the process ID ranging between 0 65535 Default Not displayed Command Mo...

Page 495: ...tual Link VLINK1 to router 10 10 0 123 is down Transit area 0 0 0 1 via interface Vlan1 Transmit Delay is 1 sec State Down Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in...

Page 496: ...algorithm to generate a route table basing on that database Autonomous system AS is a self managed interconnected network In large networks such as the Internet a giant interconnected network is broke...

Page 497: ...ghbor i e flooding 6 Since routing database is not recalculated before layer3 switch forwards LSA flooding the converging time is greatly reduced One major advantage of link state routing protocols is...

Page 498: ...area route between areas first category external route and second category external route in the order of highest priority to lowest The route inside an area and between areas describe the internal n...

Page 499: ...ide of STUB area Each STUB area has a corresponding default route the route from STUB area to AS external destination depends only on default route of this area The following simply outlines the route...

Page 500: ...e 3 Configure OSPF package sending timer parameter timer of broadcast interface sending HELLO package to poll timer of neighboring layer3 switch invalid timeout timer of LSA transmission delay and tim...

Page 501: ...nstance id Implement ospfv3 routing on the interface The no IPv6 router ospf area area id instance id instance id tag tag instance id instance id tag tag area area id instance id instance id command c...

Page 502: ...es the default setting IPv6 ospf retransmit time instance id id no IPv6 ospf retransmit instance id id Sets the interval for retransmission of link state advertisement among neighbor layer3 switches t...

Page 503: ...ayer3 switch DR Commands Explanation Interface Configuration Mode IPv6 ospf priority priority instance id id no IPv6 ospf priority instance id id Sets the priority of the interface in designated layer...

Page 504: ...tise this area not advertise Not advertise this area If both are not set this area is defaulted for advertising Default Function not configured Command Mode OSPFv3 protocol mode Usage Guide Use this c...

Page 505: ...l link Parameter id is the area number which could be digits ranging between 0 4294967295 and also as an IP address instance id is the interface instance ID ranging between 0 255 and defaulted at 0 IN...

Page 506: ...command is good for interactive operation among different OSPF realizing method and is especially useful in the multiple host environment Example Configure abr as standard Switch config terminal Swit...

Page 507: ...id id no ipv6 ospf dead interval instance id id Function Specify the dead interval for neighboring layer 3 switch the no ipv6 ospf dead interval instance id id command restores the default value Para...

Page 508: ...e hello interval on the interface the no ipv6 ospf hello interval instance id id restores the default value Parameter id is the interface instance ID ranging between 0 255 defaulted at 0 time is the l...

Page 509: ...ected as Defined layer 3 switch or Backup Defined layer 3 switch The command can configure on IPv6 tunnel interface but it is successful configuration to only configure tunnel carefully Example Config...

Page 510: ...ending LSA on the interface which is shown in seconds and ranged between 1 65535 Default The default delay time of send LSA on the interface is 1 second by default Command Mode Interface Mode Usage Gu...

Page 511: ...pv6 router ospf area 1 tag IPI instance id 1 14 7 3 15 max concurrent dd Command max concurrent dd value no max concurrent dd Function Configure with this command the current dd max concurrent number...

Page 512: ...be 1 or 2 and it is 2 by default route map word targets to the probe of the route map for introducing route Command Mode OSPFv3 protocol mode Usage Guide Learn and introduce other routing protocol int...

Page 513: ...IPI 14 7 3 20 timers spf Command timers spf spf delay spf holdtime no timers spf Function Adjust route calculation timer value The no timers spf restores the relevant value to default Parameter spf d...

Page 514: ...vlan1 exit Configure interface vlan2 IP address and affiliated OSPFv3 area SwitchA config interface vlan 2 SwitchA config if vlan2 IPv6 address 2100 1 1 1 64 SwitchA config if vlan2 IPv6 router ospf a...

Page 515: ...lan3 IPv6 router ospf area 1 SwitchC config if vlan3 exit SwitchC config exit SwitchC Layer 3 switch SwitchD Enable OSPFv3 protocol configure router ID SwitchD config router IPv6 ospf SwitchD config r...

Page 516: ...configure affiliated OSPFv3 area on relative interface And then consider OSPFv3 protocol characteristic OSPFv3 backbone area area 0 must be continuous If it doesn t ensure that virtual link is impleme...

Page 517: ...ed Command Mode Admin mode and global mod Switch debug ipv6 ospf nfsm 1970 01 01 01 14 07 IMI NFSM 192 168 2 3 000007d4 LS update timer expire 1970 01 01 01 14 07 IMI NFSM 192 168 2 1 000007d3 LS upda...

Page 518: ...xample Routing Process OSPFv3 null with ID 192 168 2 2 SPF schedule delay 5 secs Hold time between SPFs 10 secs Minimum LSA interval 5 secs Minimum LSA arrival 1 secs Number of external LSA 0 Checksum...

Page 519: ...Vlan2 Link State ID ADV Router Age Seq CkSum Prefix 0 0 7 211 192 168 2 1 1450 0x80000001 0xa565 1 0 0 7 212 192 168 2 2 1399 0x80000001 0x4305 1 Router LSA Area 0 0 0 0 Link State ID ADV Router Age S...

Page 520: ...is 1 sec State DR Priority 1 Designated Router ID 192 168 2 2 Interface Address fe80 203 fff fe01 257c Backup Designated Router ID 192 168 2 3 Interface Address fe80 203 fff fe01 d28 Timer interval c...

Page 521: ...d Router ID 192 168 2 2 Interface Address fe80 203 fff fe01 257c Specifying layer 3 switch Backup Designated Router ID 192 168 2 3 Interface Address fe80 203 fff fe01 d28 Back up designated layer 3 sw...

Page 522: ...nship state Pri Priority 14 7 5 1 11 show ipv6 ospf route Command show ipv6 ospf tag route Function Show the OSPF route table messages Parameter tag is the processes tag which is a character string De...

Page 523: ...ow ipv6 ospf virtual links Command show ipv6 ospf tag virtual links Function Show OSPF virtual link messages Parameter tag is the processes tag which is a character string Default Not displayed Comman...

Page 524: ...routing protocol unlike interior routing protocol such as OSPF and RIPng BGP can t discovery and calculate routes but it can control the transmission of routes and select the best route By carrying A...

Page 525: ...BGP speaker receives this message it shutdowns the BGP connections with its neighbors BGP 4 is connection oriented BGP acts as higher protocol and runs on the particular equipments When detecting a ne...

Page 526: ...d physical connection and share the same medium Because EBGP need physical connection the boundary equipments between two AS are usually running EBGP When a BGP speaker receives routing information fr...

Page 527: ...onfederation is preferable to IBGP 8 If it s still the same by now BGP router ID router ID is used to break the balance The best route is the one from the least router ID 14 8 2 BGP Configuration Task...

Page 528: ...BGP process Router configuration mode network ip address M no network ip address M Set the network that BGP will announce the no network ip address M command cancels the network that will be announced...

Page 529: ...neighbors and peers the no neighbor ip address TAG soft reconfiguration inbound command cancels the storage of routing information Admin Mode Clear ip bgp as id external peer group NAME ip address so...

Page 530: ...eighbor ip address TAG next hop self command cancels the setting 2 Cancel default Next Hop through route map Command Explanation Route mapped configuration command set ip next hop ip address no set ip...

Page 531: ...ion 4th Advanced BGP configuration tasks 1 Use Route Maps to Modify Route Command Explanation BGP configuration mode neighbor ip address TAG route map map name in out no neighbor ip address TAG route...

Page 532: ...iguration mode bgp confederation identifier as id no bgp confederation identifier as id Configure a BGP AS confederation identifier the no bgp confederation identifier as id command deletes the BGP AS...

Page 533: ...er id command cancels the cluster id configuration 3 If the route reflector from clients to clients is needed the following commands can be used Command Explanation BGP configuration mode bgp client t...

Page 534: ...iption neighbor ip address TAG default originate route map NAME no neighbor ip address TAG default originate route map NAME Permit to send the default route 0 0 0 0 the no neighbor ip address TAG defa...

Page 535: ...list number name in out command cancels route filtering neighbor ip address TAG route reflector client no neighbor ip address TAG route reflector client Configure the current switch as route reflecto...

Page 536: ...d activates the closed BGP neighbor or peers 8 Adjust BGP Timers 1 Configure the BGP timer of all the neighbors Command Explanation BGP configuration mode timers bgp keepalive holdtime no timers bgp C...

Page 537: ...ute Command Explanation BGP configuration mode neighbor ip address TAG default originate no neighbor ip address TAG default originate Permit sending default route 0 0 0 0 the no neighbor ip address TA...

Page 538: ...lector the no redistribute connected static rip ospf command cancels the redistribution 14 Configure Route Dampening Command Explanation BGP configuration mode bgp dampening 1 45 1 20000 1 20000 1 255...

Page 539: ...lities include route update dynamic capability outgoing route filtering capability and the address family s capability of supporting the negotiation Use these command to enable these capabilities its...

Page 540: ...Command address family AFI SAFI Function Enter address family mode Parameter AFI address family such as IPv4 IPv6 VPNv4 etc SAFI sub address family such as unicast multicast Default None Command Mode...

Page 541: ...nv4 Function Enter the BGP VPNv4 address family mode Parameter None Command Mode BGP routing mode Usage Guide To support VPN VRF has to be enabled on the border routers to realize VPN create neighbors...

Page 542: ...ate nexthop check command cancels this configuration namely not check the next hop accordance of aggregate route Parameter None Default No nexthop checked during aggregating Command Mode Global mode U...

Page 543: ...ignore 14 8 3 8 bgp bestpath compare confed aspath Command bgp bestpath compare confed aspath no bgp bestpath compare confed aspath Function Set to concern the confederation AS PATH length The no bgp...

Page 544: ...st Consider as max MED value when missing Default Not configured Command Mode BGP routing mode Usage Guide Choose whether MED is compared among confederations by this command If MED is missing It is c...

Page 545: ...d no bgp confederation identifier as id Function Create delete a confederation configuration The no bgp confederation identifier as id command deletes a confederation Parameter ID number of the confed...

Page 546: ...der this route will no longer be advertised The penalty value will be reduced by time by the half life index regulation if the route keeps stable and finally be advertised again when the penalty falls...

Page 547: ...bgp enforce first as Command bgp enforce first as no bgp enforce first as Function Enforces the first AS position of the route AS PATH contain the neighbor AS number or else disconnect this peer when...

Page 548: ...the routing message with no regard to the matched information Example Switch config router bgp 100 Switch config router no bgp inbound route filter 14 8 3 21 bgp log neighbor changes Command bgp log...

Page 549: ...h config router bgp network import check 14 8 3 24 bgp rfc1771 path select Command bgp rfc1771 path select no bgp rfc1771 path select Parameter None Default Not following Command Mode Global mode Usag...

Page 550: ...60 no bgp scan time 0 60 Function Set the time interval of the periodical next hop validation the no bgp scan time 0 60 command restores to the default value Parameter 0 60 Validation time interval De...

Page 551: ...ILY address family such as ipv4 unicast ip address IP address ip address M IP address and mask Default None Command Mode Admin mode Usage Guide It is possible to clear BGP routing dampening messages a...

Page 552: ...55 1 255 command restores the manage distance to default value Parameter Respectively the EBGP IBGP and LOCAL manage distance of the BGP Default Default EBGP is 20 others are 200 Command Mode BGP rout...

Page 553: ...ch config af rd 100 10 Switch config af route target both 100 10 Switch config af import map map1 Switch show ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher 100 10 Defau...

Page 554: ...ity number COMMUNITY Members of the community list which may be the combination of aa nn or internet local AS no advertise and no export It can be shown in regular expressions under extended condition...

Page 555: ...icast address family and disable other address families Command Mode BGP routing mode and address family mode Usage Guide IP unicast is configured under BGP routing mode Configure whether specific add...

Page 556: ...In default conditions AS is not allowed repeating in the same route and when set the repeat count it is defaulted at 3 when 1 10 parameters not set Command Mode BGP routing mode and address family mo...

Page 557: ...e AS path whether its AS number exists if yes the route will be considered as circuit and cleared However in VPN environment there may be two or more CE with the same AS number on the PE link As the E...

Page 558: ...ault Not configure the dynamic update capability but the route refresh capability Command Mode BGP routing mode and address family mode Usage Guide This is an extended BGP capability With this configu...

Page 559: ...e as its own out rules so to avoid sending route which will be denied by the partner Example Switch config router neighbor 10 1 1 66 capability orf prefix list both 14 8 3 45 neighbor collide establis...

Page 560: ...selecting principles According to route mirror it can be chosen when to send the default route Example Switch config router neighbor 10 1 1 64 default originate Switch config router Now the route tabl...

Page 561: ...55 any Switch config access list 101 permit ip any any Switch config router bgp 100 Switch config router neighbor 10 1 1 66 distribute list 101 out 14 8 3 49 neighbor dont capability negotiate Command...

Page 562: ...are ensured through static configuration The neighbor relationship is established only after both side are configured as follows on 10 1 1 64 Switch config router neighbor 11 1 1 120 ebgp multihop on...

Page 563: ...t while sending and receiving are configured by this command Example Configure the AS PATH access control list ASPF is the name of the access list The route with AS number of 100 will not be able to u...

Page 564: ...ly option is set then there will be warning only if not the connection to the neighbor will be cut till clear the records with clear ip bgp command Example Switch config router neighbor 10 1 1 64 maxi...

Page 565: ...ip address TAG passive no neighbor ip address TAG passive Function Configure whether the connecting request is positively sent in the connection with specified neighbor the no neighbor ip address TAG...

Page 566: ...group TAG no neighbor ip address peer group TAG Function Assign delete peers in the group The no neighbor ip address peer group TAG command deletes the peers from the peer group Parameter ip address...

Page 567: ...prefix list in out Direction on which the restrictions applied Default No prefix restrictions applied Command Mode BGP routing mode and address family mode Usage Guide Specify the prefix and its scop...

Page 568: ...ss Neighbor IP address TAG Name of peer group Default Not configured Command Mode BGP routing mode and address family mode Usage Guide Configure this attribute to avoid assigning the internal AS numbe...

Page 569: ...P address TAG Name of peer group Default Not configured Command Mode BGP routing mode and address family mode Usage Guide The route reflection is used for reducing the peers when the internal IBGP rou...

Page 570: ...or 10 1 1 68 route server client 14 8 3 67 neighbor send community Command neighbor ip address TAG send community both extended standard no neighbor ip address TAG send community both extended standar...

Page 571: ...ip address TAG soft reconfiguration inbound command set to not perform the inbound soft reconfiguration Parameter ip address Neighbor IP address TAG Name of peer group Default Not perform inbound soft...

Page 572: ...lity match Command neighbor ip address TAG strict capability match no neighbor ip address TAG strict capability match Function Configure whether strict capability match is required when establishing c...

Page 573: ...val Default 120s Command Mode BGP routing mode and address family mode Usage Guide Configure the connecting time interval when connecting a peer The NO form restores the default value Example Switch c...

Page 574: ...he loop back interface The NO forms restores to the nearest interface update source Improper update source use may lead to neighbor connection unavailable while the invalid interface causes problem wh...

Page 575: ...no network ip address M route map WORD backdoor Function Configure the BGP managed network the route map specified in network application or set the back door for the network the no network ip address...

Page 576: ...er or IP address digits such as 100 10 Command Mode vrf mode Usage Guide Under VRF mode the configured RD is for identifying different VRF each of which shall have a unique RD The BGP distinct routes...

Page 577: ...ort both rt val Function Configure the route extended community attributes so to determine whether the route be spreaded to specific VRF Parameter rt val is the same as RD form standing for the extend...

Page 578: ...655 Switch config map set vpnv4 next hop 10 1 1 250 Switch config map exit Switch config router bgp 100 Switch config router neighbor 10 1 1 68 remote as 100 Switch config router neighbor 10 1 1 68 r...

Page 579: ...Configuration Examples of BGP 14 8 4 1 Examples 1 configure BGP neighbor SwitchB SwitchC and SwitchD are in AS200 SwitchA is in AS100 SwitchA and SwitchB share the same network segment SwitchB and Sw...

Page 580: ...B and SwitchA is EBGP and other connections with SwitchC and SwitchD are IBGP SwitchB and SwitchD may have BGP connection without physical connection But there is a precondition that these two switche...

Page 581: ...s list 1 permit 11 1 0 0 0 0 255 255 Switch config access list 2 permit 0 0 0 0 255 255 255 255 Switch config exit Switch clear ip bgp 16 1 1 6 soft out In the following sample configure the MED local...

Page 582: ...s 4 configure BGP confederation The following is the configuration of an AS As the picture illustrated SwitchB and SwitchC establish IBGP connection SwitchD is affiliated to AS 20 SwitchB and SwitchC...

Page 583: ...n identifier 200 SwitchC config router bgp bgp confederation peers 20 SwitchC config router bgp neighbor 12 1 1 2 remote as 10 SwitchD SwitchD config router bgp 20 SwitchD config router bgp bgp confed...

Page 584: ...100 SwitchC config router bgp neighbor 2 2 2 2 route reflector client SwitchC config router bgp neighbor 7 7 7 7 remote as 100 SwitchC config router bgp neighbor 3 3 3 4 remote as 100 SwitchC config r...

Page 585: ...e as 100 SwitchA config router bgp neighbor 9 9 9 9 remote as 300 The SwitchA at this time needn t to create IBGP connection with all the switches in the AS100 and could receive BGP route from other s...

Page 586: ...or 1 1 1 1 remote as 300 SwitchD config router bgp exit SwitchD config route map set metric permit 10 SwitchD Config Router RouteMap set metric 200 The configurations of SwitchB SwitchB config router...

Page 587: ...Notice BGP protocol itself can t detect route needs to import other routes to create BGP route Only it enables these routes to announce IBGP and EBGP neighbors by importing routes Direct link routes s...

Page 588: ...p Metric LocPrf Weight Path 12 0 0 0 10 1 1 121 0 32768 100 1 1 0 24 10 1 1 200 0 32768 100 1 2 0 24 10 1 1 200 0 32768 172 0 0 0 8 0 0 0 0 32768 i Total number of prefixes 4 14 8 5 1 2 show ip bgp at...

Page 589: ...172 0 0 0 8 0 0 0 0 32768 700 800 i Total number of prefixes 2 14 8 5 1 4 show ip bgp community info Command show ip bgp community info Function For displaying the community messages permitted by BGP...

Page 590: ...e Command Mode All mode Usage Guide Only the surged routes will be displayed The Parameters shows the display configuration other than specific routes The other two options will respectively show the...

Page 591: ...SH IP BGP filter list FL BGP table version is 2 local router ID is 11 1 1 100 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Ne...

Page 592: ...tes parameters will respectively displays the routes broadcast on local side the received prefix filter received routes soft reconfiguration enabled and the routing message from specific neighbor Exam...

Page 593: ...ific prefix list in BGP Parameter ADDRESS FAMILY Address family such as ipv4 unicast NAME Name of prefix list Default None Command Mode All mode Usage Guide We can select the required BGP route by reg...

Page 594: ...best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 64 0 0 500 100 600 Total number of prefixes 1 14 8 5 1 13 show ip bgp regexp...

Page 595: ...uppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 64 0 0 500 100 600 10 1 1 68 0 0 300 Total...

Page 596: ...BGP instance Parameter NAME Name of BGP instance ip address IP address ip address M IP address and mask ADDRESS FAMILY Address family such as ipv4 unicast Default None Command Mode All modes Usage Gui...

Page 597: ...E all command closes the BGP debugging messages Parameter MODULE BGP module names including dampening events filters fsm keepalives nsm updates etc Default None Command Mode Admin mode and global mode...

Page 598: ...v6 unicast Enter IPv6 unicast address family BGP protocol address family comfiguration mode no neighbor X X X X activate Configure IPv6 neighbor to activate inactivate the address family exit address...

Page 599: ...ress family SwitchB config router bgp exit SwitchB config SwitchC configuration as follows SwitchC config router bgp 200 SwitchC config router bgp neighbor 2002 2 remote as 200 SwitchC config router b...

Page 600: ...D is IBGP The BGP connection can be processed between SwitchB and SwitchD without physical link but the premise is a route which reaches from one switch to the other switch The route can be obtained b...

Page 601: ...rts a message IGMP Snooping is also referred to as IGMP listening The switch prevents multicast traffic from flooding through IGMP Snooping multicast traffic is forwarded to ports associated to multic...

Page 602: ...atic multicast address and port member to join 3 Configure IGMP to send Query Command Explanation Global Mode ip igmp snooping vlan vlan id query no ip igmp snooping vlan vlan id query Enables IGMP Sn...

Page 603: ...gmp snooping vlan 100 15 3 2 ip igmp snooping vlan immediate leave Command ip igmp snooping vlan vlan id immediate leave no ip igmp snooping vlan vlan id immediate leave Function Enable the IGMP fast...

Page 604: ...oping vlan vlan id Function Enable the IGMP Snooping function for the specified VLAN the no ip igmp snooping vlan vlan id command disables the IGMP Snooping function for the specified VLAN Parameter v...

Page 605: ...port Parameter vlan id vlan id ranging between 1 4094 value mrouter port survive period ranging between 1 65535 seconds Command Mode Global mode Default 255s Usage Guide This command validates on dyna...

Page 606: ...n id query robustness Function Configure the query robustness The no ip igmp snooping vlan vlan id query robustness command restores to the default value Parameter vlan id vlan id ranging between 1 40...

Page 607: ...s are connected to port 2 6 10 12 respectively and the multicast router is connected to port 1 As IGMP Snooping is disabled by default either in the switch or in the VLANs If IGMP Snooping should be e...

Page 608: ...am 2 and port 12 will not receive the traffic of program 1 Scenario 2 IGMP Query Multicast Router Mrouter Port IGMP Snooping Group 1 Group 1 Group 1 Group 2 Switch2 Group 1 Group 2 IGMP Snooping Query...

Page 609: ...run properly because of physical connection or configuration mistakes So the users should noted that z Make sure correct physical connection z Activate IGMP Snooping on whole config mode use ip igmp...

Page 610: ...is disabled on the switch by default Usage Guide The command is used for enable the IGMP Snooping debugging switch of the switch switch IGMP data packet message can be shown with packet parameter eve...

Page 611: ...2 Igmp snooping mrouter port keep alive time 255 s Igmp snooping query suppression time 255 s IGMP Snooping Connect Group Membership Note All Source S Include Source S Exclude Source Groups Sources Po...

Page 612: ...ress table multicast Command show mac address table multicast vlan vlan id Function Show the multicast MAC address table messages Parameter vlan id VLAN ID included in the entries to be shown Command...

Page 613: ...multicast VLAN is configured the multicast traffic will be continuously sent to the users 16 2 Multicast VLAN Configuration Task 1 Enable the multicast VLAN function 2 Configure the IGMP Snooping 1 E...

Page 614: ...tion of the VLAN configuration of VLANs associated with the multicast VLAN should be deleted Note that the default vlan can not be configured with this command and only one multicast vlan is allowed o...

Page 615: ...multicast server is connected to the layer 3 switch switchA through port 1 1 which belongs to the vlan10 of the switch The layer 3 switch switchA is connected with layer 2 switches through the port 1...

Page 616: ...erface ethernet1 10 SwitchA Config Ethernet1 10 switchport mode trunk SwitchB config SwitchB config vlan 100 SwitchB config vlan100 Switchport access ethernet 1 15 SwitchB config vlan100 exit SwitchB...

Page 617: ...al of valuable bandwidth resource and furthermore Broadcast mode goes against the security and secrecy The emergence of IP Multicast technology solved this problem in time The Multicast source only se...

Page 618: ...ast group can be permanent or temporary Some of the Multicast group addresses are assigned officially they are called Permanent Multicast Group Permanent Multicast Group keeps its IP address fixed but...

Page 619: ...ode the source host sends packets to the host group indicated by the Multicast group address in the destination address field of IP data packet Unlike Unicast mode Multicast data packet must be forwar...

Page 620: ...sitory finance application stock etc 3 Any data distribution application of one point to multiple points In the situation of more and more multimedia operations in IP network Multicast has tremendous...

Page 621: ...ing Unicast routing table to establish a Multicast transmission tree initiating from data source When a Multicast packet arrives the router will determine whether the coming path is correct first If t...

Page 622: ...ip pim multicast routing Make PIM DM Protocol on each interface to Enable status but the commands below are required to really enable PIM DM protocol on the interface And then turn on PIM SM switch on...

Page 623: ...e mode command disenables PIM DM protocol on interface Parameter None Default Disable PIM DM protocol Command Mode Interface Configure Mode Usage Guide The command will be taken effect executing ip mu...

Page 624: ...val interval no ip pim state refresh origination interval Function Configure transmission interval of state refresh message on interface The no ip pim state refresh origination interval command restor...

Page 625: ...witch Config if Vlan1 ip address 12 1 1 2 255 255 255 0 Switch Config if Vlan1 ip pim dense mode Switch Config if Vlan1 exit Switch Config interface vlan 2 Switch Config if Vlan2 ip address 20 1 1 1 2...

Page 626: ...switch of PIM DM source activity timer information in detail the no debug pim timer sat command disenables the debug switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide Enable t...

Page 627: ...warding items namely forwarding items of forward multicast packet in system FIB table Example Display all of PIM DM message forwarding items Switch config show ip pim mroute dense mode IP Multicast Ro...

Page 628: ...y used in big scale network with group members distributed relatively sparse and wide spread Unlike the Flooding Prune of Dense Mode PIM SM Protocol assumes no host needs receiving Multicast data pack...

Page 629: ...y will take charge of encapsulating the Multicast packet into registered message and unicast it to corresponding RP If there are more than one PIM SM Multicast routers on a network segment then DR Des...

Page 630: ...rotocol 1 Enable PIM SM Protocol The basic configuration to function PIM SM Routing Protocol on EDGECORE series Layer 3 switch is very simple It is only required to turn on PIM Multicast switch in Glo...

Page 631: ...ccess list If a neighbor is filtered by the list and a connection has been set up with this neighbor then this connection is cut off immediately and if no connection is set up yet then this connection...

Page 632: ...configure the information of PIM SM candidate RP so that it can compete for RP router with other candidate RPs The no ip pim rp address A B C D all A B C D M command cancels the configuration of RP 3...

Page 633: ...r to compete the BSR router with other candidate BSRs The command no ip pim bsr candidate disables the candidate BSR Parameter Ifname is the specified interface s name hash mask length is the specifie...

Page 634: ...ets The no ip pim dr priority command restores the default value Parameter priority is priority Default 1 Command Mode Interface Configuration Mode Usage Guide Range from 0 to 4294967294 the higher va...

Page 635: ...onfigured but less than current hello_interval hello_holdtime is modified to 3 5 hello_interval otherwise the configured value is maintained Example Configure vlan1 s Hello Holdtime Switch Config inte...

Page 636: ...net this command is not recommended Example Switch config ip pim ignore rp set priority 17 3 3 9 ip pim jp timer Command ip pim jp timer value no ip pim jp timer Function Configure to add JP timer the...

Page 637: ...deny In the following example if permit any source is not configured deny 10 1 4 10 0 0 0 255 is the same as deny any source Example Configure vlan s filtering rules of pim neighbors Switch show ip pi...

Page 638: ...ter source Command ip pim register source A B C D ifname ethernet vlan vlan id no ip pim register source Function This command is to configure the source address of register packets sent by DR to over...

Page 639: ...ss A B C D A B C D M no ip pim rp address A B C D A B C D M all Function This command is to configure static RP globally or in a multicast address range The no ipv6 pim rp address A B C D A B C D M al...

Page 640: ...m rp candidate vlan1 100 17 3 3 18 ip pim rp register kat Command ip pim rp register kat vaule no ip pim rp register kat Function This command is to congifure the KAT KeepAlive Timer value of the RP S...

Page 641: ...Global Mode Usage Guide 1 Only this command is configured pim ssm can be available 2 Before configuring this command make sure ip pim multicasting succeed This command can t work with DVMRP 3 Access l...

Page 642: ...witch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ip address 13 1 1 1 255 255 255 0 Switch Config If Vlan2 ip pim sparse mode 2 Configure SwitchB Switch Config ip pim mu...

Page 643: ...e SwitchD Switch Config ip pim multicast routing Switch Config interface vlan 1 Switch Config If Vlan1 ip address 34 1 1 4 255 255 255 0 Switch Config If Vlan1 ip pim sparse mode Switch Config If Vlan...

Page 644: ...information is correct if there is not rp information you still need to check unicast routing If all attempts including Check are made but the problems on PIM SM can t be solved yet then use debug com...

Page 645: ...tch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guide Inspect PIM NEXTHOP changing information by the pim nexthop switch Example Switch debug ip pim nexthop 17 3 5 1...

Page 646: ...mand Mode Admin Mode and Global Mode Usage Guide Inspect the changing information about pim state by this switch Example Switch debug ip pim state 17 3 5 1 8 debug pim timer Command debug pim timer de...

Page 647: ...ppt no debug pim timer joinprune pt no debug pim timer joinprune no debug pim timer register rst no debug pim timer register Function Enable or Disable each pim timer Parameter None Default Disabled C...

Page 648: ...fault None Command Mode Admin Mode and Global Mode Usage Guide Display PIM interface information Example testS2 config show ip pim interface Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 1...

Page 649: ...RPF nbr 10 1 4 10 RPF idx Vlan1 Upstream State JOINED Local Joined Asserted Outgoing Displayed Information Explanations Entries The counts of each item RP Share tree s RP address RPF nbr RP direction...

Page 650: ...6 1 Vlan1 00 00 10 00 01 35 v2 1 10 1 6 2 Vlan1 00 00 13 00 01 32 v2 1 10 1 4 2 Vlan3 00 00 18 00 01 30 v2 1 10 1 4 3 Vlan3 00 00 17 00 01 29 v2 1 Displayed Information Explanations Neighbor Address N...

Page 651: ...nexthop Pref Preference Route preference Refcnt Reference count 17 3 5 1 14 show ip pim rp hash Command show ip pim rp hash A B C D Function Display the RP address of A B C D s merge point Parameter...

Page 652: ...ath checking information is based on distance vector in a manner similar to RIP 2 Routing exchange update occurs periodically the default is 60 seconds 3 TTL upper limit 32 hops and that RIP is 16 4 R...

Page 653: ...the capabilities of each other If no Probe message from the neighbor is received until the neighbor is timed out then this neighbor is considered missing In DVMRP source network routing selection mess...

Page 654: ...e DVMRP tunnel 1 Globally enable DVMRP Protocol The basic configuration to function DVMRP routing protocol on EDGECORE series Layer 3 switch is very simple Firstly it is required to turn on DVMRP swit...

Page 655: ...the no ip dvmrp metric command restores default value ip dvmrp reject non pruners no ip dvmrp reject non pruners Configure the interface rejects to set up neighbor relationship with non pruning graft...

Page 656: ...d interface metric value as new metric value of the routing The metric value applies to calculate posion reverse namely ensuring up downstream relations If the metric value of some route on the switch...

Page 657: ...h Config If vlan1 ip dvmrp output report delay 1 1024 17 4 3 5 ip dvmrp reject non pruners Command ip dvmrp reject non pruners no ip dvmrp reject non pruners Function Configure to reject neighborship...

Page 658: ...l configurations are deleted Example Switch Config ip dvmrp tunnel 1 12 1 1 1 24 1 1 1 17 4 4 DVMRP Configuration Examples As shown in the following figure add the Ethernet interfaces of Switch A and...

Page 659: ...ip address command Afterwards enable DVMRP Protocol on the interface use ip dvmrp command and ip dv multicast routing command Multicast Protocol requires RPF Check using unicast routing therefore the...

Page 660: ...in out raft in out graft ack in out in out all command disenables this debugging switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide Enable this switch and display DVMRP protoc...

Page 661: ...Interface corresponding physical interface name Vif Index Virtual interface index Ver Interface supporting version Nbr Cnt Neighbor count Type Interface type Remote Address Remote address 17 4 5 1 4 s...

Page 662: ...itch show ip dv prune Flags P Pruned H Host D Holddown N NegMFC I Init Source Mask Group State FCR Exptime Prune Graft Address Len Address Cnt ReXmit Time 13 1 1 0 24 239 0 0 1 1 01 59 56 Off Displaye...

Page 663: ...Multicast Packet Source Controllable Multicast User Controllable and Service Oriented Priority Strategy Multicast The Multicast Packet Source Controllable technology of Security Controllable Multicast...

Page 664: ...ulticast Strategy Configuration 1 Source Control Configuration Source Controll Configuration has three parts of which the first is to enable source control The command of source control is as follows...

Page 665: ...Mode no ip multicast source control access group 5000 5099 Used to configure the rules source control uses to port the NO form cancels the configuration Destination Control Configuration Like source c...

Page 666: ...follows Command Explanation Port Configuration Mode no ip multicast destination control access group 6000 7999 Used to configure the rules destination control uses to port the NO form cancels the con...

Page 667: ...estination wildcard host destination destination host ip any destination command deletes the access list Parameter 5000 5099 source control access list number deny permit deny or permit source multica...

Page 668: ...source address source wildcard multicast source address wildcard character source host ip multicast source host address destination multicast destination address destination wildcard multicast destin...

Page 669: ...7999 Function Configure multicast destination control access list used on specified vlan mac the no ip multicast destination control 1 4094 macaddr access group 6000 7999 command deletes this configu...

Page 670: ...excuting the command it needs to excute clear ip igmp groups command to clear relevant groups in Admin mode Example Switch Config ip multicast destination control 10 1 1 0 24 access group 6000 17 5 3...

Page 671: ...ion Configure to globally enable multicast source control the no ip multicast source control command restores global multicast source control disabled Parameter None Default Disabled Command Mode Glob...

Page 672: ...mit multicast data without any limit and we can make the following configuration Switch config access list 5000 permit ip any host 225 1 2 3 Switch config access list 5001 permit ip any any Switch con...

Page 673: ...tions above carefully If you still can determine the cause of the problem please send your configurations and the effects you expect to the after sale service staff of our company 17 5 5 1 Monitor And...

Page 674: ...host source 2 1 1 1 any destination access list 6001 deny ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 permit ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6003 permit...

Page 675: ...itch sh ip multicast source control access list access list 5000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 access list 5000 deny ip 10 1 1 0 0 0 0 255 233 0 0 0 0 255 255 255 17 6 IGMP 17 6 1 I...

Page 676: ...IGMP version1 the selection of query machine is determined by Multicast Routing Protocol IGMP version2 made an improvement for it it prescribed that when there are more than one multicast switches on...

Page 677: ...tion with these variables of non queries 5 Max Response Time in Query Message has an exponential range with maximum value from 25 5 secs of v2 to 53 mins which can be used in links of great capacity 6...

Page 678: ...p dvmrp no ip pim dense mode no ip pim sparse mode disable IGMP Protocol Required 2 Configure IGMP Sub parameters 1 Configure IGMP group parameters 1 Configure IGMP group filtering conditions 2 Config...

Page 679: ...f the interface for IGMP query the no ip igmp query max response time command restores default value ip igmrp query timeout time_val no ip igmp query timeout Configure the time out of the interface fo...

Page 680: ...ing in immediate leave mode that is when the host transmits member identity report of equaivalent to leave a group router does not transmit query it directly confirms there is no member of this group...

Page 681: ...tion Mode Usage Guide After configuring mamimum state state count interface only saves states which are not more than state count groups and sources If it reaches upper limit of state count it does no...

Page 682: ...uery information on interface when some interface enables some group multicast protocol The command applies to configure this query period time Example Configure interval of periodly transmitted IGMP...

Page 683: ...her switch as new query processor Example Configure timeout of IGMP query message on interface to 100s Switch Config interface vlan 1 Switch Config If Vlan1 ip igmp query timeout 100 17 6 3 9 ip igmp...

Page 684: ...and version 2 therefore it must configure to the same version IGMP in the same network When other routers which are not upgraded to IGMPv3 on interface connected subnet need to join member identity c...

Page 685: ...e user should pay attention to the following issues Firstly to assure that physical connection is correct Next to assure the Protocol of Interface and Link protocol is UP use show interface command Af...

Page 686: ...igmp packet debug is on Switch 02 17 38 58 IGMP Send membership query on dvmrp2 for 0 0 0 0 02 17 38 58 IGMP Received membership query on dvmrp2 from 192 168 1 11 for 0 0 0 0 02 17 39 26 IGMP Send mem...

Page 687: ...t Pres ent V2 V2 Host Present Interface Vlan1 Group 234 1 1 1 Flags Uptime 00 00 19 Group Mode INCLUDE Last Reporter 10 1 1 1 Exptime stopped Source list 2 members S Static Source Address Uptime v3 Ex...

Page 688: ...MP information of specified interface Default Do not display Command Mode Admin Mode Example Display interface valn1 IGMP message on Ethernet Switch config show ip igmp interface Vlan1 Interface Vlan1...

Page 689: ...ulation The working process of PIM DM can be summarized as Neighbor Discovery Flooding Prune and Graft 1 Neigh hour Discovery When PIM DM router is started at beginning Hello message is required to di...

Page 690: ...any specific unicast routing protocol 4 Assert Mechanism If two multicast router A and B in the same LAN segment have their own receiving paths to multicast source S they will respectively forward mu...

Page 691: ...de ipv6 pim hello interval interval no ipv6 pim hello interval Configure PIM DM hello message interval time the NO operation of this command restores the default value Configure PIM DM state refresh m...

Page 692: ...rface vlan 1 Switch Config if Vlan1 ipv6 pim dense mode 18 1 3 2 ipv6 pim dr priority Command ipv6 pim dr priority priority no ipv6 pim dr priority Function Configure cancel and change priority value...

Page 693: ...alue of hello_holdtime is 105s Command Mode Interface Configuration Mode Usage Guide If no setting hellotime will default current 3 5 times of Hello_interval If setting hellotime is less than current...

Page 694: ...pim multicast routing command disenables PIM DM protocol Parameter None Default Disable PIM DM protocol Command Mode Global Mode Usage Guide Ipv6 pim can enable only after executing this command Exam...

Page 695: ...l the downstream routers The command can modify origination interval of state refresh messages Usually do not modify relevant timer interval The command can configure on IPv6 tunnel interface but it i...

Page 696: ...work normally due to physical connections incorrect configuration and so on So users shall note the following points Assure the physical connection is correct Assure the Protocol of Interface and Lin...

Page 697: ...ch and display PIM DM state refresh timer information in detail Example Switch debug ipv6 pim timer srt Remark Other debug switches in PIM DM are common in PIM SM show ipv6 pim mroute dense mode Comma...

Page 698: ...n including FORWARDING forwarding upstream data PRUNED Upstream stops forwarding data ACKPENDING waiting for upstream response forwarding upstream data Origin State The two states ORIGINATOR on transm...

Page 699: ...along the shared tree flow When the data traffic reaches a certain amount multicast data stream can be switched to source based SPT Shortest Path Tree to shorten network delay PIM SM doesn t rely on a...

Page 700: ...icast group based on the same algorithm after receiving the candidate RP message announced by BSR Note that one RP can serve more than one multicast groups even all multicast groups But each multicast...

Page 701: ...protocol on the interface and the NO operation of this command shuts PIM SM Protocol on all interfaces Required And then turn on PIM SM switch on the interface Command Explanation Port Configuration M...

Page 702: ...ure switch to be candidate BSR Command Explanation Global Mode Ipv6 pim bsr candidate ifname hash mask length priority no ipv6 pim bsr candidate This command is the global candidate BSR configuration...

Page 703: ...pv6 pim accept register Function Filter the specified multicast group Parameter acess list name is the applying access list name Default Permit the multicast registers from any sources to any groups C...

Page 704: ...the BSR router with other candidate BSRs Only this command is configured this switch is the BSR candidate router Example Globally configure the interface vlan1 as the candidate BSR message transmitti...

Page 705: ...d restores the default value Parameter None Default The Hello packets include GenId option Command Mode Interface Configuration Mode Usage Guide This command is used to interact with older Cisco IOS v...

Page 706: ...rval of periodically transmitted pim hello packets ranges from 1 to 18724s Default The default periodically transmitted pim hello packets hello_interval is30s Command Mode Interface Configuration Mode...

Page 707: ...3 10 ipv6 pim multicast routing Command ipv6 pim multicast routing no ipv6 pim multicast routing Function Enable PIM SM globally The no ipv6 pim multicast routing command disables PIM SM globally Par...

Page 708: ...ipv6 pim Register rate limit command restores the default value This configured speedrate is each S G state s not the whole systems Parameter limit ranges from 1 to 65535 Default No limit for sending...

Page 709: ...nfig ipv6 pim register source Vlan1 18 2 3 15 ipv6 pim register suppression Command ipv6 pim register suppression value no ipv6 pim register suppression Function This command is to configure the value...

Page 710: ...the candidate RP the format is X X X X M ipv6 address and prefix length priority is the RP selection priority ranges from 0 to 255 the default value is 192 the lower value has more priority Default T...

Page 711: ...ed PIM SM Command Mode Interface Configuration Mode Usage Guide Enable PIM SM on the interface The command can configure on IPv6 tunnel interface but it is successful configuration to only configure t...

Page 712: ...pim sparse mode Switch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ipv6 address2000 24 1 1 2 64 Switch Config If Vlan2 ipv6 pim sparse mode Switch Config If Vlan2 exit S...

Page 713: ...ssure the Protocol of Interface and Link is UP use show interface command Unicast route shall be used to carry out RPF examination for multicast protocol So the correctness of unicast route shall be g...

Page 714: ...3 debug ipv6 pim mib Command debug ipv6 pim mib no ipv6 debug pim mib Function Enable or Disable PIM MIB debug switch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guid...

Page 715: ...mand Mode Admin Mode and Global Mode Usage Guide Inspect the received and transmitted pim packets by this switch Example Switch debug ipv6 pim packet in 18 2 5 1 7 debug ipv6 pim state Command debug i...

Page 716: ...bug ipv6 pim timer bsr crp no debug ipv6 pim timer bsr no debug ipv6 pim timer hello ht no debug ipv6 pim timer hello nlt no debug ipv6 pim timer hello tht no debug ipv6 pim timer hello no debug ipv6...

Page 717: ...126 Next bootstrap message in 00 00 10 Role Candidate BSR State Elected BSR Next Cand_RP_advertisement in 00 00 10 RP 2000 1 111 100 Vlan2 Displayed Information Explanations BSR address Bsr router Add...

Page 718: ...count DR Prior Dr priority DR The interface s DR address 18 2 5 1 11 show ipv6 pim mroute sparse mode Command show ipv6 pim mroute sparse mode Function Display the multicast route table of PIM SM Par...

Page 719: ...P direction or upneighbor of source direction RPF idx RPF nbr interface Upstream State Upstream State there are two state of Joined join the tree expect to receive data from upstream and Not Joined qu...

Page 720: ...s Neighbor Address Neighbor address Interface Neighbor interface Uptime Expires Running time overtime Ver Pim version v2 usually DR Priority Mode DR priority in the hello messages from the neighbor an...

Page 721: ...rence count 18 2 5 1 14 show ipv6 pim rp hash Command show ipv6 pim rp hash X X X X Function Display the RP address of group X X X X s merge point Parameter Group address Default None Command Mode Any...

Page 722: ...icast application Correspondingly MLD Protocol version1 is similar to IGMP Protocol version2 and MLD Protocol version2 is similar to IGMP Protocol version3 Current firmware only supports MLDv1 The IPv...

Page 723: ...ve Other logic is basically same as IGMPv2 18 3 2 MLD Configuration Task List 1 Start MLD Required 2 Configure MLD auxiliary parameters Required 1 Configure MLD group parameters 1 Configure MLD group...

Page 724: ...e the overtime of MLD query Command Explanation Port Configuration Mode ipv6 mld query interval time_val no ipv6 mld query interval Configure the interval of MLD query messages sent periodically the N...

Page 725: ...ve Command ipv6 mld immediate leave group list acl name no ipv6 mld immediate leave Function Configure MLD to work in the immediate leave mode that s when the host sends a membership qualification rep...

Page 726: ...MLD host query messages it ranges from 0 to 65535s Default Intrerval of perriodly transmitted MLD query message is 125s Command Mode Interface Configuration Mode Usage Guide When a interface enables...

Page 727: ...t run MLD one switch will be selected as the querying host and others set a timer to inspect the querying host s state If no querying packet is received when the timeout is over a switch wiil be resel...

Page 728: ...X X no ipv6 mld join group X X X X source X X X X Function Configure the sources of certain multicast group which the interface join in Note because of the client group has got only INLCUDE and EXCLU...

Page 729: ...xample Set the MLD state count limit of the interface vlan2 to 4000 Switch Config interface vlan2 Switch Config if Vlan2 ipv6 mld limit 4000 18 3 3 11 ipv6 mld static group Command ipv6 mld static gro...

Page 730: ...efault one Parameter version_no is the version number of the MLD protocol with a valid range of 1 2 Default 2 by default Command Mode Interface Mode Usage Guide While there is routers still not upgrad...

Page 731: ...work normally due to physical connections incorrect configuration and so on So users shall note the following points Assure the physical connection is correct Assure the protocol of interface and lin...

Page 732: ...diaplays MLD packets The no debug ipv6 mld events command disables the debug switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide This switch can be enabled to get MLD packets in...

Page 733: ...icast group Expires The left time to overtime 18 3 5 1 4 show ipv6 mld interface Command show ipv6 mld interface ifname Function Display the relavent MLD information of an interface Parameter ifname i...

Page 734: ...ress MLD Snooping is namely the MLD listening The switch restricts the multicast traffic from flooding through MLD Snooping and forward the multicast traffic to ports associated to multicast devices o...

Page 735: ...n specific vlan The no form of this command cancels the mrouter port configuration ipv6 mld snooping vlan vlan id mrpt value no ipv6 mld snooping vlan vlan id mrpt Configure the keep alive time of the...

Page 736: ...s the MLD data packet message processed by the switch packet event messages event timer messages timer messages of down streamed hardware entry mfc all debug messages all 18 4 3 2 ipv6 mld snooping Co...

Page 737: ...rotocol will hasten the process the port leaves one multicast group in which the specified group query of the group will not be sent and the port will be directly deleted Example Enable the MLD immedi...

Page 738: ...ches the limit new group requesting for joining in will be rejected for preventing hostile attacks To use this command MLD snooping must be enabled on vlan The no form of this command restores the def...

Page 739: ...ample Switch config ipv6 mld snooping vlan 2 mrpt 100 18 4 3 9 ipv6 mld snooping vlan query interval Command ipv6 mld snooping vlan vlan id query interval value no ipv6 mld snooping vlan vlan id query...

Page 740: ...D configuration as possible Example Switch config ipv6 mld snooping vlan 2 query robustness 3 18 4 3 12 ipv6 mld snooping vlan suppression query time Command ipv6 mld snooping vlan vlan id suppression...

Page 741: ...ed Information Explanation Global mld snooping status Whether or not the global mld snooping is enabled on the switch L3 multicasting Whether or not the layer 3 multicast protocol is running on the sw...

Page 742: ...oup Membership Group membership of the vlan namely the correspondence between the port and S G Mld snooping vlan 1 mrouter port Mrouter port of the vlan including both static and dynamic 18 4 3 14 sho...

Page 743: ...the port 1 of vlan 100 as a mrouter port Configuration procedure is as follows Switch config Switch config ipv6 mld snooping Switch config ipv6 mld snooping vlan 100 Switch config ipv6 mld snooping v...

Page 744: ...ives no traffic from program2 and 3 port10 receives no traffic from program 1 and 3 and port12 receives no traffic from program1 and 2 MLD L2 general querier Fig 18 5 Switches as MLD Querier Function...

Page 745: ...he MLD Snooping server may fail to run properly due to physical connection failure wrong configuration etc The user should ensure the following 3 Ensure the physical connection is correct 4 Ensure the...

Page 746: ...ctive combination of conditions such as source IP destination IP IP protocol number and TCP port Access lists can be categorized by the following criteria z Filter information based criterion IP acces...

Page 747: ...o that port or no binding ACL matches z When an access list is bound to the outgoing direction of a port the action in the rule can only be deny 19 2 ACL Configuration 19 2 1 ACL Configuration Task Se...

Page 748: ...nfiguring time range function 1 Create the name of the time range 2 Configure periodic time range 3 Configure absolute time range 4 Bind access list to a specific direction of the specified port 5 Cle...

Page 749: ...ck fin psh rst syn urg precedence prec tos tos Creates a numbered TCP extended IP access rule if the numbered extended access list of specified number does not exist then an access list will be create...

Page 750: ...sIpAddr sMask any host sIpAddr Creates a standard name based IP access rule the no form command deletes the name based standard IP access rule c Exit name based standard IP ACL configuration mode Com...

Page 751: ...pAddr dMask any destination host destination dIpAddr d port dPort ack fin psh rst syn urg precedence prec tos tos Creates an extended name based TCP IP access rule the no form command deletes this nam...

Page 752: ...and Explanation Global Mode access list num deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination m ac host_dmac dmac dmac mask untag ged eth2 tagged...

Page 753: ...c host source mac host_smac smac smac mask any d estination mac host destination mac host_dmac dmac dmac mask untagged eth2 ethertype protocol protocol mask Creates an extended name based MAC access r...

Page 754: ...ure mode 8 Configuring a numbered extended MAC IP access list Command Explanation Global mode access list num deny permit any source mac host source mac host_smac smac smac mask any destination mac ho...

Page 755: ...ource host ip s port port1 destination destination wildcard any desti nation host destination destination host ip d port port3 ack fin psh rst urg syn precedence precedence tos tos time range time ran...

Page 756: ...ocol or all mac ip protocols if the numbered extended access list of specified number does not exist then an access list will be created using this number no access list num deletes this nunbered exte...

Page 757: ...ce wildcard any source host source source host ip destination destination wildcard any desti nation host destination destination host ip igmp type precedence precedence tos tos time range time range n...

Page 758: ...destination mac host_dmac dmac dmac mask eigrp gre igrp ip ipinip ospf protocol num source source wildcard any source host source source host ip destination destination wildcard any desti nation host...

Page 759: ...esday Wednesday T hursday Friday Saturday Sunday start_time to Monday Tuesday Wednesday Thursday Friday Sa turday Sunday end_time periodic Monday Tuesday Wednesday Thursda y Friday Saturday Sunday dai...

Page 760: ...d direction on the port the no ip ipv6 mac mac ip access group name in out command deletes the access list bound to the port 5 Clear the filting information of the specificed port Command Explanation...

Page 761: ...definition of period is specific time period of Monday to Saturday and Sunday every week day1 hh mm ss To day2 hh mm ss or day1 day2 day3 day4 day5 day6 day7 weekend weekdays daily hh mm ss To hh mm s...

Page 762: ...05 1 26 19 2 2 3 access list ip extended Command access list num deny permit icmp sIpAddr sMask any host sIpAddr dIpAddr dMask any destination host destination dIpAddr icmp type icmp code precedence p...

Page 763: ...Guide When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL igmp type represent the type of IGMP packet and usual values pleas...

Page 764: ...ed Command access list num deny permit any source mac host source mac host _smac smac smac mask any destination mac host destinatio n mac host_dmac dmac dmac mask untagged eth2 tagged eth 2 untagged 8...

Page 765: ...o this ACL Examples Permit tagged eth2 with any source MAC addresses and any destination MAC addresses and the packets whose 15th and 16th byte is 0x08 0x0 to pass and Switch Config access list 1100 p...

Page 766: ...ge name Functions Define a extended numeric MAC IP ACL rule No command deletes a extended numeric MAC IP ACL access list rule Parameters num access list serial No this is a decimal s No from 3100 3199...

Page 767: ...h is a number from 0 255 igmp type optional ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0 255 time range name name of time range Command Mode Global mode Def...

Page 768: ...wall Command firewall enable disable Functions Enable or disable firewall Parameters enable means to enable of firewall disable means to disable firewall Default It is no use if default is firewall Co...

Page 769: ...ip standard name no access list ip standard name Functions Create a name standard IP access list no access list ip standard name action of this command deletes this name standard IP access list includ...

Page 770: ...Function Create a name based standard IPv6 access list the no ipv6 access list standard name command deletes the name based standard IPv6 access list including all entries Parameter name is the name f...

Page 771: ...ry not exit The standard extended and nomenclature of access list can be bound to physical port of layer 3 switch not binding ACL to layer interface or influx interface There are four kinds of package...

Page 772: ...t Configuration No access lists configured Usage Guide After assigning this commands for the first time only an empty name access list is created and no list item included Examples Create an MAC ACL n...

Page 773: ...host destination dIpAddr precedence prec tos tos time range time range name Functions Create a name extended IP access rule to match specific IP protocol or all IP protocol Parameters sIpAddr is the s...

Page 774: ...Nacl ipFlow deny 10 1 1 0 0 0 255 255 19 2 2 21 permit deny mac extended Command no deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dm...

Page 775: ...the left no ineffective bit can be added through For example the reverse mask format of one byte is 00001111b mask format is 11110000 and this is not permitted 00010011 Command Mode Name extended MAC...

Page 776: ...to access any source mac any source MAC address any destination mac any destination MAC address host_smac smac source MAC address smac mask mask reverse mask of source MAC address host_dmac dmas dest...

Page 777: ...the passage of UDP packets with any source MAC address and destination MAC address any source IP address and destination IP address and source port 100 and destination port 40000 Switch Config access...

Page 778: ...001 1 2 3 1 dPort 32 19 2 2 24 permit deny ipv6 standard Command no deny permit sIPv6Prefix sPrefixlen any host sIPv6Addr Function Create a standard nomenclature IPv6 access control rule the no form o...

Page 779: ...configuration steps are listed below Switch Config access list 110 deny tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch Config firewall enable Switch Config firewall default permit Switch Conf...

Page 780: ...information but conflicting action rules binding to the port will fail with an error message For instance configuring permit tcp any any destination and deny tcp any any destination at the same time...

Page 781: ...of any source IP address and destination address to pass access list 1100 permit any source mac any destination mac tagged eth2 14 2 0800 Permit tagged eth2 with any source MAC addresses and any desti...

Page 782: ...use in firewall is 10 No 10 standard extended ACL tied to entrance of port Ethernet1 2 packet s number is 10 Number of packets matching this ACL rule 19 4 1 3 show firewall Command show firewall Func...

Page 783: ...st lengthening within 1 16 Default None Command Mode Admin Mode Usage Guide When no access control list is specified all the access control lists will be displayed in used x time s is shown the times...

Page 784: ...number section and the relative values in the other 4 sections then click Add the users can then add the new Numeric Standard IP ACL 19 5 2 Delete numeric IP ACL Click Numeric ACL Configuration and t...

Page 785: ...e z TOS Regarding ICMP numeric extended ACL there are two sub categories z ICMP type z ICMP code Regarding IGMP numeric extended ACL there is one sub category z IGMP type Regarding TCP numeric extende...

Page 786: ...ame configuration is the same with Numeric ACL Configuration The only difference users should change the ACL number to the ACL name This should be entered in ACL name not ACL number CLI command 1 2 2...

Page 787: ...e configuration web page the configuration is the same with it is with numeric extended ACL The only difference is the ACL number needs to be changed to ACL name and entered into the ACL name rather t...

Page 788: ...ion page There are five items in this section z Port the target port to bind to ACL z ACL name the target ACL name to bind z Ingress Egress the target direction to bind z Operation type Add or Remove...

Page 789: ...ical port or a physical port Typically one physical port of the switch connects with one terminal device physical port based only The architecture of IEEE 802 1x is shown below Fig 20 1 802 1x archite...

Page 790: ...ation is implemented in ES4700 series for better security and management Only authenticated user access devices connecting to the same physical port can access the network the unauthorized devices wil...

Page 791: ...enable Enables the 802 1x function in the switch and ports the no dot1x enable command disables the 802 1x function Command Explanation Port Mode dot1x port control auto force authorized forc e unauth...

Page 792: ...re authentication interval the no dot1x timeout re authperiod command restores the default setting dot1x timeout tx period seconds no dot1x timeout tx period Sets the interval for the supplicant to r...

Page 793: ...adius server authentication host IPaddress Specifies the IP address or IPv6 address and listening port number for RADIUS authentication server the no radius server authentication host IPaddress comman...

Page 794: ...AAA function for the switch Switch Config aaa enable 20 2 2 2 aaa accounting enable Command aaa accounting enable no aaa accounting enable Function Enables the AAA accounting function in the switch t...

Page 795: ...ntry applies to all ports in the switch When dot1x address filter function is enabled the switch will filter the authentication user by the MAC address Only the authentication request initialed by the...

Page 796: ...1x function of the switch and enable 802 1x for port 1 12 Switch Config dot1x enable Switch Config interface ethernet 1 12 Switch Config Ethernet0 0 12 dot1x enable 20 2 2 6 dot1x macfilter enable Co...

Page 797: ...lable for ports using MAC based access management if MAC address authenticated exceeds the number of allowed user additional users will not be able to access the network Example Setting port 1 3 to al...

Page 798: ...ment port based access management is suggested only for special usages Example Setting port based access management for port 1 4 Switch Config Ethernet1 4 dot1x port method portbased 20 2 2 11 dot1x r...

Page 799: ...ode Global Mode Default The default value is 10 seconds Usage Guide Default value is recommended Example Setting the silent time to 120 seconds Switch Config dot1x timeout quiet period 120 20 2 2 14 d...

Page 800: ...0 to 65535 primary for primary server Multiple RADIUS sever can be configured and would be available RADIUS server will be searched by the configured order if primary is not configured otherwise the s...

Page 801: ...e same as the specified authentication port in the RADIUS server the default port number is 1812 If this port number is set to 0 the specified server is regard as non authenticating This command can b...

Page 802: ...radius server retransmit Command radius server retransmit retries no radius server retransmit Function Configures the re transmission times for RADIUS authentication packets the no radius server retra...

Page 803: ...er as invalid according to the current conditions Example Setting the RADIUS authentication timeout timer value to 30 seconds Switch Config radius server timeout 30 20 3 802 1x Application Example 1 0...

Page 804: ...disabled If the switch is configured properly but still cannot pass through authentication connectivity between the switch and RADIUS server the switch and 802 1x client should be verified and the por...

Page 805: ...Command mode Admin Mode Parameters N A Usage Guide Enable dot1x debug information allows the check of dot1x protocol negotiation process and is helpful in troubleshooting Example Enable dot1x debuggi...

Page 806: ...nds for the switch as a RADIUS client Command mode Admin Mode Usage Guide Displays whether AAA authentication accounting are enabled and information for key authentication and accounting server specif...

Page 807: ...authentication server X Host IP Udp Port Is Primary Is Server Dead Socket No Displays the authentication server number and corresponding IP address UDP port number Primary server or not down or not a...

Page 808: ...bal parameter for the switch Switch show dot1x Global 802 1x Parameters reauth enabled no reauth period 3600 quiet period 10 tx period 30 max req 2 authenticator mode passive Mac Filter Disable MacAcc...

Page 809: ...State Machine Re authentication state machine status 20 3 1 2 show radius Command show radius authencated user authencating user count Function Displays the statistics for users of RADIUS authenticat...

Page 810: ...hentication function z Accounting Status Enables disables switch AAA accounting function Disable Accounting disable accounting function Enable Accounting enable accounting function z RADIUS key Config...

Page 811: ...Non Primary Authentication server is the non primary server z Operation type Add authentication server adds an authentication server Remove authentication server remove an authentication server Examp...

Page 812: ...x function configuration management list and configure the switch 802 1x function 20 4 2 1 802 1X configuration Click Authentication configuration 802 1X configuration 802 1X configuration to configur...

Page 813: ...authentication mode as forbid choose MAC filtering as forbid and then click Apply button to set the configurations 20 4 2 2 802 1x port authentication configuration Click Authentication configuration...

Page 814: ...itch 20 4 2 3 802 1x port mac configuration Click Authentication configuration 802 1X configuration 802 1x port mac configuration to Add a MAC address table to dot1x address filter z Port If specify p...

Page 815: ...thentication type Authentication type z Authentication status Authentication status z Authentication mode Authentication mode Example Choose Ethernet port 1 1 then Click Reauthenticate button the user...

Page 816: ...router while the Backup routers serve as backups for the active router The virtual router has its own virtual IP address can be identical with the IP address of some router in the Standby cluster and...

Page 817: ...mer intervals 9 Configure VRRP interface monitor 1 Create Remove the Virtual Router Command Explanation Global Mode no router vrrp vrid Creates Removes the Virtual Router 2 Configure VRRP Dummy IP Add...

Page 818: ...tring 5 Configure VRRP Sub parameters 1 Configure the preemptive mode for VRRP Command Explanation VRRP protocol configuration mode preempt mode true false Configures the preemptive mode for VRRP 2 Co...

Page 819: ...ting properly therefore turns its status to Master The user can use this command to adjust the VRRP packet sending interval of the Master For members in the same Standby cluster this property should b...

Page 820: ...t of priority to 10 Switch Config Router Vrrp circuit failover vlan 2 10 21 3 3 debug vrrp Commands debug vrrp all event packet recv send no debug vrrp all event packet recv send Function Displays inf...

Page 821: ...of number 10 Switch config router vrrp 10 Switch Config Router Vrrp enable 21 3 6 interface Commands interface IFNAME Vlan ID no interface Function Configures the VRRP interface Parameters interface I...

Page 822: ...ermines the ranking of a router or L3 Ethernet switch in a Standby cluster the higher priority the more likely to become the Master When a router or L3 Ethernet switch is configured as Master dummy IP...

Page 823: ...nt interval is 1 sec Preempt mode is TRUE VrId 10 State is Initialize Virtual IP is 10 1 10 1 IP owner Interface is Vlan1 Configured priority is 255 Current priority is 255 Advertisement interval is 1...

Page 824: ...uter Vrrp virtual ip 10 1 1 1 21 4 Example Of VRRP As shown in the figure below SwitchA and SwitchB are Layer 3 Ethernet Switches in the same group and provide redundancy for each other SWITCHA SWITCH...

Page 825: ...switches in the same standby cluster are the same Verify the timer time of different routers or L3 Ethernet switches in the same standby cluster are the same Verify the dummy IP address is in the same...

Page 826: ...umber 1 and VLAN port IP 23 Click Apply to add port 23 to Virtual Router number 1 Click Remove to remove port 23 from Virtual Router number 1 21 6 4 Activate Virtual Router Click VRRP control to confi...

Page 827: ...l Example Enter created Virtual Router number 1 and interval 3 Click Enable to set the interval of virtual router number 1 to 3 Click Disable to disable the interval of Virtual Router number 1 21 6 8...

Page 828: ...ck VRRP control to enter VRRP AuthenMode and configure VRRP authentication mode Example Choose created Vlan1 for Port and yes for AuthenMode Click Apply to finish Port Vlan1 authentication mode config...

Page 829: ...MRPP has below characters compare to STP protocol 1 MRPP specifically uses to Ethernet ring topology 2 fast convergence less than 1 s ideally it can reach 100 50 ms 22 1 1 Conception Introduction SWIT...

Page 830: ...ry node The primary port of primary node is used to send ring health examine packet hello the secondary port is used to receive Hello packet sending from primary node When the Ethernet is in health st...

Page 831: ...block state and sends LINK DOWN FLUSH_FDB packet to inform all of transfer nodes to refresh own MAC address forward list 3 Ring Restore After the primary node occur ring fail if the secondary port rec...

Page 832: ...Task Sequence 1 Globally enable MRPP 2 Configure MRPP ring 3 Display and debug MRPP relevant information 1 Globally enable MRPP Command Explanation Global Mode MRPP enable no MRPP enable Globally ena...

Page 833: ...on Show MRPP statistics INT Display receiving data package statistic information of MRPP ring clear MRPP statistics INT Clear receiving data package statistic information of MRPP ring 22 3 Commands Fo...

Page 834: ...le MRPP loop may can t work normally or form broadcast Example Configure control VLAN of mrpp ring 4000 is 4000 Switch Config mrpp ring 4000 Switch mrpp ring 4000 control vlan 4000 22 3 3 debug mrpp C...

Page 835: ...INT valid range is from 1 to 3000s Command Mode MRPP ring mode Default Default configure timer interval 3s Usage Guide If primary node of MRPP ring doesn t receives Hello packet from primary port of...

Page 836: ...no mrpp enable command disables MRPP protocol Parameter Command Mode Global Mode Default The system doesn t enable MRPP protocol module Usage Guide If it needs to configure MRPP ring it enables MRPP...

Page 837: ...uses primary port to send Hello packet secondary port is used to receive Hello packet from primary node There are no difference on function between primary port and secondary of secondary node Exampl...

Page 838: ...figuration of MRPP ring 4000 of switch Switch show mrpp 4000 22 3 13 show mrpp statistics Command show mrpp statistics INT Function Display statistic information of data package of MRPP ring receiving...

Page 839: ...port separately To avoid ring it should temporarily disable one of the ports of primary node when it enables each MRPP ring in the whole MRPP ring and after all of the nodes are configured open the po...

Page 840: ...ch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 primary port Ethernet 1 1 Switch MRPP ring 4000 secondary port Ethernet 1 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Con...

Page 841: ...MRPP Ring 4000 configuration Task Sequence SWITCH A configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000 Switch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 pri...

Page 842: ...witch MRPP ring 4000 secondary port Ethernet 1 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Config SWITCH E configuration Task Sequence Switch Config MRPP enable Switch Config MRPP...

Page 843: ...onfig MRPP enable Switch Config MRPP ring 100 Switch MRPP ring 100 control vlan 100 Switch MRPP ring 100 primary port Ethernet 1 1 Switch MRPP ring 100 secondary port Ethernet 1 2 Switch MRPP ring 100...

Page 844: ...has some port belonging to more than two rings The special port changing takes a effect on more than two rings sometimes one ring changing can affect another one so that makes confusion Thus you d be...

Page 845: ...TCH H configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000 Switch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 primary port Ethernet 1 1 Switch MRPP ring 4000 s...

Page 846: ...rt Ethernet 1 3 Switch MRPP ring 100 enable Switch MRPP ring 100 exit Switch Config SWITCH E configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 100 Switch MRPP ring 100 cont...

Page 847: ...better disconnected the ring and wait for each switch configuration then open the ring When the MRPP ring of enabled switch is disabled on MRPP ring it ensures the ring of the MRPP ring has been disc...

Page 848: ...mically add the candidate switches to the cluster which is already established Accordingly they can configure and manage the member switches through the commander switch When the member switches are d...

Page 849: ...ster register packet 5 Remote cluster network management 1 Remote configuration management 2 Reboot member switch 3 Remotely upgrade member switch 1 Enable or disable cluster 2 Create a cluster 3 Conf...

Page 850: ...le Clear the list of candidate switches discovered by the commander switch Command Explanation Global Mode cluster register timer timer value no cluster register timer Set interval of sending cluster...

Page 851: ...value no cluster register timer Function Sets interval of sending cluster register packet the no cluster register timer command restores the default setting Parameter timer value is interval of sendin...

Page 852: ...witch create a cluster or modify a cluster s name the no cluster commander command deletes the cluster Parameter cluster name is the cluster s name vlan id is the VLAN of the Layer 3 device which the...

Page 853: ...idate switch which has the sequence number as 17 and password as mypassword to the cluster Switch config cluster member candidate sn 17 password mypassword 23 3 6 cluster auto add enable Command clust...

Page 854: ...This command is used to configure the commander switch remotely Users have to telnet the commander switch by passing the authentication The command exit is used to quit the configuration interface of...

Page 855: ...ination address startup config Startup configuration file nos img System file boot rom System startup file Command mode Admin Mode Instructions The commander switch sends the remote upgrade command to...

Page 856: ...o 65535 Command mode The interval of heartbeat is 8 seconds by default Default Global Mode Instructions In the commander switch this command is used to set the interval of heartbeat And this informati...

Page 857: ...mand switch Configuration of SwitchA Switch Config cluster run Switch Config cluster ip pool 1 2 3 4 Switch Config cluster commander 4700 Switch Config cluster auto add enable 2 Configure the member s...

Page 858: ...and Mode Admin Mode Usage Guide Executing this command on the switch will display the information of the candidate member switches such as member ID MAC address IP address equipment name and type 23 5...

Page 859: ...ter the no form of this command disables the enabled debugging messages Command Mode Admin Mode 23 5 2 Cluster Administration Troubleshooting When encountering problems in applying the cluster admin p...

Search results

Summary of Contents for Edge-core ES4704BD

Reviews:

Related manuals for Edge-core ES4704BD

Brands by name

Popular brands

SMC Networks Edge-core ES4704BD, Manual

Search results

Summary of Contents for Edge-core ES4704BD

Reviews:

Related manuals for Edge-core ES4704BD

Brands by name

Popular brands