3Com 4200G 12-Port Скачать руководство пользователя страница 215 | Manualshive

Страница: 215 / 422

background image

26

ACL C

ONFIGURATION

ACL Overview

An access control list (ACL) is used primarily to identify traffic flows. In order to filter
data packets, a series of match rules must be configured on the network device to
identify the packets to be filtered. After the specific packets are identified, and based
on the predefined policy, the network device can permit/prohibit the corresponding
packets to pass.

ACLs classify packets based on a series of match conditions, which can be the source
addresses, destination addresses and port numbers carried in the packets.

The packet match rules defined by ACLs can be referenced by other functions that
need to differentiate traffic flows, such as the definition of traffic classification rules in
QoS.

According to the application purpose, ACLs fall into the following four types:

■

Basic ACL: rules are made based on the L3 source IP addresses only.

■

Advanced ACL: rules are made based on the L3 and L4 information such as the
source and destination IP addresses of the data packets, the type of protocol over
IP, protocol-specific features, and so on.

■

Layer 2 ACL: rules are made based on the Layer 2 information such as the source
and destination MAC address information, VLAN priority, Layer 2 protocol, and so
on.

ACL Application on the

Switch

ACLs activated directly on the hardware

In the switch, an ACL can be directly activated on the switch hardware for packet
filtering and traffic classification in the data forwarding process. In this case, the
match order of multiple rules in an ACL is determined by the hardware of the switch,
and any user-defined match order, even if it is configured when the ACL is defined,
will not work.

ACLs are directly activated on the switch hardware in the following situations: the
switch references ACLs to implement the QoS functions, and the forwards data
through ACLs.

ACL referenced by the upper-level modules

The switch also uses ACLs to filter packets processed by software and implements
traffic classification. In this case, there are two types of match orders for the rules in
an ACL:

config

(user-defined match order) and

auto

(the system performs automatic

ordering, namely according “depth-first” order). In this scenario, you can specify the
match order for multiple rules in an ACL. You cannot modify the match order for an
ACL once you have specified it. You can specify a new the match order only after all
the rules are deleted from the ACL.

ACLs are referenced by software to control login users.

«
...
213
214
215
216
217
...
»

Содержание 4200G 12-Port

Страница 1: ...3Com Switch 4200G Family Configuration Guide 4200G 12 Port 3CR17660 91 4200G 24 Port 3CR17661 91 4200G 48 Port 3CR17662 91 www 3Com com Part Number 10014915 Rev AD Published May 2007...

Страница 2: ...227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or deli...

Страница 3: ...hentication Mode Being None 15 Console Port Login Configuration with Authentication Mode Being Password 18 Console Port Login Configuration with Authentication Mode Being Scheme 21 4 LOGGING IN USING...

Страница 4: ...ent Configuration 53 12 VOICE VLAN CONFIGURATION Voice VLAN Configuration 55 Voice VLAN Configuration 57 Voice VLAN Displaying and Debugging 59 Voice VLAN Configuration Example 59 13 GVRP CONFIGURATIO...

Страница 5: ...02 Telnet Configuration with Authentication Mode Being Scheme 105 Telnet Connection Establishment 109 20 MSTP CONFIGURATION MSTP Overview 113 Root Bridge Configuration 118 Leaf Node Configuration 131...

Страница 6: ...Example 194 25 ARP CONFIGURATION Introduction to ARP 195 Introduction to Gratuitous ARP 197 ARP Configuration 198 Gratuitous ARP Packet Learning configuration 199 Displaying and Debugging ARP 199 26 A...

Страница 7: ...CONFIGURATION Introduction 263 Configuring a Multicast MAC Address Entry 263 Displaying Multicast MAC Address Configuration 264 32 CLUSTER CONFIGURATION Cluster Overview 265 Management Device Configu...

Страница 8: ...TFTP Configuration 339 39 INFORMATION CENTER Information Center Overview 343 Information Center Configuration 345 Displaying and Debugging Information Center 350 Information Center Configuration Examp...

Страница 9: ...n Example for Newly Added Cluster Functions 390 46 DHCP RELAY CONFIGURATION Introduction to DHCP Relay 393 DHCP Relay Configuration 395 Option 82 Supporting Configuration 397 DHCP Relay Displaying 399...

Страница 10: ...8 CONTENTS...

Страница 11: ...tion information to create Voice VLAN GVRP Configuration Details GARP VLAN Registration Protocol configuration Port Operation Details how to configure Ethernet ports Link Aggregation Details how to ag...

Страница 12: ...s how to how to configure a basic system IP Performance Configuration Details how to configure routing protocols Network Protocol Operation Details how to configure network protocols Network Connectiv...

Страница 13: ...here and press Return or Enter when you are ready to enter the command Example in the command super level a value in the range 0 to 3 must be entered in the position indicated by level x y Alternativ...

Страница 14: ...4 ABOUT THIS GUIDE...

Страница 15: ...the ping tracert and language mode commands are at this level Monitor level Commands at this level are mainly used to maintain the system and diagnose service problems and cannot be saved to configur...

Страница 16: ...And by executing the system view command you can enter system view where you can enter other views by executing the corresponding commands The following CLI views are provided User view Table 1 Set a...

Страница 17: ...Prompt example Enter method Quit method User view Display operation status and statistical information S4200G Enter user view once logging into the switch Execute the quit command in user view to log...

Страница 18: ...1 Execute the local user user1 command in system view Execute the quit command to return to system view Execute the return command to return to user view User interface view Configure user interface p...

Страница 19: ...to user view Advanced ACL view Define rules for an advanced ACL ACLs with their IDs ranging from 3000 to 3999 are advanced ACLs 4200G acl adv 3000 Execute the acl number 3000 command in system view E...

Страница 20: ...rief descriptions The following takes the clock command as an example S4200G clock datetime Specify the time and date summer time Configure summer time timezone Configure time zone Enter a command a s...

Страница 21: ...ages If the command you enter passes the syntax check it will be successfully executed otherwise an error message will appear Table 7 lists the common error messages Table 5 Displaying related operati...

Страница 22: ...the cursor one character to the left The left arrow key or Ctrl B Move the cursor one character to the left The right arrow key or Ctrl F Move the cursor one character to the right The up arrow key or...

Страница 23: ...ough this port User Interface Number Two kinds of user interface index exist absolute user interface index and relative user interface index 1 The absolute user interface indexes are as follows AUX us...

Страница 24: ...ecified user interface send all number type number Optional Execute this command in user view Disconnect a specified user interface free user interface type number Optional Execute this command in use...

Страница 25: ...tting up the Connection to the Console Port Connect the serial port of your PC terminal to the Console port of the switch as shown in Figure 1 Figure 1 Diagram for setting the connection to the Consol...

Страница 26: ...12 CHAPTER 3 LOGGING IN THROUGH THE CONSOLE PORT Figure 2 Create a connection Figure 3 Specify the port used to establish the connection...

Страница 27: ...12 lists the common configuration of Console port login Table 12 Common configuration of Console port login Configuration Description Console port configuration Baud rate Optional The default baud rat...

Страница 28: ...the screen can contain Optional By default the screen can contain up to 24 lines Set history command buffer size Optional By default the history command buffer can contain up to 10 commands Set the ti...

Страница 29: ...password of a local user are configured on the switch The user name and password of a remote user are configured on the RADIUS server Refer to user manual of RADIUS server for more Manage AUX users Se...

Страница 30: ...rminal services are available in all user interfaces Set the maximum number of lines the screen can contain screen length screen length Optional By default the screen can contain up to 24 lines You ca...

Страница 31: ...port is 19 200 bps The screen can contain up to 30 lines The history command buffer can contain up to 20 commands The timeout time of the AUX user interface is 6 minutes Network diagram Figure 5 Netw...

Страница 32: ...uration with the authentication mode being password Operation Command Description Enter system view system view Enter AUX user interface view user interface aux 0 Configure to authenticate users using...

Страница 33: ...ngth Optional By default the screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information in pages Set history command buffer size history c...

Страница 34: ...mode password 4 Set the local password to 123456 in plain text 4200G ui aux0 set authentication password simple 123456 5 Specify commands of level 2 are available to users logging into the AUX user i...

Страница 35: ...Perform AAA RADIUS configuration on the switch Refer to AAA RADIUS Configuration for more Configure the user name and password accordingly on the AAA server Refer to the user manual of AAA server Spe...

Страница 36: ...ional By default terminal services are available in all user interfaces Set the maximum number of lines the screen can contain screen length screen length Optional By default the screen can contain up...

Страница 37: ...ort is 19 200 bps The screen can contain up to 30 lines The history command buffer can store up to 20 commands The timeout time of the AUX user interface is 6 minutes Table 19 Determine the command le...

Страница 38: ...user interface aux 0 6 Configure to authenticate users logging in through the Console port in the scheme mode 4200G ui aux0 authentication mode scheme 7 Specify commands of level 2 are available to us...

Страница 39: ...e the factory settings ATS0 1 Configure to answer automatically after the first ring AT D Ignore DTR signal AT K0 Disable flow control AT R1 Ignore RTS signal AT S0 Set DSR to high level by force ATEQ...

Страница 40: ...mode is password Configuration on switch when the authentication mode is scheme Refer to Configuration on switch when the authentication mode is scheme Modem Connection Establishment 1 Configure the u...

Страница 41: ...elephone number to call the modem directly connected to the switch as shown in Figure 9 and Figure 10 Note that you need to set the telephone number to that of the modem directly connected to the swit...

Страница 42: ...rect the prompt such as S4200G appears You can then configure or manage the switch You can also enter the character at anytime for help If you perform no AUX user related configuration on the switch t...

Страница 43: ...ole port To log into a switch through the Console port you need to connect the serial port of your PC or terminal to the Console port of the switch using a configuration cable as shown in Figure 11 Fi...

Страница 44: ...of the switch S4200G system a Enter management VLAN interface view 4200G interface vlan interface 1 b Remove the existing IP address of the management VLAN interface 4200G VLAN interface1 undo ip add...

Страница 45: ...http 10 153 17 82 Make sure the route between the Web based network management terminal and the switch is available 5 When the login interface shown in Figure 14 appears enter the user name and the p...

Страница 46: ...32 CHAPTER 5 LOGGING IN THROUGH WEB BASED NETWORK MANAGEMENT SYSTEM...

Страница 47: ...to perform related configuration on both the NMS and the switch Connection Establishment Using NMS Figure 15 Network diagram for logging in through an NMS Table 23 Requirements for logging into a swit...

Страница 48: ...34 CHAPTER 6 LOGGING IN THROUGH NMS...

Страница 49: ...ddresses Through basic ACLs Controlling Network Management Users by Source IP Addresses WEB By source IP addresses Through basic ACLs Controlling Web Users by Source IP Address Disconnect Web users by...

Страница 50: ...3 deny source any 4200G acl basic 2000 quit 2 Apply the ACL 4200G user interface vty 0 4 4200G ui vty0 4 acl 2000 inbound Table 26 Define an advanced ACL Operation Command Description Enter system vie...

Страница 51: ...able 27 Control network management users by source IP addresses Operation Command Description Enter system view system view Create a basic ACL or enter basic ACL view acl number acl number match order...

Страница 52: ...fy ACLs in the two operations the switch will filter network management users by both SNMP group name and SNMP user name Configuration Example Network requirements Only SNMP users sourced from the IP...

Страница 53: ...y force using the related command Configuration Example Network requirements Only the users sourced from the IP address of 10 110 100 46 are permitted to access the switch Network diagram Figure 18 Ne...

Страница 54: ...system view 4200G acl number 2030 match order config 4200G acl basic 2030 rule 1 permit source 10 110 100 46 0 4200G acl basic 2030 rule 2 deny source any 2 Apply the ACL to only permit the Web users...

Страница 55: ...ts with the character The sections are listed in this order system configuration section physical port configuration section logical interface configuration section routing protocol configuration sect...

Страница 56: ...isplay saved configuration unit unit id by linenum Optional This command can be executed in any view Check the current configuration display current configuration configuration configuration type inte...

Страница 57: ...is hosts in a VLAN can belong to different physical network segment VLAN enjoys the following advantages 1 Broadcasts are confined to VLANs This decreases bandwidth utilization and improves network pe...

Страница 58: ...command in any view to view the running of the VLAN configuration and to verify the effect of the configuration Table 31 Basic VLAN configuration Operation Command Description Enter system view syste...

Страница 59: ...iption string of VLAN 2 to be home 4200G vlan2 description home 4 Add GigabitEthernet1 0 1 and GigabitEthernet1 0 2 ports to VLAN 2 4200G vlan2 port GigabitEthernet1 0 1 GigabitEthernet1 0 2 5 Create...

Страница 60: ...46 CHAPTER 9 VLAN CONFIGURATION...

Страница 61: ...g commands and then apply for another IP address through BOOTP using the ip address bootp alloc command the former IP address will be removed and the final IP address of the VLAN interface is the one...

Страница 62: ...t VLAN Operation Command Description Enter system view system view Configure a specified VLAN to be the management VLAN management vlan vlan id Required By default VLAN 1 operates as the management VL...

Страница 63: ...erface vlan id Optional You can execute the display commands in any view Display the information about a management VLAN interface display interface vlan interface vlan id Display summary information...

Страница 64: ...50 CHAPTER 10 MANAGEMENT VLAN CONFIGURATION...

Страница 65: ...t configuration protocol DHCP is developed to meet these requirements It adopts the client server model The DHCP client requests configuration information from the DHCP server dynamically and the DHCP...

Страница 66: ...rvers and broadcasts a DHCP_Request packet to each DHCP server The packet contains the IP address carried by the DHCP_Offer packet Acknowledgement Upon receiving the DHCP_Request packet the DHCP serve...

Страница 67: ...res The DHCP server in turn responds with a DHCP_ACK packet to notify the DHCP client of the new lease if the IP address is still available The DHCP clients implemented by the switches support this le...

Страница 68: ...face 10 4 Configure the management VLAN interface to obtain an IP address through DHCP 4200GA Vlan interface10 ip address dhcp alloc 4200GA Vlan interface10 quit 5 Configure a default route 4200GA ip...

Страница 69: ...atic mode and manual mode You can configure the operation mode for a voice VLAN according to data stream passing through the ports of the voice VLAN When a voice VLAN operates in the automatic mode th...

Страница 70: ...oice VLAN And the access port permits the packets of the default VLAN Hybrid Supported Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted...

Страница 71: ...Quit to system view quit Set an OUI address that can be identified by the voice VLAN voice vlan mac address oui mask oui mask description string Optional If you do not set the OUI address the default...

Страница 72: ...quired Add the port to the VLAN port port type port num Trunk or hybrid port Enter port view interface interface type interface num Add the port to the voice VLAN port trunk permit vlan vlan id port h...

Страница 73: ...igabitEthernet1 0 3 port trunk pvid vlan 6 3 Enable the voice VLAN function for the port and configure the port to operate in automatic mode 4200G GigabitEthernet1 0 1 voice vlan enable 4200G GigabitE...

Страница 74: ...3 voice vlan enable 4200G GigabitEthernet1 0 3 undo voice vlan mode auto 4200G GigabitEthernet1 0 3 quit 4 Specify an OUI address 4200G voice vlan mac address 0011 2200 0000 mask ffff ff00 0000 descr...

Страница 75: ...rming important functions for GARP fall into three types Join Leave and LeaveAll When a GARP entity expects other switches to register certain attribute information of its own it sends out a Join mess...

Страница 76: ...P cannot learn dynamic VLAN through this port and the dynamic VLANs learned through other ports on this switch cannot be pronounced through this port Forbidden In this mode all the VLANs except VLAN 1...

Страница 77: ...three parts Attribute Length Attribute Event and Attribute Value Each LeaveAll attribute consists of two parts Attribute Length and LeaveAll Event Attribute Length The length of the attribute 2 to 255...

Страница 78: ...o a different type Configure GVRP port registration mode gvrp registration normal fixed forbidden Optional You can choose one of the three modes By default GVRP port registration mode is normal Table...

Страница 79: ...type trunk 4200G GigabitEthernet1 0 2 port trunk permit vlan all c Enable GVRP on the trunk port 4200G GigabitEthernet1 0 2 gvrp Displaying and Maintaining GVRP After the above configuration you can...

Страница 80: ...66 CHAPTER 13 GVRP CONFIGURATION...

Страница 81: ...sed to connect user PCs Trunk A trunk port can belong to more than one VLAN It can receive send packets from to multiple VLANs and is generally used to connect another switch Hybrid A hybrid port can...

Страница 82: ...that the port shall be added to an existing VLAN Table 46 Processing of incoming outgoing packet Port type Processing of an incoming packet Processing of an outgoing packet If the packet does not carr...

Страница 83: ...ervices You can execute the broadcast suppression command in system view or Ethernet port view If you execute the command in system view the command takes effect on all ports Table 47 Make basic port...

Страница 84: ...ratio pps max pps By default the ratio is 100 that is the system does not suppress broadcast traffic on the port Table 49 Enable flow control on a port Operation Command Remarks Enter system view syst...

Страница 85: ...configuration of the source port will be copied to all ports in the aggregation group Add the current hybrid port into the specified VLAN port hybrid vlan vlan id list tagged untagged Optional For a...

Страница 86: ...the Ethernet port to run loopback test to check if it operates normally The port running loopback test cannot forward data packets normally The loopback test terminates automatically after a specific...

Страница 87: ...ch A is connected to Switch B through trunk port GigabitEthernet1 0 1 Configure the default VLAN ID for the trunk port as 100 Allow the packets of VLAN 2 VLAN 6 through VLAN 50 and VLAN 100 to pass th...

Страница 88: ...00 to pass the port 4200G GigabitEthernet1 0 1 port link type trunk 4200G GigabitEthernet1 0 1 port trunk permit vlan 2 6 to 50 100 3 Create VLAN 100 4200G vlan 100 4 Configure the default VLAN ID of...

Страница 89: ...tribute configuration including port rate duplex mode and link type Trunk Hybrid or Access Introduction to LACP The purpose of link aggregation control protocol LACP is to implement dynamic link aggre...

Страница 90: ...hat is the ports take most precedence over other ports to selected state and others to unselected state Port precedence descends in the following order full duplex high speed full duplex low speed hal...

Страница 91: ...ts take most precedence over other ports to selected state and others to unselected state Port precedence descends in the following order full duplex high speed full duplex low speed half duplex high...

Страница 92: ...the latter following the former between the two parties First compare the two system priorities then the two system MAC addresses if the system priorities are equal The device with smaller device ID w...

Страница 93: ...higher speed if resources were allocated to it has higher priority than the other one If the two groups can gain the same speed the one with smaller master port number has higher priority than the ot...

Страница 94: ...egation group after that the system will re aggregate the original member ports in the group to form one or more dynamic aggregation groups You can manually add remove a port to from a static aggregat...

Страница 95: ...execute the display commands in any view to display link aggregation conditions and verify your configuration Add the port to the aggregation group port link aggregation group agg id Required Enable...

Страница 96: ...anual b Add ports GigabitEthernet1 0 1 through GigabitEthernet1 0 3 to aggregation group 1 4200G interface GigabitEthernet1 0 1 4200G GigabitEthernet1 0 1 port link aggregation group 1 4200G GigabitEt...

Страница 97: ...et1 0 2 interface GigabitEthernet1 0 3 4200G GigabitEthernet1 0 3 port link aggregation group 1 3 Adopting dynamic LACP aggregation mode a Enable LACP on ports GigabitEthernet1 0 1 through GigabitEthe...

Страница 98: ...84 CHAPTER 15 LINK AGGREGATION CONFIGURATION...

Страница 99: ...ons to add an Ethernet ports to an isolation group Displaying Port Isolation After the above configuration you can execute the display command in any view to display the information about the Ethernet...

Страница 100: ...gabitEthernet1 0 2 quit 4200G interface GigabitEthernet1 0 3 4200G GigabitEthernet1 0 3 port isolate 4200G GigabitEthernet1 0 3 quit 4200G interface GigabitEthernet1 0 4 4200G GigabitEthernet1 0 4 por...

Страница 101: ...due to illegal intrusion improper manner of logging on and off are transmitted the switch will send Trap message to help the network administrators monitor and control such actions 4 Binding of MAC a...

Страница 102: ...erformed simultaneously If both kinds of authentication succeed the userlogin secure mode takes precedence over the mac authentication mode mac else userlogin In this mode first the MAC based authenti...

Страница 103: ...ort in the same VLAN Using this feature you can bind a MAC address with a port in the same VLAN Set the security mode of a port port security port mode mode Required Users can choose the optimal mode...

Страница 104: ...be configured with mac address max mac count count Displaying Port Security To display port security related information after the above configuration enter the following command in any view Table 67...

Страница 105: ...the port mode to MAC authentication 4200G GigabitEthernet1 0 1 port security port mode mac authentication 5 Set the maximum number of MAC addresses accommodate by the port to 80 4200G GigabitEthernet...

Страница 106: ...ble the sending of intrusion trap messages 4200G port security trap intrusion 10 Bind the MAC and IP addresses of PC1 to GigabitEthernet1 0 1 port 4200G am user bind mac address 00e0 fc00 4200G ip add...

Страница 107: ...dress entry Also known as permanent MAC address entry This type of MAC address entries are added removed manually and can not age out by themselves Using static MAC address entries can reduce broadcas...

Страница 108: ...le After that the switch can directly forward other packets destined for the same network device by the newly added MAC address entry Among the three types of packets unicast packets multicast packets...

Страница 109: ...type of MAC address entries such as dynamic or static MAC address entries Setting the Maximum Number of MAC Addresses a Port can Learn A MAC address table too big in size may decrease the forwarding p...

Страница 110: ...t1 0 2 port assuming that the port belongs to VLAN 1 with the MAC address of 00e0 fc35 dc71 Network diagram Figure 29 Network diagram for MAC address table configuration Table 72 Disable MAC address l...

Страница 111: ...ress timer aging 500 4 Display the information about the MAC address table 4200G display mac address interface GigabitEthernet1 0 2 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME 00 e0 fc 35 dc 71 1 Sta...

Страница 112: ...98 CHAPTER 18 MAC ADDRESS TABLE MANAGEMENT...

Страница 113: ...gure the command level available to users logging into the VTY user interface Optional By default commands of level 0 is available to users logging into a VTY user interface Configure the protocols th...

Страница 114: ...lnet configuration Description Table 77 Telnet configuration with the authentication mode being none Operation Command Description Enter system view system view Enter one or more VTY user interface vi...

Страница 115: ...size history command max size value Optional The default history command buffer size is 10 That is a history command buffer can store up to 10 commands by default Set the timeout time of the VTY user...

Страница 116: ...ol is supported 4200G ui vty0 protocol inbound telnet 6 Set the maximum number of lines the screen can contain to 30 4200G ui vty0 screen length 30 7 Set the maximum number of commands the history com...

Страница 117: ...nes the screen can contain screen length screen length Optional By default the screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information...

Страница 118: ...cedure 1 Enter system view S4200G system view 2 Enter VTY 0 user interface view 4200G user interface vty 0 3 Configure to authenticate users logging into VTY 0 using the local password 4200G ui vty0 a...

Страница 119: ...ocal radius scheme radius scheme name local none Quit to system view quit Create a local user and enter local user view local user user name No local user exists by default Set the authentication pass...

Страница 120: ...and buffer size is 10 That is a history command buffer can store up to 10 commands by default Set the timeout time for the user interface idle timeout minutes seconds Optional The default timeout time...

Страница 121: ...ed and the service type command specifies the available command level Determined by the service type command VTY users that are authenticated in the RSA mode of SSH The user privilege level level comm...

Страница 122: ...lines The history command buffer can store up to 20 commands The timeout time of VTY 0 is 6 minutes Network diagram Figure 32 Network diagram for Telnet configuration with the authentication mode bei...

Страница 123: ...nd execute the ip address command Following are procedures to establish a Telnet connection to a switch 1 Configure the user name and password for Telnet on the switch Refer to Telnet Configuration wi...

Страница 124: ...rrent Switch You can Telnet to another switch from the current switch In this case the current switch operates as the client and the other operates as the server If the interconnected Ethernet ports o...

Страница 125: ...rd is correct the CLI prompt such as S4200G appears If all VTY user interfaces of the switch are in use you will fail to establish the connection and receive the message that says All user interfaces...

Страница 126: ...112 CHAPTER 19 LOGGING IN THROUGH TELNET...

Страница 127: ...alances the forwarding loads of different VLANs MSTP is compatible with both STP and RSTP It overcomes the drawback of STP and RSTP It not only enables spanning trees to converge rapidly but also enab...

Страница 128: ...mapped to spanning tree instance 1 VLAN 2 is mapped to spanning tree instance 2 and other VLANs are mapped to CIST the same MSTP revision level not shown in Figure 36 MSTI A multiple spanning tree in...

Страница 129: ...ent region roots In region D0 shown in Figure 36 the region root of MSTI 1 is switch B and the region root of MSTI 2 is switch C Common root bridge The common root bridge is the root of the CIST The c...

Страница 130: ...is a region edge port and it is a master port in the CIST So it is a master port in all MSTIs in the region Figure 37 Port roles Port states Ports can be in the following three states Forwarding stat...

Страница 131: ...ng a configuration BPDU on one of its ports from another switch If the priority of the configuration BPDU is lower than that of the configuration BPDU of the port itself the switch discards the BPDU a...

Страница 132: ...ith both STP and RSTP That is switches with MSTP employed can recognize the protocol packets of STP and RSTP and use them to generate spanning trees In addition to the basic MSTP functions S4200G seri...

Страница 133: ...itch in each spanning tree instance is determined Network diameter configuration Optional The default is recommended Network Diameter Configuration MSTP time related configuration Optional The default...

Страница 134: ...ration 4200G mst region region name info 4200G mst region instance 1 vlan 2 to 10 4200G mst region instance 2 vlan 20 to 30 4200G mst region revision level 1 4200G mst region active region configurati...

Страница 135: ...e root bridge and the secondary root bridge simultaneously When the root bridge fails or is turned off the secondary root bridge becomes the root bridge if no new root bridge is configured If you conf...

Страница 136: ...t bridge by set a higher bridge priority for the switch Note that a smaller bridge priority value indicates a higher bridge priority A MSTP enabled switch can have different bridge priorities in diffe...

Страница 137: ...n a MST region the value of the remaining hops field in the configuration BPDU is decreased by 1 every time the configuration BPDU passes a switch Such a mechanism disables the switches that are beyon...

Страница 138: ...tion You can configure three MSTP time related parameters for a switch Forward delay Hello time and Max age The Forward delay parameter sets the delay of state transition Link problems occurred in a n...

Страница 139: ...ended As for the Max age parameter if it is too small network congestions may be falsely regarded as link problems which results in spanning trees being frequently regenerated If it is too large link...

Страница 140: ...rees may be regenerated even in a steady network if an upstream switch continues to be busy You can configure the timeout time factor to a larger number to avoid this Normally the timeout time can be...

Страница 141: ...neither directly connects to other switches nor indirectly connects to other switches through network segments After a port is configured as an edge port rapid transition is applicable to the port Tha...

Страница 142: ...rnet1 0 1 stp edged port enable Point to point Link Related Configuration A point to point link directly connects two switches If the roles of the two ports at the two ends of a point to point link me...

Страница 143: ...int to point links stp interface interface list point to point force true force false auto Required The auto keyword is adopted by default The force true keyword specifies that the links connected to...

Страница 144: ...view system view Enable MSTP stp enable Required MSTP is disabled by default Disable MSTP on specified ports stp interface interface list disable Optional By default MSTP is enabled on all ports after...

Страница 145: ...on Configuration MSTP Operation Mode Configuration Refer to MSTP Operation Mode Configuration Timeout Time Factor Configuration Refer to Timeout Time Factor Configuration Table 102 Leaf node configura...

Страница 146: ...gacy Adopts the standard defined by 3Com to calculate the default path costs of ports Table 103 Specify the standard for calculating path costs Operation Command Description Enter system view system v...

Страница 147: ...tance 1 to be 2 000 Configure in system view S4200G system view System View return to User View with Ctrl Z 4200G stp interface GigabitEthernet1 0 1 instance 1 cost 2000 10 Gbps Full duplex Aggregated...

Страница 148: ...al to become the root port than another port with lower priority A port on a MSTP enabled switch can have different port priorities and play different roles in different spanning tree instances This e...

Страница 149: ...w with Ctrl Z 4200G interface GigabitEthernet1 0 1 4200G GigabitEthernet1 0 1 stp instance 1 port priority 16 Point to point Link Related Configuration Refer to Point to point Link Related Configurati...

Страница 150: ...ces operating on the access layer directly connect to terminals such as PCs or file servers These ports are usually configured as edge ports to achieve rapid transition But they resume non edge ports...

Страница 151: ...use of network congestions and link failures If a switch does not receive BPDUs from the upstream switch for certain period the switch selects a new root port the original root port becomes a designat...

Страница 152: ...t1 0 1 stp root protection Loop Prevention Configuration You can configure the loop prevention function in the following two ways Table 111 Enable the BPDU protection function Operation Command Descri...

Страница 153: ...rks through which spanning trees can be generated across these user networks and are independent of those of the operator s network Table 114 Enable the loop prevention function on specified ports in...

Страница 154: ...ks are trunk links As the VLAN VPN function is unavailable on ports with 802 1x GVRP GMRP STP or NTDP employed the BPDU Tunnel function is not applicable to these ports Packet ingress egress device N...

Страница 155: ...itch In this way the S4200G series switches can interwork with the partners switches in the same MST region Digest Snooping Configuration Configure the digest snooping feature on a switch to enable it...

Страница 156: ...tream switch A RSTP upstream switch does not send agreement packets to the downstream switch Figure 39 and Figure 40 illustrate the RSTP and MSTP rapid transition mechanisms Figure 39 The RSTP rapid t...

Страница 157: ...ts those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports instead of waiting for agreement pa...

Страница 158: ...erface interface type interface number no agreement check Required By default the rapid transition feature is disabled on a port Table 120 Configure the rapid transition feature in Ethernet port view...

Страница 159: ...es of spanning tree instance 1 and spanning tree instance 3 respectively Switch C is configured as the root bridge of spanning tree instance 4 Network diagram Figure 42 Network diagram for implementin...

Страница 160: ...ion instance 4 vlan 40 4200G mst region revision level 0 c Activate the settings of the MST region 4200G mst region active region configuration d Specify Switch B as the root bridge of spanning tree i...

Страница 161: ...0G mst region region name example 4200G mst region instance 1 vlan 10 4200G mst region instance 3 vlan 30 4200G mst region instance 4 vlan 40 4200G mst region revision level 0 c Activate the settings...

Страница 162: ...148 CHAPTER 20 MSTP CONFIGURATION...

Страница 163: ...otocol over LANs The authenticator system authenticates the supplicant system The authenticator system is usually an 802 1x supported network device such as a S4200G series switch It provides the port...

Страница 164: ...ntrolled port When a controlled port is in unauthorized state you can configure it to be a unidirectional port which sends packets to supplicant systems only By default a controlled port is a unidirec...

Страница 165: ...ator systems through LANs EAP protocol packets are encapsulated in EAPoL format Figure 45 illustrates the structure of an EAPoL packet Figure 45 The format of an EAPoL packet In an EAPoL packet The PA...

Страница 166: ...e Identifier Length and Data fields The Data field differs with the Code field A Success or Failure packet whose format is shown in Figure 47 does not contain the Data field so has the Length field of...

Страница 167: ...de normally requires the RADIUS server to support the two newly added fields the EAP message field with a value of 79 and the Message authenticator field with a value of 80 Three authentication ways E...

Страница 168: ...g packet EAP Request Identity Handshake response packet EAP Response Identity Logoff Supplicant system Sw itch RADIUS server Start EAP Request Identity EAP Response Identity EAP Request MD5 Challenge...

Страница 169: ...m accepted to rejected In EAP relay mode packets are not modified during transmission Therefore if one of the three ways are used that is PEAP EAP TLS or EAP MD5 to authenticate ensure that the authen...

Страница 170: ...uthentication server timer This timer sets the server timeout period The switch sends another authentication request packet if the authentication server fails to respond when this timer times out Sup...

Страница 171: ...nt It enables a network to operate in the desired way and enables you to manage a network in a easy way It also ensures network security Checking the supplicant system An S4200G series switch checks W...

Страница 172: ...you specify to use the RADIUS scheme that is to say the supplicant systems are authenticated by a remote RADIUS server you need to configure the related user names and passwords on the RADIUS server...

Страница 173: ...1x Set port access control mode for specified ports dot1x port control authorized force unauthorized force auto interface interface list Optional By default an 802 1x enabled port operates in an auto...

Страница 174: ...er or an IE proxy By default the use of multiple network cards proxy server and IE proxy are allowed on 802 1x client If you specify CAMS to disable use of multiple network cards proxy server and IE p...

Страница 175: ...ation Command Description Enter system view system view Enable 802 1x client version checking dot1x version check interface interface list Required By default 802 1x client version checking is disable...

Страница 176: ...unting fails the connected user has not included the domain name in the username and there is a continuous below 2000 bytes of traffic for over 20 minutes The switch is connected to a server comprisin...

Страница 177: ...Network diagram for AAA configuration with 802 1x and RADIUS enabled Configuration procedure Following configuration covers the major AAA RADIUS configuration commands You can refer to AAA RADIUS Ope...

Страница 178: ...radius radius1 timer realtime accounting 15 11 Specify to send user names to the RADIUS servers with the domain name truncated Configure to send the user name to the RADIUS server with the domain name...

Страница 179: ...Normally an HABP server sends HABP request packets regularly to HABP clients to collect the MAC addresses of the attached switches HABP clients respond to the HABP request packets and forward the HABP...

Страница 180: ...ute the display command in any view Table 130 Configure an HABP client Operation Command Description Enter system view system view Enable HABP habp enable Optional HABP is enabled by default And a swi...

Страница 181: ...vice Local authentication is fast and requires lower operational cost But the information storage capacity is limited by device hardware Remote authentication Users are authenticated remotely through...

Страница 182: ...information interacting protocol in client server structure It can prevent unauthorized access to the network and is commonly used in network environments where both high security and remote user acce...

Страница 183: ...r Users Clients Dictionary RADIUS Server 1 The user inputs the user name and password 2 Access Request PC RADIUS Client 3 Access Accept 4 Accounting Request start 5 Accounting Response 7 Accounting Re...

Страница 184: ...ure RADIUS uses UDP to transmit messages It ensures the correct message exchange between RADIUS server and client through the following mechanisms timer management retransmission and backup server Fig...

Страница 185: ...he total length of the Attribute field in bytes including the Type Length and Value fields The Value field up to 253 bytes contains the information about the attribute Its content and format are deter...

Страница 186: ...implementation Figure 57 Part of the RADIUS packet containing extended attribute 13 Framed Compression 35 Login LAT Node 14 Login IP Host 36 Login LAT Group 15 Login Service 37 Framed AppleTalk Link...

Страница 187: ...S accounting servers Required Configuring RADIUS Accounting Servers Configure shared keys for RADIUS packets Optional Configuring Shared Keys for RADIUS Packets Configure the maximum number of transmi...

Страница 188: ...e attributes of an ISP domain Operation Command Description Enter system view system view Create an ISP domain or enter the view of an existing ISP domain domain isp name Required Activate deactivate...

Страница 189: ...you specify a RADIUS scheme the authentication authorization and accounting will be uniformly implemented by the RADIUS server specified in the RADIUS scheme In this way you can specify only one schem...

Страница 190: ...ntication authorization and accounting schemes the separate ones will be adopted in precedence RADIUS scheme and local scheme do not support the separation of authentication and authorization Therefor...

Страница 191: ...he corresponding VLAN Otherwise the VLAN assignment fails and the user cannot pass the authentication In actual applications to use this feature together with Guest VLAN you should better set port con...

Страница 192: ...local user user name Required By default there is no local user in the system Set a password for the specified user password simple cipher password Optional Set the password display mode of all local...

Страница 193: ...r and at the same time you should keep the RADIUS service port settings on the switch consistent with those on the RADIUS servers Actually the RADIUS protocol configuration only defines the parameters...

Страница 194: ...primary server are 0 0 0 0 and 1812 respectively Set the IP address and port number of the secondary RADIUS authentication authorization server secondary authentication ip address port number Optiona...

Страница 195: ...and the port number of the default primary accounting server system are 127 0 0 1 and 1646 Currently RADIUS does not support the accounting of FTP users Configuring Shared Keys for RADIUS Packets The...

Страница 196: ...s the time set with the timer quiet command the switch will try to communicate with the primary server again when it receives a RADIUS request If the primary server recovers the switch immediately res...

Страница 197: ...are in the active state and the RADIUS servers in the default RADIUS scheme system are in the block state Set the status of the primary RADIUS accounting server state primary accounting block active S...

Страница 198: ...out a RADIUS request authentication authorization request or accounting request and waiting for a period of time it should retransmit the packet to ensure that the user can obtain the RADIUS service T...

Страница 199: ...his case the user can access the network again only after the CAMS administrator manually removes the online information of the user Table 151 Set the timers of RADIUS server Operation Command Descrip...

Страница 200: ...e attribute be sure to configure an appropriate and legal IP address If this attribute is not configured the switch will automatically use the IP address of the VLAN interface as the NAS IP address Di...

Страница 201: ...hared key it uses to exchange packets with the switch to expert Set the port number for authentication Add Telnet user names and login passwords The Telnet user name added to the RADIUS server must be...

Страница 202: ...0G domain cams 4200G isp cams scheme radius scheme cams A Telnet user logging into the switch by a name in the format of userid cams belongs to the cams domain and will be authenticated according to t...

Страница 203: ...tem scheme local A Telnet user logging into the switch with the name telnet system belongs to the system domain and will be authenticated according to the configuration of the system domain 2 Method 2...

Страница 204: ...IUS packets cannot be sent to the RADIUS server Possible reasons and solutions The communication links physical link layer between the switch and the RADIUS server is disconnected blocked Take measure...

Страница 205: ...address mode a switch sends user MAC addresses detected to the RADIUS serve as both user names and passwords The rest handling procedures are the same as that of 802 1x In fixed mode a switch sends t...

Страница 206: ...m view system view Enable centralized MAC address authentication globally mac authentication Required By default centralized MAC address authentication is globally disabled Enable centralized MAC addr...

Страница 207: ...Displaying and Debugging Centralized MAC Address Authentication After the above configuration you can execute the display command in any view to display system running of centralized MAC address auth...

Страница 208: ...nfigure a local user For other related configuration refer to the configuration examples in Chapter 21 1 Enable centralized MAC address authentication for GigabitEthernet 1 0 2 port S4200G system view...

Страница 209: ...uest for As for an ARP reply packets all the fields are set Table 163 describes the fields of an ARP packet Table 162 Structure of an ARP request reply packet Hardware type 16 bits Protocol type 16 bi...

Страница 210: ...with the local host Figure 60 An ARP table Hardware address of the receiver For an ARP request packet this field is null For an ARP reply packet this field carries the hardware address of the receiver...

Страница 211: ...s carried in the request packet that is the IP address and the MAC address of the sender Host A to its ARP mapping table and then sends a ARP reply packet to the sender Host A with its MAC address ins...

Страница 212: ...ng ports from VLANs may cause the corresponding ARP entries being removed automatically As for the arp static command the value of the vlan id argument must be the ID of an existing VLAN and the port...

Страница 213: ...function Operation Command Description Enter system view system view Enable the ARP entry checking function that is disable the switch from creating multicast MAC address ARP entries for MAC addresses...

Страница 214: ...setting of the ARP aging timer display arp timer aging This command can be executed in any view Clear ARP mapping entries reset arp dynamic static interface interface type interface number Table 171 D...

Страница 215: ...ation such as the source and destination MAC address information VLAN priority Layer 2 protocol and so on ACL Application on the Switch ACLs activated directly on the hardware In the switch an ACL can...

Страница 216: ...ackets by differentiating the time ranges A time range can be specified in each rule in an ACL If the time range specified in a rule is not configured the system will give a prompt message and allow t...

Страница 217: ...uration Example Define a time range that will be active from 8 00 to 18 00 Monday through Friday S4200G system view 4200G time range test 8 00 to 18 00 working day 4200G display time range test Curren...

Страница 218: ...tep is 1 rule 0 deny source 1 1 1 1 0 0 times matched Defining Advanced ACLs Advanced ACLs define classification rules according to the source and destination IP addresses of packets the type of proto...

Страница 219: ...tically rule string rule information which can be combination of the parameters given in Table 175 Table 175 describes the specific parameters You must configure the protocol argument in the rule info...

Страница 220: ...tion source portoperator port1 port2 Source port s Defines the source port information of UDP TCP packets The value of operator can be lt less than gt greater than eq equal to neq not equal to or rang...

Страница 221: ...n ACL rule containing time range arguments you need to configure define the corresponding time ranges For the configuration of time ranges refer to Advanced ACL The values of the source and destinatio...

Страница 222: ...Define an rule rule rule id permit deny rule string Required Define the comment string of the ACL rule rule rule id comment text Optional Define the description information of the ACL description text...

Страница 223: ...time range time name Time range information Specifies the time range in which the rule is active time name specifies the name of the time range in which the rule is active a string of 1 to 32 charact...

Страница 224: ...departments are interconnected on the intranet through the ports of the Switch The wage query server of the financial department is accessed through GigabitEthernet1 0 1 the subnet address is 129 110...

Страница 225: ...requirements Through basic ACL configuration packets from the host with the source IP address of 10 1 1 1 the host is connected to the switch through Ethernet1 0 1 are to be filtered within the time...

Страница 226: ...e from 8 00 to 18 00 S4200G system view 4200G time range test 8 00 to 18 00 daily 2 Define an ACL for packets with the source MAC address of 00e0 fc01 0101 and destination MAC address of 00e0 fc01 030...

Страница 227: ...fication Traffic classification means to identify packets conforming to certain characters according to certain rules A classification rule is a filter rule configured to meet your management requirem...

Страница 228: ...al leased line Assured forwarding AF class This class is further divided into four subclasses AF1 2 3 4 and a subclass is further divided into three drop priorities so the AF service level can be segm...

Страница 229: ...lass defined by IEEE to indicate a packet with an 802 1Q tag Figure 66 describes the detailed contents of an 802 1Q tag header Figure 66 802 1Q tag headers In Figure 66 the 3 bit priority field in TCI...

Страница 230: ...and TS The network will be made more congested by plenty of continuous burst packets if the traffic of each user is not limited The traffic of each user must be limited in order to make better use of...

Страница 231: ...n each evaluation if the number of tokens in the bucket is enough the traffic is conforming to the specification and you must take away some tokens whose number is corresponding to the packet forwardi...

Страница 232: ...internet service providers ISP TP can classify the policed traffic and perform pre defined policing actions according to different evaluation results These actions include Forward Forward the packet...

Страница 233: ...is that they demand preferential service in congestion in order to reduce the response delay Assume that there are 8 output queues on the port and the preferential queue classifies the 8 output queues...

Страница 234: ...a queue is empty the next queue will be scheduled In this way the bandwidth resources are made full use of SDWRR queue Comparing with WRR queue SDWRR queue further optimizes the delay and variation fo...

Страница 235: ...port and search the precedence mapping and assign local precedence and drop precedence for the packet Y N Receiving port Packets Y N according to the precedence of the packets following the priority t...

Страница 236: ...ets 48 0 6 6 56 0 7 7 40 0 5 5 32 0 4 4 24 0 3 3 8 0 1 2 0 0 0 1 16 0 2 0 DSCP Drop Local pre 802 1p 48 0 6 6 56 0 7 7 40 0 5 5 32 0 4 4 24 0 3 3 8 0 1 2 0 0 0 1 16 0 2 0 DSCP Drop Local pre 802 1p CO...

Страница 237: ...CP precedence by DSCP DSCP mapping then searches DSCP other precedence mapping table through the new DSCP precedence and replaces the precedence carried in the packet with the mapped precedence 18 63...

Страница 238: ...face gigabitethernet1 0 1 4200G GigabitEthernet1 0 1 undo priority trust 4200G GigabitEthernet1 0 1 priority 7 Setting to Trust the 802 1p priority of the Packets Refer to Trusting the 802 1p priority...

Страница 239: ...pecified to trusting the 802 1p priority of the packets The value of the COS other precedence mapping table is specified Table 190 The COS other precedence mapping table and its default value 802 1p L...

Страница 240: ...ult value Modify the COS Drop precedence mapping relationship qos cos drop precedence map cos0 map drop prec cos1 map drop prec cos2 map drop prec cos3 map drop prec cos4 map drop prec cos5 map drop p...

Страница 241: ...DSCP precedence and assign other precedence for the packets Configuration prerequisites The priority trust mode is specified to trusting the DSCP precedence of the packets The mode adopted in trustin...

Страница 242: ...edence mapping relationship qos dscp dscp map dscp list dscp value Enter Ethernet port view interface interface type interface number Set to trust the DSCP precedence of the packets priority trust dsc...

Страница 243: ...bound acl rule target rate Display the parameter configurations of traffic policing display qos interface interface type interface num unit id traffic limit Optional You can execute the display comman...

Страница 244: ...to T for the introduction to TS Configuration Prerequisites Whether the TS is performed on all the traffic on the port or the specified output queues on the port is determined The max rate and burst...

Страница 245: ...te burst size Required The switch supports two forms of TS TS for all the traffic on the port The function can be implemented when the queue queue id keyword is not specified in the traffic command Th...

Страница 246: ...s this configuration are specified Configuration Procedure of Traffic Statistics Table 200 Configuring the SDWRR queue scheduling Operation Command Description Enter system view system view Set the SD...

Страница 247: ...QoS operation on the protocol packet Configuration Prerequisites The protocol type whose precedence needs modification is specified The precedence value after modification is specified Configuration...

Страница 248: ...col packet Table 205 Displaying and maintaining QoS Operation Command Display the parameter configurations of the mirroring group display mirroring group group id all local remote destination remote s...

Страница 249: ...1 2 0 0 0 0 destination any 4200G acl adv 3000 rule deny ip source any destination any Display the parameter configurations of traffic policing display qos interface interface type interface num unit...

Страница 250: ...fic of the salary query server a Limit the average rate of outbound traffic within 640kbps and set the precedence of packets exceeding the specification to 4 4200G interface gigabitEthernet1 0 1 4200G...

Страница 251: ...te port mirroring It eliminates the limitation that the mirrored port and the mirroring port must be located on the same switch This feature makes it possible for the mirrored port and the mirroring p...

Страница 252: ...ot recommended to perform any of the following operations on the remote probe VLAN Configuring a source port to the remote probe VLAN that is used by the local mirroring group Configuring a Layer 3 in...

Страница 253: ...tion on the ACL module in this manual The destination port has been defined The port on which to perform this configuration has been determined Table 207 Mirroring functions supported by S4200G and re...

Страница 254: ...w of the destination port interface interface type interface number Define the current port as the destination port monitor port Required Exit current view quit Enter Ethernet port view of traffic mir...

Страница 255: ...view of the source port interface interface type interface number Configure the source port and specify the direction of the packets to be mirrored mirroring port inbound outbound both Required The s...

Страница 256: ...configured the device mirrors the following packets to the destination port Packets whose source MAC addresses match the specified MAC addresses Packets whose destination MAC addresses match the spec...

Страница 257: ...g allows you to mirror packets received by all ports that belong to the VLAN to the destination port Configuration prerequisites The ID of the VLAN to be configured with VLAN based mirroring has been...

Страница 258: ...ion port and the Remote probe VLAN have been determined The direction of the packets to be monitored has been determined Intermediate switch and source switch support the function of MAC learning disa...

Страница 259: ...up group id mirroring mac mac vlan vlan id Optional Configure VLAN based mirroring mirroring group group id mirroring vlan vlan id inbound Optional Configure a remote reflector port mirroring group gr...

Страница 260: ...s the ID of the Remote probe VLAN Define the current VLAN as a remote probe VLAN remote probe vlan enable Required Exit the current view quit Enter Ethernet port view of Trunk port interface interface...

Страница 261: ...lan10 remote probe vlan enable 4200G vlan10 quit 4200G interface gigabitethernet1 0 1 4200G GigabitEthernet1 0 1 port trunk permit vlan 10 4200G GigabitEthernet1 0 1 quit 4200G mirroring group 1 remot...

Страница 262: ...oring group 1 monitor port gigabitethernet1 0 2 4200G mirroring group 1 remote probe vlan 10 4200G display mirroring group remote destination mirroring group 1 type remote destination status active mo...

Страница 263: ...rnet sw itch Muliticast router Video stream Video stream Video stream Multicast group member Non group member Non group member Video stream Video stream Internet Video stream VOD server Layer 2 Ethern...

Страница 264: ...GMP messages and map the hosts and the ports that connect the hosts to the corresponding multicast group addresses Figure 80 IGMP Snooping implementation Table 220 IGMP Snooping timers Timer Setting M...

Страница 265: ...ast group trigger the aging timer of the port and check if the corresponding IP multicast group exists If yes add the port to the IP multicast group If not create an IP multicast group and add the por...

Страница 266: ...e to enable IGMP Snooping so that it can establish and maintain MAC multicast forwarding tables at layer 2 CAUTION Although both Layer 2 and Layer 3 multicast protocols can run on the same switch simu...

Страница 267: ...ately removes the port from the multicast group When a port has only one user enabling IGMP fast leave processing on the port can save bandwidth Configuring IGMP Snooping Filtering ACL You can configu...

Страница 268: ...he multicast VLAN and enabling IGMP Snooping you can make users in different VLANs share the same multicast VLAN This saves bandwidth since multicast streams are transmitted only within the multicast...

Страница 269: ...gure multicast VLAN on Layer 2 switch Operation Command Description Enter system view system view Enable IGMP Snooping globally igmp snooping enable Required Enter VLAN view vlan vlan id vlan id is a...

Страница 270: ...IGMP Snooping on the switch Network diagram Figure 81 Network diagram for IGMP Snooping configuration Configuration procedure 1 Enable IGMP Snooping in system view S4200G system view System View retu...

Страница 271: ...figurations Device Description Switch A Layer 3 switch The interface IP address of VLAN 20 is 168 10 1 1 The GigabitEthernet1 0 1 port is connected to the workstation and belongs to VLAN 20 VLAN 10 is...

Страница 272: ...on VLAN 10 Switch A multicast routing enable Switch A interface Vlan interface 10 Switch A Vlan interface10 pim dm Switch A Vlan interface10 igmp enable 2 Configure Switch B a Enable IGMP Snooping gl...

Страница 273: ...hether it is disabled globally or on the corresponding VLAN If it is disabled globally use the igmp snooping enable command in both system view and VLAN view to enable it both globally and on the corr...

Страница 274: ...260 CHAPTER 29 IGMP SNOOPING CONFIGURATION...

Страница 275: ...ackets it will respond thus ensuring that the network segment of the interface can normally receive multicast packets Configuring Routing Port to Join to Multicast Group By default a routing port does...

Страница 276: ...262 CHAPTER 30 ROUTING PORT JOIN TO MULTICAST GROUP CONFIGURATION...

Страница 277: ...command can only remove manually created multicast MAC address entries and cannot remove those learned by the switch To add a port to a manually created multicast MAC address entry first remove the e...

Страница 278: ...ast MAC Address Configuration You can use the following display command in any view to display the multicast MAC address entry entries you configured manually Table 233 Display the multicast MAC addre...

Страница 279: ...simplified When the management device is assigned a public IP address you can configure manage a specific member device on the management device instead of logging into it in advance Functions of top...

Страница 280: ...bed in the following sections Cluster Roles According to their functions and status in a cluster switches in the cluster play different roles You can specify the role a switch plays A switch also chan...

Страница 281: ...which indicates the period for the receiving devices to keep the information the packet carries Receiving devices only store the information carried in the received NDP packets rather than forward the...

Страница 282: ...ent device The management device of a cluster recognizes and controls all the member devices in the cluster no matter where they are located on the network or how they are connected The management dev...

Страница 283: ...the interval to send NDP packets ndp timer hello seconds Required Table 237 Enable NTDP globally and for specific ports Operation Command Description Enter system view system view Enable NTDP globally...

Страница 284: ...vice build name Optional The name argument is the name to be assigned to the cluster Configure a multicast MAC address for the cluster cluster mac H H H Optional This is to set a multicast MAC address...

Страница 285: ...figure a TFTP server for the cluster tftp server ip address Optional Configure a log host for the cluster logging host ip address Optional Configure an SNMP host for the cluster snmp host ip address O...

Страница 286: ...er member number Optional This is to remove a member device from the cluster Reboot a specified member device reboot member member number mac address H H H eraseflash Optional Quit cluster view Quit Q...

Страница 287: ...ace IP address is 163 172 55 1 All the devices in the cluster use the same FTP server and TFTP server The FTP server and TFTP server share one IP address 63 172 55 1 The SNMP site and log host share o...

Страница 288: ...mber Device MAC address 00e0 fc01 0011 SNMP host log host 69 172 55 4 Cluster Network FTP server TFTP server 63 172 55 1 GE1 0 3 GE1 0 2 GE1 1 GE1 1 GE1 0 1 VLAN interface 2 163 172 55 1 Member Device...

Страница 289: ...add member 1 mac address 00e0 fc01 0011 aaa_0 S4200G cluster add member 17 mac address 00e0 fc01 0012 n Configure the holdtime of the member device information to be 100 seconds aaa_0 S4200G cluster h...

Страница 290: ...to member number mac address H H H command on the management device to switch to member device view to maintain and manage a member device You can then execute the cluster switch to administrator com...

Страница 291: ...er and IBM NetView Agent is the server software operated on network devices The NMS can send GetRequest GetNextRequest and SetRequest messages to the Agent Upon receiving the requests from the NMS Age...

Страница 292: ...tecture of the MIB tree The management information base MIB is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network d...

Страница 293: ...Device management Interface management Table 248 Common MIBs Continued MIB attribute MIB content References Table 249 Configure SNMP basic functions for SNMP V1 and SNMP V2C Operation Command Descrip...

Страница 294: ...ice engine ID is Enterprise Number device information Create or update the view information snmp agent mib view included excluded view name oid tree Optional By default the view name is ViewDefault an...

Страница 295: ...Table 251 Configure Trap Operation Command Description Enter system view system view Enable the device to send Trap packets snmp agent trap enable configuration flash standard authentication coldstar...

Страница 296: ...ing function for network management Operation Command Description Enter system view system view Set the logging function for network management snmp agent log set operation get operation all Optional...

Страница 297: ...is 10 10 10 1 The SNMP community is public 4200G snmp agent trap enable standard authentication 4200G snmp agent trap enable standard coldstart 4200G snmp agent trap enable standard linkup 4200G snmp...

Страница 298: ...284 CHAPTER 33 SNMP CONFIGURATION...

Страница 299: ...ing Mechanism of RMON RMON allows multiple monitors It collects data in one of the following two ways Using the dedicated RMON probe When an ROM system operates in this way the NMS directly obtains ma...

Страница 300: ...xtended alarm group the network devices perform the following operations accordingly Sampling the alarm variables referenced in the defined extended alarm expressions once in each specified period Per...

Страница 301: ...iption string log trap trap community log trap log trapcommunity none owner text Optional Add an alarm entry rmon alarm entry number alarm variable sampling time delta absolute rising threshold thresh...

Страница 302: ...twork diagram Figure 88 Network diagram for RMON configuration Configuration procedures 1 Configure RMON S4200G system view 4200G interface GigabitEthernet1 0 1 4200G GigabitEthernet1 0 1 rmon statist...

Страница 303: ...hernet1 0 1 ifIndex 4227817 etherStatsOctets 0 etherStatsPkts 0 etherStatsBroadcastPkts 0 etherStatsMulticastPkts 0 etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 0 etherStatsJ...

Страница 304: ...290 CHAPTER 34 RMON CONFIGURATION...

Страница 305: ...g all the network devices in a network simultaneously require that they adopt the same time When multiple systems cooperate to handle a rather complex event to ensure a correct execution order they mu...

Страница 306: ...3 4 LS_A LS_A LS_A LS_A LS_B LS_B LS_B LS_B NTP Packet NTP Packet Netw ork Netw ork NTP Packet10 00 00 am Netw ork Netw ork 11 00 01 am 10 00 00 am 11 00 01 am 11 00 02 am 10 00 00 am NTP Packet recei...

Страница 307: ...k Response packet Synchronize Active peer Passive peer Netw ork Clock synchronization request packet Operates in the passive peer mode automatically Netw ork Response packet Synchronize Active peer Pa...

Страница 308: ...the delay betw een the client and the server andwork as a client in broadcast mode Broadcast clock synchronization packets periodically Work as a server automatically and send response packets Receiv...

Страница 309: ...multicast client mode In this case the S4200G switch receives multicast NTP packets through the VLAN interface configure on it Table 256 NTP implementation modes on an S4200G series switch Continued N...

Страница 310: ...to be in the NTP broadcast client mode will response this packet and start the clock synchronization procedure NTP multicast server mode When an S4200G series switch operates in NTP multicast server...

Страница 311: ...rform authentications when enabling NTP With the authentications performed on both the client side and the server side the client is synchronized only to the server that passes the authentication This...

Страница 312: ...globally ntp service authentication enable Required By default the NTP authentication is disabled Configure the NTP authentication key ntp service authentication keyid key id authentication model md5...

Страница 313: ...ntication keyid key id Required By default an authentication key is not a trusted key Enter VLAN interface view interface vlan interface vlan id Associate a specified key with the corresponding NTP se...

Страница 314: ...2 S4200G1 is a switch that allows the local clock to be the master clock A S4200G 1 series switch operates in client mode with S4200G2 as the time server S4200G 2 operates in server mode automaticall...

Страница 315: ...11 3 After the above configuration the S4200G 1 switch is synchronized to S4200G 2 Display the NTP status of the S4200G 1 series switch S4200G display ntp service status clock status synchronized cloc...

Страница 316: ...etwork diagram for NTP peer mode configuration Configuration procedures 1 Configure the S4200G 1 series switch a Set S4200G 2 to be the time server S4200G system view System View return to User View w...

Страница 317: ...information about the NTP sessions of the S4200G 1 series switch and you can see that a connection is established between the S4200G 1 series switch and S4200G 3 S4200G display ntp service sessions s...

Страница 318: ...r system view S4200G system view System View return to User View with Ctrl Z S4200G b Enter VLAN interface 2 view S4200G interface vlan interface 2 S4200G Vlan Interface2 c Configure S4200G 2 to be a...

Страница 319: ...ce peer 3 selected 4 candidate 5 configured NTP Multicast Mode Configuration Network requirements S4200G3 sets the local clock to be NTP master clock with the clock stratum of 2 It advertises multicas...

Страница 320: ...he former cannot receive multicast packets sent by S4200G 3 while S4200G 1 is synchronized to S4200G 3 after receiving multicast packets sent by S4200G 3 Display the status of S4200G 1 after the synch...

Страница 321: ...figure S4200G 1 to be the time server S4200G ntp service unicast server 1 0 1 11 c Enable NTP authentication S4200G ntp service authentication enable d Set the authentication key S4200G ntp service au...

Страница 322: ...synchronized clock stratum 3 reference clock ID 1 0 1 11 nominal frequence 250 0000 Hz actual frequence 249 9992 Hz clock precision 2 19 clock offset 0 66 ms root delay 27 47 ms root dispersion 208 3...

Страница 323: ...multiple SSH clients SSH2 0 and SSH1 x are currently available SSH client functions to enable SSH connections between users and the Switch or UNIX host that support SSH server Figure 99and Figure 100...

Страница 324: ...same session key without data transfer over the network while the key is used at both ends for encryption and decryption 3 Authentication method negotiation stage These operations are completed at thi...

Страница 325: ...s it with its authentication data obtained locally If they match exactly the user is allowed to access the switch 4 Session request stage The client sends session request messages to the server which...

Страница 326: ...ompatible 512 to 2 048 bit keys are allowed on clients but the length of server keys must be more than 1 024 bits Otherwise clients cannot be authenticated CAUTION For a successful SSH login you must...

Страница 327: ...randomly by the SSH2 0 client software This operation is not required for password authentication type Table 266 Configure authentication type Operation Command Remarks Enter system view system view C...

Страница 328: ...nable the connection between SSH client and server ssh2 host ipaddr port prefer_kex dh_group1 dh_exchange_group prefer_ctos_cipher des aes128 prefer_stoc_cipher des aes128 prefer_ctos_hmac sha1 sha1_9...

Страница 329: ...t the user interfaces to support SSH 4200G ui vty0 4 protocol inbound ssh Configure the login protocol for the clinet001 user as SSH and authentication type as password 4200G local user client001 4200...

Страница 330: ...36F1CDDC4BB45504F020125 4200G rsa key code public key code end 4200G rsa public key peer public key end 4200G ssh user client002 assign rsa key S4200G002 Start the SSH client software on the host whic...

Страница 331: ...ver s public key Y N y Enter password All rights reserved 1997 2005 Without the owner s prior written consent no decompiling or reverse engineering shall be allowed S4200G Start the client and use the...

Страница 332: ...Table 271 Configure service type for an SSH user Operation Command Remarks Enter system view system view Configure service type for an SSH user ssh user username service type stelnet sftp all Optiona...

Страница 333: ...wd Display the list of the files in a directory dir ls Create a new directory mkdir Delete a directory rmdir 4 SFTP file related operations Rename a file on the SFTP server rename SFTP client view Opt...

Страница 334: ...me Change the current directory cd remote path Return to the upper directory cdup Display the current directory pwd Display the list of the files in a directory dir remote path Optional The dir and ls...

Страница 335: ...rocedure 1 Configure Switch B SFTP server a Enable the SFTP server 4200G sftp server enable b Specify SFTP service for SSH user abc 4200G ssh user abc service type sftp 2 Configure Switch A SFTP clien...

Страница 336: ...ogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06 22 new rwxrwxrwx 1 noone nogroup 225 Sep 01 06 55 pub drwxrwxrwx 1 noone nogro...

Страница 337: ...SFTP Service 323 rwxrwxrwx 1 noone nogroup 283 Sep 02 06 35 pub rwxrwxrwx 1 noone nogroup 283 Sep 02 06 36 puk sftp client g Exit from SFTP sftp client quit Bye 4200G...

Страница 338: ...324 CHAPTER 36 SSH TERMINAL SERVICES...

Страница 339: ...if you delete a file with the main attribute from the Flash the main attribute is not deleted It becomes the attribute of a valid file that is later downloaded to the Flash and has same name as the p...

Страница 340: ...a switch prompts for confirmation before executing the commands which have potential risks for example deleting and overwriting files Table 281 Configure file attributes Operation Command Description...

Страница 341: ...ory Directory Operations The file system provides directory related functions such as Creating deleting a directory Displaying the information about the files or the directories in the current work di...

Страница 342: ...es in the Flash are not compatible with the system software This may occur after you upgrade the system software of the switch The configuration files are corrupted This is usually because a wrong con...

Страница 343: ...configuration is saved in the default configuration file To make a switch to adopt the current configuration when it starts the next time save the current configuration using the save command before...

Страница 344: ...pdt_backup cfg Y N y Copy file unit1 flash updt cfg to unit1 flash test updt_backup cfg Done 4200G dir Directory of unit1 flash 1 b rw 4560196 Apr 16 2000 23 18 23 s3t03_01_00s168c03 app 2 rwh 4 Apr 0...

Страница 345: ...h sent out and received the packet loss ratio the round trip time in its minimum value mean value and maximum value Test Periodically if the IP Address is Reachable You can use the end station polling...

Страница 346: ...and the first hop sends back an ICMP error message indicating that the packet cannot be sent for the TTL is timeout Re send the packet with TTL value as 2 and the second hop returns the TTL timeout me...

Страница 347: ...ftp X X X X command on your PC X X X X is the IP address of an FTP server FTP Server A switch can also operate as an FTP server to provide file transmission services for FTP clients You can log into a...

Страница 348: ...given time when the latter operates as an FTP server Table 289 Configurations needed when a switch operates as an FTP server Device Configuration Default Description Switch Enable the FTP server funct...

Страница 349: ...h can operate as an FTP client without any configuration You can perform FTP related operations such as creating removing a directory by executing FTP client commands on a switch operating as an FTP c...

Страница 350: ...ied remote file ls remotefile localfile Optional Download a remote file get remotefile localfile Optional Upload a local file to the remote FTP server put localfile remotefile Optional Rename a file o...

Страница 351: ...is insufficient to hold the file to be downloaded you need to delete useless files in the flash to make room for the file 1 Connect to the FTP server using the ftp command You need to provide the IP...

Страница 352: ...to backup the configuration file Network diagram Figure 107 Network diagram for FTP configuration B Configuration procedure 1 Configure the switch a Log into the switch You can log into a switch thro...

Страница 353: ...s as described in the following To download a file a client sends read request packets to the TFTP server receives data from the TFTP server and then sends acknowledgement packets to the TFTP server T...

Страница 354: ...backup the configuration file Table 293 Configurations needed when a switch operates as a TFTP client Device Configuration Default Description Switch Configure an IP address for the VLAN interface of...

Страница 355: ...dress of a VLAN interface on the switch to be 1 1 1 1 and ensure that the port through which the switch connects with the PC belongs to this VLAN This example assumes that the port belongs to VLAN 1 4...

Страница 356: ...342 CHAPTER 38 FTP AND TFTP CONFIGURATION...

Страница 357: ...tem 1 Priority The calculation formula for priority is priority facility 8 severity 1 For VRP the default facility value is 23 and severity ranges from one to eight See Table 296 for description of se...

Страница 358: ...ormation will be output See Table 296 for description of severities and corresponding levels Note that a slash separates the level and digest 6 Digest It is a phrase within 32 characters abstracting t...

Страница 359: ...utput Enabling Synchronous Terminal Output To avoid user s input from being interrupted by system information output you can enable the synchronous terminal output function which echoes user s input a...

Страница 360: ...ter system view system view Enable the information center info center enable Optional By default the information center is enabled Define an information source info center source modu name default cha...

Страница 361: ...ebug terminal display terminal debugging Optional By default debug terminal display is disabled for terminal users Enable log terminal display terminal logging Optional By default log terminal display...

Страница 362: ...e trapping terminal display terminal trapping Optional By default trapping terminal display is enabled for terminal users Table 304 Enable information output to the log buffer Operation Command Descri...

Страница 363: ...rce modu name default channel channel number channel name log trap debug level severity state state Required Set the format of time stamp info center timestamp log trap debugging boot date none Option...

Страница 364: ...on output from the ARP and IP modules 4200G info center console channel console 4200G info center source arp channel console log level informational 4200G info center source ip channel console log lev...

Страница 365: ...Information Center Configuration Example 351 S4200G terminal logging...

Страница 366: ...352 CHAPTER 39 INFORMATION CENTER...

Страница 367: ...can load software remotely by using FTP TFTP The BootROM software version should be compatible with the host software version when you load the BootROM and host software Local Software Loading If you...

Страница 368: ...tup mode 0 Reboot Enter your choice 0 9 Loading Software Using XMODEM Through Console Port Introduction to XMODEM XMODEM is a file transfer protocol that is widely used due to its simplicity and good...

Страница 369: ...8400 4 57600 5 115200 0 Return Enter your choice 0 5 3 Choose an appropriate download baud rate For example if you enter 5 the baud rate 115200 bps is chosen and the system displays the following info...

Страница 370: ...DING Figure 111 Properties dialog box Figure 112 Console port configuration dialog box 5 Click the Disconnect button to disconnect the HyperTerminal from the switch and then click the Connect button t...

Страница 371: ...The system displays the following information Now please start transfer file with XMODEM protocol If you want to exit Press Ctrl X Loading CCCCCCCCCC 7 Choose Transfer Send File in the HyperTerminal...

Страница 372: ...9600 bps refer to step 4 and step 5 Then press any key as prompted The system will display the following information when it completes the loading Bootrom updating done Loading host software Follow t...

Страница 373: ...itch Then enter the Boot Menu At the prompt Enter your choice 0 9 in the Boot Menu press 6 or Ctrl U and then press Enter to enter the BootROM update menu shown below Bootrom update menu 1 Set TFTP pr...

Страница 374: ...download software to the switch through an Ethernet port The following is an example Loading BootROM software Figure 117 Local loading using FTP 1 As shown in Figure 117 connect the switch through an...

Страница 375: ...Menu The system displays the following information 1 Set TFTP protocol parameter 2 Set FTP protocol parameter 3 Set XMODEM protocol parameter 0 Return to boot menu Enter your choice 0 3 2 Enter 2 in t...

Страница 376: ...ill update BootRom file on unit 1 Continue Y N y Upgrading BOOTROM please wait Upgrade BOOTROM succeeded 3 Update the host program on the switch S4200G boot boot loader S4200G bin The specified file w...

Страница 377: ...the reboot command If the space of the Flash memory is not enough you can delete the useless files in the Flash memory before software downloading No power down is permitted during software loading R...

Страница 378: ...364 CHAPTER 40 BOOTROM AND HOST SOFTWARE LOADING...

Страница 379: ...hen the system is booted or power is cycled In environments that require exact absolute time NTP network time protocol must be used to obtain and set the current date and time of the Switch Setting th...

Страница 380: ...system view Returning from Current View to User View Perform the following operation in any view Table 310 Set the local time zone Operation Command Description Set the local time zone clock timezone...

Страница 381: ...a great help for you to diagnose and troubleshoot your switch system The output of debugging information is controlled by two kinds of switches Protocol debugging which controls whether the debugging...

Страница 382: ...put of debugging information will affect the efficiency of the system disable your debugging after you finish it Enable terminal display for debugging terminal debugging By default terminal display fo...

Страница 383: ...current operating information about the modules settled when this command is designed in the system for troubleshooting your system Perform the following operation in any view Table 319 Display the c...

Страница 384: ...370 CHAPTER 41 Basic System Configuration and Debugging...

Страница 385: ...to 675 seconds The sizes of receiving and sending buffers of connection oriented sockets which range from 1 KB to 32 KB and default to 8 KB Configuring TCP Attributes Displaying and Debugging IP Perfo...

Страница 386: ...ommand to enable UDP debugging to track UDP data packets Table 321 Display and debug the IP performance Operation Command Description Display the TCP connection status display tcp status You can execu...

Страница 387: ...racert command is as follows First the source host sends a data packet with the TTL of 1 and the first hop device returns an ICMP error message indicating that it cannot forward this packet because of...

Страница 388: ...374 CHAPTER 43 NETWORK CONNECTIVITY TEST...

Страница 389: ...re is any configuration change If there is it prompts you to indicate whether or not to proceed This prevents you from losing your original configuration due to oblivion after system reboot Schedule a...

Страница 390: ...remotely update the switch software by using the device management commands through CLI The switch acts as the FTP client and the remote PC serves as both the configuration PC and the FTP server Tabl...

Страница 391: ...as switch and hello respectively being authorized with the read write right of the Switch directory on the PC The detailed configuration is omitted here 2 Configure the switch as follows a On the swi...

Страница 392: ...4200G g Update the BootROM S4200G boot bootrom boot btm This will update BootRom file on unit 1 Continue Y N y Upgrading BOOTROM please wait Upgrade BOOTROM succeeded h Specify the downloaded applicat...

Страница 393: ...ing software of the member devices in a cluster through Web Member device configuration backup restoration through Web These functions enrich the Ethernet switch cluster management technology and sign...

Страница 394: ...configurations are performed on the related cluster devices The cluster is created and enabled That is you can manage cluster members through the master device Configuration procedure Table 329 Confi...

Страница 395: ...on procedure Enable NDP and NTDP S4200G system view System View return to User View with Ctrl Z S4200G ndp enable Create a cluster S4200G cluster S4200G cluster ip pool 168 192 0 1 24 S4200G cluster b...

Страница 396: ...192 0 0 0 0 0 255 rule 1 permit ip destination 168 192 0 0 0 0 0 255 vlan 1 cluster ip pool 168 192 0 1 255 255 255 0 build chwn tftp server 1 1 1 66 snmp host 1 1 1 66 snmp agent snmp agent local eng...

Страница 397: ...isplay the current configuration on the master switch chwn_0 S4200G cluster display current configuration sysname S4200G radius scheme system domain system acl number 3998 rule 0 deny ip destination 1...

Страница 398: ...prompt Control the member device remotely through the remote control function of the management device if a member device fails due to incorrect configuration For example you can delete the boot file...

Страница 399: ...s kind of nodes is newly added nodes which are not confirmed by the network administrator White list and black list are saved in the flash of the management device They still exist after the managemen...

Страница 400: ...e standard topology information into the local flash topology save to local flash Optional Obtain and restore the standard topology information from the local flash topology restore from local flash O...

Страница 401: ...rom the white list Configuration example Configure a web users chwn_0 S4200G cluster cluster loca www password simple 12345678 Member 1 succeeded in the web user configuration Member 2 succeeded in th...

Страница 402: ...fail to pass the topology authentication Thereafter each time a device attempts to join a cluster the master device automatically initiates topological authentication based on the reference topology f...

Страница 403: ...id to black list Optional Add the device with the specified MAC address to the black list black list add mac mac address Optional Remove the device with the specified MAC address from the black list...

Страница 404: ...n the Flash of a member device Log into the Web page of the master switch and upgrade software Log in to the Web page of the master switch and restore the configuration Remove the member device number...

Страница 405: ...uster tftp server 10 1 1 15 S4200G cluster snmp host 10 1 1 16 S4200G cluster topology accept all save to local flash Remove the member device numbered 3 from the cluster and add it to the black list...

Страница 406: ...392 CHAPTER 45 CONFIGURATION OF NEWLY ADDED CLUSTER FUNCTIONS...

Страница 407: ...in the local network it processes the configuration request packet directly without the help of a DHCP relay If no DHCP server exists in the local network the network device serving as a DHCP relay on...

Страница 408: ...ncludes at least one sub option and at most 255 sub options Currently the commonly used sub options in option 82 are sub option 1 sub option 2 and sub option 5 Sub option 1 A sub option of option 82 S...

Страница 409: ...QUEST packets As DHCP servers coming from different manufacturers process DHCP request packets in different ways that is some DHCP servers process option 82 in DHCP DISCOVER packets whereas the rest p...

Страница 410: ...DHCP relay is to prevent unauthorized users from statically configuring IP addresses to access external networks With this function enabled a DHCP relay inhibits a user from accessing external networ...

Страница 411: ...ns the corresponding user address entry unchanged Option 82 Supporting Configuration Prerequisites Before configuring option 82 supporting on a DHCP relay make sure that the DHCP relay is configured a...

Страница 412: ...address of the DHCP server by configuring the IP address of the DHCP server to be used by DHCP server group 1 4200G dhcp server 1 ip address 202 38 1 2 5 Map VLAN 100 interface to DHCP server group1...

Страница 413: ...server 1 ip 202 38 1 2 4 Map VLAN 2 interface to DHCP server group 1 4200G interface vlan interface 2 4200G Vlan interface2 dhcp server 1 5 Configure an IP address for VLAN 2 interface so that this i...

Страница 414: ...ration When a DHCP relay operates improperly you can locate the problem by enabling debugging and checking the information about debugging and interface state You can display the information by execut...

Страница 415: ...to this destination are dropped without notifying the source host The attributes reject and blackhole are usually used to control the range of reachable destinations of this router and help troublesho...

Страница 416: ...the next hop address of the route is specified can the link layer find the corresponding link layer address and then forward the packet according to this address You cannot specify an interface addres...

Страница 417: ...ip route static 0 0 0 0 0 0 0 0 0 interface type interface number next hop preference value reject blackhole Delete a default route undo ip route static 0 0 0 0 0 0 0 0 0 interface type interface num...

Страница 418: ...1 3 2 4 Configure the default gateway of the Host A to be 1 1 5 1 5 Configure the default gateway of the Host B to be 1 1 4 1 6 Configure the default gateway of the Host C to be 1 1 1 1 By then all t...

Страница 419: ...P Helper function is enabled you can configure the UDP ports where UDP function is required and the relay function is enabled at UDP ports 69 53 37 137 138 and 49 When the function is disabled Relay f...

Страница 420: ...rver command without any parameter deletes all destination servers configured on the interface By default no relay destination server for UDP broadcast packets is configured Displaying and Debugging U...

Страница 421: ...ation server 202 38 1 2 Networking diagram Figure 127 Networking for UDP Helper configuration Configuration procedure 1 Enable UDP Helper function 4200G udp helper enable 2 Set to relay forward the br...

Страница 422: ...408 CHAPTER 48 UDP HELPER CONFIGURATION...

Отзывы:

Нет отзывов

Похожие инструкции для 4200G 12-Port

Бренд: Black Box Страницы: 2

SRS Lighting DTS16F-DIN

Бренд: plasa Страницы: 4

Бренд: Campbell Страницы: 10

Бренд: Festo Страницы: 2

JTECH-4KPIP0401

Бренд: J-Tech Digital Страницы: 10

Бренд: Cable Electronics Страницы: 16

Liquipoint FTW33

Бренд: Endress+Hauser Страницы: 48

Бренд: VADA Страницы: 4

Бренд: Black Box Страницы: 20

Бренд: Thinklogical Страницы: 17

S5130-EI Series

Бренд: H3C Страницы: 32

Бренд: YOKOGAWA Страницы: 74

Бренд: IOGear Страницы: 40

Бренд: Good Way Страницы: 13

Бренд: Hama Страницы: 14

Бренд: Pulsar Страницы: 5

Бренд: VigilLink Страницы: 24

COMMANDE MURALE RTS

Бренд: SOMFY Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды