3Com S7906E - Switch Скачать руководство пользователя

Страница: 1950 / 2621

1-1

Port Security Configuration

When configuring port security, go to these sections for information you are interested in:

Introduction to Port Security

Port Security Configuration Task List

Displaying and Maintaining Port Security

Port Security Configuration Examples

Troubleshooting Port Security

Introduction to Port Security

Port Security Overview

Port security is a MAC address-based security mechanism for network access controlling. It is an

extension to the existing 802.1X authentication and MAC authentication. It controls the access of

unauthorized devices to the network by checking the source MAC address of an inbound frame and the

access to unauthorized devices by checking the destination MAC address of an outbound frame.

With port security, you can define various port security modes to make a device learn only legal source

MAC addresses, so that you can implement different network security management as needed. When a

port security-enabled device detects an illegal frame, it triggers the corresponding port security feature

and takes a pre-defined action automatically. This reduces your maintenance workload and greatly

enhances system security.

The following types of frames are classified as illegal:

Received frames with unknown source MAC addresses when MAC address learning is disabled.

Received frames with unknown source MAC addresses when the number of MAC addresses

learned by the port has already reached the upper limit.

Frames from unauthenticated users.

The security modes of the port security feature provide extended and combined use of 802.1X

authentication and MAC authentication and therefore apply to scenarios that require both 802.1X

authentication and MAC authentication. For scenarios that require only 802.1X authentication or MAC

authentication for access control, however, you are recommended to configure the 802.1X

authentication or MAC authentication for simplicity. For information about 802.1X and MAC

authentication, refer to

802.1X Configuration

and

MAC Authentication Configuration

in the

Security

Volume.

«
...
1948
1949
1950
1951
1952
...
»

Содержание S7906E - Switch

Страница 1: ...7900E Family Configuration Guide Release 6600 Series S7910E S7906E S7906E V S7903E S7903E S S7902E Manual Version 20091015 C 1 00 www 3com com 3Com Corporation 350 Campus Drive Marlborough MA USA 0175...

Страница 2: ...cial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove o...

Страница 3: ...HCPv6 Tunneling 02 IP Services Volume UDP Helper FTP and TFTP sFlow IP Routing Basics Static Routing RIP OSPF IS IS BGP IPv6 Static Routing RIPng OSPFv3 IPv6 IS IS IPv6 BGP Route Policy 03 IP Routing...

Страница 4: ...are optional x y Alternative items are grouped in braces and separated by vertical bars One is selected x y Optional alternative items are grouped in square brackets and separated by vertical bars On...

Страница 5: ...ion to ensure successful configuration or good performance Means a complementary description Means techniques helpful for you to make configuration with ease Related Documentation In addition to this...

Страница 6: ...on to Product 1 1 Feature Lists 1 1 2 Features 2 1 Access Volume 2 1 IP Services Volume 2 3 IP Routing Volume 2 4 Multicast Volume 2 6 MPLS Volume 2 8 QoS Volume 2 10 Security Volume 2 10 High Availab...

Страница 7: ...tion Service Loopback Group Loopback Interface and Null Interface MSTP LLDP VLAN GVRP QinQ BPDU Tunneling VLAN Mapping 01 Access Volume Mirroring EPON OLT IP Addressing IP Performance Optimization ARP...

Страница 8: ...RPF Dual SRPU System VRRP Smart Link Monitor Link RRPP DLDP Ethernet OAM Connectivity Fault Detection 08 High Availability Volume BFD Track GR Overview Login Basic System Configuration Device Manageme...

Страница 9: ...et Port z Configuring the MDI Mode for an Ethernet Port z Testing the Cable on an Ethernet Port z Configuring the Storm Constrain Function on an Ethernet Port z Configuring the Connection Mode of an E...

Страница 10: ...LAN based on Port MAC address Protocol or IP subnet z Introduction and configuration of Super VLAN z Introduction and configuration of Isolate user vlan z Introduction and configuration of Voice VLAN...

Страница 11: ...nfiguration IP Performance Optimization In some network environments you need to adjust the IP parameters to achieve best network performance This document describes z Enabling Reception and Forwardin...

Страница 12: ...figuring a 6to4 Tunnel z Configuring an ISATAP Tunnel z Configuring an IPv4 over IPv4 Tunnel z Configuring an IPv4 over IPv6 Tunnel z Configuring an IPv6 over IPv6 Tunnel z Configuring a GRE over IPv4...

Страница 13: ...algorithm This document describes z Configuring IS IS Basic Functions z Configuring IS IS Routing Information Control z Tuning and Optimizing IS IS Networks z Configuring IS IS Authentication z Confi...

Страница 14: ...spection filtering attributes modifying when routes are received advertised or redistributed This document describes z Defining Filters z Route policy configuration Policy Routing Policy routing is to...

Страница 15: ...figuring MBGP Basic Functions z Configuring MBGP Route Attributes z Configuring a Large Scale MBGP Network Multicast VPN Multicast VPN is a technique that implements multicast delivery in MPLS L3VPN n...

Страница 16: ...istener Discovery Snooping MLD Snooping is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups This document describes z Configuring Basic...

Страница 17: ...olutions This document describes z MPLS L3VPN Overview z Configuring VPN Instances z Configuring Basic MPLS L3VPN z Configuring Inter Provider MPLS L3VPN z Configuring Nested VPN z Configuring HoVPN z...

Страница 18: ...predefined configurations This document describes z Creating a User Profile z Configuring a User Profile z Enabling a User Profile Security Volume Table 2 7 Features in the Security volume Features D...

Страница 19: ...a non secure network environment By encryption and strong authentication it protects the device against attacks This document describes z Configuring Asymmetric Keys z Configuring the Device as an SS...

Страница 20: ...ice Monitor Link Monitor link is a port collaboration function used to enable a device to be aware of the up down state change of the ports on an indirectly connected link This document describes z Mo...

Страница 21: ...llaboration between different modules through established collaboration objects The detection modules trigger the application modules to perform certain operations through the track module This docume...

Страница 22: ...rs File System Management A major function of the file system is to manage storage devices mainly including creating the file system creating deleting modifying and renaming a file or a directory and...

Страница 23: ...Upgrading PSE Processing Software in Service NQA NQA analyzes network performance services and service quality by sending test packets to provide you with network performance and service quality para...

Страница 24: ...guration for Enabling IPC Performance Statistics OAA Volume Table 2 10 Features in the OAA volume Features Description OAP Configuration This document describes z OAP Overview z Configuring an OAP Car...

Страница 25: ...Application Layer Gateway AM accounting management ANSI American National Standard Institute AP Access Point ARP Address Resolution Protocol AS Autonomous System ASBR Autonomous System Border Router...

Страница 26: ...and Telegraph Consultative Committee CE Customer Edge CFD Connectivity Fault Detection CFM Configuration File Management CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter Domain R...

Страница 27: ...oint Priority DSP Digital Signal Processor DTE Data Terminal Equipment DU Downstream Unsolicited D V Distance Vector Routing Algorithm DVMRP Distance Vector Multicast Routing Protocol DWDM Dense Wavel...

Страница 28: ...ernet GR Graceful Restart GRE Generic Routing Encapsulation GTS Generic Traffic Shaping GVRP GARP VLAN Registration Protocol H Return HA High Availability HABP HW Authentication Bypass Protocol HDLC H...

Страница 29: ...on IPSec IP Security IPTN IP Phone Telephony Network IPv6 Internet protocol version 6 IPX Internet Packet Exchange IRF Intelligent Resilient Framework IS Intermediate System ISATAP Intra Site Automati...

Страница 30: ...ate LRTT Loop Round Trip Time LSA Link State Advertisement LSAck Link State Acknowledgment LSDB Link State Database LSP Label Switch Path LSPAGENT Label Switched Path AGENT LSPDU Link State Protocol D...

Страница 31: ...on Overhead MSTI Multi Spanning Tree Instance MSTP Multiple Spanning Tree Protocol MT Multicast Tunnel MTBF Mean Time Between Failure MTI Multicast Tunnel Interface MTU Maximum Transmission Unit MVRF...

Страница 32: ...OC 3 OC 3 OID Object Identifier OL Optical Line OSI Open Systems Interconnection OSPF Open Shortest Path First P Return P2MP Point to MultiPoint P2P Point To Point PAP Password Authentication Protocol...

Страница 33: ...Virtual Channel PW Pseudo wires Q Return QACL QoS ACL QinQ 802 1Q in 802 1Q QoS Quality of Service QQIC Querier s Query Interval Code QRV Querier s Robustness Variable R Return RA Registration Author...

Страница 34: ...hoke Fairness Frame SD Signal Degrade SDH Synchronous Digital Hierarchy SETS Synchronous Equipment Timing Source SF Sampling Frequency SFM Source Filtered Multicast SFTP Secure FTP Share MDT Share Mul...

Страница 35: ...Distribution Tree T Return TA Terminal Adapter TACACS Terminal Access Controller Access Control System TDM Time Division Multiplexing TCP Transmission Control Protocol TE Traffic Engineering TEDB TE D...

Страница 36: ...rk VPI Virtual Path Identifier VPLS Virtual Private Local Switch VPN Virtual Private Network VRID Virtual Router ID VRRP Virtual Router Redundancy Protocol VSI Virtual Switch Interface VT Virtual Trib...

Страница 37: ...al for Collecting Ethernet Port Statistics z Enabling Forwarding of Jumbo Frames z Enabling Loopback Detection on an Ethernet Port z Configuring the MDI Mode for an Ethernet Port z Testing the Cable o...

Страница 38: ...unications links This document describes z Introduction to LLDP z Performing Basic LLDP Configuration z Configuring CDP Compatibility z Configuring LLDP Trapping VLAN Using the VLAN technology you can...

Страница 39: ...nfiguring Two to Two VLAN Mapping Port Mirroring Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network m...

Страница 40: ...Ethernet Port 1 5 Configuring a Port Group 1 6 Configuring an Auto negotiation Transmission Rate 1 6 Configuring Storm Suppression 1 7 Setting the Interval for Collecting Ethernet Port Statistics 1 8...

Страница 41: ...ptical fiber port or an electrical copper port The two ports share one forwarding port and thus they cannot work at the same time If the electrical port is enabled the optical port is disabled automat...

Страница 42: ...interface but because it is located on the main board it provides much faster connection speed than a common Ethernet interface when used for operations such as software loading and network management...

Страница 43: ...ame followed by the interface string GigabitEthernetEthernet1 2 0 1 Interface for example Shut down the port shutdown Optional By default a port is in up state To bring up a port use the undo shutdown...

Страница 44: ...rt it will send a Pause frame notifying the egress port to temporarily suspend the sending of packets The egress port is expected to stop sending any new packet when it receives the Pause frame In thi...

Страница 45: ...command cannot take effect on ports that are manually disabled using the shutdown command Configuring Loopback Testing on an Ethernet Port You can enable loopback testing to check whether the Ethernet...

Страница 46: ...you made on it apply to all group member ports Note that even though the settings are made on the port group they are saved on a port basis rather than on a port group basis Thus you can only view th...

Страница 47: ...to configure an auto negotiation transmission rate To do Use the command Remarks Enter system view system view Enter Ethernet port view interface interface type interface number Configure the auto neg...

Страница 48: ...e takes effect on the current port only if configured in port group view this feature takes effect on all ports in the port group Set the broadcast storm suppression ratio broadcast suppression ratio...

Страница 49: ...configurations take effect on all ports in the port group Follow these steps to enable the forwarding of jumbo frames To do Use the command Remarks Enter system view system view port group manual port...

Страница 50: ...port group manual port group name Use either command Configurations made in Ethernet port view takes effect on the current port only configurations made in port group view takes effect on all ports in...

Страница 51: ...receiving signals pin 3 and pin 6 are used for transmitting signals To enable normal communication you should connect the local transmit pins to the remote receive pins Therefore you should configure...

Страница 52: ...rap messages and logs when the traffic detected exceeds the threshold Alternatively you can configure the storm suppression function to control a specific type of traffic As the function and the storm...

Страница 53: ...n below the lower threshold from a point higher than the upper threshold Specify to send log when the traffic detected exceeds the upper threshold or drops down below the lower threshold from a point...

Страница 54: ...command Remarks Display the current state of a port and the related information display interface interface type interface number Available in any view Display the summary of a port display brief int...

Страница 55: ...group manual all name port group name Available in any view Display the information about the loopback function display loopback detection Available in any view Display storm constrain information on...

Страница 56: ...1 9 Configuring the Description of an Aggregate Interface 1 10 Enabling LinkUp LinkDown Trap Generation for an Aggregate Interface 1 10 Shutting Down an Aggregate Interface 1 10 Configuring Load Shar...

Страница 57: ...ates as a distributed stacking device For introduction of IRF refer to IRF in the System Volume Overview Link aggregation aggregates multiple physical Ethernet ports to increase the link speed beyond...

Страница 58: ...use the same duplex mode For how the state of a member port is determined refer to Static aggregation mode and Dynamic aggregation mode IEEE 802 3ad LACP protocol The IEEE 802 3ad Link Aggregation Co...

Страница 59: ...QinQ enable state enable disable TPID values in VLAN tags outer VLAN tags to be added inner to outer VLAN priority mappings inner to outer VLAN tag mappings inner VLAN ID substitution mappings VLAN Pe...

Страница 60: ...number wins out z Consider the ports in up state with the same port attributes port rate duplex mode and link state configuration and class two configurations as the reference port as candidate selec...

Страница 61: ...the number of candidate selected ports is under the limit all the candidate selected ports are set to selected state When the limit is exceeded the system selects the candidate selected ports with sm...

Страница 62: ...Select either task Configuring an Aggregation Group Enabling MAC Address Table Synchronization for Cross Card Aggregation Required Configuring the Description of an Aggregate Interface Optional Enabl...

Страница 63: ...es the corresponding aggregation group At the same time the member ports of the aggregation group if any leave the aggregation group z To guarantee a successful static aggregation ensure that the port...

Страница 64: ...gregation group becomes a non load sharing aggregation group because of insufficient load sharing resources one of the following problems may occur the number of selected ports of the actor is inconsi...

Страница 65: ...hronization between different types of line cards To do Use the command Remarks Enter system view system view Enable MAC address table synchronization synchronization mac address enable Required Disab...

Страница 66: ...the command Remarks Enter system view system view Enable the trap function globally snmp agent trap enable standard linkdown linkup Optional By default linkUp linkDown trap generation is enabled globa...

Страница 67: ...link aggregation group for different types of traffic as needed You can configure a global load sharing mode for all link aggregation groups or a load sharing mode specific to a link aggregation grou...

Страница 68: ...ace bridge aggregation interface number Configure the load sharing mode for the aggregation group link aggregation load sharing mode destination ip destination mac mpls label1 mpls label2 source ip so...

Страница 69: ...view system view Configure the local first load sharing mechanism for link aggregation link aggregation load sharing mode local first Optional The local first load sharing mode takes effect by default...

Страница 70: ...e section Class two configurations When you configure cross card link aggregation if link aggregation across different types of cards however you may need to enable MAC address table synchronization m...

Страница 71: ...gregation Configuration Example Network requirements As shown in Figure 1 3 Device A and Device B are connected through their respective Layer 2 Ethernet ports GigabitEthernet 2 0 1 to GigabitEthernet...

Страница 72: ...rements As shown in Figure 1 4 Device A is connection to Device B by their Ethernet ports GigabitEthernet 2 0 1 through GigabitEthernet 2 0 4 Configure the global load sharing mode and aggregation gro...

Страница 73: ...tination MAC based load sharing mode DeviceA interface bridge aggregation 2 DeviceA Bridge Aggregation2 link aggregation load sharing mode destination mac DeviceA Bridge Aggregation2 quit Assign ports...

Страница 74: ...olation Configuration 1 1 Introduction to Port Isolation 1 1 Configuring the Isolation Group 1 1 Assigning a Port to the Isolation Group 1 1 Displaying and Maintaining Isolation Groups 1 2 Port Isolat...

Страница 75: ...2 traffic can be exchanged between a port inside an isolation group and a port outside the isolation group but not between ports inside the isolation group z There is no restriction on the number of...

Страница 76: ...t simply skips the port and moves to the next port Displaying and Maintaining Isolation Groups To do Use the command Remarks Display the isolation group information on a single isolation group device...

Страница 77: ...rt isolate enable Device Gigabitethernet2 0 2 quit Device interface gigabitethernet 2 0 3 Device Gigabitethernet2 0 3 port isolate enable Configure port GigabitEthernet 2 0 4 as the uplink port of the...

Страница 78: ...unctions of Service Loopback Groups 1 1 Port Configuration Prerequisites of Service Loopback Groups 1 1 States of the Ports in a Service Loopback Group 1 2 Configuring a Service Loopback Group 1 2 Dis...

Страница 79: ...e redirecting throughput you can bundle multiple service loopback ports into a logical link called a service loopback group Similar to link aggregation a service loopback group can increase bandwidth...

Страница 80: ...rdware restrictions as candidate selected ports and set the rest ports to unselected state z The number of selected ports is limited in a service loopback group If the number of candidate ports exceed...

Страница 81: ...mber Available in any view Configuration Example Network requirements Ports of Device A support the tunnel service Assign GigabitEthernet 2 0 1 through GigabitEthernet 2 0 3 to a service loopback grou...

Страница 82: ...1 4 DeviceA interface tunnel 1 DeviceA Tunnel1 service loopback group 1...

Страница 83: ...nfiguration 1 1 Loopback Interface 1 1 Introduction to Loopback Interface 1 1 Configuring a Loopback Interface 1 1 Null Interface 1 2 Introduction to Null Interface 1 2 Configuring Null 0 Interface 1...

Страница 84: ...e a rule on an authentication or security server to permit or deny packets generated by a device you can streamline the rule by configuring it to permit or deny packets carrying the loopback interface...

Страница 85: ...ace is always up However you can neither use it to forward data packets nor configure an IP address or link layer protocol on it With a null interface specified as the next hop of a static route to a...

Страница 86: ...rface is the interface name followed by the Interface string Displaying and Maintaining Loopback and Null Interfaces To do Use the command Remarks Display information about loopback interfaces display...

Страница 87: ...vice 1 19 Configuring the Maximum Hops of an MST Region 1 20 Configuring the Network Diameter of a Switched Network 1 20 Configuring Timers of MSTP 1 21 Configuring the Timeout Factor 1 22 Configuring...

Страница 88: ...EEE to eliminate loops at the data link layer in a local area network LAN Devices running this protocol detect loops in the network by exchanging information with one another and eliminate loops by se...

Страница 89: ...port The root bridge has no root port Designated bridge and designated port The following table describes designated bridges and designated ports Table 1 1 Description of designated bridges and design...

Страница 90: ...spanning tree calculation Important fields in a configuration BPDU include z Root bridge ID consisting of the priority and MAC address of the root bridge z Root path cost the cost of the path to the...

Страница 91: ...iority than that of the configuration BPDU generated by the port the device discards the received configuration BPDU and does not process the configuration BPDU of this port z If the received configur...

Страница 92: ...device z The designated port ID is replaced with the ID of this port 3 The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be def...

Страница 93: ...port after comparison Device A z Port AP1 receives the configuration BPDU of Device B 1 0 1 BP1 Device A finds that the configuration BPDU of the local port 0 0 0 AP1 is superior to the received confi...

Страница 94: ...ort BP1 0 0 0 AP1 Designated port BP2 0 5 1 BP2 z Port CP1 receives the configuration BPDU of Device A 0 0 0 AP2 Device C finds that the received configuration BPDU is superior to the configuration BP...

Страница 95: ...ning tree with Device A as the root bridge is established as shown in Figure 1 3 Figure 1 3 The final calculated spanning tree AP1 AP2 Device A With priority 0 Device B With priority 1 Device C With p...

Страница 96: ...e transition in STP the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propag...

Страница 97: ...gs of STP and RSTP In addition to the support for rapid network convergence it allows data flows of different VLANs to be forwarded along separate paths thus providing a better load sharing mechanism...

Страница 98: ...tree region MST region consists of multiple devices in a switched network and the network segments among them These devices have the following characteristics z All are MSTP enabled z They have the sa...

Страница 99: ...constitute the CIST of the entire network MSTI Multiple spanning trees can be generated in an MST region through MSTP one spanning tree being independent of another Each spanning tree is referred to a...

Страница 100: ...ate port The standby port for a root port or master port When the root port or master port is blocked the alternate port becomes the new root port or master port z Backup port The backup port of a des...

Страница 101: ...are calculated each being called an MSTI Among these MSTIs MSTI 0 is the IST while all the others are MSTIs Similar to STP MSTP uses configuration BPDUs to calculate spanning trees The only difference...

Страница 102: ...tocol MSTP Configuration Task List Before configuring MSTP you need to know the role of each device in each MSTI root bridge or leave node In each MSTI one and only one device acts as the root bridge...

Страница 103: ...nce mapping table For the detailed information of GVRP refer to GVRP Configuration of the Access Volume z MSTP is mutually exclusive with any of the following functions on a port service loopback RRPP...

Страница 104: ...to configure an MST region To do Use the command Remarks Enter system view system view Enter MST region view stp region configuration Configure the MST region name region name name Optional The MST r...

Страница 105: ...has independent roles in different MSTIs It can act as the root bridge or a secondary root bridge of one MSTI while being the root bridge or a secondary root bridge of another MSTI However the same d...

Страница 106: ...h legacy STP devices and for full interoperability with RSTP enabled devices MSTP supports three work modes STP compatible mode RSTP mode and MSTP mode z In STP compatible mode all ports of the device...

Страница 107: ...ys sends a configuration BPDU with a hop count set to the maximum value When a switch receives this configuration BPDU it decrements the hop count by 1 and uses the new hop count in the BPDUs it propa...

Страница 108: ...scarding state can transit to the forwarding state it needs to go through the learning state Forward delay is the delay time for port state transition This is to ensure that the state transition of th...

Страница 109: ...recommend that you use the default setting z If the max age time setting is too small the network devices will frequently launch spanning tree calculations and may take network congestion as a link fa...

Страница 110: ...system view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manual...

Страница 111: ...ve different path costs in different MSTIs Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links thus achieving VLAN based load balancing The device c...

Страница 112: ...66 500 2 1 1 1 When calculating path cost for an aggregate interface 802 1d 1998 does not take into account the number of member ports in its aggregation group as 802 1t does The calculation formula o...

Страница 113: ...elected as the root port of a device If all other conditions are the same the port with the highest priority will be elected as the root port On an MSTP enabled device a port can have different priori...

Страница 114: ...ew system view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manu...

Страница 115: ...cy Required auto by default z MSTP provides the MSTP packet format incompatibility guard function In MSTP mode if a port is configured to recognize send MSTP packets in a mode other than auto and rece...

Страница 116: ...port group manual port group name Required Use either command Enable the MSTP feature for the ports stp enable Optional By default MSTP is enabled for all ports after it is enabled for the device glo...

Страница 117: ...RSTP or MSTP mode Configuring Digest Snooping As defined in IEEE 802 1s interconnected devices are in the same region only when the MST region related configurations domain name revision level VLAN to...

Страница 118: ...led by default z With the Digest Snooping feature enabled comparison of configuration digest is not needed for in the same region check so the VLAN to instance mappings must be the same on associated...

Страница 119: ...oping on Device B DeviceB system view DeviceB interface gigabitethernet 2 0 1 DeviceB GigabitEthernet2 0 1 stp config digest snooping DeviceB GigabitEthernet2 0 1 quit DeviceB stp config digest snoopi...

Страница 120: ...P and does not work in RSTP mode the root port on the downstream device receives no agreement packet from the upstream device and thus sends no agreement packets to the upstream device As a result the...

Страница 121: ...arty device that has different MSTP implementation Both devices are in the same region z Device B is the regional root bridge and Device A is the downstream device Figure 1 9 No Agreement Check config...

Страница 122: ...by default BPDU guard does not take effect on loopback test enabled ports For information about loopback test refer to Ethernet Port Configuration in the Access Volume Enabling Root guard The root bri...

Страница 123: ...and the blocked ports will transition to the forwarding state resulting in loops in the switched network The loop guard function can suppress the occurrence of such loops With loop guard enabled on a...

Страница 124: ...address entries Follow these steps to enable TC BPDU guard To do Use the command Remarks Enter system view system view Enable the TC BPDU guard function stp tc protection enable Optional Enabled by d...

Страница 125: ...t packet number Optional 10 by default Configure the port as an edge port stp edged port enable Required By default no port is an edge port Configure the path cost of the port stp cost cost Optional B...

Страница 126: ...number brief Available in any view View the MST region configuration information that has taken effect display stp region configuration Available in any view View the root bridge information of all MS...

Страница 127: ...MSTI 1 MSTI 3 and MSTI 4 respectively and configure the revision level of the MST region as 0 DeviceA system view DeviceA stp region configuration DeviceA mst region region name example DeviceA mst re...

Страница 128: ...w DeviceC stp region configuration DeviceC mst region region name example DeviceC mst region instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst...

Страница 129: ...TID Port Role STP State Protection 0 GigabitEthernet2 0 1 DESI FORWARDING NONE 0 GigabitEthernet2 0 2 DESI FORWARDING NONE 0 GigabitEthernet2 0 3 DESI FORWARDING NONE 1 GigabitEthernet2 0 2 DESI FORWA...

Страница 130: ...0 2 ALTE DISCARDING NONE 4 GigabitEthernet2 0 3 ROOT FORWARDING NONE Based on the above information you can draw the MSTI corresponding to each VLAN as shown in Figure 1 11 Figure 1 11 MSTIs correspon...

Страница 131: ...ation Delay 1 8 Enabling LLDP Polling 1 8 Configuring the TLVs to Be Advertised 1 8 Configuring the Management Address and Its Encoding Format 1 9 Setting Other LLDP Parameters 1 10 Setting an Encapsu...

Страница 132: ...in IEEE 802 1AB The protocol operates on the data link layer to exchange device information between directly connected devices With LLDP a device sends local device information including its major fun...

Страница 133: ...MAC address the MAC address of the sending bridge is used Type The Ethernet type for the upper layer protocol It is 0x88CC for LLDP Data LLDP data unit LLDPDU FCS Frame check sequence a 32 bit CRC val...

Страница 134: ...nformation field in octets and the value field contains the information itself LLDPDU TLVs fall into these categories basic management TLVs organizationally IEEE 802 1 and IEEE 802 3 specific TLVs and...

Страница 135: ...00E support receiving but not sending protocol identity TLVs 3 IEEE 802 3 organizationally specific TLVs Table 1 5 IEEE 802 3 organizationally specific TLVs Type Description MAC PHY Configuration Stat...

Страница 136: ...t to advertise power related information according to IEEE 802 3AF Hardware Revision Allows a MED endpoint device to advertise its hardware version Firmware Revision Allows a MED endpoint to advertise...

Страница 137: ...or is discovered that is a new LLDP frame is received carrying device information new to the local device z The LLDP operating mode of the port changes from Disable Rx to TxRx or Tx This is the fast s...

Страница 138: ...teps to enable LLDP To do Use the command Remarks Enter system view system view Enable LLDP globally lldp enable Required By default LLDP is disabled globally Enter Ethernet interface view interface i...

Страница 139: ...system view system view Set the LLDP re initialization delay lldp timer reinit delay delay Optional 2 seconds by default Enabling LLDP Polling With LLDP polling enabled a device checks for local confi...

Страница 140: ...encoded its management address in character string format you can configure the encoding format of the management address as string on the connecting port to guarantee normal communication with the ne...

Страница 141: ...r of LLDP frames sent each time fast LLDPDU transmission is triggered lldp fast count count Optional 3 by default z The TTL can be up to 65535 seconds TTLs greater than it will be rounded down to 6553...

Страница 142: ...eed to enable CDP compatibility for your device to work with Cisco IP phones As your LLDP enabled device cannot recognize CDP packets it does not respond to the requests of Cisco IP phones for the voi...

Страница 143: ...ate in TxRx mode lldp compliance admin status cdp txrx Required By default CDP compatible LLDP operates in disable mode As the maximum TTL allowed by CDP is 255 seconds ensure that the product of the...

Страница 144: ...tics display lldp statistics global interface interface type interface number Available in any view Display LLDP status of a port display lldp status interface interface type interface number Availabl...

Страница 145: ...stem view SwitchB lldp enable Enable LLDP on GigabitEthernet2 0 1 you can skip this step because LLDP is enabled on ports by default setting the LLDP operating mode to Tx SwitchB interface gigabitethe...

Страница 146: ...perate in Rx mode that is they only receive LLDP frames Tear down the link between Switch A and Switch B and then display the global LLDP status and port LLDP status on Switch A SwitchA display lldp s...

Страница 147: ...P phones to automatically configure the voice VLAN thus confining their voice traffic within the voice VLAN to be isolated from other types of traffic Figure 1 5 Network diagram for CDP compatible LLD...

Страница 148: ...hernet2 0 2 lldp enable SwitchA GigabitEthernet2 0 2 lldp admin status txrx SwitchA GigabitEthernet2 0 2 lldp compliance admin status cdp txrx SwitchA GigabitEthernet2 0 2 quit 3 Verify the configurat...

Страница 149: ...Configuration 1 12 Introduction to Protocol Based VLAN 1 12 Configuring a Protocol Based VLAN 1 13 IP Subnet Based VLAN Configuration 1 14 Introduction 1 14 Configuring an IP Subnet Based VLAN 1 14 Di...

Страница 150: ...nterface 4 5 Setting a Port to Operate in Manual Voice VLAN Assignment Mode 4 6 Displaying and Maintaining Voice VLAN 4 7 Voice VLAN Configuration Examples 4 7 Automatic Voice VLAN Mode Configuration...

Страница 151: ...and excessive broadcasts cannot be avoided on an Ethernet To address the issue virtual LAN VLAN was introduced The idea is to break a LAN down into separate VLANs that is Layer 2 broadcast domains whe...

Страница 152: ...ional Ethernet frame IEEE 802 1Q inserts a four byte VLAN tag after the DA SA field as shown in Figure 1 3 Figure 1 3 The position and format of VLAN tag A VLAN tag comprises four fields tag protocol...

Страница 153: ...a port at the same time When determining to which VLAN a packet passing through the port should be assigned the device looks up the VLANs in the default order of MAC based VLANs IP based VLANs protoco...

Страница 154: ...LAN you can create one VLAN interface You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from tha...

Страница 155: ...hybrid port can carry multiple VLANs to receive and send traffic for them Unlike a trunk port a hybrid port allows traffic of all VLANs to pass through VLAN untagged You can configure a port connecte...

Страница 156: ...nd send the frame Trunk z Remove the tag and send the frame if the frame carries the default VLAN tag and the port belongs to the default VLAN z Send the frame without removing the tag if its VLAN is...

Страница 157: ...er 2 aggregate interface view interface bridge aggregation interface number Enter interface view including Ethernet interface view Layer 2 aggregate interface view or port group view Enter port group...

Страница 158: ...nter Ethernet interface view interface interface type interface number Enter Layer 2 aggregate interface view interface bridge aggregation interface number Enter interface view including Ethernet inte...

Страница 159: ...view Follow these steps to assign a hybrid port to one or multiple VLANs To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface n...

Страница 160: ...ks up other types of VLANs to make the forwarding decision MAC based VLANs are mostly used in conjunction with security technologies such as 802 1X to provide secure flexible network access for termin...

Страница 161: ...this packet processing mode has the highest priority the configuration of MAC learning limit and disabling MAC address learning becomes invalid in this case Therefore you are recommended not to config...

Страница 162: ...ble MAC based dynamic port assignment mac vlan trigger enable Optional Disabled by default Disable the default VLAN of the current port from forwarding packets with unknown source MAC addresses that c...

Страница 163: ...p mode ethernetii etype etype id llc dsap dsap id ssap ssap id ssap ssap id snap etype etype id Required Exit VLAN view quit Required Enter Ethernet interface view interface interface type interface n...

Страница 164: ...more information refer to Voice VLAN Configuration z After you configure a command on a Layer 2 aggregate interface the system starts applying the configuration to the aggregate interface and its agg...

Страница 165: ...ember ports Configure port link type as hybrid port link type hybrid Required Configure the hybrid port s to permit the specified IP subnet based VLANs to pass through port hybrid vlan vlan id list ta...

Страница 166: ...ormation and IP subnet indexes of specified VLANs display ip subnet vlan vlan vlan id to vlan id all Available in any view Display the IP subnet based VLAN information and IP subnet indexes of specifi...

Страница 167: ...2 0 1 port trunk permit vlan 2 6 to 50 100 Please wait Done DeviceA GigabitEthernet2 0 1 quit DeviceA quit 2 Configure Device B as you configure Device A Verification Verifying the configuration on De...

Страница 168: ...RC 0 frame 0 overruns 0 aborts 0 ignored 0 parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output 0 o...

Страница 169: ...Layer 2 To enable Layer 3 communication between sub VLANs you should configure the VLAN interface IP address of the associated super VLAN as the gateway IP address This enables multiple sub VLANs to s...

Страница 170: ...ration in the Security Volume z You can configure Layer 2 multicast for a super VLAN However the configuration cannot take effect z You can configure DHCP Layer 3 multicast dynamic routing and NAT for...

Страница 171: ...rnet 2 0 1 gigabitethernet 2 0 2 Create VLAN 3 and assign GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 to it Sysname vlan2 quit Sysname vlan 3 Sysname vlan3 port gigabitethernet 2 0 3 gigabitethern...

Страница 172: ...n VLAN 0002 Name VLAN 0002 Tagged Ports none Untagged Ports GigabitEthernet2 0 1 GigabitEthernet2 0 2 VLAN ID 3 VLAN Type static It is a Sub VLAN Route Interface not configured Description VLAN 0003 N...

Страница 173: ...of only the isolate user VLAN but not the secondary VLANs network configuration is simplified and VLAN resources are saved z You can isolate the Layer 2 traffic of different users by assigning the por...

Страница 174: ...port Refer to Assigning an Access Port to a VLAN Assign ports to the isolate user VLAN and ensure that at least one port takes the isolate user VLAN as its default VLAN Hybrid port Refer to Assigning...

Страница 175: ...rnet 2 0 5 to VLAN 5 and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3 Assign GigabitEthernet 2 0 2 to VLAN 2 and GigabitEthernet 2 0 1 to VLAN 3 z Configure VLAN 6 on Device C as an isolate...

Страница 176: ...vlan6 isolate user vlan enable DeviceC vlan6 port gigabitethernet 2 0 5 DeviceC vlan6 quit Configure the secondary VLANs DeviceC vlan 3 DeviceC vlan3 port gigabitethernet 2 0 3 DeviceC vlan3 quit Dev...

Страница 177: ...ce not configured Description VLAN 0002 Name VLAN 0002 Tagged Ports none Untagged Ports GigabitEthernet2 0 2 GigabitEthernet2 0 5 VLAN ID 3 VLAN Type static Isolate user VLAN type secondary Route Inte...

Страница 178: ...uality A device determines whether a received packet is a voice packet by checking its source MAC address A packet whose source MAC address complies with the voice device Organizationally Unique Ident...

Страница 179: ...on the device The system will remove a port from the voice VLAN if no packet is received from the port after the aging time expires Assigning removing ports to from a voice VLAN are automatically perf...

Страница 180: ...fic to realize the voice VLAN feature you must configure the default VLAN of the connecting port as the voice VLAN In this case 802 1X authentication function cannot be realized z The default VLANs fo...

Страница 181: ...or the device it is forwarded in the voice VLAN otherwise it is dropped Security mode Packets carrying other tags Forwarded or dropped depending on whether the port allows packets of these VLANs to pa...

Страница 182: ...mode on a hybrid port can process only tagged voice traffic Therefore do not configure a VLAN as both a protocol based VLAN and a voice VLAN For more information refer to Protocol Based VLAN Configura...

Страница 183: ...rsed your priority trust setting will fail z The voice vlan qos cos value dscp value command and the voice vlan qos trust command can overwrite the other whichever is configured the last Setting a Por...

Страница 184: ...LAN and this voice VLAN must be a static VLAN that already exists on the device z Voice VLAN cannot be enabled on a port with Link Aggregation Control Protocol LACP enabled z To make voice VLAN take e...

Страница 185: ...oice VLANs to work in security mode that is configure the voice VLANs to transmit only voice packets Optional By default voice VLANs work in security mode DeviceA voice vlan security enable Configure...

Страница 186: ...Philips NEC phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3com phone Display the current states of voice VLANs DeviceA display voice vlan state Maximum of Voice VLANs...

Страница 187: ...port DeviceA GigabitEthernet2 0 1 port link type hybrid Configure the voice VLAN VLAN 2 as the default VLAN of GigabitEthernet 2 0 1 and configure GigabitEthernet 2 0 1 to permit the voice traffic of...

Страница 188: ...ne Display the current voice VLAN state DeviceA display voice vlan state Maximum of Voice VLANs 128 Current Voice VLANs 1 Voice VLAN security mode Security Voice VLAN aging time 1440 minutes Voice VLA...

Страница 189: ...1 4 Protocols and Standards 1 4 Configuring GVRP 1 4 Configuring GVRP Functions 1 4 Configuring GARP Timers 1 5 Displaying and Maintaining GVRP 1 6 GVRP Configuration Examples 1 7 GVRP Configuration...

Страница 190: ...ARP messages and timers 1 GARP messages A GARP participant exchanges information with other GARP participants by sending the following three types of messages z Join messages to register with other en...

Страница 191: ...h as GVRP on a LAN z Unlike other three timers which are set on a port basis the LeaveAll timer is set in system view and takes effect globally z A GARP participant may send LeaveAll messages at the i...

Страница 192: ...AN ID attribute Attribute List Contains one or multiple attributes Attribute Consists of an Attribute Length an Attribute Event and an Attribute Value Attribute Length Number of octets occupied by an...

Страница 193: ...pagate information about dynamic VLANs but allows the port to propagate information about static VLANs A trunk port with fixed registration type thus allows only manually configured VLANs to pass thro...

Страница 194: ...mote probe VLAN to unexpected ports resulting in undesired duplicates to be received by the monitor port For more information about port mirroring refer to Port Mirroring Configuration in the Access V...

Страница 195: ...timer When configuring GARP timers note that their values are dependent on each other and must be a multiple of five centiseconds If the value range for a timer is not desired you may change it by tu...

Страница 196: ...on interface interface type interface number Available in any view Clear the GARP statistics reset garp statistics interface interface list Available in user view GVRP Configuration Examples GVRP Conf...

Страница 197: ...ate VLAN 3 a static VLAN DeviceB vlan 3 3 Verify the configuration Display dynamic VLAN information on Device A DeviceA display vlan dynamic Now the following dynamic VLAN exist s 3 Display dynamic VL...

Страница 198: ...2 0 1 as a trunk port allowing all VLANs to pass through DeviceB interface GigabitEthernet 2 0 1 DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vlan...

Страница 199: ...tEthernet2 0 1 gvrp registration forbidden DeviceA GigabitEthernet2 0 1 quit Create VLAN 2 a static VLAN DeviceA vlan 2 2 Configure Device B Enable GVRP globally DeviceB system view DeviceB gvrp Confi...

Страница 200: ...1 11 DeviceB display vlan dynamic No dynamic vlans exist...

Страница 201: ...QinQ 1 3 Modification of the TPID Value in VLAN Tags 1 3 Configuring Outer VLAN Tag Priority 1 5 Protocols and Standards 1 5 Configuring Basic QinQ 1 5 Enabling Basic QinQ 1 5 Configuring VLAN Transpa...

Страница 202: ...tag in Ethernet frames from customer networks private networks so that the Ethernet frames will travel across the service provider network public network with double VLAN tags QinQ enables a service...

Страница 203: ...gh 20 The SVLAN allocated by the service provider for customer network A is SVLAN 3 and that for customer network B is SVLAN 4 When a tagged Ethernet frame of customer network A enters the service pro...

Страница 204: ...her the frame is tagged or untagged If the received frame is already tagged it becomes a double tagged frame if it is untagged it becomes a frame tagged with the port s default VLAN tag 2 Selective Qi...

Страница 205: ...s VLAN untagged the switch tags the frame with the default VLAN tag of the receiving port This default VLAN tag uses the TPID that you have configured z The TPID value in service provider network VLAN...

Страница 206: ...sed on inner VLAN tag priority configure an action of marking traffic with outer VLAN tag priority in the traffic behavior Protocols and Standards IEEE 802 1Q IEEE standard for local and metropolitan...

Страница 207: ...Transparent Transmission When basic QinQ is enabled on a port all packets passing through the port will be tagged with the port s default VLAN tag However by configuring the VLAN transparent transmis...

Страница 208: ...iew Create a class and enter class view traffic classifier classifier name operator and or Required By default the relationship between the match criteria in a class is logical AND Specify the inner V...

Страница 209: ...ll ports in the port group Enable basic QinQ qing enable Required Apply the QoS policy in the inbound direction qos apply policy policy name inbound Required z Before enabling selective QinQ on a port...

Страница 210: ...ult Configure Outer VLAN Tag Priority Following these steps to configure outer VLAN tag priority To do Use the command Remarks Enter system view system view Create a class and enter class view traffic...

Страница 211: ...he port qos apply policy policy name inbound Required The configuration of outer VLAN tag priority is achieved through QoS policies For more information about QoS policies refer to the part talking ab...

Страница 212: ...the port as a hybrid port permitting frames of VLAN 1000 VLAN 2000 and VLAN 3000 to pass through with the outer VLAN tag removed ProviderA interface gigabitethernet 2 0 1 ProviderA GigabitEthernet2 0...

Страница 213: ...erA qospolicy qinq classifier A20 behavior P2000 ProviderA qospolicy qinq quit Apply the QoS policy qinq in the inbound direction of GigabitEthernet 2 0 1 ProviderA interface GigabitEthernet 2 0 1 Pro...

Страница 214: ...2 ProviderB GigabitEthernet2 0 2 port access vlan 2000 Enable basic QinQ Tag frames from VLAN 20 with the outer VLAN tag 2000 ProviderB GigabitEthernet2 0 2 qinq enable ProviderB GigabitEthernet2 0 2...

Страница 215: ...ling Implementation 1 2 Configuring BPDU Tunneling 1 4 Configuration Prerequisites 1 4 Enabling BPDU Tunneling 1 4 Configuring Destination Multicast MAC Address for BPDUs 1 5 BPDU Tunneling Configurat...

Страница 216: ...ich belong to VLAN 100 User A s network is divided into network 1 and network 2 which are connected by the service provider network When Layer 2 protocol packets cannot be transparently transmitted in...

Страница 217: ...protocols are all similar This section describes how BPDU tunneling is implemented by taking the Spanning Tree Protocol STP as an example z The term STP in this document is in a broad sense It include...

Страница 218: ...f the customer network to be transparently transmitted in the service provider network thus ensuring consistent spanning tree calculation of User A network without affecting the spanning tree calculat...

Страница 219: ...ol before enabling BPDU tunneling for PVST on a port you need to disable STP and then enable BPDU tunneling for STP on the port first z Before enabling BPDU tunneling for LACP on aggregation group mem...

Страница 220: ...el dmac mac address Optional 0x010F E200 0003 by default For BPDUs to be recognized the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the se...

Страница 221: ...t2 0 1 bpdu tunnel dot1q stp 2 Configuration on PE 2 Configure the destination multicast MAC address for BPDUs as 0x0100 0CCD CDD0 PE2 system view PE2 bpdu tunnel tunnel dmac 0100 0ccd cdd0 Create VLA...

Страница 222: ...gn it to all VLANs PE1 interface gigabitethernet 2 0 1 PE1 GigabitEthernet2 0 1 port link type trunk PE1 GigabitEthernet2 0 1 port trunk permit vlan all Disable STP on GigabitEthernet 2 0 1 and then e...

Страница 223: ...d 1 4 VLAN Mapping Configuration Task List 1 6 Configuring One to One VLAN Mapping 1 7 Configuring One to One VLAN Mapping 1 7 Configuring Many to One VLAN Mapping 1 9 Configuring Many to One VLAN Map...

Страница 224: ...than two VLANs to the same SVLAN ID z One to two VLAN mapping that maps traffic with the inner VLAN ID to the inner VLAN ID and the SVLAN ID z Two to two VLAN mapping that maps traffic with outer and...

Страница 225: ...using the same service you need to perform one to one VLAN mapping to map the service traffic to different VLANs by user on the corridor switches However an access device on the distribution layer is...

Страница 226: ...sers to plan their own CVLAN IDs independent of SP network VLAN IDs thus saving the VLAN resources of SPs When the double tagged packet enters the SP 2 network PE 3 replaces the outer VLAN tag VLAN 10...

Страница 227: ...g downlink traffic z Downlink port A port transmitting downlink traffic and receiving uplink traffic z Uplink policy A QoS policy containing VLAN mappings for uplink traffic z Downlink policy A QoS po...

Страница 228: ...nk traffic For downlink traffic Do Based on Do Based on Tag the CVLAN tagged traffic with the SVLAN Uplink policy in the inbound direction Forward traffic with the outer VLAN tag the SVLAN removed You...

Страница 229: ...onfiguring One to One VLAN Mapping Optional Perform this configuration on the corridor switches shown in Figure 1 1 Configuring Many to One VLAN Mapping Optional Perform this configuration on the camp...

Страница 230: ...ping To do Use the command Remarks Enter system view system view Create a VLAN vlan vlan id Create a CVLAN and a SVLAN Exit to system view quit Required By default only the default VLAN VLAN 1 exists...

Страница 231: ...ed Exit to system view quit Create a traffic behavior and enter traffic behavior view traffic behavior behavior name Required Specify the SVLAN for the VLAN mapping remark service vlan id vlan id valu...

Страница 232: ...dure Follow these steps to configure a many to one VLAN mapping To do Use the command Remarks Enter system view system view Enable DHCP snooping dhcp snooping Required Disabled by default Create a VLA...

Страница 233: ...s through port trunk permit vlan vlan id list all Required By default a trunk port permits only VLAN 1 to pass through Enable service provider side QinQ qinq enable uplink Required Disabled by default...

Страница 234: ...m one to two VLAN mapping on the edge devices from which customer traffic enters SP networks on Device A and Device D in Figure 1 2 for example Follow these steps to configure a one to two VLAN mappin...

Страница 235: ...r behavior name Required Specify the SVLAN for the VLAN mapping nest top most vlan id vlan id value dot1p dot1p cos value Required Exit to system view quit Create a QoS policy and enter QoS policy vie...

Страница 236: ...Required By default a trunk port permits only the packets of VLAN 1 to pass through Apply the uplink policy for the downlink port to the inbound direction of the downlink port qos apply policy policy...

Страница 237: ...to the new CVLAN by associating the traffic class with the traffic behavior classifier tcl name behavior behavior name Required Exit to system view quit Table 1 6 Configure an uplink policy for the do...

Страница 238: ...ehavior behavior name Required Specify the original CVLAN used for replacing the new CVLAN remark customer vlan id vlan id value Required Specify the original SVLAN used for replacing the new SVLAN re...

Страница 239: ...VLAN 201 300 VLAN 502 VLAN 301 400 VLAN 503 VLAN 1 VLAN 111 VLAN 2 VLAN 211 VLAN 3 VLAN 311 VLAN 1 VLAN 112 VLAN 2 VLAN 212 VLAN 3 VLAN 312 VLAN 111 210 VLAN 501 VLAN 211 310 VLAN 502 VLAN 311 410 VL...

Страница 240: ...licy p1 classifier c1 behavior b1 SwitchA policy p1 classifier c2 behavior b2 SwitchA policy p1 classifier c3 behavior b3 SwitchA policy p1 quit SwitchA qos policy p2 SwitchA policy p2 classifier c1 b...

Страница 241: ...the uplink policy p1 to the inbound direction of GigabitEthernet 2 0 1 SwitchA GigabitEthernet2 0 1 qos apply policy p1 inbound Apply the downlink policy p11 to the outbound direction of GigabitEther...

Страница 242: ...behavior b3 SwitchB behavior b3 remark service vlan id 311 SwitchB behavior b3 traffic behavior b4 SwitchB behavior b4 remark service vlan id 112 SwitchB behavior b4 traffic behavior b5 SwitchB behav...

Страница 243: ...fier c44 behavior b11 SwitchB policy p22 classifier c55 behavior b22 SwitchB policy p22 classifier c66 behavior b33 SwitchB policy p22 quit Configure GigabitEthernet 2 0 1 to permit frames of the spec...

Страница 244: ...n each VLAN involved in VLAN mapping SwitchC vlan 101 SwitchC vlan101 arp detection enable SwitchC vlan101 vlan 201 SwitchC vlan201 arp detection enable SwitchC vlan201 vlan 301 SwitchC vlan301 arp de...

Страница 245: ...SwitchC behavior b3 remark service vlan id 503 SwitchC behavior b3 quit SwitchC qos policy p1 SwitchC policy p1 classifier c1 behavior b1 mode dot1q tag manipulation SwitchC policy p1 classifier c2 b...

Страница 246: ...3 arp detection trust Enable SP side QinQ on GigabitEthernet 2 0 3 SwitchC GigabitEthernet2 0 3 qinq enable uplink 4 Configuration on Switch D SwitchD system view Enable DHCP snooping SwitchD dhcp sn...

Страница 247: ...est quit DeviceA qos policy nest DeviceA qospolicy nest classifier nest behavior nest DeviceA qospolicy nest quit Configure GigabitEthernet 2 0 1 to forward the traffic of VLAN 100 with the outer VLAN...

Страница 248: ...g VPN 1 traffic on GigabitEthernet 2 0 1 DeviceC traffic behavior downlink_in DeviceC behavior downlink_in remark service vlan id 200 DeviceC behavior downlink_in quit Configure an uplink policy to ma...

Страница 249: ...policies to GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 DeviceC interface gigabitethernet 2 0 1 DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vl...

Страница 250: ...uter VLAN tag removed DeviceD interface gigabitethernet 2 0 2 DeviceD GigabitEthernet2 0 2 port link type hybrid DeviceD GigabitEthernet2 0 2 port hybrid vlan 200 untagged Enable basic QinQ on Gigabit...

Страница 251: ...onfiguring Local Mirroring Groups 1 13 Configuring Mirroring Ports for a Local Mirroring Group 1 13 Configuring the Monitor Port for a Local Mirroring Group 1 14 Configuring Local Port Mirroring for a...

Страница 252: ...on the same device z Layer 2 remote port mirroring In Layer 2 remote port mirroring the mirroring port and the monitor port are located on different devices on a same Layer 2 network z Layer 3 remote...

Страница 253: ...ng port are mirrored to the monitor port for the data monitoring device to analyze The mirroring ports and the monitor port in a local mirroring group can be located on different LPUs of a same device...

Страница 254: ...adding the other ports on the source device to the remote probe VLAN z For the mirrored packets to be forwarded to the monitor port ensure that the same probe VLAN is configured in the remote source a...

Страница 255: ...the mirroring port or CPU on the source device z For more information about GRE tunnels see Tunnel Configuration in the IP Services Volume z Only the SD and EB series LPUs support Layer 3 remote port...

Страница 256: ...g ports in system view Follow these steps to configure mirroring ports for a local mirroring group in system view To do Use the command Remarks Enter system view system view Configure mirroring ports...

Страница 257: ...ps to configure the monitor port of a local mirroring group in interface view To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number...

Страница 258: ...e device then configure the remote probe VLAN and the monitor port for the remote destination mirroring group on the destination device Complete these tasks to configure Layer 2 remote port mirroring...

Страница 259: ...rroring port in interface view To assign multiple ports to the mirroring group as mirroring ports in interface view repeat the step z Configuring mirroring ports in system view Follow these steps to c...

Страница 260: ...fault no egress port is configured for a mirroring group z Configuring the egress port in interface view Follow these steps to configure the egress port for the remote source mirroring group in interf...

Страница 261: ...group Follow these steps to create a remote destination mirroring group To do Use the command Remarks Enter system view system view Create a remote destination mirroring group mirroring group group i...

Страница 262: ...affic and normally forwarded traffic z A port connected to an RRPP ring cannot be configured as the monitor port of a port mirroring group Configuring the remote probe VLAN for the remote destination...

Страница 263: ...nfigure mirroring port and the monitor port for each mirroring group The source and destination devices are connected by a tunnel z On the source device you need to configure the port you want to moni...

Страница 264: ...you want to monitor as the mirroring ports on the destination device configure the physical port corresponding to the tunnel interface as the mirroring port You can configure a list of mirroring ports...

Страница 265: ...to a mirroring group as the monitor port in interface view The two modes lead to the same result Configuring the monitor port in system view Follow these steps to configure the monitor port for a loca...

Страница 266: ...switch can configure local port mirroring for ONUs to mirror the incoming or outgoing traffic of an UNI of an ONU to another UNI of the ONU Follow these steps to configure local port mirroring for UNI...

Страница 267: ...igabitEthernet 2 0 3 z Configure local port mirroring in mirroring port mode to enable the server to monitor the bidirectional traffic of the marketing department and the technical department Figure 1...

Страница 268: ...cts to the server through GigabitEthernet 2 0 2 and to the trunk port GigabitEthernet 2 0 2 of Device B through the trunk port GigabitEthernet 2 0 1 z Configure Layer 2 remote port mirroring to enable...

Страница 269: ...thernet2 0 2 port trunk permit vlan 2 DeviceB GigabitEthernet2 0 2 quit 3 Configure Device C the destination device Configure GigabitEthernet 2 0 1 as a trunk port that permits the packets of VLAN 2 t...

Страница 270: ...ated ports on the devices Configure IP addresses and subnet masks for related ports and the tunnel interfaces according to the configurations shown in Figure 1 6 2 Configure Device A the source device...

Страница 271: ...eviceA mirroring group 1 monitor port tunnel 0 3 Configure Device B the intermediate device Enable the OSPF protocol DeviceB system view DeviceB ospf 1 DeviceB ospf 1 area 0 DeviceB ospf 1 area 0 0 0...

Страница 272: ...s a mirroring port and GigabitEthernet 2 0 2 as the monitor port of local mirroring group 1 DeviceC mirroring group 1 mirroring port gigabitethernet 2 0 1 inbound DeviceC mirroring group 1 monitor por...

Страница 273: ...port view DeviceA interface Onu 3 0 1 1 Configure UNI 1 as the mirroring port for local port mirroring and specify to mirror traffic received on UNI 1 DeviceA Onu3 0 1 1 uni 1 mirroring port inbound...

Страница 274: ...ing Overview Remote traffic mirroring combines traffic mirroring with remote port mirroring to use a remote mirroring group to mirror local packets matching the specified criteria to the specified des...

Страница 275: ...LPUs only support mirroring incoming packets Configuring Remote Traffic Mirroring To implement remote traffic mirroring perform the following configurations on the source device and destination device...

Страница 276: ...mples Traffic Mirroring Configuration Example Network Requirements The user s network is as described below z Host A with the IP address 192 168 0 1 and Host B are connected to GigabitEthernet 2 0 1 o...

Страница 277: ...ackets from Host A on the data monitoring device Remote Traffic Mirroring Configuration Example Network requirements As shown in Figure 2 2 the customer network is as described below z GigabitEthernet...

Страница 278: ...2 quit Configure VLAN 2 as the remote probe VLAN GigabitEthernet 2 0 48 as the mirroring port and GigabitEthernet 2 0 1 as the egress port for the remote source mirroring group SwitchA mirroring group...

Страница 279: ...tination Create VLAN 2 SwitchC vlan 2 SwitchC vlan2 quit Configure VLAN 2 as the remote probe VLAN and GigabitEthernet 2 0 2 as the monitor port for the remote destination mirroring group and configur...

Страница 280: ...Parameters 2 3 Configuring Grant filtering on the OLT port 2 4 Configuring the Link Type of an OLT Port 2 5 Enabling Layer 2 Communication Between the ONUs Attached to an OLT Port 2 5 Configuring Fibe...

Страница 281: ...onfiguration Example 3 23 4 UNI Port Configuration 4 1 UNI Port Configuration Task List 4 1 UNI Port Basic Configuration 4 1 Configuring the VLAN Operation Mode for a UNI 4 2 Configuring Fast Leave Pr...

Страница 282: ...On an S7900E switch installed with an EPON card and operating as an OLT device in this case the switch operates in independent mode if you enable IRF stacking on the switch the switch will reboot to o...

Страница 283: ...s provide optical signal transmission paths between OLTs and ONUs A POS can couple uplink data into a single piece of fiber and distribute downlink data to respective ONUs Benefits of the EPON Technol...

Страница 284: ...s that are dense or need narrowband broadband integrated services FTTH In an FTTH system ONUs are deployed in user offices or homes to implement a fully transparent optical network with the ONUs indep...

Страница 285: ...sends a general GATE message to the same ONU 6 After receiving the REGISTER message and general GATE message the ONU sends a REGISTER_ACK message in the timeslot assigned in the GATE message to notif...

Страница 286: ...its local status information to the OLT 3 Upon receiving the REPORT message from the ONU the OLT based on the current bandwidth of the system assigns the ONU a data transmission timeslot which contain...

Страница 287: ...e OLT receives no new key notification message thus making the key update more reliable Upon sending a key update request message the OLT starts the encryption response timer If the OLT receives a cor...

Страница 288: ...and each OLT port has 64 logical ports namely ONU ports each of which can correspond with an ONU Thus one EPON card can work as multiple OLT devices This reduces users equipment purchase costs and th...

Страница 289: ...orted by an S7900E switch is in the range 1 to 80 The actual numbers vary with ONU devices For example when the ONU device corresponding to ONU 3 0 1 1 in an EPON system is S3100 16C EPON EI the UNI p...

Страница 290: ...duction Configuration procedure of UNI remote management through OLT Alarm Configuration Configurations of all the alarms in an EPON system Supported Switch Features and Restrictions Switch features s...

Страница 291: ...h China s EPON standards OLT Configuration OLT Configuration Task List Complete the following tasks to configure an OLT Task Remarks Configuring OUI and extended OAM version number list Optional Confi...

Страница 292: ...ds a REGISTER_REQ message to the OLT at T1 after a delay the time stamp of the REGISTER_REQ message is T1 3 The OLT receives the REGISTER_REQ message at T2 4 The OLT calculates the ONU RTT by using th...

Страница 293: ...ified uplink ONU bandwidth range and notifies the results to the ONUs through bandwidth authorization GATE messages This ensures that uplink data sent by ONUs will not conflict with each other Compare...

Страница 294: ...65535 while the default thresholds of other queues are 0 1 time quantum TQ is equal to 16 ns which is the time it takes to transmit two bytes of data at 1 Gbps You can manually load an external DBA a...

Страница 295: ...ed By default an OLT port belongs to only VLAN 1 and forwards packets of VLAN 1 tagged Configure the default VLAN of the OLT port port hybrid pvid vlan vlan id Optional VLAN 1 by default The VLAN s th...

Страница 296: ...PON System Reliability Follow these steps to configure fiber backup To do Use the command Remarks Enter system view system view Enter FTTH view ftth Create a fiber backup group fiber backup group grou...

Страница 297: ...e number slot slot number Display the information about the legal ONU with the specified MAC address display onuinfo mac address mac address Display the information about all the silent ONUs connected...

Страница 298: ...check whether an ONU is online Port statistics data includes average error rate of data bits and data frames transmitted between an OLT and the ONUs For detailed information refer to the command manua...

Страница 299: ...quirements Add two OLT ports of the same EPON board to a fiber backup group one after the other Perform a manual switchover between the two OLT ports When the master port is shut down the slave port b...

Страница 300: ...iber group1 port switch over Sysname fiber group1 display fiber backup group 1 fiber backup group 1 information Member Role State Olt3 0 2 MASTER ACTIVE Olt3 0 1 SLAVE READY Shut down OLT 3 0 2 You ca...

Страница 301: ...EC series ONUs For details see H3C EC1001 Video Encoder User Manual Support for OLT remote management commands varies with ONUs For details see the sections describing the supported configuration func...

Страница 302: ...inding an ONU with an ONU Port An OLT supports ONU authentication based on ONU MAC address and denies illegal ONU access to the system ONU authentication can be implemented by binding the ONU to an ON...

Страница 303: ...batch ONU binding configured the device automatically binds the current quiet ONU MAC addresses to the ONU ports and generate the binding configuration on the ONU ports however the ONUs joining subseq...

Страница 304: ...he configuration of binding the specified ONU to the specified ONU port However batch ONU binding conflicts with automatic ONU binding Configuring the Management VLAN of the ONU To manage an ONU throu...

Страница 305: ...based on different terminal service requirements to realize efficient bandwidth utilization Follow these steps to configure the ONU bandwidth allocation and related parameters To do Use the command Re...

Страница 306: ...ping Option82 enabled on an ONU For DHCP request messages with Option82 fields the ONU replaces the Option82 fields with the local one before broadcasting the DHCP request messages For DHCP request me...

Страница 307: ...r on the network STP runs normally only when all attached ONUs are H3C ONUs Configuring the Multicast Mode of the ONU Prerequisites for multicast mode configuration Through extended OAM an OLT can be...

Страница 308: ...er expiry Router port aging timer Aging time of a router port IGMP general query message PIM message Dvmrp Probe message Considers the port not a router port Aging timer for multicast group member por...

Страница 309: ...Configure the query response timer onu protocol igmp snooping max response time seconds Optional By default the maximum response time of group specific queries is 1 second Configure the aging timer of...

Страница 310: ...to the OLT Then the ONU adds or deletes the group address filtering and multicast forwarding entries on the ONU based on the multicast control OAM packets containing a series of multicast control entr...

Страница 311: ...to Setting the link type of an ONU port to access and Setting the link type of an ONU port to trunk Note that The access ports described in Table 3 2 do not include ports in the default state namely...

Страница 312: ...type of an ONU port under an OLT port is configured as access the OLT port must be configured as a hybrid port and be assigned to the specified VLANs with the port hybrid vlan vlan id list tagged comm...

Страница 313: ...tion to the OLT Note that Because a large number of ONUs are attached to an OLT enabling ONUs to report information to the OLT may generate a large amount of traffic and thus cause congestion Therefor...

Страница 314: ...ktest frame number value frame size value delay on off vlan tag on vlan priority value vlan id value off Required The following lists the default values of the link test parameters Number of test fram...

Страница 315: ...ONU software versions remotely through OLTs Updating ONU devices requires a large amount of work because in an EPON system there are different types of ONU devices which use different update files To...

Страница 316: ...the original slave SRPU after the switchover otherwise the update will fail Update files used vary with ONUs If ONUs and update files do not match the update will fail For example if you specify to u...

Страница 317: ...ile as 2 app in ONU 3 0 1 1 port view 2 app will be used to update the ONU If you cancel the port level configuration the update by type configuration is not executed until the ONU is registered succe...

Страница 318: ...ic information Display the IP address allocation information when the ONU serves as a DHCP client display dhcp client Display the information about the protocols supported by the ONU display onu proto...

Страница 319: ...ce onu 3 0 1 1 Sysname Onu3 0 1 1 bind onuid 000f e200 0031 Sysname Onu3 0 1 1 quit Sysname interface onu 3 0 1 2 Sysname Onu3 0 1 2 bind onuid 000f e200 3749 When the two ONUs are up display the bind...

Страница 320: ...the switch with a multicast source and connect port OLT 3 0 1 of the OLT with an ONU which is bound to ONU 3 0 1 1 through an optical splitter Attach two hosts User 1 and User 2 to ports UNI 1 and UNI...

Страница 321: ...ink multicast packets Sysname Onu3 0 1 1 uni 1 multicast strip tag enable Sysname Onu3 0 1 1 uni 2 multicast strip tag enable Sysname Onu3 0 1 1 quit Configure the link type of OLT 3 0 1 as hybrid all...

Страница 322: ...ame igmp snooping quit Enable IGMP snooping in VLAN 1002 and VLAN 1003 Sysname vlan 1002 Sysname vlan1002 igmp snooping enable Sysname vlan1002 vlan 1003 Sysname vlan1003 igmp snooping enable Sysname...

Страница 323: ...nfigure Ethernet 2 0 1 as a Trunk port and permit the packets of VLAN 1002 and VLAN 1003 to pass through the port Sysname interface Ethernet2 0 1 Sysname Ethernet2 0 1 port link type trunk Sysname Eth...

Страница 324: ...e see the parts discussing software maintenance in 3Com S7900E Family Getting Started Guide Update all the attached type A ONUs to version 109 in OLT 3 0 1 port view Sysname interface olt 3 0 1 Sysnam...

Страница 325: ...wait Please wait while the firmware is being burnt and check the software version after re registration Sysname Onu3 0 1 1 quit Update all the type A ONUs attached to the S7900E switch to version 110...

Страница 326: ...duplex mode it can either send or receive packets at a time When a UNI works in auto negotiation mode the duplex mode of the UNI is determined through negotiation by both ends Flow control for UNIs If...

Страница 327: ...NI port uni uni number speed 10 100 auto Optional By default the UNI port rate is 100Mbps Enable auto negotiation for a UNI port uni uni number auto negotiation Optional By default auto negotiation is...

Страница 328: ...LAN tag added by the user The user s VID may not be for the user only as some other users in the same EPON system may also use the same VID into a unique network side VLAN tag Table 4 2 describes the...

Страница 329: ...ID in the tag is the default VLAN ID of the port the packet is untagged and then forwarded If the VLAN ID in the tag does not match any VLAN translation entry on the port the packet is dropped Transla...

Страница 330: ...in IGMP Snooping mode For related configurations refer to Configuring the Multicast Mode of the ONU The fast leave processing feature is effective for IGMPv2 or IGMPv3 clients only If fast leave proc...

Страница 331: ...figuration To do Use the command Remarks Display the information about the current status of a UNI display uni information uni number Available in ONU port view Clear the packet statistics information...

Страница 332: ...s effect on the current OLT port and all the ONUs attached to the OLT port When an alarm configuration command is executed in ONU port view the command takes effect only on the ONU corresponding to th...

Страница 333: ...signal error Data Access DA error or memory allocation failure occurs By default this function is enabled Enable the bit error rate alarm function alarm bit error rate enable Optional When the total...

Страница 334: ...alarm llid mismatch enable Optional The system generates an LLID mismatch frame alarm when the time slots are used in disorder that is an ONU uses another ONU s time slot to forward data By default t...

Страница 335: ...arms are generated immediately Since alarm events are carried in the OAM packets a lot of OAM packets are generated In this case OAM packets may be lost By default the window size is 1 second and the...

Страница 336: ...rror frames in a specific period that is the window size exceeds the corresponding predefined threshold By default this function is enabled Configure the window size and thresholds for error symbol pe...

Страница 337: ...M vendor specific alarm function alarm oam vendor specific enable Optional This alarm is customized by vendors By default this function is enabled Enable the ONU over limitation alarm function alarm o...

Страница 338: ...r rate alarm function alarm frame error rate enable Optional When the total number of error frames or the error frame rate of the data transferred between the OLT and ONUs exceeds the alarm threshold...

Страница 339: ...m dying gasp enable Optional The system generates a dying gasp alarm when a system error a data loading error or any other nonreversible error occurs Enable the error frame period alarm function alarm...

Страница 340: ...error frame seconds summary alarm function alarm oam error frame seconds summa ry enable Optional The system generates an error frame seconds summary alarm when the number of error frame seconds in a...

Страница 341: ...tion alarm oam local link fault enable Optional The system generates a local link fault alarm when the inbound direction of the local data terminal becomes faulty Enable the registration error alarm f...

Страница 342: ...mes in a specific period that is the window size exceeds the corresponding predefined threshold By default this function is enabled Enable the error frame period alarm function alarm oam error frame p...

Страница 343: ...he error frame seconds summary alarm function alarm oam error frame seconds summa ry enable Optional The system generates an error frame seconds summary alarm when the number of error frame seconds in...

Страница 344: ...figured and the views in which alarm configurations are displayed For details about the display trapbuffer command see the part discussing information center in the command manual Table 5 1 Relations...

Страница 345: ...iguration view Alarm configuration display view Remarks FTTH view FTTH view For an alarm configuration command available in FTTH view only you can use the display this command in FTTH view to display...

Страница 346: ...t Port related configuration Port link type Setting the link type of an OLT port to Hybrid Allowing the packets of the specified VLAN s to pass through the current Hybrid port Setting the default VLAN...

Страница 347: ...nfiguring the maximum number of 802 1X users on an OLT port Configuring 802 1X port access control mode Configuring detection and access control of the users logging in through a proxy Enabling 802 1X...

Страница 348: ...roring can be configured in port view of ONU 3 0 1 1 This configuration however will not take effect if the ONUs attached to ONU 3 0 1 1 do not support port mirroring Table 6 2 ONU port features Featu...

Страница 349: ...lticast groups that can be joined on a port Configuring IPv4 multicast group filtering Configuring a port as a simulated host to join a multicast group Configuring IPv4 multicast group replacement Con...

Страница 350: ...um number of 802 1X users on an ONU port Configuring 802 1X port access control modes Configuring detection and access control of the users logging in through a proxy Enabling 802 1X multicast trigger...

Страница 351: ...on an ONU port supports a maximum of 30 ACL rules in the case of single direction configuration and a maximum of 16 ACL rules for each direction when configured for both uplink and downlink directions...

Страница 352: ...ring TCP Attributes z Configuring ICMP to Send Error Packets ARP Address Resolution Protocol ARP is used to resolve an IP address into a data link layer address This document describes z ARP Overview...

Страница 353: ...d transfer them over the network This document describes z Configuring an IPv6 Manual Tunnel z Configuring a 6to4 Tunnel z Configuring an ISATAP Tunnel z Configuring an IPv4 over IPv4 Tunnel z Configu...

Страница 354: ...Addressing Overview 1 1 IP Address Classes 1 1 Special IP Addresses 1 2 Subnetting and Masking 1 2 Configuring IP Addresses 1 3 Assigning an IP Address to an Interface 1 3 IP Addressing Configuration...

Страница 355: ...xample is 01010000100000001000000010000000 in binary To make IP addresses in 32 bit form easier to read they are written in dotted decimal notation each being four octets in length for example 10 1 1...

Страница 356: ...es the host with a host ID of 16 on the local network z IP address with an all zero host ID Identifies a network z IP address with an all one host ID Identifies a directed broadcast address For exampl...

Страница 357: ...address to an interface you may configure the interface to obtain one through DHCP address negotiation as alternatives If you change the way an interface obtains an IP address from manual assignment...

Страница 358: ...e switch and the hosts on the LAN can communicate with each other do the following z Assign two IP addresses to VLAN interface 1 on the switch z Set the switch as the gateway on all PCs in the two net...

Страница 359: ...5 time 25 ms Reply from 172 16 2 2 bytes 56 Sequence 2 ttl 255 time 26 ms Reply from 172 16 2 2 bytes 56 Sequence 3 ttl 255 time 26 ms Reply from 172 16 2 2 bytes 56 Sequence 4 ttl 255 time 26 ms Repl...

Страница 360: ...Connected Network 1 1 Enabling Reception of Directed Broadcasts to a Directly Connected Network 1 1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network 1 2 Configuration Exampl...

Страница 361: ...eve best network performance IP performance optimization configuration includes z Enabling the device to receive and forward directed broadcasts z Configuring TCP timers z Configuring the TCP buffer s...

Страница 362: ...ed by the S7900E series Ethernet switches By default the devices allow forwarding of directed broadcasts to a directly connected network Configuration Example Network requirements As shown in Figure 1...

Страница 363: ...TCP optional parameters that can be configured include z synwait timer When sending a SYN packet TCP starts the synwait timer If no response packet is received within the synwait timer interval the TC...

Страница 364: ...route option in the packet ICMP redirect packets function simplifies host administration and enables a host to gradually establish a sound routing table to find out the best route 2 Sending ICMP timeo...

Страница 365: ...send ICMP error packets its performance will be reduced z As the redirection function increases the routing table size of a host the host s performance will be reduced if its routing table becomes ver...

Страница 366: ...vailable in any view Display socket information for distributed IRF devices display ip socket socktype sock type task id socket id chassis chassis number slot slot number Available in any view Display...

Страница 367: ...ral Network 1 5 ARP Configuration Example 1 6 Configuring Gratuitous ARP 1 7 Introduction to Gratuitous ARP 1 7 Configuring Gratuitous ARP 1 7 Displaying and Maintaining ARP 1 8 2 Proxy ARP Configurat...

Страница 368: ...ributed IRF device If an S7900E series is not in any IRF it operates as a distributed device if the S7900E series is in an IRF it operates as a distributed IRF device For introduction of IRF refer to...

Страница 369: ...device the message is being sent to ARP Operation Suppose that Host A and Host B are on the same subnet and Host A sends a packet to Host B as shown in Figure 1 2 The resolution process is as follows...

Страница 370: ...terface goes down the corresponding dynamic ARP entry will be removed Static ARP entry A static ARP entry is manually configured and maintained It cannot get aged or be overwritten by a dynamic ARP en...

Страница 371: ...ip address mac address vlan id interface type interface number vpn instance vpn instance name Required No permanent static ARP entry is configured by default Configure a non permanent static ARP entr...

Страница 372: ...cannot learn any ARP entry with a multicast MAC address and configuring such a static ARP entry is not allowed otherwise the system displays error messages After the ARP entry check is disabled the de...

Страница 373: ...cted to Switch which is connected to Router through interface GigabitEthernet2 0 1 belonging to VLAN 10 The IP address of Router is 192 168 1 1 24 The MAC address of Router is 00e0 fc01 0000 To enhanc...

Страница 374: ...the IP address is already used the device issuing the gratuitous ARP packet will be informed by an ARP reply of the conflict z Informing other devices about the change of its MAC address so that they...

Страница 375: ...view Display the ARP entry for a specified IP address for distributed IRF devices display arp ip address chassis chassis number slot slot number verbose begin exclude include regular expression Availa...

Страница 376: ...twork Proxy ARP involves common proxy ARP and local proxy ARP which are described in the following sections The term proxy ARP in the following sections of this chapter refers to common proxy ARP unle...

Страница 377: ...0 1 Enable local proxy ARP on Switch A to allow Layer 3 communication between the two hosts Figure 2 2 Application environment of local proxy ARP In one of the following cases you need to enable loca...

Страница 378: ...ed display local proxy arp interface interface type interface number Available in any view Proxy ARP Configuration Examples Proxy ARP Configuration Example Network requirements As shown in Figure 2 3...

Страница 379: ...ng preceding configurations use the ping command to verify the connectivity between Host A and Host D Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements As shown in F...

Страница 380: ...witchB gigabitethernet2 0 1 port isolate enable SwitchB gigabitethernet2 0 1 interface gigabitethernet 2 0 3 SwitchB gigabitethernet2 0 3 port isolate enable SwitchB gigabitethernet2 0 3 quit 2 Config...

Страница 381: ...h Vlan interface10 ip address 192 168 10 100 255 255 0 0 Switch Vlan interface10 quit The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2 and Layer 3 Configur...

Страница 382: ...em view SwitchB vlan 2 SwitchB vlan2 port GigabitEthernet2 03 SwitchB vlan2 quit SwitchB vlan 3 SwitchB vlan3 port GigabitEthernet2 01 SwitchB vlan3 quit SwitchB vlan 5 SwitchB vlan5 port GigabitEther...

Страница 383: ...2 8 SwtichA Vlan interface5 local proxy arp enable The ping operation from Host A to Host B is successful after the configuration...

Страница 384: ...nfiguring a Domain Name Suffix for the Client 2 8 Configuring DNS Servers for the Client 2 8 Configuring WINS Servers and NetBIOS Node Type for the Client 2 8 Configuring the BIMS Server Information f...

Страница 385: ...CP Relay Agent Configuration Examples 3 9 DHCP Relay Agent Configuration Example 3 9 DHCP Relay Agent Option 82 Support Configuration Example 3 10 Troubleshooting DHCP Relay Agent Configuration 3 11 4...

Страница 386: ...n hosts become more complex The Dynamic Host Configuration Protocol DHCP was introduced to solve these problems DHCP is built on a client server model in which a client sends a configuration request a...

Страница 387: ...server via four steps 2 The client broadcasts a DHCP DISCOVER message to locate a DHCP server 3 A DHCP server offers configuration parameters including an IP address to the client in a DHCP OFFER mes...

Страница 388: ...ast to extend the lease duration Upon availability of the IP address the DHCP server returns a DHCP ACK unicast confirming that the client s lease duration has been extended or a DHCP NAK unicast deny...

Страница 389: ...rmat as the Bootstrap Protocol BOOTP message for compatibility but differs from it in the option field which identifies new features for DHCP DHCP uses the option field in DHCP messages to carry contr...

Страница 390: ...guration Server ACS parameters including the ACS URL username and password z Service provider identifier acquired by the customer premises equipment CPE from the DHCP server and sent to the ACS for se...

Страница 391: ...te the DHCP client to further implement security control and accounting The Option 82 supporting server can also use such information to define individual assignment policies of IP address and other p...

Страница 392: ...interface that received the client s request Its format is shown in Figure 1 10 Figure 1 10 Sub option 1 in verbose padding format In Figure 1 10 except that the VLAN ID field has a fixed length of 2...

Страница 393: ...r not z Sub option 4 Failover route that specifies the destination IP address and the called number SIP users use such IP addresses and numbers to communicate with each other that a SIP user uses to r...

Страница 394: ...rted on loopback interfaces Introduction to DHCP Server Application Environment The DHCP server is well suited to the network where z It is hard to implement manual configuration and centralized manag...

Страница 395: ...evel child has no such configuration or z Overridden if the lower level child has such configuration z The extended address pool database is not organized as a tree z The IP address lease does not enj...

Страница 396: ...terface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following se...

Страница 397: ...g Dynamic Address Allocation for an Extended Address Pool Required for the extended address pool configuration Configuring a Domain Name Suffix for the Client Configuring DNS Servers for the Client Co...

Страница 398: ...ient s MAC or ID to IP address in the DHCP address pool When the client with the MAC address or ID requests an IP address the DHCP server will find the IP address from the binding for the client A DHC...

Страница 399: ...es on a DHCP client share the same MAC address you need to specify the client ID rather than MAC address in a static binding to identify the requesting interface otherwise the client may fail to obtai...

Страница 400: ...sk are specified the address pool becomes valid Follow these steps to configure dynamic address allocation for an extended address pool To do Use the command Remarks Enter system view system view Ente...

Страница 401: ...do Use the command Remarks Enter system view system view Enter DHCP address pool view dhcp server ip pool pool name extended Specify DNS servers dns list ip address 1 8 Required Not specified by defau...

Страница 402: ...nfiguration files obtained from a branch intelligent management system BIMS server Therefore the DHCP server needs to offer DHCP clients the BIMS server IP address port number shared key from the DHCP...

Страница 403: ...config ncp ip ip address Required Not specified by default Specify the IP address of the backup network calling processor voice config as ip ip address Optional Not specified by default Configure the...

Страница 404: ...s Specify the name of the TFTP server tftp server domain name domain name Required to use either command Not specified by default Specify the bootfile name bootfile name bootfile name Required Not spe...

Страница 405: ...n may affect DHCP operation Enabling DHCP Enable DHCP before performing other configurations Follow these steps to enable DHCP To do Use the command Remarks Enter system view system view Enable DHCP d...

Страница 406: ...e server interface connected to the client Applying an Extended Address Pool on an Interface After you create an extended address pool and apply it on an interface the DHCP server upon receiving a cli...

Страница 407: ...etection enabled the device puts a record once for each DHCP server The administrator needs to find unauthorized DHCP servers from the log information Configuring IP Address Conflict Detection To avoi...

Страница 408: ...ring the handling mode for Option 82 Follow these steps to enable the DHCP server to handle Option 82 To do Use the command Remarks Enter system view system view Enable the server to handle Option 82...

Страница 409: ...not save DHCP server lease information Therefore when the system boots up or the reset dhcp server ip in use command is executed no lease information will be available in the configuration file In thi...

Страница 410: ...p pool 0 static bind client identifier 3030 3066 2e65 3234 392e 3830 3530 2d56 6c61 6e2d 696e 7465 7266 6163 6532 SwitchA dhcp pool 0 dns list 10 1 1 2 SwitchA dhcp pool 0 gateway list 10 1 1 126 Swit...

Страница 411: ...com DNS server address 10 1 1 2 25 and gateway address 10 1 1 254 25 and there is no WINS server address z The domain name and DNS server address on subnets 10 1 1 0 25 and 10 1 1 128 25 are the same...

Страница 412: ...nfiguration is complete clients on networks 10 1 1 0 25 and 10 1 1 128 25 can obtain IP addresses on the corresponding network and other network parameters from Switch A You can use the display dhcp s...

Страница 413: ...command on the DHCP server to view the IP addresses assigned to the clients Troubleshooting DHCP Server Configuration Symptom A client s IP address obtained from the DHCP server conflicts with anothe...

Страница 414: ...DHCP server must be available on each subnet which is not practical DHCP relay agent solves the problem Via a relay agent DHCP clients communicate with a DHCP server on another subnet to obtain config...

Страница 415: ...ormation refer to Relay agent option Option 82 If the DHCP relay agent supports Option 82 it will handle a client s request according to the contents defined in Option 82 if any The handling strategie...

Страница 416: ...elay Agent Security Functions Optional Configuring the DHCP Relay Agent to Send a DHCP Release Request Optional Configuring the DHCP Relay Agent to Support Option 82 Optional Configuring the DHCP Rela...

Страница 417: ...CP server group and add a server into the group dhcp relay server group group id ip ip address Required Not created by default Enter interface view interface interface type interface number Correlate...

Страница 418: ...Disabled by default z The dhcp relay address check enable command is independent of other commands of the DHCP relay agent That is the invalid address check takes effect when this command is executed...

Страница 419: ...the IP address of the DHCP server which assigned an IP address to the DHCP client and the receiving interface The administrator can use this information to check out any DHCP unauthorized servers Foll...

Страница 420: ...type interface number Enable the relay agent to support Option 82 dhcp relay information enable Required Disabled by default Configure the handling strategy for requesting messages containing Option...

Страница 421: ...me must contain no spaces Otherwise the DHCP relay agent will drop the message Displaying and Maintaining DHCP Relay Agent Configuration To do Use the command Remarks Display information about DHCP se...

Страница 422: ...ddress of VLAN interface 2 is 10 1 1 2 24 Figure 3 3 Network diagram for DHCP relay agent Switch B DHCP server Switch A DHCP relay agent DHCP client DHCP client DHCP client DHCP client Vlan int2 10 1...

Страница 423: ...ircuit ID sub option as company001 and for the remote ID sub option as device001 z Switch A forwards DHCP requests to the DHCP server Switch B after replacing Option 82 in the requests so that the DHC...

Страница 424: ...debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem Solution Check that z The DHCP is enabled...

Страница 425: ...P server cannot be a Windows 2000 Server or Windows 2003 Server Introduction to DHCP Client With the DHCP client enabled an interface will use DHCP to obtain configuration parameters such as an IP add...

Страница 426: ...ified configuration information display dhcp client verbose interface interface type interface number Available in any view DHCP Client Configuration Example Network requirements As shown in Figure 4...

Страница 427: ...ent on VLAN interface 2 SwitchB system view SwitchB interface vlan interface 2 SwitchB Vlan interface2 ip address dhcp alloc 3 Verification Use the display dhcp client command to view the IP address a...

Страница 428: ...Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 Direct 0 0 10 1 1 3 Vlan2 10 1 1 3 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 Static 70 0 10 1 1 2 Vlan2 127 0 0...

Страница 429: ...uction of IRF refer to IRF Configuration in the System Volume DHCP Snooping Overview Functions of DHCP Snooping As a DHCP security feature DHCP snooping can implement the following 1 Ensuring DHCP cli...

Страница 430: ...For details refer to IP Source Guard Configuration in the Security Volume z VLAN mapping The device replaces service provider VLANs SVLANs in packets with customer VLANs CVLANs by searching correspond...

Страница 431: ...1 GigabitEthernet2 0 2 Switch C GigabitEthernet2 0 1 GigabitEthernet2 0 3 and GigabitEthernet2 0 4 GigabitEthernet2 0 2 DHCP Snooping Support for Option 82 Option 82 records the location information...

Страница 432: ...the message after adding the Option 82 padded in normal format verbose Forward the message after adding the Option 82 padded in verbose format no Option 82 user defined Forward the message after addi...

Страница 433: ...tion will be effective z Configuring both the DHCP snooping and selective QinQ function on the switch is not recommended because it may result in malfunction of DHCP snooping Configuring DHCP Snooping...

Страница 434: ...ies to non user defined Option 82 only Configure non user defined Option 82 Configure the code type for the remote ID sub option dhcp snooping information remote id format type ascii hex Optional hex...

Страница 435: ...aying and Maintaining DHCP Snooping To do Use the command Remarks Display DHCP snooping entries display dhcp snooping ip ip address Available in any view Display Option 82 configuration information on...

Страница 436: ...igabitEthernet2 0 1 as trusted SwitchB interface GigabitEthernet2 0 1 SwitchB GigabitEthernet2 0 1 dhcp snooping trust SwitchB GigabitEthernet2 0 1 quit DHCP Snooping Option 82 Support Configuration E...

Страница 437: ...chB GigabitEthernet2 0 2 dhcp snooping information circuit id string company001 SwitchB GigabitEthernet2 0 2 dhcp snooping information remote id string device001 SwitchB GigabitEthernet2 0 2 quit Conf...

Страница 438: ...les 1 5 Static Domain Name Resolution Configuration Example 1 5 Dynamic Domain Name Resolution Configuration Example 1 6 DNS Proxy Configuration Example 1 9 Troubleshooting IPv4 DNS Configuration 1 10...

Страница 439: ...IP address mappings are stored in the local static name resolution table to improve efficiency Static Domain Name Resolution The static domain name resolution means setting up mappings between domain...

Страница 440: ...ply the missing part For example a user can configure com as the suffix for aabbcc com The user only needs to type aabbcc to get the IP address of aabbcc com The resolver can add the suffix and delimi...

Страница 441: ...me resolution table after receiving the request If the requested information exists in the table the DNS proxy returns a DNS reply to the client 3 If the requested information does not exist in the st...

Страница 442: ...e resolution To do Use the command Remarks Enter system view system view Enable dynamic domain name resolution dns resolve Required Disabled by default Specify a DNS server dns server ip address Requi...

Страница 443: ...Switch and thus the Switch can use the domain name host com to access the host whose IP address is 10 1 1 2 Figure 1 3 Network diagram for static domain name resolution Configuration procedure Config...

Страница 444: ...m and the IP address 3 1 1 1 16 Figure 1 4 Network diagram for dynamic domain name resolution Configuration procedure z Before performing the following configuration make sure that the Switch and the...

Страница 445: ...ne Create a mapping between host name and IP address Figure 1 6 Add a host In Figure 1 6 right click zone com and then select New Host to bring up a dialog box as shown in Figure 1 7 Enter host name h...

Страница 446: ...is normal and that the corresponding destination IP address is 3 1 1 1 Sysname ping host Trying DNS resolve press CTRL_C to break Trying DNS server 2 1 1 2 PING host com 3 1 1 1 56 data bytes press C...

Страница 447: ...S server and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 1 8 1 Configure the DNS server This configuration may vary with different DNS...

Страница 448: ...tl 126 time 1 ms Reply from 3 1 1 1 bytes 56 Sequence 5 ttl 126 time 1 ms host com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 3 ms Troublesh...

Страница 449: ...en host names and IPv6 addresses Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv6 addresses Follow these steps to configure static...

Страница 450: ...ame Required Not configured by default that is only the provided domain name is resolved z The dns resolve and dns domain commands are the same as those of IPv4 DNS z You can configure up to six DNS s...

Страница 451: ...me resolution to resolve domain name host com into IPv6 address 1 2 Switch ping ipv6 host com PING host com 1 2 56 data bytes press CTRL_C to break Reply from 1 2 bytes 56 Sequence 1 hop limit 128 tim...

Страница 452: ...the Switch and the host are accessible to each another via available routes and the IPv6 addresses of the interfaces are configured as shown Figure 2 2 z This configuration may vary with different DN...

Страница 453: ...te a new zone named com Figure 2 3 Create a zone Create a mapping between the host name and the IPv6 address As shown in Figure 2 4 right click zone com Figure 2 4 Create a record In Figure 2 4 select...

Страница 454: ...2 6 Figure 2 5 Select the resource record type As shown in Figure 2 6 type host name host and IPv6 address 1 1 and then click OK Figure 2 6 Add a mapping between domain name and IPv6 address...

Страница 455: ...ding destination IP address is 1 1 Switch ping ipv6 host Trying DNS resolve press CTRL_C to break Trying DNS server 2 2 PING host com 1 1 56 data bytes press CTRL_C to break Reply from 1 1 bytes 56 Se...

Страница 456: ...m Number of Neighbors Dynamically Learned 1 14 Configuring Parameters Related to RA Messages 1 14 Configuring the Maximum Number of Attempts to Send an NS Message for DAD 1 16 Configuring PMTU Discove...

Страница 457: ...ributed IRF device If an S7900E series is not in any IRF it operates as a distributed device if the S7900E series is in an IRF it operates as a distributed IRF device For introduction of IRF refer to...

Страница 458: ...ments of hierarchical address division as well as allocation of public and private addresses Hierarchical address structure IPv6 adopts the hierarchical address structure to quicken route search and r...

Страница 459: ...most while the size of IPv6 extension headers is restricted to the maximum size of IPv6 packets Introduction to IPv6 Address IPv6 address format An IPv6 address is represented as a set of 16 bit hexad...

Страница 460: ...arget interface is nearest to the source according to a routing protocol s measure of distance There are no broadcast addresses in IPv6 Their function is replaced by multicast addresses The type of an...

Страница 461: ...address FF02 2 Link local scope all routers multicast address FF05 2 Site local scope all routers multicast address Besides there is another type of multicast address solicited node address A solicit...

Страница 462: ...covery and address autoconfiguration z Redirection Table 1 3 lists the types and functions of ICMPv6 messages used by the NDP Table 1 3 Types and functions of ICMPv6 messages ICMPv6 message Number Fun...

Страница 463: ...dress of node A 2 After receiving the NS message node B judges whether the destination address of the packet is its solicited node multicast address If yes node B learns the link layer address of node...

Страница 464: ...atically generates an IPv6 address according to the information obtained through router prefix discovery The router prefix discovery is implemented through RS and RA messages The router prefix discove...

Страница 465: ...PMTU discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination Figure 1 5 shows the working procedure of PMTU discovery Figure 1 5 Working procedure of...

Страница 466: ...ets allowing communication between IPv4 and IPv6 nodes It performs IP address translation and according to different protocols performs semantic translation for packets This technology is only suitabl...

Страница 467: ...ormat is adopted the IPv6 address prefix of an interface is the configured prefix and the interface identifier is generated automatically by the interface z Manual configuration IPv6 site local addres...

Страница 468: ...s is configured for an interface a link local address is generated automatically The automatically generated link local address is the same as the one generated by using the ipv6 address auto link loc...

Страница 469: ...ugh NS and NA messages or through a manually configured static neighbor entry The device uniquely identifies a static neighbor entry according to the neighbor IPv6 address and the local Layer 3 interf...

Страница 470: ...eir descriptions Parameters Description Cur hop limit When sending an IPv6 packet a host uses the value to fill the Cur Hop Limit field in IPv6 headers The value is also filled into the Cur Hop Limit...

Страница 471: ...mit ipv6 nd hop limit value Optional 64 by default Enable the consistency check on the source MAC address of ND packets ipv6 nd mac check enable Optional Disabled by default Enter interface view inter...

Страница 472: ...onds and the value of the Reachable Timer field in RA messages is 0 z The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages z In VRRP networki...

Страница 473: ...e path MTU from a source host to a destination host is dynamically determined refer to IPv6 PMTU Discovery the source host sends subsequent packets to the destination host on basis of this MTU After t...

Страница 474: ...he configured capacity One token allows one ICMPv6 error packet to be sent Each time an ICMPv6 error packet is sent the number of tokens in a token bucket decreases by one If the number of ICMPv6 erro...

Страница 475: ...ice degrades greatly because it has to send back ICMP time exceeded packets You can disable sending of ICMPv6 time exceeded packets Follow these steps to enable sending of ICMPv6 time exceeded packets...

Страница 476: ...view Display socket information for distributed IRF devices display ipv6 socket socktype socket type task id socket id chassis chassis number slot slot number Available in any view Display the statist...

Страница 477: ...corresponding VLANs configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them z The aggregatable global unicast addresses of VLAN interface 2 and VLAN interface 1 on Sw...

Страница 478: ...NDP SwitchA display ipv6 neighbors interface GigabitEthernet 2 0 2 Type S Static D Dynamic IPv6 Address Link layer VID Interface State T Age FE80 215 E9FF FEA6 7D14 0015 e9a6 7d14 1 GE2 0 2 STALE D 12...

Страница 479: ...s 0 SwitchA display ipv6 interface vlan interface 1 verbose Vlan interface1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 20F E2FF FE00 1C0 Global unicast...

Страница 480: ...s 0 Display the IPv6 interface settings on Switch B All the IPv6 global unicast addresses configured on the interface are displayed SwitchB display ipv6 interface vlan interface 2 verbose Vlan interfa...

Страница 481: ...ng Switch A and Switch B on Host and ping Switch A and Host on Switch B to verify the connectivity between them When you ping a link local address you should use the i parameter to specify an interfac...

Страница 482: ...roubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged Solution z Use the display current configuration command in any view or the display this command in system view...

Страница 483: ...elay Agent 1 3 Protocols and Standards 1 4 Configuring the DHCPv6 Client 1 4 Configuration Prerequisites 1 4 Configuration Procedure 1 4 Configuring the DHCPv6 Relay Agent 1 5 Configuration Prerequisi...

Страница 484: ...addresses assigned to hosts and assign addresses to specific hosts thus facilitating network management z Assign configuration parameters to hosts such as the DNS server address or domain name Basic C...

Страница 485: ...ice can only serve as the DHCPv6 client and relay agent Serving as a DHCPv6 client the device only supports stateless DHCPv6 configuration instead of stateful DHCPv6 configuration that is the device c...

Страница 486: ...1 3 Operation of Stateless DHCPv6 As shown in Figure 1 3 stateless DHCPv6 operates as follows 1 The DHCPv6 client multicasts an information request message to the destination address FF02 1 2 The info...

Страница 487: ...then sends the Relay reply message to the DHCPv6 relay agent 4 The DHCPv6 relay agent obtains the reply from the Relay reply message and sends the reply to the DHCPv6 client The DHCPv6 client uses th...

Страница 488: ...rom a DHCPv6 client the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay forward message and forwards the message to the specified DHCPv6 server which then assigns...

Страница 489: ...ipv6 dhcp client interface interface type interface number Available in any view Display DHCPv6 client statistics display ipv6 dhcp client statistics interface interface type interface number Availabl...

Страница 490: ...ace 2 SwitchA Vlan interface2 ipv6 address auto With this command executed if VLAN interface 2 has no IP address configured Switch A will automatically generate a link local address and send an RS mes...

Страница 491: ...ind 0 Information request 5 Release 0 Decline 0 DHCPv6 Relay Agent Configuration Example Network requirements As shown in Figure 1 6 the network address prefix of DHCPv6 clients is 1 64 and the IPv6 a...

Страница 492: ...SwitchA Vlan interface1 undo ipv6 nd ra halt SwitchA Vlan interface1 ipv6 nd autoconfig managed address flag SwitchA Vlan interface1 ipv6 nd autoconfig other flag 3 Verify the configuration After comp...

Страница 493: ...nfiguration Example 1 16 Configuring an ISATAP Tunnel 1 19 Configuration Prerequisites 1 19 Configuration Procedure 1 19 Configuration Example 1 20 Configuring an IPv4 over IPv4 Tunnel 1 23 Configurat...

Страница 494: ...ii Displaying and Maintaining Tunneling Configuration 1 45 Troubleshooting Tunneling Configuration 1 45...

Страница 495: ...and transfer them over the network A tunnel is a virtual point to point connection providing a channel to transfer encapsulated packets Packets are encapsulated and decapsulated at both ends of a tun...

Страница 496: ...ocol IPv6 is compatible with all protocols except IPv4 in the TCP IP suite Therefore IPv6 can completely take the place of IPv4 Before IPv6 becomes the dominant protocol networks using the IPv6 protoc...

Страница 497: ...lated IPv6 packet If the destination address is the device itself the device forwards the IPv6 packet to the upper layer protocol for processing Configured tunnel and automatic tunnel An IPv6 over IPv...

Страница 498: ...used to automatically acquire the destination IPv4 address of the tunnel The automatic 6to4 tunnel adopts 6to4 addresses The address format is 2002 abcd efgh subnet number interface ID 64 where 2002 r...

Страница 499: ...go an encapsulation and decapsulation process Figure 1 3 shows these two processes Figure 1 3 Principle of IPv4 over IPv4 tunnel z Encapsulation The encapsulation process is as follows 1 The interface...

Страница 500: ...ponding data module for processing The data module then determines how to route the packet 2 If the packet needs to be routed to Host B connected to Router B the packet is sent to Router A s tunnel in...

Страница 501: ...tocol checks the destination address field in the packet header to determine how to route the packet 3 If the packet must be tunneled to reach its destination Router A sends it to the tunnel interface...

Страница 502: ...payload to the X protocol for forwarding Encapsulation and decapsulation processes on both ends of the GRE tunnel and the resulting increase in data volumes will degrade the forwarding efficiency for...

Страница 503: ...sis number slot slot number Optional Not specified by default Reference a service loopback group service loopback group number Required By default the tunnel does not reference any service loopback gr...

Страница 504: ...Configure an IPv6 address for the tunnel interface Configure a link local IPv6 address ipv6 address ipv6 address link local Optional By default a link local address will automatically be created when...

Страница 505: ...stination and set the outbound interface to the tunnel interface at the local end or set the next hop to the tunnel interface at the peer end The similar configuration needs to be performed at the oth...

Страница 506: ...up 1 type tunnel Add GigabitEthernet 2 0 3 to service loopback group 1 SwitchA interface GigabitEthernet 2 0 3 SwitchA GigabitEthernet2 0 3 undo stp enable SwitchA GigabitEthernet2 0 3 port service lo...

Страница 507: ...SwitchB Tunnel0 service loopback group 1 SwitchB Tunnel0 quit Configure a static route to IPv6 Group 1 through tunnel 0 on Switch B SwitchB ipv6 route static 3002 64 tunnel 0 Configuration verificati...

Страница 508: ...ply from 3003 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 3003 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 3003 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 3003 1 b...

Страница 509: ...s configured for the tunnel interface ipv6 address auto link local Configure an IPv6 address for the tunnel interface Configure an IPv6 link local address ipv6 address ipv6 address link local Optional...

Страница 510: ...n needs to be performed at the other tunnel end 6to4 Tunnel Configuration Example Network requirements As shown in Figure 1 9 two 6to4 networks are connected to an IPv4 network through two 6to4 switch...

Страница 511: ...witchA Tunnel0 ipv6 address 2002 201 101 1 64 SwitchA Tunnel0 source vlan interface 100 SwitchA Tunnel0 tunnel protocol ipv6 ipv4 6to4 SwitchA Tunnel0 quit Create service loopback group 1 to support t...

Страница 512: ...service loopback group 1 SwitchB interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet2 0 3 port service loopback group 1 SwitchB GigabitEthernet2 0 3 qu...

Страница 513: ...x length ipv6 address prefix length Configure an IPv6 global unicast address or site local address ipv6 address ipv6 address prefix length eui 64 Required Use either command By default no IPv6 global...

Страница 514: ...stead of the IPv4 address of the tunnel destination and set the outbound interface to the tunnel interface at the local end or set the next hop to the tunnel interface at the peer end The similar conf...

Страница 515: ...et 2 0 3 Switch GigabitEthernet2 0 3 undo stp enable Switch GigabitEthernet2 0 3 port service loopback group 1 Switch GigabitEthernet2 0 3 quit Reference service loopback group 1 on the tunnel Switch...

Страница 516: ...s 6d23h59m46s public preferred link local fe80 5efe 2 1 1 2 life infinite link MTU 1500 true link MTU 65515 current hop limit 255 reachable time 42500ms base 30000ms retransmission interval 1000ms DAD...

Страница 517: ...em view Enter tunnel interface view interface tunnel number Configure an IPv4 address for the tunnel interface ip address ip address mask mask length sub Required By default no IPv4 address is configu...

Страница 518: ...ust have different source and destination addresses z If you specify a source interface instead of a source address for the tunnel the source address of the tunnel is the primary IP address of the sou...

Страница 519: ...ce tunnel 1 IP address of VLAN interface 101 of Switch B SwitchA Tunnel1 destination 3 1 1 1 SwitchA Tunnel1 quit Create service loopback group 1 to support the tunnel service SwitchA service loopback...

Страница 520: ...interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet2 0 3 port service loopback group 1 SwitchB GigabitEthernet2 0 3 quit Reference service loopback gro...

Страница 521: ...packets input 320 bytes 0 input error 9 packets output 576 bytes 0 output error Ping the IPv4 address of the peer interface VLAN interface 100 from Switch A SwitchA ping 10 1 3 1 PING 10 1 3 1 56 dat...

Страница 522: ...nterface tunnel number Configure an IPv4 address for the tunnel interface ip address ip address mask mask length sub Required By default no IPv4 address is configured for the tunnel interface Specify...

Страница 523: ...of a source address for the tunnel the source address of the tunnel is the primary IP address of the source interface z When you configure dynamic routing at each tunnel end you need to enable the dy...

Страница 524: ...he interface tunnel 1 IP address of VLAN interface 101 of Switch B SwitchA Tunnel1 destination 2002 2 1 SwitchA Tunnel1 quit Create service loopback group 1 to support the tunnel service SwitchA servi...

Страница 525: ...service loopback group 1 type tunnel Add GigabitEthernet 2 0 3 to service loopback group 1 SwitchB interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet...

Страница 526: ...0 packets sec Last 300 seconds output 1 bytes sec 0 packets sec 167 packets input 10688 bytes 0 input error 170 packets output 10880 bytes 0 output error Ping the IPv4 address of the peer interface V...

Страница 527: ...or site local address ipv6 address ipv6 address prefix length eui 64 ipv6 address auto link local Configure an IPv6 address for the tunnel interface Configure an IPv6 link local address ipv6 address...

Страница 528: ...ent z Two or more tunnel interfaces using the same encapsulation protocol must have different source and destination addresses z If you specify a source interface instead of a source address for the t...

Страница 529: ...the interface tunnel 1 IP address of VLAN interface 101 SwitchA Tunnel1 source 2002 11 1 Configure the destination address for the interface tunnel 1 IP address of VLAN interface 101 of Switch B Swit...

Страница 530: ...l 2 IP address of VLAN interface 101 of Switch A SwitchB Tunnel2 destination 2002 11 1 SwitchB Tunnel2 quit Create service loopback group 1 to support the tunnel service SwitchB service loopback group...

Страница 531: ...ress es FF02 1 FF24 1 FF02 1 FF01 2 FF02 1 FF00 0 FF02 2 FF02 1 MTU is 1460 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for...

Страница 532: ...er tunnel interface view interface tunnel interface number Required By default a device has no tunnel interface Configure an IPv4 address for the tunnel interface ip address ip address mask mask lengt...

Страница 533: ...z When configuring a route through the tunnel you can configure a static route using the address of the network segment that the original packet is destined for as its destination address and the addr...

Страница 534: ...et 2 0 3 to service loopback group 1 SwitchA interface GigabitEthernet 2 0 3 SwitchA GigabitEthernet2 0 3 undo stp enable SwitchA GigabitEthernet2 0 3 port service loopback group 1 Apply service loopb...

Страница 535: ...interface view SwitchB GigabitEthernet2 0 3 quit SwitchB interface tunnel 1 SwitchB Tunnel1 service loopback group 1 SwitchB Tunnel1 quit Configure a static route from Switch B through interface Tunne...

Страница 536: ...dynamic through the tunnel to the other end Note that z If you delete a tunnel interface the functions configured on this tunnel interface will be removed as well z The source address and destination...

Страница 537: ...terface 100 SwitchA Vlan interface100 ip address 10 1 1 1 255 255 255 0 SwitchA Vlan interface100 quit Configure interface VLAN interface 101 the physical interface of the tunnel SwitchA interface vla...

Страница 538: ...10 1 3 0 255 255 255 0 tunnel 0 2 Configure Switch B SwitchB system view Enable IPv6 SwitchB ipv6 Configure interface VLAN interface 100 SwitchB interface vlan interface 100 SwitchB Vlan interface100...

Страница 539: ...v6 information on tunnel interfaces display ipv6 interface tunnel number verbose Available in any view Clear statistics on tunnel interfaces reset counters interface tunnel number Available in user vi...

Страница 540: ...ntents 1 UDP Helper Configuration 1 1 Introduction to UDP Helper 1 1 Configuring UDP Helper 1 1 Displaying and Maintaining UDP Helper 1 2 UDP Helper Configuration Examples 1 2 UDP Helper Configuration...

Страница 541: ...relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server With UDP Helper enabled the device decides whether to forward a received UDP br...

Страница 542: ...ion of all UDP ports is removed if you disable UDP Helper z You can configure up to 256 UDP port numbers to enable the forwarding of packets with these UDP port numbers z You can configure up to 20 de...

Страница 543: ...0 16 is available Enable UDP Helper SwitchA system view SwitchA udp helper enable Enable the forwarding broadcast packets with the UDP destination port 55 SwitchA udp helper port 55 Specify the destin...

Страница 544: ...FTP Client Configuration Example Distributed IRF Device 1 9 Configuring the FTP Server 1 11 Configuring FTP Server Operating Parameters 1 11 Configuring Authentication and Authorization on the FTP Se...

Страница 545: ...files z ASCII mode transfers files as text like txt bat and cfg files Operation of FTP FTP adopts the client server model Your device can function either as the client or as the server as shown in Fig...

Страница 546: ...nfiguration on the device Configure authentication and authorization Configure the username password authorized working directory for an FTP user The device does not support anonymous FTP for security...

Страница 547: ...P address The primary IP address configured on the source interface is the source address of the transmitted packets The source address of the transmitted packets is selected following these rules z I...

Страница 548: ...the remote FTP server directly in user view ftp ipv6 server address service port source ipv6 source ipv6 address i interface type interface number ftp ipv6 Log in to the remote FTP server indirectly i...

Страница 549: ...mode transfers files as raw data 4 Use the lcd command to display the local working directory of the FTP client You can upload the file under this directory or save the downloaded file under this dire...

Страница 550: ...o Use the command Remarks Use another username to relog in after successfully logging in to the FTP server user username password Optional Maintaining and Debugging an FTP Connection After a device se...

Страница 551: ...FTP server Their IP addresses are 10 2 1 1 16 and 10 1 1 1 16 respectively An available route exists between Device and PC z Device downloads a startup file from PC for device upgrade and uploads the...

Страница 552: ...y newest app as the main startup file to be used at the next startup z Specify newest app as the main startup file to be used at the next startup for the AMB Sysname boot loader file newest app slot 0...

Страница 553: ...d uploads the configuration file to PC for backup z On PC an FTP user account has been created for the FTP client with the username being abc and the password being pwd Figure 1 3 Network diagram for...

Страница 554: ...complete FTP 3494 byte s sent in 5 646 second s 618 00 byte s sec ftp bye Specify newest app as the main startup file to be used at the next startup for the AMB of the IRF Sysname boot loader file ne...

Страница 555: ...data This means that any anomaly power failure for example during file transfer might result in file corruption on the FTP server This mode however consumes less memory space than the fast mode Follo...

Страница 556: ...pher password Required Assign the FTP service to the user service type ftp Required By default the system does not support anonymous FTP access and does not assign any service If the FTP service is as...

Страница 557: ...e level Authorize ftp s access to the root directory of the flash on the AMB and specify ftp to use FTP Sysname system view Sysname local user ftp Sysname luser ftp password simple pwd Sysname luser f...

Страница 558: ...te command to upgrade the Boot ROM 3 Upgrade Device Copy the startup file newest app to the root directory of the storage medium on the SMB in slot 1 Sysname copy newest app slot1 flash Specify newest...

Страница 559: ...PC as the FTP client Their IP addresses are as shown in the following figure Device and PC are reachable to each other z Device downloads a startup file from PC for upgrade and uploads the configurati...

Страница 560: ...ed in Download the configuration file config cfg of the device to the PC for backup ftp get config cfg back config cfg Upload the configuration file newest app to the root directory of the storage med...

Страница 561: ...d Continue Y N y The specified file will be used as the main boot file at the next reboot on chassis 2 slot 0 Sysname boot loader file chassis2 slot1 flash newest app chassis 1 slot 0 main This comman...

Страница 562: ...ent and server TFTP uses the UDP port 69 for data transmission For TFTP basic operation refer to RFC 1986 In TFTP file transfer is initiated by the client z In a normal file downloading process the cl...

Страница 563: ...the storage medium until the whole file is obtained In this way if file download fails for example due to network disconnection the device can still start up because the original system file is not o...

Страница 564: ...device uses the source address determined by the matched route to communicate with the TFTP server by default Return to user view quit Download or upload a file in an IPv4 network tftp server address...

Страница 565: ...rform the following operations Download application file newest app from PC to the device z Download application file newest app from PC to the root directory of the storage medium on the AMB Sysname...

Страница 566: ...IRF system which is composed of a master and a slave The member ID of the master is 1 and the slot numbers of the AMB and the SMB on the master are 0 and 1 respectively The member ID of the slave is 2...

Страница 567: ...flash newest app Upload a configuration file config cfg to the TFTP server Sysname tftp 1 2 1 1 put config cfg configback cfg Specify newest app as the main startup file to be used at the next startup...

Страница 568: ...tartup must be saved under the root directory of the storage medium You can copy or move a file to the root directory of the storage medium For the details of the boot loader command refer to Device M...

Страница 569: ...Overview 1 1 Introduction to sFlow 1 1 Operation of sFlow 1 2 Configuring sFlow 1 2 Displaying and Maintaining sFlow 1 3 sFlow Configuration Example 1 3 Troubleshooting sFlow Configuration 1 4 The Rem...

Страница 570: ...o collect and analyze traffic statistics The sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector The sFlow agent collects traffic statistics and packets from the sFl...

Страница 571: ...f the sFlow agent sflow agent ip ip address ipv6 ipv6 address Required Not configured by default Specify the IP address and port number of the sFlow collector sflow collector ip ip address ipv6 ipv6 a...

Страница 572: ...any view sFlow Configuration Example Network requirements z Host A and Server are connected to Switch through GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 respectively z Host B works as an sFlow co...

Страница 573: ...g sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets Analysis z sFlow is not enabled globally because the sFlow...

Страница 574: ...s This document describes z Static route configuration z Detecting Reachability of the Static Route s Nexthop RIP Routing Information Protocol RIP is a simple Interior Gateway Protocol IGP mainly used...

Страница 575: ...tate Changes IPv6 Static Routing Static routes are special routes that are manually configured by network administrators Similar to IPv4 static routes IPv6 static routes work well in simple IPv6 netwo...

Страница 576: ...ing attributes modifying when routes are received advertised or redistributed This document describes z Defining Filters z Route policy configuration Policy Routing Policy routing is to make forwardin...

Страница 577: ...uting Protocol Overview 1 3 Static Routing and Dynamic Routing 1 3 Classification of Dynamic Routing Protocols 1 3 Routing Protocols and Routing Priority 1 4 Load Balancing and Route Backup 1 5 Route...

Страница 578: ...the packet reaches the last router which forwards the packet to the intended destination host Routing Table Routing table Routing tables play a key role in routing Each router maintains a routing tabl...

Страница 579: ...but having different nexthops may have different priorities and be found by various routing protocols or manually configured The optimal route is the one with the highest priority with the smallest m...

Страница 580: ...em resources It works well in small stable networks with simple topologies Its major drawback is that you must perform routing configuration again whenever the network topology changes it cannot adjus...

Страница 581: ...otocols For information on multicast routing protocols refer to the IP Multicast Volume Version of IP protocol IPv4 routing protocols RIP OSPFv2 BGP4 and IS IS IPv6 routing protocols RIPng OSPFv3 BGP4...

Страница 582: ...find several routes with the same metric to the same destination and if this protocol has the highest priority among all the active protocols these routes will be considered valid routes for load bal...

Страница 583: ...is configured for a protocol the global router ID is used To do Use the command Remarks Enter system view system view Configure a router ID router id router id Optional Not configured by default Disp...

Страница 584: ...splay ipv6 routing table ipv6 address prefix length longer match verbose Available in any view Display routing information permitted by an IPv6 ACL display ipv6 routing table acl acl6 number verbose A...

Страница 585: ...uration Prerequisites 1 2 Configuration Procedure 1 3 Configuring BFD for Static Routes 1 3 BFD Control Packet Mode 1 4 BFD Echo Packet Mode 1 4 Displaying and Maintaining Static Routes 1 5 Static Rou...

Страница 586: ...change occurs in the network the routes will be unreachable and the network breaks In this case the network administrator has to modify the static routes manually Default Route If the destination add...

Страница 587: ...after the next hop address is specified When specifying the output interface note that z If the output interface is a Null 0 interface there is no need to configure the next hop address z If the outp...

Страница 588: ...ce value Optional 60 by default z When configuring a static route the static route does not take effect if you specify the next hop address first and then configure it as the IP address of a local int...

Страница 589: ...st address mask mask length interface type interface number next hop address bfd control packet preference preference value tag tag value description description text Use either command BFD Echo Packe...

Страница 590: ...e end when the echo mode is used Displaying and Maintaining Static Routes To do Use the command Remarks Display the current configuration information display current configuration Display the brief in...

Страница 591: ...Switch C SwitchC system view SwitchC ip route static 0 0 0 0 0 0 0 0 1 1 5 5 3 Configure the hosts The default gateways for the three hosts A B and C are 1 1 2 3 1 1 6 1 and 1 1 3 1 respectively The c...

Страница 592: ...Direct 0 0 127 0 0 1 InLoop0 Use the ping command on Host B to check reachability to Host A assuming Windows XP runs on the two hosts C Documents and Settings Administrator ping 1 1 2 2 Pinging 1 1 2...

Страница 593: ...d echo source ip 123 1 1 1 SwitchA interface vlan interface 10 SwitchA vlan interface10 bfd min echo receive interval 500 SwitchA vlan interface10 bfd detect multiplier 7 SwitchA vlan interface10 quit...

Страница 594: ...a UP DOWN Diag 1 0 53892593 SwitchA BFD 8 SCM Sess 123 1 1 1 10 1 1 100 Vlan10 Oper Reset 0 53892593 SwitchA BFD 8 EVENT Send sess down Msg Src 123 1 1 1 Dst 10 1 1 100 Vlan10 Protocol STATIC 0 538925...

Страница 595: ...interface12 bfd min receive interval 500 SwitchA vlan interface12 bfd detect multiplier 9 SwitchA vlan interface12 quit SwitchA ip route static 14 1 1 0 24 vlan interface 12 12 1 1 2 bfd control packe...

Страница 596: ...Vlan12 Ctrl Sta UP DOWN Diag 1 Jul 27 10 18 18 672 2007 SwitchA BFD 7 EVENT Send sess down Msg Src 12 1 1 1 Dst 12 1 1 2 Vlan12 Ctrl instance 0 protocol STATIC Jul 27 10 18 19 172 2007 SwitchA BFD 7...

Страница 597: ...Maximum Number of Load Balanced Routes 1 14 Enabling Zero Field Check on Incoming RIPv1 Messages 1 14 Enabling Source IP Address Check on Incoming RIP Updates 1 14 Configuring RIPv2 Message Authentic...

Страница 598: ...ii...

Страница 599: ...ration and maintenance than OSPF and IS IS Operation of RIP Introduction RIP is a distance vector routing protocol using UDP packets for exchanging information through port 520 RIP uses a hop count to...

Страница 600: ...d for that route after the garbage collect timer expires the route will be deleted from the routing table Routing loops prevention RIP is a distance vector D V routing protocol Since a RIP router adve...

Страница 601: ...uthentication and MD5 authentication to enhance security RIPv2 has two types of message transmission broadcast and multicast Multicast is the default type using 224 0 0 9 as the multicast address The...

Страница 602: ...ork address subnet address or host address z Subnet Mask Mask of the destination address z Next Hop If set to 0 0 0 0 it indicates that the originator of the route is the best next hop otherwise it in...

Страница 603: ...This mechanism cannot detect link faults quickly After BFD is configured for RIP when BFD detects a broken link RIP can quickly age out the unreachable route thus avoiding interference to other servi...

Страница 604: ...f a physical interface is attached to multiple networks you cannot advertise these networks in different RIP processes Configuring the interface behavior Follow these steps to configure the interface...

Страница 605: ...view Enter RIP view rip process id vpn instance vpn instance name Specify a global RIP version version 1 2 Optional By default if an interface has a RIP version specified the version takes precedence...

Страница 606: ...additional routing metric rip metricin route policy route policy name value Optional 0 by default Define an outbound additional routing metric rip metricout route policy route policy name value Optio...

Страница 607: ...Required You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface Disabling Host Route Reception Sometimes a router may receive from the same network...

Страница 608: ...pn instance name Enable RIP to advertise a default route default route only originate cost cost Optional Not enabled by default Return to system view quit Enter interface view interface interface type...

Страница 609: ...ort command filters outgoing routes including routes redistributed with the import route command Configuring a Priority for RIP Multiple IGP protocols may run in a router If you want RIP routes to hav...

Страница 610: ...Configuring RIP Network Optimization Complete the following tasks before configuring RIP network optimization z Configure network addresses for interfaces and make neighboring nodes reachable to each...

Страница 611: ...outing loops between adjacent routers Follow these steps to enable split horizon To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface num...

Страница 612: ...v1 messages If such a field contains a non zero value the RIPv1 message will not be processed If you are sure that all messages are trusty you can disable zero field check to save CPU resources This f...

Страница 613: ...nformation is sent with the RIP message which however cannot meet high security needs Follow these steps to configure RIPv2 message authentication To do Use the command Remarks Enter system view syste...

Страница 614: ...ng This task allows you to enable a specific RIP process to receive SNMP requests Follow these steps to bind RIP to MIB To do Use the command Remarks Enter system view system view Bind RIP to MIB rip...

Страница 615: ...only when both ends have routes to send and BFD is enabled on the receiving interface Single Hop Detection in BFD Echo Packet Mode Follow these steps to configure BFD for RIP single hop detection in B...

Страница 616: ...ng RIP To do Use the command Remarks Display RIP current status and configuration information display rip process id vpn instance vpn instance name Display all active routes in RIP database display ri...

Страница 617: ...SwitchA display rip 1 route Route Flags R RIP T TRIP P Permanent A Aging S Suppressed G Garbage collect Peer 192 168 1 2 on Vlan interface100 Destination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 19...

Страница 618: ...gure route redistribution on Switch B to make RIP 200 redistribute direct routes and routes from RIP 100 Thus Switch C can learn routes destined for 10 2 1 0 24 and 11 1 1 0 24 while Switch A cannot l...

Страница 619: ...Routes 6 Destination Mask Proto Pre Cost NextHop Interface 12 3 1 0 24 Direct 0 0 12 3 1 2 Vlan200 12 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 16 4 1 0 24 Direct 0 0 16 4 1 1 Vlan400 16 4 1 1 32 Direct...

Страница 620: ...c Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 11 1 1 0 24 RIP 100 1 12 3 1 1 Vlan200 12 3 1 0 24 Direct 0 0 12 3 1 2 Vlan200 12 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 16 4...

Страница 621: ...itchA rip 1 quit Configure Switch B SwitchB system view SwitchB rip 1 SwitchB rip 1 network 1 0 0 0 SwitchB rip 1 version 2 SwitchB rip 1 undo summary Configure Switch C SwitchC system view SwitchB ri...

Страница 622: ...vlan interface 200 SwitchA Vlan interface200 rip metricin 3 SwitchA Vlan interface200 display rip 1 database 1 0 0 0 8 cost 0 ClassfulSumm 1 1 1 0 24 cost 0 nexthop 1 1 1 1 Rip interface 1 1 2 0 24 co...

Страница 623: ...h B SwitchB system view SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 10 6 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 qui...

Страница 624: ...1 2 Vlan300 11 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 4 1 0 24 Direct 0 0 11 4 1 2 Vlan400 11 4 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 1...

Страница 625: ...face connected to the Layer 2 switch z When the link between Switch C and the Layer 2 switch fails BFD can quickly detect the link failure and notify it to RIP and the BFD session goes down In respons...

Страница 626: ...4 Configure a static route on Switch C SwitchC ip route static 100 1 1 1 24 null 0 5 Verify the configuration Display the BFD session information of Switch A SwitchA display bfd session Total Session...

Страница 627: ...nformation of Switch A You can see that Switch A has deleted the neighbor relationship with Switch C and thus no output information is displayed SwitchA display bfd session Display the RIP routes of R...

Страница 628: ...the BFD session goes down In response RIP deletes the neighbor relationship with Switch C and the route information received from Switch C Then Switch A learns the static route sent by Switch C the ou...

Страница 629: ...bfd min transmit interval 500 SwitchA Vlan interface100 bfd min receive interval 500 SwitchA Vlan interface100 bfd detect multiplier 7 SwitchA Vlan interface100 quit Configure Switch C SwitchC bfd se...

Страница 630: ...hbor 192 168 3 2 Tunnel ID 0x0 Label NULL State Inactive Adv Age 00h12m50s Tag 0 Enable RIP event debugging on Switch A SwitchA debugging rip 1 event SwitchA terminal debugging When the link between S...

Страница 631: ...es are disabled from handling RIP messages If the peer is configured to send multicast messages the same should be configured on the local end Solution z Use the display current configuration command...

Страница 632: ...e as NBMA 1 27 Configuring the OSPF Network Type for an Interface as P2MP 1 28 Configuring the OSPF Network Type for an Interface as P2P 1 29 Configuring OSPF Route Control 1 29 Prerequisites 1 29 Con...

Страница 633: ...SU Transmit Rate 1 44 Configuring OSPF Graceful Restart 1 45 Configuring the OSPF GR Restarter 1 45 Configuring the OSPF GR Helper 1 46 Triggering OSPF Graceful Restart 1 47 Configuring BFD for OSPF 1...

Страница 634: ...ing OSPF Network Optimization z Configuring OSPF Graceful Restart z Configuring BFD for OSPF z Displaying and Maintaining OSPF z OSPF Configuration Examples z Troubleshooting OSPF Configuration The te...

Страница 635: ...ers to compose a LSDB Link State Database An LSA describes the network topology around a router so the LSDB describes the entire network topology of the AS z Each router transforms the LSDB to a weigh...

Страница 636: ...describe routes to other ASs z Opaque LSA A proposed type of LSA the format of which consists of a standard LSA header and application specific information Opaque LSAs are used by the OSPF protocol o...

Страница 637: ...s Backbone area and virtual links Each AS has a backbone area which is responsible for distributing routing information between none backbone areas Routing information between non backbone areas must...

Страница 638: ...packets Stub area The ABR in a stub area does not distribute Type 5 LSAs into the area so the routing table size and amount of routing information in this area are reduced significantly You can config...

Страница 639: ...protocol Area 1 is an NSSA area and the ASBR in it translates RIP routes into Type 7 LSAs and advertises them throughout Area 1 When these LSAs travel to the NSSA ABR the ABR translates Type 7 LSAs to...

Страница 640: ...ter belongs to more than two areas one of which must be the backbone area It connects the backbone area to a non backbone area The connection between an area border router and the backbone area can be...

Страница 641: ...o consideration Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol z Broadcast When the link layer protocol is Ethernet or FDDI OS...

Страница 642: ...synchronization consuming network resources The Designated Router is defined to solve the problem All other routers on the network send routing information to the DR which is responsible for advertisi...

Страница 643: ...terface of a router and belongs to a single network segment The router s other interfaces may be a BDR or DRother z After DR BDR election and then a new router joins it cannot become the DR immediatel...

Страница 644: ...er than contained in the Authentication field Hello packet A router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the DR BDR including informat...

Страница 645: ...AuType Packet length Authentication Authentication Interface MTU DD sequence number LSA header Options 0 0 0 0 0 I M M S 0 7 15 31 LSA header Major fields z Interface MTU Size in bytes of the largest...

Страница 646: ...lowing figure shows the LSR packet format Figure 1 12 LSR packet format Major fields z LS type Type number of the LSA to be requested Type 1 for example indicates the Router LSA z Link State ID Determ...

Страница 647: ...eader as shown in the following figure Figure 1 15 LSA header format Major fields z LS age Time in seconds elapsed since the LSA was originated A LSA ages in the LSDB added by 1 per second but does no...

Страница 648: ...k ID Determined by Link type z Link data Determined by Link type z Type Link type A value of 1 indicates a point to point link to a remote router a value of 2 indicates a link to a transit network a v...

Страница 649: ...t to the DR including the DR itself 3 Summary LSA Network summary LSAs Type 3 LSAs and ASBR summary LSAs Type 4 LSAs are originated by ABRs Other than the difference in the Link State ID field the for...

Страница 650: ...The IP address mask for the advertised destination z E External Metric The type of the external metric value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes Refer...

Страница 651: ...ext authentication and MD5 ciphertext authentication The authentication password for interfaces attached to a network segment must be identical Hot Standby Distributed routers support OSPF Hot Standby...

Страница 652: ...s so that they will not remove their adjacencies with it and advertise the adjacencies The GR Restarter re establishes neighborships and updates its own routing table and forwarding table based on the...

Страница 653: ...same VPN can use OSPF as the internal routing protocol but they are treated as different ASs An OSPF route learned by a site will be forwarded to another site as an external route which leads to heav...

Страница 654: ...765 OSPF Database Overflow z RFC 2328 OSPF Version 2 z RFC 3101 OSPF Not So Stubby Area NSSA Option z RFC 3137 OSPF Stub Router Advertisement z RFC 3630 Traffic Engineering Extensions to OSPF Version...

Страница 655: ...ad balanced Routes Optional Configuring a Priority Optional Configuring OSPF Route Control Configuring OSPF Route Redistribution Optional Configuring OSPF Packet Timers Optional Specifying an LSA Tran...

Страница 656: ...the interface To run OSPF a router must have a Router ID which is the unique identifier of the router in the AS z You can specify a Router ID when creating the OSPF process Any two routers in an AS m...

Страница 657: ...to multiple areas you can further configure some areas as stub areas or NSSA areas as needed If connectivity between the backbone and a non backbone area or within the backbone itself cannot be achiev...

Страница 658: ...Using the default cost command only takes effect on the ABR of a stub area z The backbone area cannot be a totally stub area z A totally stub area cannot have an ASBR because AS external routes canno...

Страница 659: ...rtual link To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name Enter area view area area id Configure a virtual l...

Страница 660: ...gment Prerequisites Before configuring OSPF network types you have configured z IP addresses for interfaces making neighboring nodes accessible with each other at network layer z OSPF basic functions...

Страница 661: ...ed The DR priority configured with the ospf dr priority command and the one configured with the peer command have the following differences z The former is for actual DR election z The latter is to in...

Страница 662: ...address cost value dr priority dr priority Required if the interface type is P2MP unicast Configuring the OSPF Network Type for an Interface as P2P Follow these steps to configure the OSPF network ty...

Страница 663: ...command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name Enter OSPF area view area area id Configure ABR route summarization abr su...

Страница 664: ...ugh ACLs and IP address prefixes z Filtering routing information by next hop through the filtering criteria configured with the gateway keyword z Filtering routing information by destination address t...

Страница 665: ...e Interface bandwidth If the calculated cost is greater than 65535 the value of 65535 is used if the calculated cost is less than 1 the value of 1 is used If no cost is configured for an interface OSP...

Страница 666: ...n improve link utilization Follow these steps to configure the maximum number of load balanced routes To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router...

Страница 667: ...tem view Enter OSPF view ospf process id router id router id vpn instance instance name Configure OSPF to redistribute routes from another protocol import route protocol process id all processes allow...

Страница 668: ...and type for redistributed routes Tags are used to indicate information related to protocols For example when redistributing BGP routes OSPF uses tags to identify AS IDs Follow these steps to configur...

Страница 669: ...p information and collecting log information Prerequisites Before configuring OSPF network optimization you have configured z IP addresses for interfaces z OSPF basic functions Configuring OSPF Packet...

Страница 670: ...default values after you change the network type for an interface z The dead interval should be at least four times the hello interval on an interface z The poll interval is at least four times the h...

Страница 671: ...frequent SPF calculation applies at the minimum interval If network changes become frequent SPF calculation interval is incremented by incremental interval 2n 2 n is the number of calculation times ea...

Страница 672: ...erval is 0 milliseconds and the incremental interval is 5000 milliseconds With this command configured when network changes are not frequent LSAs are generated at the minimum interval If network chang...

Страница 673: ...3 means a link to the stub network so the cost of the link remains unchanged A value of 1 2 or 4 means a point to point link a link to a transit network or a virtual link In such cases a maximum cost...

Страница 674: ...tication for the interface ospf authentication mode simple cipher plain password Configure the authentication mode MD5 authentication for the interface ospf authentication mode hmac md5 md5 key id cip...

Страница 675: ...reduce the burden of the backbone area Follow these steps to make them compatible To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn in...

Страница 676: ...OSPF network management To do Use the command Remarks Enter system view system view Bind OSPF MIB to an OSPF process ospf mib binding process id Optional The OSPF process with the smallest process id...

Страница 677: ...r will need to receive and process large numbers of packets Configuring OSPF to give priority to receiving and processing Hello packets helps ensure stable neighbor relationships Follow these steps to...

Страница 678: ...t carry link local signaling LLS and out of band re synchronization OOB extension information Configuring the OSPF GR Restarter You can configure the IETF standard or non IETF standard OSPF GR Restart...

Страница 679: ...timer Optional 120 seconds by default Configuring the OSPF GR Helper You can configure the IETF standard or non IETF standard OSPF GR Helper Configuring the IETF standard OSPF GR Helper Follow these...

Страница 680: ...rt reset ospf process id process graceful restart Required Available in user view Configuring BFD for OSPF After discovering neighbors by sending hello packets OSPF notifies BFD of the neighbor addres...

Страница 681: ...or information display ospf process id peer verbose interface type interface number neighbor id Display neighbor statistics of OSPF areas display ospf process id peer statistics Display next hop infor...

Страница 682: ...in user view OSPF Configuration Examples These examples only cover commands for OSPF configuration Configuring OSPF Basic Functions Network requirements z As shown in the following figure all switches...

Страница 683: ...hC system view SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 network 10 2 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 network 10 4 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 quit SwitchC...

Страница 684: ...ter Area 10 2 1 0 24 10 Transit 10 2 1 1 10 2 1 1 0 0 0 1 10 3 1 0 24 4 Inter 10 1 1 2 10 3 1 1 0 0 0 0 10 4 1 0 24 13 Stub 10 2 1 2 10 4 1 1 0 0 0 1 10 5 1 0 24 14 Inter 10 1 1 2 10 3 1 1 0 0 0 0 10...

Страница 685: ...2 10 5 1 0 24 10 Stub 10 5 1 1 10 5 1 1 0 0 0 2 10 1 1 0 24 12 Inter 10 3 1 1 10 3 1 1 0 0 0 2 Total Nets 5 Intra Area 2 Inter Area 3 ASE 0 NSSA 0 On Switch D ping the IP address 10 4 1 1 to check con...

Страница 686: ...em view SwitchC ip route static 3 1 2 1 24 10 4 1 2 On Switch C configure OSPF to redistribute static routes SwitchC ospf 1 SwitchC ospf 1 import route static 4 Verify the configuration Display the AB...

Страница 687: ...figure z Switch A and Switch B are in AS 200 which runs OSPF z Switch C Switch D and Switch E are in AS 100 which runs OSPF z An eBGP connection is established between Switch B and Switch C Switch C...

Страница 688: ...witchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD ospf SwitchD ospf 1 area 0 SwitchD ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchD ospf 1 area...

Страница 689: ...oop0 5 Configure summary route 10 0 0 0 8 on Switch B and advertise it SwitchB ospf 1 asbr summary 10 0 0 0 8 Display the OSPF routing table of Switch A SwitchA display ip routing table Routing Tables...

Страница 690: ...1 with Router ID 10 4 1 1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10 2 1 1 0 0 0 1 3 10 2 1 1 ABR Inter 10 3 1 1 0 0 0 1 5 10 2 1 1 ABR Inter 10 5 1 1 0 0 0 1 7 1...

Страница 691: ...SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 stub SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit Display OSPF routing information on Switch C SwitchC display ospf routing OSPF...

Страница 692: ...0 4 Inter 10 2 1 1 10 2 1 1 0 0 0 1 10 2 1 0 24 3 Transit 10 2 1 2 10 4 1 1 0 0 0 1 10 4 1 0 24 3 Stub 10 4 1 1 10 4 1 1 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 After this configur...

Страница 693: ...mary SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure Switch C SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 nssa SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit It...

Страница 694: ...Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 22 Inter 10 3 1 1 10 3 1 1 0 0 0 2 10 3 1 0 24 10 Transit 10 3 1 2 10 3 1 1 0 0 0 2 10 4 1 0 24 25 Inter 10 3 1 1 10 3 1 1...

Страница 695: ...t Configure Switch B SwitchB system view SwitchB router id 2 2 2 2 SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB...

Страница 696: ...Neighbor is up for 00 01 28 Authentication Sequence 0 Router ID 4 4 4 4 Address 192 168 1 4 GR State Normal State Full Mode Nbr is Master Priority 1 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due...

Страница 697: ...ter ID 3 3 3 3 Address 192 168 1 3 GR State Normal State Full Mode Nbr is Slave Priority 2 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due in 33 sec Neighbor is up for 00 11 15 Authentication Sequ...

Страница 698: ...1 41 Authentication Sequence 0 Switch A becomes the DR and Switch C is the BDR If the neighbor state is full it means Switch D has established the adjacency with the neighbor If the neighbor state is...

Страница 699: ...0 1 1 2 24 Vlan int100 10 3 1 2 24 Vlan int100 10 3 1 1 24 Virtual link Vlan int200 10 2 1 1 24 Vlan int200 10 2 1 2 24 Area 1 Configuration procedure 1 Configure IP addresses for interfaces omitted 2...

Страница 700: ...ing OSPF Process 1 with Router ID 2 2 2 2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 2 Transit 10 2 1 1 3 3 3 3 0 0 0 1 10 1 1 0 24 2 Transit 10 1 1 2...

Страница 701: ...ame OSPF routing domain are GR capable z Switch A acts as the non IETF standard GR Restarter whereas Switch B and Switch C are the GR Helpers and re synchronize their LSDB with Switch A through OOB co...

Страница 702: ...OSPF Graceful Restart event debugging and then perform OSPF Graceful Restart on Switch A SwitchA debugging ospf event graceful restart SwitchA terminal monitor SwitchA terminal debugging SwitchA reset...

Страница 703: ...n OSPF The AS is divided into three areas z Switch A and Switch B work as ABRs z Configure Switch C as an ASBR to redistribute external routes static routes and configure a filter policy on Switch C t...

Страница 704: ...10 1 1 2 Vlan100 10 4 1 0 24 OSPF 10 13 10 2 1 2 Vlan200 10 5 1 0 24 OSPF 10 14 10 1 1 2 Vlan100 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 4 On Switch C filter...

Страница 705: ...ip routing table Routing Tables Public Destinations 10 Routes 10 Destination Mask Proto Pre Cost NextHop Interface 3 1 1 0 24 O_ASE 150 1 10 2 1 2 Vlan200 3 1 2 0 24 O_ASE 150 1 10 2 1 2 Vlan200 10 1...

Страница 706: ...SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 0 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit SwitchB interface vlan interface 10 SwitchB Vlan interfa...

Страница 707: ...event SwitchA terminal debugging When the link between Switch B and the Layer 2 switch fails you can see that Switch A can quickly detect the changes on Switch B Nov 12 18 34 48 823 2005 SwitchA BFD 5...

Страница 708: ...emoved its neighbor relationship with Switch B and therefore no information is output SwitchA display ospf peer OSPF Process 1 with Router ID 192 168 1 40 Neighbor Brief Information Troubleshooting OS...

Страница 709: ...command to display neighbors 2 Use the display ospf interface command to display OSPF interface information 3 Use the display ospf lsdb command to display the Link State Database to check its integrit...

Страница 710: ...Redistribution 1 22 Configuring IS IS Route Filtering 1 23 Configuring IS IS Route Leaking 1 24 Tuning and Optimizing IS IS Networks 1 24 Configuration Prerequisites 1 24 Specifying Intervals for Send...

Страница 711: ...uring BFD for IS IS 1 35 Displaying and Maintaining IS IS 1 35 IS IS Configuration Example 1 36 IS IS Basic Configuration 1 36 DIS Election Configuration 1 41 Configuring IS IS Route Redistribution 1...

Страница 712: ...sense or an Ethernet switch running routing protocols IS IS Overview Intermediate System to Intermediate System IS IS is a dynamic routing protocol designed by the International Organization for Stan...

Страница 713: ...identifies an abstract network service access point and describes the network address in the OSI reference model IS IS address format 1 NSAP As shown in Figure 1 1 an NSAP address consists of the Ini...

Страница 714: ...e transport layer information It is a special NSAP address with the SEL being 0 Therefore the length of the NET is equal to the NSAP and is in the range 8 bytes to 20 bytes Generally a router only nee...

Страница 715: ...z The Level 1 routers in different areas can not establish neighbor relationships z The neighbor relationship establishment of Level 2 routers has nothing to do with area Figure 1 2 shows an IS IS ne...

Страница 716: ...uting information of the entire IS IS routing domain but does not share the information of other Level 1 areas and the Level 2 area with the Level 1 area by default Since a Level 1 router simply sends...

Страница 717: ...achment address MAC address on a broadcast network will be elected A router can be the DIS for different levels IS IS DIS election differs from OSPF DIS election in that z A router with priority 0 can...

Страница 718: ...U format Figure 1 5 PDU format Common header format Figure 1 6 shows the PDU common header format Figure 1 6 PDU common header format Intradomain routing protocol discriminator Reserved Version R ID l...

Страница 719: ...rs to establish and maintain neighbor relationships A hello packet is also called an IS to IS hello PDU IIH For broadcast networks the Level 1 routers use the Level 1 LAN IIHs and the Level 2 routers...

Страница 720: ...t on the point to point networks Figure 1 8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH the P2P IIH has a Local Circuit ID field LSP packet format The Link State PDUs LSP c...

Страница 721: ...er generating the LSP is connected to multiple areas z OL LSDB Overload Indicates that the LSDB is not complete because the router runs out of memory In this case other routers will not send packets t...

Страница 722: ...chronize the LSDB between neighboring routers On broadcast networks CSNP is sent by the DIS periodically 10s by default On point to point networks CSNP is only sent during the first adjacency establis...

Страница 723: ...CLV format Figure 1 13 CLV format Table 1 2 shows that different PDUs contain different CLVs Table 1 2 CLV name and the corresponding PDU type CLV Code Name PDU Type 1 Area Addresses IIH LSP 2 IS Neig...

Страница 724: ...switching from AMB to SMB IS IS can work immediately The other HSB is to backup only the configuration information of IS IS during the switching from AMB to SMB After the graceful restart GR the IS IS...

Страница 725: ...d allowing a maximum of only 256 fragments to be generated by an IS IS router limits the amount of link information that the IS IS router can advertise The LSP fragment extension feature allows an IS...

Страница 726: ...m belongs to which originating system therefore no limitation is imposed on the link state information of the extended LSP fragments advertised by the virtual systems The operation mode of LSP fragmen...

Страница 727: ...for IS IS IS IS Configuration Task List Complete the following tasks to configure IS IS Task Remarks Enabling IS IS Configuring the IS Level and Circuit Level Configuring IS IS Basic Functions Config...

Страница 728: ...Before the configuration accomplish the following tasks z Configure the link layer protocol z Configure an IP address for each interface and make sure all neighboring nodes are reachable to each other...

Страница 729: ...ystem view quit Enter interface view interface interface type interface number Specify the circuit level isis circuit level level 1 level 1 2 level 2 Optional The default is Level 1 2 Configuring the...

Страница 730: ...cost style is of another type if the interface bandwidth does not exceed 10 Mbps the interface cost equals 60 if the interface bandwidth does not exceed 100 Mbps the interface cost equals 50 if the i...

Страница 731: ...S IS cost calculation To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify an IS IS cost style cost style wide wide compa...

Страница 732: ...e number range and default vary by device Configuring IS IS Route Summarization This task is to configure a summary route so routes falling into the network range of the summary route are summarized i...

Страница 733: ...ribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network In that case you can configure a limit on the number of redistributed routes t...

Страница 734: ...lated from received LSPs To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Filter routes calculated from received LSPs filter...

Страница 735: ...1 command to filter routes from Level 2 to Level 1 Other routing policies specified for route reception and redistribution does not affect the route leaking Tuning and Optimizing IS IS Networks Config...

Страница 736: ...l 1 and Level 2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level On a P2P link Level 1 and Level 2 hello packets are advertised in P2P hello pack...

Страница 737: ...layer because they are directly encapsulated into frames Therefore any two IS IS neighboring routers need to negotiate a common MTU To avoid sending big hellos for saving bandwidth you can enable the...

Страница 738: ...id vpn instance vpn instance name Specify the LSP refresh interval timer lsp refresh seconds Optional 900 seconds by default Specify the LSP generation interval timer lsp generation maximum interval i...

Страница 739: ...view isis process id vpn instance vpn instance name Specify the maximum length of generated Level 1 LSPs or Level 2 LSPs lsp length originate size level 1 level 2 1497 bytes by default Specify the ma...

Страница 740: ...tworks many P2P links exist The following figure shows a fully meshed network where Routers A B C and D run IS IS When Router A generates an LSP it floods the LSP out Ethernet 1 1 Ethernet 1 2 and Eth...

Страница 741: ...needed Follow these steps to configure the SPF parameters To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Configure the SPF...

Страница 742: ...he password in the received hello packets If the authentication succeeds it forms the neighbor relationship with the peer The authentication mode and password at both ends must be identical Follow the...

Страница 743: ...d5 simple password ip osi Required No routing domain authentication is configured by default Configuring System ID to Host Name Mappings In IS IS a system ID identifies a router or host uniquely A sys...

Страница 744: ...Follow these steps to configure dynamic system ID to host name mapping To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Speci...

Страница 745: ...ult Suppress the SA bit during restart graceful restart suppress sa Optional By default the SA bit is not suppressed Enabling the Logging of Neighbor State Changes Follow these steps to enable the log...

Страница 746: ...BFD on the IS IS interface isis bfd enable Required Not enabled by default For details about IS IS refer to IS IS Configuration in the IP Routing Volume Displaying and Maintaining IS IS To do Use the...

Страница 747: ...d vpn instance vpn instance name Available in any view Display IS IS SPF calculation log information display isis spf log process id vpn instance vpn instance name Available in any view Display IS IS...

Страница 748: ...lan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vla...

Страница 749: ...IS IS LSDB of each switch to check the LSP integrity SwitchA display isis lsdb Database information for ISIS 1 Level 1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL 0000 0000 000...

Страница 750: ...0x00000014 0x194a 1051 111 1 0 0 0000 0000 0003 01 00 0x00000002 0xabdb 854 55 0 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload Level 2 Link State Database LSPID Seq Num Checksum...

Страница 751: ...1 1 1 R 192 168 0 0 24 20 NULL Vlan100 10 1 1 1 R 0 0 0 0 0 10 NULL Vlan100 10 1 1 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set SwitchC display isis route Route information...

Страница 752: ...0 0 16 10 NULL Vlan100 Direct D L Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set DIS Election Configuration Network requirements As shown in Figure 1 16 Switch A B C and Switch D...

Страница 753: ...0003 00 SwitchC isis 1 is level level 1 SwitchC isis 1 quit SwitchC interface vlan interface 100 SwitchC Vlan interface100 isis enable 1 SwitchC Vlan interface100 quit Configure Switch D SwitchD syst...

Страница 754: ...ces of Switch C SwitchC display isis interface Interface information for ISIS 1 Interface Vlan interface100 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 Yes No Display information abou...

Страница 755: ...I 64 System Id 0000 0000 0004 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 30s Type L2 PRI 64 Display information about IS IS interfaces of Switch A SwitchA display isis...

Страница 756: ...0 Circuit Id 0000 0000 0001 01 State Up HoldTime 9s Type L2 PRI 100 System Id 0000 0000 0002 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 28s Type L2 PRI 64 SwitchD displ...

Страница 757: ...n interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan...

Страница 758: ...switch SwitchA display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L...

Страница 759: ...NextHop Flags 192 168 0 0 24 10 NULL VLAN300 Direct D L 10 1 1 0 24 20 NULL VLAN300 192 168 0 1 R 10 1 2 0 24 20 NULL VLAN300 192 168 0 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down...

Страница 760: ...op Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L 10 1 2 0 24 10 NULL VLAN200 Direct D L 192 168 0 0 24 10 NULL VLAN300 Direct D L 10 1 4 0 24 10 NULL VLAN300 192 168 0 2 R L 10 1 5 0 24 20 NULL VLAN300...

Страница 761: ...erify the configuration After Router A establishes adjacencies with Router B and Router C they begin to exchange routing information Restart IS IS on Router A which enters into the restart state and s...

Страница 762: ...area Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain Figure 1 19 IS IS authentication configuration Configuration procedu...

Страница 763: ...on between neighbors Specify the MD5 authentication mode and password eRq on VLAN interface 100 of Switch A and on VLAN interface 100 of Switch C SwitchA interface vlan interface 100 SwitchA Vlan inte...

Страница 764: ...tion Specify the MD5 authentication mode and password 1020Sec on Switch C and Switch D SwitchC isis 1 SwitchC isis 1 domain authentication mode md5 1020Sec SwitchC isis 1 quit SwitchD isis 1 SwitchD i...

Страница 765: ...0 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan interface 10 SwitchB Vlan interface10 isis enable SwitchB Vlan interface10 isis bfd enable SwitchB Vlan interface10 quit 3 Configure BFD param...

Страница 766: ...17 isisAdjacencyChange ISIS Level 1 Adjencency IN Circuit 983041 State Change Aug 8 14 54 05 365 2008 SwitchA IFNET 4 LINK UPDOWN vlan10 link status is DOWN Aug 8 14 54 05 366 2008 SwitchA IFNET 4 UPD...

Страница 767: ...isplay bfd session Display the IS IS neighbor information of Switch A You can see that Switch A has removed its neighbor relationship with Switch B and therefore no information is output SwitchA displ...

Страница 768: ...1 Controlling Route Distribution and Reception 1 21 Prerequisites 1 21 Configuring BGP Route Summarization 1 21 Advertising a Default Route to a Peer or Peer Group 1 22 Configuring BGP Route Distribut...

Страница 769: ...1 41 Configuring BGP GR 1 41 Enabling Trap 1 42 Enabling Logging of Peer State Changes 1 42 Configuring BFD for BGP 1 43 Displaying and Maintaining BGP 1 43 Displaying BGP 1 43 Resetting BGP Connectio...

Страница 770: ...4 in this document BGP Overview There are three early BGP versions BGP 1 RFC1105 BGP 2 RFC1163 and BGP 3 RFC1267 The current version in use is BGP 4 RFC 4271 which is the defacto Internet exterior ga...

Страница 771: ...en ASs Formats of BGP Messages Header BGP has five types of messages z Open z Update z Notification z Keep alive z Route refresh They have the same header as shown below Figure 1 1 BGP message header...

Страница 772: ...wn routes Path attributes NLRI Unfeasible routes length 2 Octets N Octets 2 Octets N Octets N Octets Each Update message can advertise a group of feasible routes with identical attributes and the rout...

Страница 773: ...Its format contains only the message header Route refresh A Route refresh message is sent to a peer to request the resending of the specified address family routing information Its format is shown bel...

Страница 774: ...on that is how a route became a BGP route It involves three types z IGP Has the highest priority Routes added to the BGP routing table using the network command have the IGP attribute z EGP Has the se...

Страница 775: ...ations you can apply a routing policy to control BGP route selection by modifying the AS_PATH length By configuring an AS path filtering list you can filter routes based on AS numbers contained in the...

Страница 776: ...smallest MED value the best route if other conditions are the same As shown below traffic from AS10 to AS20 travels through Router B that is selected according to MED Figure 1 8 MED attribute D 9 0 0...

Страница 777: ...do with the local AS Well known community attributes involve z Internet By default all routes belong to the Internet community Routes with this attribute can be advertised to all BGP peers z No_Expor...

Страница 778: ...tching route with the direct next hop is called the recursive route The process of finding a recursive route is route recursion Currently the system supports BGP load balancing based on route recursio...

Страница 779: ...outer D and Router E the route that has AS_PATH unchanged but has NEXT_HOP changed to Router C other BGP transitive attributes are those of the best route BGP route advertisement rules The current BGP...

Страница 780: ...ting table and advertise the route to the eBGP peer You can disable the synchronization feature in the following cases z The local AS is not a transitive AS AS20 is a transitive AS in the above figure...

Страница 781: ...ue the route is added into the routing table and advertised to other BGP peers Figure 1 12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify c...

Страница 782: ...A router that is neither a route reflector nor a client is a non client which has to establish BGP sessions to the route reflector and other non clients as shown below Figure 1 13 Network diagram for...

Страница 783: ...rspective of a non confederation BGP speaker it needs not know sub ASs in the confederation The ID of the confederation is the number of the AS In the above figure AS 200 is the confederation ID The d...

Страница 784: ...like IPv6 To support more network layer protocols IETF extended BGP 4 by introducing Multiprotocol Extensions for BGP 4 MP BGP in RFC 4760 Routers supporting MP BGP can communicate with routers not s...

Страница 785: ...es Attribute z RFC2796 BGP Route Reflection z RFC3065 Autonomous System Confederations for BGP z RFC4271 A Border Gateway Protocol 4 BGP 4 z RFC5291 Outbound Route Filtering Capability for BGP 4 z RFC...

Страница 786: ...oute Attributes Configuring the AS PATH Attribute Optional Configuring BGP Keepalive Interval and Holdtime Optional Configuring the Interval for Sending the Same Update Optional Configuring BGP Soft R...

Страница 787: ...uter ID z If the router ID is specified in BGP view using the undo router id command can make the system select a new router ID Follow these steps to create a BGP connection To do Use the command Rema...

Страница 788: ...peer or peer group peer group name ip address connect interface interface type interface number Required By default BGP uses the outbound interface of the best route to the BGP peer peer group as the...

Страница 789: ...BGP to advertise it to BGP peers The origin attribute of routes advertised in this way is IGP You can also reference a route policy to flexibly control route advertisement The network to be injected...

Страница 790: ...e policy route policy name Required Not redistributed by default Enable default route redistribution into BGP default route imported Optional Not enabled by default Controlling Route Distribution and...

Страница 791: ...cy route policy name suppress policy route policy name Required Not configured by default Advertising a Default Route to a Peer or Peer Group After this task is configured the BGP router sends a defau...

Страница 792: ...sequence z filter policy export z peer filter policy export z peer as path acl export z peer ip prefix export z peer route policy export Only routes pass the first policy can they go to the next and o...

Страница 793: ...next hop before advertisement With BGP and IGP synchronization enabled the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table Follow...

Страница 794: ...efix number reconnect reconnect time percentage value Required to choose any No limit is configured by default Configuring BGP Route Dampening By configuring BGP route dampening you can suppress unsta...

Страница 795: ...e for routes received from a peer or peer group peer group name ip address preferred value value Optional The preferred value is 0 by default Configuring Preferences for BGP Routes A router may run mu...

Страница 796: ...ffic going into an AS When a BGP router obtains from eBGP peers multiple routes to the same destination but with different next hops it considers the route with the smallest MED value as the best rout...

Страница 797: ...onfigure the bestroute compare med command on Router D After that Router D will put routes received from the same AS into a group For the same group the route with the lowest MED is selected Then it c...

Страница 798: ...sure a BGP peer can find the correct next hop in some cases you need to configure the router as the next hop for routes sent to the peer For example as shown in the figure below Router A and Router B...

Страница 799: ...r routes sent to an iBGP peer peer group Configuring the AS PATH Attribute Permit local AS number to appear in routes from a peer peer group In general BGP checks whether the AS_PATH attribute of a ro...

Страница 800: ...he command Remarks Enter system view system view Enter BGP view bgp as number Specify a fake AS number for a peer peer group peer group name ip address fake as as number Optional Not specified by defa...

Страница 801: ...updates to a peer peer group Follow these steps to remove private AS numbers from updates to a peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number...

Страница 802: ...o configure the interval for sending the same update to a peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the interval for sending th...

Страница 803: ...all routes command When a route selection policy is modified you can use the refresh bgp command to refresh the BGP routing table by applying the new policy Following these steps to save all route up...

Страница 804: ...r group peer group name ip address capability advertise orf non standard Optional By default standard BGP ORF capability defined in RFC 5291 and RFC 5292 is supported If the peer supports only non sta...

Страница 805: ...w these steps to enable MD5 authentication for TCP connections To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enable MD5 authentication when establishing a TC...

Страница 806: ...nfigure a peer group and add these peers into this group In this way peers can share the same policy as the peer group When the policy of the group is modified the modification also applies to peers i...

Страница 807: ...gp as number Create an eBGP peer group group group name external Required Specify the AS number for the group peer group name as number as number Required Add a peer into the group peer ip address gro...

Страница 808: ...ty between iBGP peers you need to make them fully meshed But it becomes unpractical when there are large numbers of iBGP peers Configuring route reflectors or confederation can solve it In a large sca...

Страница 809: ...ps Follow these steps to configure a BGP route reflector To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the router as a route reflector and specify...

Страница 810: ...specify the peering sub ASs in the confederation A confederation contains 32 sub ASs at most The AS number of a sub AS is effective only in the confederation Follow these steps to configure a BGP conf...

Страница 811: ...GP session should be less than the Holdtime carried in the Open message z The End Of RIB End of Routing Information Base indicates the end of route updates Enabling Trap After Trap is enabled for BGP...

Страница 812: ...terface Therefore BFD was introduced to solve this problem It can quickly finds neighbors and thus reduce network convergence time Follow these steps to enable BFD for a BGP peer To do Use the command...

Страница 813: ...display bgp routing table dampened Display BGP dampening parameter information display bgp routing table dampening parameter Display BGP routing information originating from different ASs display bgp...

Страница 814: ...twork requirements In the following network run eBGP between Switch A and Switch B and iBGP between Switch B and Switch C so that Switch C can access the network 8 1 1 0 24 connected to Router A Figur...

Страница 815: ...ospf 1 quit SwitchC display bgp peer BGP local router ID 3 3 3 3 Local AS number 65009 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 2 2 2...

Страница 816: ...le Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 8 1 1 0 24 0 0 0 0 0 0 i Display the BGP routing table on Switch B SwitchB display bgp routing table Total Number of Routes...

Страница 817: ...lay the BGP routing table on Switch C SwitchC display bgp routing table Total Number of Routes 4 BGP Local router ID is 3 3 3 3 Status codes valid VPNv4 best best d damped h history i internal s suppr...

Страница 818: ...AS 65009 so that Switch B can obtain the route to 9 1 2 0 24 Configure Switch B SwitchB system view SwitchB ospf 1 SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 SwitchB os...

Страница 819: ...hA display bgp routing table Total Number of Routes 3 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete...

Страница 820: ...break Reply from 8 1 1 1 bytes 56 Sequence 1 ttl 254 time 2 ms Reply from 8 1 1 1 bytes 56 Sequence 2 ttl 254 time 2 ms Reply from 8 1 1 1 bytes 56 Sequence 3 ttl 254 time 2 ms Reply from 8 1 1 1 byte...

Страница 821: ...OSPF to establish the iBGP connection z On Switch C establish an eBGP connection with Switch A and an iBGP connection with Switch B configure BGP to advertise network 9 1 1 0 24 to Switch A so that S...

Страница 822: ...hop 3 1 1 1 is marked with a greater than sign indicating it is the best route because the ID of Switch B is smaller the route with next hop 3 1 2 1 is marked with only an asterisk indicating it is a...

Страница 823: ...Configure No_Export community attribute on Switch A to make routes from AS 10 not advertised by AS 20 to any other AS Figure 1 23 Network diagram for BGP community configuration Configuration procedu...

Страница 824: ...p routing table Total Number of Routes 1 BGP Local router ID is 3 3 3 3 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED Loc...

Страница 825: ...GP z Between Switch A and Switch B is an eBGP connection between Switch C and Switch B and between Switch C and Switch D are iBGP connections z Switch C is a route reflector with clients Switch B and...

Страница 826: ...ter id 4 4 4 4 SwitchD bgp peer 194 1 1 1 as number 200 SwitchD bgp quit 3 Configure the route reflector Configure Switch C SwitchC bgp 200 SwitchC bgp peer 193 1 1 2 reflect client SwitchC bgp peer 1...

Страница 827: ...n i n t 3 0 0 Vlan int400 Vlan int500 Vlan int400 Vlan int500 Vlan int200 Vlan int200 Vlan int300 Vlan int200 Device Interface IP address Device Interface IP address Switch A Vlan int100 200 1 1 1 24...

Страница 828: ...iBGP connections in AS65001 Configure Switch A SwitchA bgp 65001 SwitchA bgp peer 10 1 3 2 as number 65001 SwitchA bgp peer 10 1 3 2 next hop local SwitchA bgp peer 10 1 4 2 as number 65001 SwitchA b...

Страница 829: ...n i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65001 100i SwitchB display bgp routing table 9 1 1 0 BGP local router ID 2 2 2 2 Local AS number 6500...

Страница 830: ...al route information from Switch A and generate the same BGP route entries it seems like that they reside in the same AS although they have no direct connection in between BGP Path Selection Configura...

Страница 831: ...1 area 0 0 0 0 network 193 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 195 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD o...

Страница 832: ...nd apply_med_100 which sets the MED for route 1 0 0 0 8 to 100 SwitchA route policy apply_med_50 permit node 10 SwitchA route policy if match acl 2000 SwitchA route policy apply cost 50 SwitchA route...

Страница 833: ...g policy localpref to routes from peer 193 1 1 1 SwitchC bgp 200 SwitchC bgp peer 193 1 1 1 route policy localpref import SwitchC bgp quit Display the routing table on Switch D SwitchD display bgp rou...

Страница 834: ...face10 ip address 10 1 0 100 24 SwitchB Vlan interface10 quit 2 Configure BGP basic functions Configure Switch A SwitchA bgp 100 SwitchA bgp peer 10 1 0 100 as number 100 SwitchA bgp peer 10 1 0 100 b...

Страница 835: ...t Num 52 Send Pkt Num 50 Hold Time 1600ms Connect Type Direct Running Up for 00 00 01 Auth mode None Protocol BGP Diag Info No Diagnostic After the link between Switch A and Switch B fails display the...

Страница 836: ...s omitted Configure the eBGP connection SwitchA system view SwitchA bgp 65008 SwitchA bgp router id 1 1 1 1 SwitchA bgp peer 200 1 1 1 as number 65009 Inject network 8 0 0 0 8 to the BGP routing table...

Страница 837: ...the connection to a peer cannot become established Analysis To become BGP peers any two routers need to establish a TCP session using port 179 and exchange Open messages successfully Solution 1 Use th...

Страница 838: ...Static Routing 1 1 Features of IPv6 Static Routes 1 1 Default IPv6 Route 1 1 Configuring an IPv6 Static Route 1 1 Configuration prerequisites 1 2 Configuring an IPv6 Static Route 1 2 Displaying and M...

Страница 839: ...routes also have shortcomings any topology changes could result in unavailable routes requiring the network administrator to manually configure and modify the static routes Features of IPv6 Static Rou...

Страница 840: ...reference preference value Required The default preference of IPv6 static routes is 60 Displaying and Maintaining IPv6 Static Routes To do Use the command Remarks Display IPv6 static route information...

Страница 841: ...c route on SwitchC SwitchC system view SwitchC ipv6 route static 0 5 2 3 Configure the IPv6 addresses of hosts and gateways Configure the IPv6 addresses of all the hosts based upon the network diagram...

Страница 842: ...ping command SwitchA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Sequence 2 hop limit 254 time 62 ms...

Страница 843: ...ng Route Summarization 1 5 Advertising a Default Route 1 5 Configuring a RIPng Route Filtering Policy 1 6 Configuring a Priority for RIPng 1 6 Configuring RIPng Route Redistribution 1 6 Tuning and Opt...

Страница 844: ...128 bit destination address prefix z Next hop 128 bit IPv6 address z Source address RIPng uses FE80 10 as the link local source address RIPng Working Mechanism RIPng is a routing protocol based on th...

Страница 845: ...iguration in the IP Routing Volume RIPng Packet Format Basic format A RIPng packet consists of a header and multiple route table entries RTEs The maximum number of RTEs in a packet depends on the IPv6...

Страница 846: ...ested routing information to the requesting router in the response packet Response packet The response packet containing the local routing table information is generated as z A response to a request z...

Страница 847: ...a Default Route z Configuring a RIPng Route Filtering Policy z Configuring a Priority for RIPng z Configuring RIPng Route Redistribution Before the configuration accomplish the following tasks first...

Страница 848: ...Summarization Follow these steps to configure RIPng route summarization To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Adver...

Страница 849: ...ting information Configuring a Priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection You can set a priority for RIPng manually The smaller the value is...

Страница 850: ...ancing Configuring RIPng Timers You can adjust RIPng timers to optimize the performance of the RIPng network Follow these steps to configure RIPng timers To do Use the command Remarks Enter system vie...

Страница 851: ...are recommended to enable split horizon to prevent routing loops Configuring the poison reverse function The poison reverse function enables a route learned from an interface to be advertised through...

Страница 852: ...d Configure the maximum number of equal cost RIPng routes for load balancing maximum load balancing number Optional The value defaults to 8 Displaying and Maintaining RIPng To do Use the command Remar...

Страница 853: ...em view SwitchA ripng 1 SwitchA ripng 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ripng 1 enable SwitchA Vlan interface100 quit SwitchA interface vlan interface 400 SwitchA V...

Страница 854: ...2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Display the routing table of Switch A SwitchA d...

Страница 855: ...1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE00 1235 on Vlan interface100 Dest 1 64 via FE80 20F E2FF FE00 1235 cost 1 tag 0 A 2 Sec Dest 4 64 via FE80 20F E2FF FE0...

Страница 856: ...SwitchB Vlan interface100 ripng 100 enable SwitchB Vlan interface100 quit SwitchB ripng 200 SwitchB ripng 200 quit SwitchB interface vlan interface 300 SwitchB Vlan interface300 ripng 200 enable Switc...

Страница 857: ...esses on Switch B SwitchB ripng 100 SwitchB ripng 100 default cost 3 SwitchB ripng 100 import route ripng 200 SwitchB ripng 100 quit SwitchB ripng 200 SwitchB ripng 200 import route ripng 100 SwitchB...

Страница 858: ...rect NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 4 64 Protocol RIPng NextHop FE80 200 BFF FE01 1C02 Preference 100 Interface Vlan100 Cost 4 Destination FE80 10 Protocol Direct NextHop...

Страница 859: ...tion Control 1 8 Prerequisites 1 8 Configuring OSPFv3 Route Summarization 1 8 Configuring OSPFv3 Inbound Route Filtering 1 9 Configuring an OSPFv3 Cost for an Interface 1 9 Configuring the Maximum Num...

Страница 860: ...ii Configuring OSPFv3 Route Redistribution 1 23 Configuring OSPFv3 GR 1 26 Troubleshooting OSPFv3 Configuration 1 28 No OSPFv3 Neighbor Relationship Established 1 28 Incorrect Routing Information 1 28...

Страница 861: ...ic sense or a Layer 3 switch z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features Introduction to OSPFv3 OSPFv3 Overview Open Shortest Path First version 3 OSPFv3 supports IPv6 a...

Страница 862: ...etwork LSA Originated for broadcast and NBMA networks by the Designated Router This LSA contains the list of routers connected to the network Flooded throughout a single area only z Inter Area Prefix...

Страница 863: ...llo packet from a neighbor within a period it will declare the peer is down The period is called the dead interval After sending an LSA to its adjacency a router waits for an acknowledgment from the a...

Страница 864: ...OSPFv3 Route Summarization Optional Configuring OSPFv3 Inbound Route Filtering Optional Configuring an OSPFv3 Cost for an Interface Optional Configuring the Maximum Number of OSPFv3 Load balanced Rou...

Страница 865: ...er ID router id router id Required Enter interface view interface interface type interface number Enable an OSPFv3 process on the interface ospfv3 process id area area id instance instance id Required...

Страница 866: ...le on the ABR of the stub area z If you use the stub command with the keyword no summary on an ABR the ABR advertises a default route in an Inter Area Prefix LSA into the stub area No AS external LSA...

Страница 867: ...e directly reachable to each other through a virtual circuit In the event no such direct link is available you need to change the network type through a command z If direct connections are not availab...

Страница 868: ...ormation Control This section is to configure the control of OSPF routing information advertisement and reception and redistribution from other protocols Prerequisites z Enable IPv6 packet forwarding...

Страница 869: ...ut can be added into the local routing table Configuring an OSPFv3 Cost for an Interface You can configure an OSPFv3 cost for an interface with one of the following two methods z Configure the cost va...

Страница 870: ...tiple equal cost routes to a destination are available enabling load balancing among these routes can improve link utilization Follow these steps to configure the maximum number of load balanced route...

Страница 871: ...default route default route advertise always cost cost type type route policy route policy name Optional Not injected by default Filter redistributed routes filter policy acl6 number ipv6 prefix ipv6...

Страница 872: ...ng z Configure OSPFv3 basic functions Configuring OSPFv3 Timers Follow these steps to configure OSPFv3 timers To do Use the command Remarks Enter system view system view Enter interface view interface...

Страница 873: ...rface To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Configure a DR priority ospfv3 dr priority priority instance instance i...

Страница 874: ...sending OSPFv3 packets Using the silent interface command disables only the interfaces associated with the current process z After an OSPF interface is set to silent direct routes of the interface can...

Страница 875: ...lpers Then the GR Restarter retrieves its adjacencies and LSDB with the help of the GR Helpers Thus the normal data forwarding is ensured Configuring GR Restarter You can configure the GR Restarter ca...

Страница 876: ...bose peer router id Display OSPFv3 neighbor statistics display ospfv3 peer statistic Display OSPFv3 routing table information display ospfv3 process id routing ipv6 address prefix length ipv6 address...

Страница 877: ...nfigure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability Figure 1 2 Network diagram for OSPFv3 area configuration Configuration procedure 1 Configure IPv6 addresse...

Страница 878: ...ace100 ospfv3 1 area 0 SwitchC Vlan interface100 quit SwitchC interface vlan interface 400 SwitchC Vlan interface400 ospfv3 1 area 2 SwitchC Vlan interface400 quit Configure Switch D SwitchD system vi...

Страница 879: ...ted route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 2001 64 Type IA Cost 2 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 Destination 2001 1 64 Type IA Cost 3 NextHop FE80 F40D 0 93D0 1 Interf...

Страница 880: ...ination 2001 2 64 Type I Cost 1 NextHop directly connected Interface Vlan400 Destination 2001 3 64 Type IA Cost 4 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 4 Configure Area 2 as a totally stub area...

Страница 881: ...on configuration Configuration procedure 1 Configure IPv6 addresses for interfaces omitted 2 Configure OSPFv3 basic functions Configure Switch A SwitchA system view SwitchA ipv6 SwitchA ospfv3 SwitchA...

Страница 882: ...i State Dead Time Interface Instance ID 2 2 2 2 1 2 Way DROther 00 00 36 Vlan200 0 3 3 3 3 1 Full Backup 00 00 35 Vlan100 0 4 4 4 4 1 Full DR 00 00 33 Vlan200 0 Display neighbor information on Switch...

Страница 883: ...DROther 00 00 36 Vlan200 0 3 3 3 3 2 Full Backup 00 00 40 Vlan100 0 4 Restart DR BDR election Use the shutdown and undo shutdown commands on interfaces to restart DR BDR election omitted Display neigh...

Страница 884: ...faces omitted 2 Configure OSPFv3 basic functions Enable OSPFv3 process 1 on Switch A SwitchA system view SwitchA ipv6 SwitchA ospfv3 1 SwitchA ospfv3 1 router id 1 1 1 1 SwitchA ospfv3 1 quit SwitchA...

Страница 885: ...ng table Routing Table Destinations 6 Routes 6 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 3 64 Protocol Direct NextHop 3 2 Preference 0 Interface Vla...

Страница 886: ...3 NextHop FE80 200 CFF FE01 1C03 Preference 150 Interface Vlan300 Cost 3 Destination 3 64 Protocol Direct NextHop 3 2 Preference 0 Interface Vlan300 Cost 0 Destination 3 2 128 Protocol Direct NextHop...

Страница 887: ...ul restart enable SwitchA ospfv3 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ospfv3 1 area 1 SwitchA Vlan interface100 quit Enable OSPFv3 on Switch B and set the router ID to...

Страница 888: ...ospfv3 peer command 2 Display OSPFv3 interface information using the display ospfv3 interface command 3 Ping the neighbor router s IP address to check connectivity 4 Check OSPF timers The dead interva...

Страница 889: ...t area configuration using the display current configuration configuration command If more than two areas are configured at least one area is connected to the backbone 5 In a Stub area all routers are...

Страница 890: ...ring IPv6 IS IS Basic Functions 1 2 Configuration Prerequisites 1 2 Configuration Procedure 1 2 Configuring IPv6 IS IS Routing Information Control 1 2 Configuration Prerequisites 1 2 Configuration Pro...

Страница 891: ...m to Intermediate System intra domain routing information exchange protocol supports multiple network protocols including IPv6 IS IS with IPv6 support is called IPv6 IS IS dynamic routing protocol The...

Страница 892: ...is process id Required Not enabled by default Configure the network entity title for the IS IS process network entity net Required Not configured by default Enable IPv6 for the IS IS process ipv6 enab...

Страница 893: ...2 IPv6 routes ipv6 import route limit number Optional The default value depends on the SRPU models LPU models and their working modes Configure the filtering of outgoing redistributed routes ipv6 filt...

Страница 894: ...Available in any view Display IS IS neighbor information display isis peer statistics verbose process id vpn instance vpn instance name Available in any view Display IPv6 IS IS routing information di...

Страница 895: ...n interface100 isis ipv6 enable 1 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 0...

Страница 896: ...hC Vlan interface300 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 is level level 2 SwitchD isis 1 network entity 20 0000 0000 0004 00 SwitchD isis 1 ipv6 enable SwitchD is...

Страница 897: ...Peer Group 1 7 Configuring Outbound Route Filtering 1 8 Configuring Inbound Route Filtering 1 9 Configuring IPv6 BGP and IGP Route Synchronization 1 9 Configuring Route Dampening 1 10 Configuring IPv6...

Страница 898: ...ii IPv6 BGP Basic Configuration 1 21 IPv6 BGP Route Reflector Configuration 1 23 Troubleshooting IPv6 BGP Configuration 1 24 No IPv6 BGP Peer Relationship Established 1 24...

Страница 899: ...tion Examples z Troubleshooting IPv6 BGP Configuration IPv6 BGP Overview BGP 4 was designed to carry only IPv4 routing information and thus other network layer protocols such as IPv6 are not supported...

Страница 900: ...nal Advertising a Default Route to an IPv6 Peer Peer Group Optional Configuring Outbound Route Filtering Optional Configuring Inbound Route Optional Configuring IPv6 BGP and IGP Route Synchronization...

Страница 901: ...IP addresses are configured for any interfaces Enter IPv6 address family view ipv6 family Specify an IPv6 peer peer ipv6 address as number as number Required Injecting a Local IPv6 Route Follow these...

Страница 902: ...nd For information about using a routing policy to set a preferred value refer to the command peer group name ipv4 address ipv6 address route policy route policy name import export in this document an...

Страница 903: ...e command Remarks Enter system view system view Enter BGP view bgp as number Enter IPv6 address family view ipv6 family Allow the establishment of eBGP connection to a non directly connected peer peer...

Страница 904: ...eps to configure to log on the session and event information of an IPv6 peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enable logging of peer...

Страница 905: ...ng the import route command cannot redistribute any IGP default route Configuring IPv6 BGP Route Summarization To reduce the routing table size on medium and large BGP networks you need to configure r...

Страница 906: ...number Enter IPv6 address family view ipv6 family Configure the filtering of outgoing routes filter policy acl6 number ipv6 prefix ipv6 prefix name export protocol process id Required Not configured b...

Страница 907: ...ipv6 address filter policy acl6 number import Required Not specified by default Specify an AS path ACL to filter routing information imported from an IPv6 peer peer group peer ipv6 group name ipv6 ad...

Страница 908: ...dampening To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter IPv6 address family view ipv6 family Configure IPv6 BGP route dampening parameters dampening ha...

Страница 909: ...sure an iBGP peer can find the correct next hop you can configure routes advertised to the IPv6 iBGP peer peer group to use the local router as the next hop If BGP load balancing is configured the loc...

Страница 910: ...s path neglect Optional Enabled by default Configure to carry only the public AS number in updates sent to a peer peer group peer ipv6 group name ipv6 address public as only Optional By default IPv6 B...

Страница 911: ...pply the new policy Prerequisites Before configuring IPv6 BGP timers you need to z Enable IPv6 z Configure IPv6 BGP basic functions Configuring IPv6 BGP Timers Follow these steps to configure IPv6 BGP...

Страница 912: ...cy peer ipv6 group name ipv6 address keep all routes Optional Not saved by default Return to user view return Soft reset BGP connections manually refresh bgp ipv6 all ipv6 address group ipv6 group nam...

Страница 913: ...P peer peer group peer group name ipv6 address capability advertise orf non standard Optional By default standard BGP ORF capability defined in RFC 5291 and RFC 5292 is supported Enable the ORF IP pre...

Страница 914: ...not limited by AS To guarantee connectivity between iBGP peers you need to make them fully meshed but it becomes unpractical when there are too many iBGP peers Using route reflectors or confederation...

Страница 915: ...by default z To create a pure eBGP peer group you need to specify an AS number for the peer group z If a peer was added into an eBGP peer group you cannot specify any AS number for the peer group Cre...

Страница 916: ...nded community attribute to an IPv6 peer peer group peer ipv6 group name ipv6 address advertise ext community Required Not advertised by default Apply a routing policy to routes advertised to a peer p...

Страница 917: ...ctor fully meshed If clients are fully meshed it is recommended to disable route reflection between clients to reduce routing costs z If a cluster has multiple route reflectors you need to specify the...

Страница 918: ...routing table different origin as Display IPv6 BGP routing flap statistics display bgp ipv6 routing table flap info regular expression as regular expression as path acl as path acl number network addr...

Страница 919: ...amples for IPv6 BGP configuration are similar to those of BGP4 so refer to BGP Configuration in the IP Routing Volume for related information IPv6 BGP Basic Configuration Network requirements In the f...

Страница 920: ...SwitchD ipv6 SwitchD bgp 65009 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer 9 1 1 as number 65009 SwitchD bgp af ipv6 peer 9 2 1 as number 65009 SwitchD bgp af ipv6 q...

Страница 921: ...established iBGP connections with each other IPv6 BGP Route Reflector Configuration Network requirements As shown in the following figure Switch B receives an eBGP update and sends it to Switch C whi...

Страница 922: ...mber 200 SwitchC bgp af ipv6 peer 102 2 as number 200 Configure Switch D SwitchD system view SwitchD ipv6 SwitchD bgp 200 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer...

Страница 923: ...o verify the peer s IPv6 address 3 If the loopback interface is used check whether the peer connect interface command is configured 4 If the peer is not directly connected check whether the peer ebgp...

Страница 924: ...munity List 1 5 Configuring a Route Policy 1 6 Prerequisites 1 6 Creating a Route Policy 1 6 Defining if match Clauses 1 7 Defining apply Clauses 1 8 Displaying and Maintaining the Route Policy 1 10 R...

Страница 925: ...t support IPv6 features z Route policy in this chapter involves both IPv4 route policy and IPv6 route policy Introduction to Route Policy Route Policy and Policy Routing A route policy is used on a ro...

Страница 926: ...ty list configured based on the BGP community attribute can only be used to match BGP routing information Extended community list An extended community list configured based on the BGP extended commun...

Страница 927: ...you need to decide on z IP prefix list name z Matching address range z Extcommunity list sequence number Defining an IP prefix List Define an IPv4 prefix list Identified by name an IPv4 prefix list ca...

Страница 928: ...th a smaller index number is matched first If one item is matched the IPv6 prefix list is passed and the routing information will not go to the next item Follow these steps to define an IPv6 prefix li...

Страница 929: ...e steps to define a community list To do Use the command Remarks Enter system view system view Define a basic community list ip community list basic comm list num deny permit community number list int...

Страница 930: ...g information z apply clauses Specify the actions to be taken on routing information that has satisfied the match criteria such as route attribute modification Prerequisites Before configuring this ta...

Страница 931: ...he deny keyword no routing information can pass it Defining if match Clauses Follow these steps to define if match clauses for a route policy node To do Use the command Remarks Enter system view syste...

Страница 932: ...2 external type1or2 is is level 1 is is level 2 internal nssa external type1 nssa external type2 nssa external type1or2 Optional Not configured by default Match RIP OSPF and IS IS routing information...

Страница 933: ...ernal type 1 type 2 Optional Not set by default Set the extended community attribute for BGP routing apply extcommunity rt as number nn ip address nn 1 16 additive Optional Not set by default for IPv4...

Страница 934: ...dv community list number Display BGP extended community list information display ip extcommunity list ext comm list number Display IPv4 prefix list statistics display ip ip prefix ip prefix name Displ...

Страница 935: ...0 quit SwitchC interface vlan interface 201 SwitchC Vlan interface201 isis enable SwitchC Vlan interface201 quit SwitchC interface vlan interface 202 SwitchC Vlan interface202 isis enable SwitchC Vlan...

Страница 936: ...Area 192 168 1 0 24 1562 Stub 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172 17 1 0 24 1 Type2 1 192 168 1 2 192 168 2 2 172 17 2 0 24 1 Type2 1 192 1...

Страница 937: ...bles Routing for Network Destination Cost Type NextHop AdvRouter Area 192 168 1 0 24 1 Transit 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172 17 1 0 2...

Страница 938: ...enable SwitchA Vlan interface100 quit Configure three static routes SwitchA ipv6 route static 20 32 11 2 SwitchA ipv6 route static 30 32 11 2 SwitchA ipv6 route static 40 32 11 2 Configure a route pol...

Страница 939: ...CA03 1 cost 1 tag 0 A 3 Sec Applying a Route Policy to Filter Received BGP Routes Network requirements As shown in the following figure z All the switches run BGP Switch C establishes eBGP connection...

Страница 940: ...SwitchD bgp peer 1 1 3 1 as number 300 SwitchD bgp quit On Switch A inject routes 4 4 4 4 24 5 5 5 5 24 and 6 6 6 6 24 to BGP SwitchA bgp network 4 4 4 4 24 SwitchA bgp network 5 5 5 5 24 SwitchA bgp...

Страница 941: ...olicy rt1 to filter routes received from peer 1 1 3 1 SwitchD bgp 400 SwitchD peer 1 1 3 1 route policy rt1 import Display the BGP routing table information of Switch D SwitchD display bgp routing tab...

Страница 942: ...to display route policy information IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed while the routing protocol runs normally Analysis At least one item of the I...

Страница 943: ...w 1 1 Configuring Traffic Redirecting 1 1 Configuring a QoS Policy 1 2 Applying the QoS Policy 1 2 Displaying and Maintaining QoS Policies 1 3 Policy Routing Configuration Examples 1 4 IPv4 Policy Rou...

Страница 944: ...ion based routing policy routing can make routing decisions based on the source address and other criteria in addition to the destination IP address The S7900E series switches implement policy routing...

Страница 945: ...nter policy view qos policy policy name Associate the class with the traffic behavior in the QoS policy classifier tcl name behavior behavior name To implement policy routing successfully ensure that...

Страница 946: ...os apply policy policy name inbound Required Follow these steps to apply the QoS policy to a VLAN To do Use the command Remarks Enter system view system view Apply the QoS policy to VLANs qos vlan pol...

Страница 947: ...tbound Available in any view Policy Routing Configuration Examples IPv4 Policy Routing Configuration Example Network requirements As shown in Figure 1 1 redirect all packets received on GigabitEtherne...

Страница 948: ...instead of Switch B IPv6 Policy Routing Configuration Example Network requirements As shown in Figure 1 2 redirect all packets received on GigabitEthernet 2 0 1 of Switch A to the next hop 202 2 Figur...

Страница 949: ...licy a quit Apply QoS policy a to the incoming traffic of GigabitEthernet 2 0 1 SwitchA interface gigabitethernet 2 0 1 SwitchA GigabitEthernet2 0 1 qos apply policy a inbound Verification After compl...

Страница 950: ...formation for IP multicast support This document describes z Multicast routing and forwarding overview z Multicast routing and forwarding configuration IGMP Internet Group Management Protocol IGMP is...

Страница 951: ...MP Snooping z Configuring IGMP Snooping Port Functions z Configuring IGMP Snooping Querier z Configuring IGMP Snooping Proxying z Configuring IGMP Snooping Policy Multicast VLAN The multicast VLAN fea...

Страница 952: ...constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups This document describes z Configuring Basic Functions of MLD Snooping z Configuring MLD Snooping Port Fu...

Страница 953: ...st 1 4 Common Notations in Multicast 1 5 Advantages and Applications of Multicast 1 5 Multicast Models 1 6 Multicast Architecture 1 6 Multicast Addresses 1 7 Multicast Protocols 1 11 Multicast Packet...

Страница 954: ...y allowing high efficiency point to multipoint data transmission over a network multicast greatly saves network bandwidth and reduces network load With the multicast technology a network operator can...

Страница 955: ...over the network is proportional to the number of hosts that need the information If a large number of users need the information the information source needs to send a copy of the same information t...

Страница 956: ...ficant waste of network resources Multicast As discussed above unicast and broadcast techniques are unable to provide point to multipoint data transmissions with the minimum network consumption Multic...

Страница 957: ...cast is confined to the same subnet while multicast is not Features of Multicast Multicast has the following features z A multicast group is a multicast receiver set identified by an IP multicast addr...

Страница 958: ...ast group or joins another group Common Notations in Multicast Two notations are commonly used in multicast z G Indicates a rendezvous point tree RPT or a multicast packet that any multicast source se...

Страница 959: ...cific sources Therefore receivers can receive the multicast data from only part of the multicast sources From the view of a receiver multicast sources are not all valid they are filtered SSM model In...

Страница 960: ...in Table 1 2 Table 1 2 Class D IP address blocks and description Address block Description 224 0 0 0 to 224 0 0 255 Reserved permanent group addresses The IP address 224 0 0 0 is reserved and other IP...

Страница 961: ...Host Configuration Protocol DHCP server relay agent 224 0 0 13 All Protocol Independent Multicast PIM routers 224 0 0 14 Resource Reservation Protocol RSVP encapsulation 224 0 0 15 All Core Based Tree...

Страница 962: ...ulticast traffic is intended Possible values of this field are given in Table 1 5 Table 1 5 Values of the Scope field Value Meaning 0 3 F Reserved 1 Interface local scope 2 Link local scope 4 Admin lo...

Страница 963: ...ame MAC address Therefore in Layer 2 multicast forwarding a device may receive some multicast data addressed for other IPv4 multicast groups and such redundant data needs to be filtered by the upper l...

Страница 964: ...neral descriptions about applications and functions of the Layer 2 and Layer 3 multicast protocols in a network For details of these protocols refer to the related configuration manuals in the IP Mult...

Страница 965: ...Border Gateway Protocol MP BGP is used for exchanging multicast routing information among different ASs For the SSM model multicast routes are not divided into inter domain routes and intra domain rou...

Страница 966: ...packet transmission in the network unicast routing tables or multicast routing tables for example the MBGP routing table specially provided for multicast must be used as guidance for multicast forwar...

Страница 967: ...an instance resides on different PE devices Multi Instance Application in Multicast With multi instance multicast enabled a PE is able to z Maintain a set of independent multicast forwarding mechanis...

Страница 968: ...ce z The configuration made in VPN instance view only takes effect on the VPN instance interface only An interface that does not belong to any VPN instance is called public instance interface z For mo...

Страница 969: ...iguration Prerequisites 1 8 Configuring Multicast Static Routes 1 8 Configuring a Multicast Routing Policy 1 9 Configuring a Multicast Forwarding Range 1 10 Configuring the Multicast Forwarding Table...

Страница 970: ...ast implementations multicast routing and forwarding are implemented by three types of tables z Each multicast routing protocol has its own multicast routing table such as PIM routing table z The info...

Страница 971: ...RPF interface and the next hop is the RPF neighbor z The router automatically chooses an optimal multicast static route by searching its multicast static routing table using the IP address of the pack...

Страница 972: ...uter discards the packet 2 If the corresponding S G entry exists and the interface on which the packet actually arrived is the incoming interface the router forwards the packet to all the outgoing int...

Страница 973: ...icast network and multicast traffic follows the same transmission path as unicast traffic does By configuring a multicast static route for a given multicast source you can change the RPF route so as t...

Страница 974: ...ed an RPF static route z A multicast static route is effective only on the multicast router on which it is configured and will not be advertised throughout the network or redistributed to other router...

Страница 975: ...t hop router to the last hop router Concepts in multicast traceroute 1 Last hop router If a router has one of its interfaces connecting to the subnet the given destination address is on and if the rou...

Страница 976: ...arding Range Optional Configuring the Multicast Forwarding Table Size Optional Configuring Static Multicast MAC Address Entries Optional Configuring Multicast Routing and Forwarding Tracing a Multicas...

Страница 977: ...t routing protocol so that all devices in the domain are interoperable at the network layer z Enable PIM PIM DM or PIM SM Before configuring multicast routing and forwarding prepare the following data...

Страница 978: ...Follow these steps to configure a multicast routing policy in the public instance To do Use the command Remarks Enter system view system view Configure the device to select the RPF route based on the...

Страница 979: ...lticast routing entries however can exhaust the router s memory and thus result in lower router performance You can set a limit on the number of entries in the multicast forwarding table based on the...

Страница 980: ...w ip vpn instance vpn instance name Configure the maximum number of entries in the multicast forwarding table multicast forwarding table route limit limit Optional 1000 by default Configure the maximu...

Страница 981: ...ration is effective for the specified interface When configuring a static multicast MAC address entry in interface view or port group view the configuration is effective only for the current interface...

Страница 982: ...mask length incoming interface interface type interface number register outgoing interface exclude include match interface type interface number register Available in any view Display information of...

Страница 983: ...outing table Configuration Examples Changing an RPF Route Network requirements z PIM DM runs in the network All switches in the network support multicast z Switch A Switch B and Switch C run OSPF z Ty...

Страница 984: ...ace vlan interface 102 SwitchB Vlan interface102 pim dm SwitchB Vlan interface102 quit Enable IP multicast routing on Switch A and enable PIM DM on each interface SwitchA system view SwitchA multicast...

Страница 985: ...st static route and the RPF neighbor is now Switch C Creating an RPF Route Network requirements z PIM DM runs in the network and all switches in the network support IP multicast z Switch B and Switch...

Страница 986: ...face SwitchA system view SwitchA multicast routing enable SwitchC interface vlan interface 300 SwitchC Vlan interface300 pim dm SwitchC Vlan interface300 quit SwitchC interface vlan interface 102 Swit...

Страница 987: ...es to Source 2 exist on Switch B and Switch C The source is the configured static route Multicast Forwarding over GRE Tunnels Network requirements z Multicast routing and PIM DM are enabled on Switch...

Страница 988: ...1 1 1 SwitchC Tunnel0 quit 3 Configure OSPF Configure OSPF on Switch A SwitchA ospf 1 SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 2...

Страница 989: ...n interface102 pim dm SwitchC Vlan interface102 quit SwitchC interface tunnel 0 SwitchC Tunnel0 pim dm SwitchC Tunnel0 quit 5 Configure a static multicast route On Switch C configure a static multicas...

Страница 990: ...n the configuration you can use the display multicast routing table static config command to view the detailed configuration information of multicast static routes to verify that the multicast static...

Страница 991: ...1 Use the display pim routing table command to check whether the corresponding S G entries exist on the router If so the router has received the multicast data otherwise the router has not received t...

Страница 992: ...nfiguration Prerequisites 1 12 Configuring IGMP Message Options 1 12 Configuring IGMP Query and Response Parameters 1 13 Configuring IGMP Fast Leave Processing 1 16 Configuring IGMP SSM Mapping 1 16 C...

Страница 993: ...eries is in an IRF it operates as a distributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume IGMP Overview As a TCP IP protocol responsible for IP multicast group...

Страница 994: ...router will act as the IGMP querier on the subnet In IGMPv1 the designated router DR elected by the working multicast routing protocol such as PIM serves as the IGMP querier For more information about...

Страница 995: ...r the router forwards the multicast data to the local subnet and then the receivers on the subnet receive the data As IGMPv1 does not specifically define a Leave Group message upon leaving a multicast...

Страница 996: ...ier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group Enhancements in IGMPv3 Built upon and being c...

Страница 997: ...the report sender requests the multicast data from any sources but those defined in the specified multicast source list z TO_IN The filtering mode has changed from Exclude to Include z TO_EX The filt...

Страница 998: ...igured on Router A Router A cannot provide SSM service and drops the message z If G is in the SSM group range and the IGMP SSM mappings have been configured on Router A for multicast group G Router A...

Страница 999: ...ilter mode and source list Such an entry is a collection of members in the same multicast group on each downstream interface A proxy device performs host functions on the upstream interface based on t...

Страница 1000: ...Proxying Configuring Multicast Forwarding on a Downstream Interface Optional z Configurations performed in IGMP view are effective on all interfaces while configurations performed in interface view a...

Страница 1001: ...by default Enabling IGMP in a VPN instance Follow these steps to enable IGMP in a VPN instance To do Use the command Remarks Enter system view system view Create a VPN instance and enter VPN instance...

Страница 1002: ...rface interface type interface number Configure an IGMP version on the interface igmp version version number Optional IGMPv2 by default Configuring Static Joining After an interface is configured as a...

Страница 1003: ...you can set an ACL rule on the interface as a packet filter so that the interface maintains only the multicast groups matching the criteria Follow these steps to configure a multicast group filter To...

Страница 1004: ...unctions of IGMP Before adjusting IGMP performance prepare the following data z Startup query interval z Startup query count z IGMP general query interval z IGMP querier s robustness variable z Maximu...

Страница 1005: ...n Enable insertion of the Router Alert option into IGMP messages send router alert Optional By default IGMP messages carry the Router Alert option Configuring IGMP packet options on an interface Follo...

Страница 1006: ...ill their Max Response time field Namely for IGMP group specific queries the maximum response time equals the IGMP last member query interval When multiple multicast routers exist on the same subnet t...

Страница 1007: ...For the system default see Note below Configure the startup query count igmp startup query count value Optional For the system default see Note below Configure the IGMP query interval igmp timer quer...

Страница 1008: ...IGMP querier may change frequently on the network z Make sure that the IGMP query interval is greater than the maximum response time for IGMP general queries otherwise multicast group members may be...

Страница 1009: ...Enter public instance or VPN instance IGMP view igmp vpn instance vpn instance name Configure an IGMP SSM mapping ssm mapping group address mask mask length source address Required No IGMP mappings ar...

Страница 1010: ...tocols such as PIM DM or PIM SM on interfaces with IGMP proxying enabled or vice versa However the source lifetime source policy and ssm policy commands configured in PIM view can still take effect In...

Страница 1011: ...Available in any view Display layer 2 port information for IGMP multicast groups on a distributed device display igmp group port info vlan vlan id slot slot number verbose Available in any view Displ...

Страница 1012: ...r 2 port information about IGMP multicast groups of static joins The reset igmp group command may cause an interruption of receivers reception of multicast data IGMP Configuration Examples Basic IGMP...

Страница 1013: ...configuration steps are omitted here 2 Enable IP multicast routing and enable PIM DM and IGMP Enable IP multicast routing on Switch A enable PIM DM on each interface and enable IGMP on VLAN interface...

Страница 1014: ...ce vlan interface 200 Vlan interface200 10 110 2 1 IGMP is enabled Current IGMP version is 2 Value of query interval for IGMP in seconds 60 Value of other querier present interval for IGMP in seconds...

Страница 1015: ...n steps are omitted here Configure OSPF for interoperability among the switches Ensure the network layer interoperation on the PIM SM domain and dynamic update of routing information among the switche...

Страница 1016: ...104 SwitchD pim c rp vlan interface 104 SwitchD pim quit 4 Configure the SSM group range Configure the SSM group range 232 1 1 0 24 on Switch D SwitchD acl number 2000 SwitchD acl basic 2000 rule per...

Страница 1017: ...133 133 1 1 232 1 1 1 Protocol pim ssm Flag UpTime 00 13 25 Upstream interface Vlan interface104 Upstream neighbor 192 168 4 2 RPF prime neighbor 192 168 4 2 Downstream interface s information Total n...

Страница 1018: ...uit SwitchA interface vlan interface 100 SwitchA Vlan interface100 igmp enable SwitchA Vlan interface100 pim dm SwitchA Vlan interface100 quit Enable IP multicast routing on Switch B IGMP Proxying on...

Страница 1019: ...Analysis z The correctness of networking and interface connections and whether the protocol layer of the interface is up directly affect the generation of group membership information z Multicast rou...

Страница 1020: ...lysis z A router running IGMP maintains multiple parameters for each interface and these parameters influence one another forming very complicated relationships Inconsistent IGMP interface parameter c...

Страница 1021: ...ation Prerequisites 1 18 Enabling PIM SM 1 19 Configuring an RP 1 20 Configuring a BSR 1 22 Configuring Administrative Scoping 1 26 Configuring Multicast Source Registration 1 28 Disabling SPT Switcho...

Страница 1022: ...M Configuration Example 1 54 Troubleshooting PIM Configuration 1 57 Failure of Building a Multicast Distribution Tree Correctly 1 57 Multicast Data Abnormally Terminated on an Intermediate Router 1 58...

Страница 1023: ...mediate system to intermediate system IS IS or border gateway protocol BGP Independent of the unicast routing protocols running on the device multicast routing can be implemented as long as the corres...

Страница 1024: ...z When a new receiver on a previously pruned branch joins a multicast group to reduce the join latency PIM DM uses a graft mechanism to resume data forwarding to that branch Generally speaking the mu...

Страница 1025: ...ulticast group down to this node z An S G entry contains the multicast source address S multicast group address G outgoing interface list and incoming interface z For a given multicast stream the inte...

Страница 1026: ...access network where more than one multicast router exists by electing a unique multicast forwarder on the multi access network Figure 1 2 Assert mechanism As shown in Figure 1 2 after Router A and R...

Страница 1027: ...n as the common node or rendezvous point RP through which the multicast data travels along the RPT and reaches the receivers z When a receiver is interested in the multicast data addressed to a specif...

Страница 1028: ...DR However if IGMPv1 runs on any multi access network in a PIM DM domain a DR must be elected to act as the IGMPv1 querier on that multi access network z IGMP must be enabled on a device that acts as...

Страница 1029: ...one BSR but can have multiple candidate BSRs C BSRs Once the BSR fails a new BSR is automatically elected from the C BSRs to avoid service interruption z An RP can serve multiple multicast groups or a...

Страница 1030: ...IP address of the C RP Logical operator of and XOR Logical operator of exclusive or Mod Modulo operator which gives the remainder of an integer division RPT establishment Figure 1 5 RPT establishment...

Страница 1031: ...in Figure 1 6 the multicast source registers with the RP as follows 1 When the multicast source S sends the first multicast packet to multicast group G the DR directly connected with the multicast sou...

Страница 1032: ...RP or the DR at the receiver side to initiate an SPT switchover process 1 The RP initiates an SPT switchover process Upon receiving the first multicast packet the RP sends an S G join message hop by h...

Страница 1033: ...ains one BSR which serves multicast groups within a specific range Multicast protocol packets such as assert messages and bootstrap messages for a specific group range cannot cross the admin scope zon...

Страница 1034: ...address ranges Each admin scope zone serves specific multicast groups Usually these addresses have no intersections however they may overlap one another Figure 1 8 Relationship between admin scope zo...

Страница 1035: ...T is required there is no source registration process and there is no need of using the multicast source discovery protocol MSDP for discovering sources in other PIM domains Compared with the ASM mode...

Страница 1036: ...s used to refer to a join message Multi Instance PIM A multicast router running multiple instances maintains an independent set of PIM neighbor table multicast routing table BSR information and RP set...

Страница 1037: ...es messages from the PIM neighbors When deploying a PIM DM domain you are recommended to enable PIM DM on all non border interfaces of the routers Enabling PIM DM globally in the public instance Follo...

Страница 1038: ...lticast forwarding when the pruned state times out To prevent this the router with the multicast source attached periodically sends an S G state refresh message which is forwarded hop by hop along the...

Страница 1039: ...s Enter system view system view Enter public instance PIM view or VPN instance PIM view pim vpn instance vpn instance name Configure the interval between state refresh messages state refresh interval...

Страница 1040: ...lobal scope zone Optional Configuring Multicast Source Registration Optional Disabling SPT Switchover Optional Configuring PIM Common Features Optional Configuration Prerequisites Before configuring P...

Страница 1041: ...ter system view system view Enable IP multicast routing multicast routing enable Required Disable by default Enter interface view interface interface type interface number Enable PIM SM pim sm Require...

Страница 1042: ...f there is only one dynamic RP in a network manually configuring a static RP can avoid communication interruption due to single point failures and avoid frequent message exchange between C RPs and the...

Страница 1043: ...olicy acl number priority priority holdtime hold interval advertisement interval adv interval Required No C RPs are configured by default Configure a legal C RP address range and the range of multicas...

Страница 1044: ...onal 60 seconds by default Configure C RP timeout time c rp holdtime interval Optional 150 seconds by default For the configuration of other timers in PIM SM refer to Configuring PIM Common Timers Con...

Страница 1045: ...g as the neighbor router discards these bootstrap messages Therefore with a legal BSR address range configured on all routers in the entire network all these routers will discard bootstrap messages fr...

Страница 1046: ...igure a PIM domain border pim bsr boundary Required By default no PIM domain border is configured Configuring global C BSR parameters In each PIM SM domain a unique BSR is elected from C BSRs The C RP...

Страница 1047: ...IP address and RP Set information through bootstrap messages within the entire zone it serves The BSR floods bootstrap messages throughout the network at the interval of BS BSR state period Any C BSR...

Страница 1048: ...e zones Each admin scope zone maintains a BSR which serves a specific multicast group range while the global scope zone also maintains a BSR which serves all the rest multicast groups Enabling adminis...

Страница 1049: ...cted from C BSRs C RPs in the network send advertisement messages to the specific BSR The BSR summarizes the advertisement messages to form an RP set and advertises it to all routers in the specific a...

Страница 1050: ...obal scope zone level or admin scope zone level the corresponding global values will be used For configuration of global C BSR parameters see Configuring global C BSR parameters Configuring Multicast...

Страница 1051: ...all routers that may become source side DRs Follow these steps to configure register related parameters To do Use the command Remarks Enter system view system view Enter public instance PIM view or VP...

Страница 1052: ...use spt switch threshold infinity command on a switch that may become an RP namely a static RP or a C RP Configuring PIM SSM The PIM SSM model needs the support of IGMPv3 Therefore be sure to enable...

Страница 1053: ...e interface type interface number Enable PIM SM pim sm Required Disabled by default Enabling PIM SM in a VPN instance Follow these steps to enable PIM SM in a VPN instance To do Use the command Descri...

Страница 1054: ...multicast groups within this address range are using the PIM SSM model Perform the following configuration on all routers in the PIM SM domain Follow these steps to configure an SSM multicast group ra...

Страница 1055: ...ne Message Sizes Optional Configuration Prerequisites Before configuring PIM common features complete the following tasks z Configure any unicast routing protocol so that all devices in the domain are...

Страница 1056: ...icast data filter by default z Generally a smaller distance from the filter to the multicast source results in a more remarkable filtering effect z This filter works not only on independent multicast...

Страница 1057: ...lowed to wait before sending a prune override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead it maintains the current...

Страница 1058: ...im hello option dr priority priority Optional 1 by default Configure PIM neighbor timeout time pim hello option holdtime interval Optional 105 seconds by default Configure the prune message delay time...

Страница 1059: ...has lost assert election will prune its downstream interface and maintain the assert state for a period of time When the assert state times out the assert losers will resume multicast forwarding When...

Страница 1060: ...ault If there are no special networking requirements we recommend that you use the default settings Configuring Join Prune Message Sizes A larger join prune message size will result in loss of a large...

Страница 1061: ...erface type interface number verbose Available in any view View the information of join prune messages to send display pim all instance vpn instance vpn instance name join prune mode sm flags flag val...

Страница 1062: ...ub network N2 through their respective VLAN interface 200 and to Switch D through VLAN interface 101 and VLAN interface 102 respectively z IGMPv2 is to run between Switch A and N1 and between Switch B...

Страница 1063: ...uit The configuration on Switch B and Switch C is similar to that on Switch A Enable IP multicast routing on Switch D and enable PIM DM on each interface SwitchD system view SwitchD multicast routing...

Страница 1064: ...PIM routing table information on each switch For example View the PIM routing table information on Switch A SwitchA display pim routing table Total 1 G entry 1 S G entry 225 1 1 1 Protocol pim dm Flag...

Страница 1065: ...C are multicast receivers in two stub networks z Switch D connects to the network that comprises the multicast source Source through VLAN interface 300 z Switch A connects to stub network N1 through V...

Страница 1066: ...nfigure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1 11 Detailed configuration steps are omitted here Configure the OSPF protocol for in...

Страница 1067: ...quit On Switch E configure the service scope of RP advertisements specify a C BSR and a C RP and set the hash mask length to 32 and the priority of the C BSR to 20 SwitchE system view SwitchE acl num...

Страница 1068: ...cope Not scoped Candidate RP 192 168 4 2 Vlan interface105 Priority 0 HoldTime 150 Advertisement Interval 60 Next advertisement scheduled at 00 00 34 View the BSR information and the locally configure...

Страница 1069: ...ween Switch D and Switch E Upon receiving multicast data Switch A immediately switches from the RPT to the SPT Switches on the RPT path Switch A and Switch E have a G entry while switches on the SPT p...

Страница 1070: ...View the PIM routing table information on Switch E SwitchE display pim routing table Total 1 G entry 0 S G entry 225 1 1 0 RP 192 168 9 2 local Protocol pim sm Flag WC UpTime 00 13 16 Upstream interfa...

Страница 1071: ...int104 Vlan int108 Vlan int107 Vlan int107 Vlan int109 Vlan int109 Vlan int500 V l a n i n t 1 0 5 Vlan int108 Vlan int400 Vlan int110 Vlan int110 Vlan int106 V l a n i n t 6 0 0 Vlan int100 Vlan int...

Страница 1072: ...interface 100 SwitchA Vlan interface100 igmp enable SwitchA Vlan interface100 pim sm SwitchA Vlan interface100 quit SwitchA interface vlan interface 101 SwitchA Vlan interface101 pim sm SwitchA Vlan i...

Страница 1073: ...tem view SwitchD interface vlan interface 107 SwitchD Vlan interface107 multicast boundary 239 0 0 0 8 SwitchD Vlan interface107 quit 4 Configure C BSRs and C RPs On Switch B configure the service sco...

Страница 1074: ...Scope Global Uptime 00 01 45 Expires 00 01 25 Elected BSR Address 10 110 1 2 Priority 0 Hash mask length 30 State Elected Scope 239 0 0 0 8 Uptime 00 04 54 Next BSR message scheduled at 00 00 06 Cand...

Страница 1075: ...y pim bsr info Elected BSR Address 10 110 9 1 Priority 0 Hash mask length 30 State Elected Scope Global Uptime 00 11 11 Next BSR message scheduled at 00 00 49 Candidate BSR Address 10 110 9 1 Priority...

Страница 1076: ...roup MaskLen 224 0 0 0 4 RP 10 110 9 1 local Priority 0 HoldTime 150 Uptime 00 00 32 Expires 00 01 58 PIM SSM Configuration Example Network requirements z Receivers receive VOD information through mul...

Страница 1077: ...itch B Vlan int200 10 110 2 1 24 Switch E Vlan int104 192 168 3 2 24 Vlan int103 192 168 2 1 24 Vlan int103 192 168 2 2 24 Switch C Vlan int200 10 110 2 2 24 Vlan int102 192 168 9 2 24 Vlan int104 192...

Страница 1078: ...chA pim SwitchA pim ssm policy 2000 SwitchA pim quit The configuration on Switch B Switch C Switch D and Switch E is similar to that on Switch A 4 Verify the configuration Carry out the display pim in...

Страница 1079: ...rwarding entries That is a multicast distribution tree cannot be built correctly and clients cannot receive multicast data Analysis z When PIM DM runs on the entire network multicast data is flooded f...

Страница 1080: ...eighbor command to view the PIM neighbor information 4 Check that PIM and IGMP are enabled on the interfaces directly connecting to the multicast source and to the receivers 5 Check that the same PIM...

Страница 1081: ...rp info command to check whether the same static RP address has been configured on all the routers in the entire network RPT Establishment Failure or Source Registration Failure in PIM SM Symptom C RP...

Страница 1082: ...pport of the RP and BSR Use the display pim bsr info command to check whether the BSR information is available on each router and then use the display pim rp info command to check whether the RP infor...

Страница 1083: ...uring MSDP Peer Connection Control 1 12 Configuring SA Messages Related Parameters 1 12 Configuration Prerequisites 1 12 Configuring SA Message Content 1 13 Configuring SA Request Messages 1 13 Config...

Страница 1084: ...to discover multicast source information in other PIM SM domains In the basic PIM SM mode a multicast source registers only with the RP in the local PIM SM domain and the multicast source information...

Страница 1085: ...side RP creates SA messages and sends the messages to its remote MSDP peer to notify the MSDP peer of the locally registered multicast source information A source side MSDP peer must be created on the...

Страница 1086: ...exists in the domain PIM SM 1 and RP 1 has learned the existence of Source through multicast source registration If RPs in PIM SM 2 and PIM SM 3 also wish to know the specific location of Source so th...

Страница 1087: ...he multicast source side so that it can directly join the SPT rooted at the source over other PIM SM domains Then the multicast data can flow along the SPT to RP 2 and is forwarded by RP 2 to the rece...

Страница 1088: ...e as the MSDP peer address which means that the MSDP peer where the SA is from is the RP that has created the SA message RP 2 accepts the SA message and forwards it to its other MSDP peer RP 3 2 When...

Страница 1089: ...MSDP peers Anycast RP refers to such an application that enables load balancing and redundancy backup between two or more RPs within a PIM SM domain by configuring the same IP address for and establis...

Страница 1090: ...PIM SM domain and forward part of the multicast data thus achieving load balancing between different RPs z Redundancy backup between RPs When an RP fails the multicast source previously registered on...

Страница 1091: ...Configuring the SA Cache Mechanism Optional Configuring Basic Functions of MSDP All the configuration tasks should be carried out on RPs in PIM SM domains and each of these RPs acts as an MSDP peer Co...

Страница 1092: ...ystem view quit Enable MSDP and enter VPN instance MSDP view msdp vpn instance vpn instance name Required Disabled by default z For details about the ip vpn instance and route distinguisher commands s...

Страница 1093: ...se the command Remarks Enter system view system view Enter public instance MSDP view or VPN instance MSDP view msdp vpn instance vpn instance name Configure a static RPF peer static rpf peer peer addr...

Страница 1094: ...st traffic On one hand an MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that have passed the RPF check to the other members in the mesh group on the other hand a mes...

Страница 1095: ...to resume operation a TCP connection is required You can flexibly adjust the interval between MSDP peering connection retries Follow these steps to configure MSDP peer connection control To do Use th...

Страница 1096: ...s the same as the local RP address it will discard the SA message In the Anycast RP application however you need to configure RPs with the same IP address on two or more routers in the same PIM SM dom...

Страница 1097: ...ng or forwarding an SA message so that the propagation of multicast source information is controlled at SA message reception or forwarding By configuring a TTL threshold for multicast data packet enca...

Страница 1098: ...cally on the router However the more S G entries are cached the larger memory space of the router is used With the SA cache mechanism enabled when receiving a new G join message the router searches it...

Страница 1099: ...e in user view Clear S G entries in the SA cache reset msdp all instance vpn instance vpn instance name sa cache group address Available in user view Clear all statistics information of an MSDP peer r...

Страница 1100: ...oop0 1 1 1 1 32 Switch F Vlan int105 10 110 6 2 24 Switch C Vlan int104 10 110 4 1 24 Vlan int400 10 110 7 1 24 Vlan int102 192 168 3 1 24 Source 1 10 110 2 100 24 Vlan int101 192 168 1 2 24 Source 2...

Страница 1101: ...0 as a C BSR and a C RP on Switch B SwitchB pim SwitchB pim c bsr loopback 0 SwitchB pim c rp loopback 0 SwitchB pim quit The configuration on Switch C and Switch E is similar to the configuration on...

Страница 1102: ...3 1 connect interface vlan interface 102 SwitchE msdp quit 6 Verify the configuration Carry out the display bgp peer command to view the BGP peering relationships between the switches For example Vie...

Страница 1103: ...work NextHop MED LocPrf PrefVal Path Ogn 1 1 1 1 32 192 168 1 1 0 0 100 i 2 2 2 2 32 192 168 3 2 0 100 0 3 3 3 3 32 0 0 0 0 0 0 192 168 1 0 0 0 0 0 0 0 192 168 1 1 0 0 100 192 168 1 1 32 0 0 0 0 0 0 1...

Страница 1104: ...00 8 0 View the detailed MSDP peer information on Switch B SwitchB display msdp peer status MSDP Peer 192 168 1 2 AS 200 Description Information about connection status State Up Up down time 00 15 47...

Страница 1105: ...o provide unicast routes z PIM SM 2 and PIM SM 3 are both stub domains and BGP or MBGP is not required between these two domains and PIM SM 1 Instead static RPF peers are configured to avoid RPF check...

Страница 1106: ...3 3 32 Vlan int102 192 168 3 1 24 Switch F Vlan int105 10 110 6 2 24 Loop0 1 1 1 1 32 Vlan int400 10 110 7 1 24 Switch C Vlan int101 192 168 1 2 24 Source 1 10 110 2 100 24 Vlan int104 10 110 4 1 24 S...

Страница 1107: ...m c bsr loopback 0 SwitchB pim c rp loopback 0 SwitchB pim quit The configuration on Switch C and Switch E is similar to the configuration on Switch B 4 Configure a static RPF peer Configure Switch C...

Страница 1108: ...brief MSDP peer information on Switch B SwitchB display msdp brief MSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 2 2 0 0 0 0 Peer s Address State Up Down time AS SA Count Rese...

Страница 1109: ...Switch C Vlan int101 192 168 1 2 24 Source 2 10 110 6 100 24 Vlan int102 192 168 2 2 24 Switch A Vlan int300 10 110 5 1 24 Switch D Vlan int200 10 110 3 1 24 Vlan int103 10 110 2 2 24 Vlan int104 10...

Страница 1110: ...witchB LoopBack10 quit SwitchB interface loopback 20 SwitchB LoopBack20 pim sm SwitchB LoopBack20 quit The configuration on Switch A Switch C Switch D and Switch E is similar to the configuration on S...

Страница 1111: ...display pim routing table command When Source 1 10 110 5 100 24 sends multicast data to multicast group G 225 1 1 1 Host A joins multicast group G By comparing the PIM routing information displayed on...

Страница 1112: ...M routing information on Switch B SwitchB display pim routing table No information is output on Switch B View the PIM routing information on Switch D SwitchD display pim routing table Total 1 G entry...

Страница 1113: ...multicast groups 225 1 1 0 30 and 226 1 1 0 30 while Host can receive only the multicast data addressed to multicast groups 226 1 1 0 30 and 227 1 1 0 30 Network diagram Figure 1 8 Network diagram for...

Страница 1114: ...interface101 pim sm SwitchA Vlan interface101 quit SwitchA interface vlan interface 102 SwitchA Vlan interface102 pim sm SwitchA Vlan interface102 quit SwitchA interface loopback 0 SwitchA LoopBack0...

Страница 1115: ...0 30 to Switch D SwitchC acl number 3001 SwitchC acl adv 3001 rule deny ip source 10 110 3 100 0 destination 225 1 1 0 0 0 0 3 SwitchC acl adv 3001 rule permit ip source any destination any SwitchC a...

Страница 1116: ...1 1 1 1 00 32 53 00 05 07 Troubleshooting MSDP MSDP Peers Stay in Down State Symptom The configured MSDP peers stay in the down state Analysis z A TCP connection based MSDP peering relationship is est...

Страница 1117: ...argument and make sure that ACL rule can filter appropriate S G entries Inter RP Communication Faults in Anycast RP Application Symptom RPs fail to exchange their locally registered S G entries with...

Страница 1118: ...command In the Anycast RP application environment be sure to use the originating rp command to configure the RP address in the SA messages which must be the local interface address 4 Verify that the C...

Страница 1119: ...ampening 1 7 Configuring MBGP Route Attributes 1 7 Prerequisites 1 8 Configuring MBGP Route Preferences 1 8 Configuring the Default Local Preference 1 8 Configuring the MED Attribute 1 8 Configuring t...

Страница 1120: ...st topology may be different from the unicast topology To meet the requirement the multiprotocol BGP extensions enable BGP to carry the unicast Network Layer Reachability Information NLRI and multicas...

Страница 1121: ...eer Group Optional Configuring Outbound MBGP Route Filtering Optional Configuring Inbound MBGP Route Filtering Optional Controlling Route Advertisement and Reception Configuring MBGP Route Dampening C...

Страница 1122: ...nd Reception Prerequisites You need to configure MBGP basic functions before configuring this task Configuring MBGP Route Redistribution MBGP can advertise routing information in the local AS to neigh...

Страница 1123: ...tocol process id med med value route policy route policy name Required No route redistribution is configured by default Enable default route redistribution into the MBGP routing table default route im...

Страница 1124: ...bgp as number Enter IPv4 MBGP address family view ipv4 family multicast Advertise a default route to an MBGP peer or peer group peer group name ip address default route advertise route policy route po...

Страница 1125: ...export Reference an IP prefix list to filer route advertisements to an IPv4 MBGP peer peer group peer group name ip address ip prefix ip prefix name export At least one of these approaches is required...

Страница 1126: ...iltering is configured by default Specify the maximum number of routes that can be received from an IPv4 MBGP peer peer group peer group name ip address route limit limit percentage Optional The numbe...

Страница 1127: ...cy name Optional The default preferences of multicast MBGP eBGP MBGP iBGP and local MBGP routes are 255 255 and 130 respectively Configuring the Default Local Preference Follow these steps to configur...

Страница 1128: ...r the peer next hop local command is configured In a third party next hop network that is the local router has two multicast eBGP peers in a broadcast network the router does not specify itself as the...

Страница 1129: ...o configure BGP basic functions before configuring this task Configuring MBGP Soft Reset After modifying a route selection policy you have to reset MBGP connections to make it take effect causing shor...

Страница 1130: ...iginal routes from a peer peer group regardless of whether they pass the inbound filtering policies peer group name ip address keep all routes Required Not kept by default Return to user view return S...

Страница 1131: ...ou need to configure this command For details about the command refer to BGP Commands in the IP Routing Volume Enter MBGP address family view ipv4 family multicast Enable the ORF IP prefix negotiation...

Страница 1132: ...ult due to large numbers of MBGP peers You can configure peer groups to make management easier and improve route distribution efficiency Follow these steps to configure an IPv4 MBGP peer group To do U...

Страница 1133: ...system view system view Enter BGP view bgp as number Enter IPv4 MBGP address family view ipv4 family multicast Advertise the community attribute to an MBGP peer peer group peer group name ip address...

Страница 1134: ...or uses its router ID as the cluster ID z In general it is not required that clients of a route reflector be fully meshed The route reflector forwards routing information between clients If clients ar...

Страница 1135: ...ng information matching an MBGP community list display bgp multicast routing table community list basic community list number whole match adv community list number 1 16 Available in any view Display M...

Страница 1136: ...multicast flap info regexp as path regexp as path acl as path acl number ip address mask mask length Available in user view MBGP Configuration Example Network requirements As shown in the following f...

Страница 1137: ...in the above figure omitted 2 Configure OSPF omitted 3 Enable IP multicast routing PIM SM and IGMP and configure a PIM SM domain border Enable IP multicast routing on Switch A and enable PIM SM on eac...

Страница 1138: ...itchA LoopBack0 pim sm SwitchA LoopBack0 quit SwitchA pim SwitchA pim c bsr loopback 0 SwitchA pim c rp loopback 0 SwitchA pim quit Configure Loopback 0 and configure it as the C BSR and C RP on Switc...

Страница 1139: ...it 7 Verify the configuration You can use the display bgp multicast peer command to display MBGP peers on a switch For example display MBGP peers on Switch B SwitchB display bgp multicast peer BGP loc...

Страница 1140: ...VPN 1 14 Configuration Prerequisites 1 14 Enabling IP Multicast Routing in a VPN Instance 1 14 Configuring a Share Group and an MTI Binding 1 15 Configuring BGP MDT 1 16 Configuration Prerequisites 1...

Страница 1141: ...L3VPN Configuration in the MPLS Volume z For details about BGP refer to BGP Configuration in the IP Routing Volume Introduction to MPLS L3VPN Multicast VPN is a technique that implements multicast del...

Страница 1142: ...PN environment between any two sites that belong to the same VPN packets are transmitted labeled across the public network The PE device at the entrance to the provider backbone attaches two labels to...

Страница 1143: ...ble receivers on the network for that group only those belong to VPN A namely in Site 1 Site 3 or Site 5 can receive the multicast stream The stream is multicast in these sites and in the public netwo...

Страница 1144: ...nnel MT An MT is a tunnel that interconnects all PEs in an MD for delivering private network traffic within the MD Multicast tunnel interface MTI An MTI is the entrance to or exit of an MT equivalent...

Страница 1145: ...thought of as a private data transmission pool and an MTI can be thought of an entrance exit of the pool The local PE device puts the private data into the transmission pool the MD through the entranc...

Страница 1146: ...shed between the public instance interface on a PE device and an interface on the P device across the link z PE PE neighboring relationship PIM neighboring relationship established after a VPN instanc...

Страница 1147: ...ng a share MDT is different in these three PIM modes Share MDT establishment in a PIM DM network Figure 1 5 Share MDT establishment in a PIM DM network As shown in Figure 1 5 PIM DM is enabled in the...

Страница 1148: ...ated on each device along the path in the public network At the same time PE 2 and PE 3 respectively initiate a similar join process Finally an RPT is established in the MD with the public network RP...

Страница 1149: ...ts leaves At the same time PE 2 and PE 3 respectively initiate a similar SPT establishment process Finally three independent SPTs are established in the MD In the PIM SS M network the three independen...

Страница 1150: ...across the public network to establish SPTs The following example explains how multicast protocol packets are delivered based on the share MDT while PIM SM is running in both the public network and th...

Страница 1151: ...ds the join message 5 When receiving the join message the VPN instance on PE 1 considers that it received the message from the MTI PE 1 creates a local 225 1 1 1 state entry with the downstream interf...

Страница 1152: ...nd the VPN instance on PE 1 checks the MVRF If the outgoing interface list of the forwarding entry contains an MTI PE 1 processes the private network multicast data Now the VPN instance on PE 1 consid...

Страница 1153: ...nstance and treat each other as a CE device Figure 1 10 VPN instance VPN instance interconnectivity In the VPN instance VPN instance interconnectivity approach a separate MD needs to be established wi...

Страница 1154: ...T Peers or Peer Groups Required Configuring BGP MDT Configuring a BGP MDT Route Reflector Optional Configuring MD VPN Configuration Prerequisites Before configuring MD VPN complete the following tasks...

Страница 1155: ...e Configuring a Share Group and an MTI Binding By running multiple instances on each PE device you enable the PE device to work for multiple VPNs You need to configure the same share group address for...

Страница 1156: ...oup command refer to Service Lookback Commands in the Access Volume z PIM on the MTI interface takes effect only after PIM is enabled on at least one interface of the VPN instance when PIM is disabled...

Страница 1157: ...client to client reflection to reduce overloads if the clients have been fully meshed The route reflector and its clients form a cluster In general a cluster has only one route reflector whose router...

Страница 1158: ...b the share group address is 239 2 2 2 PE interfaces and VPN instances they belong to z PE 1 VLAN interface 11 and VLAN interface 20 belong to VPN instance a VLAN interface 12 and Loopback 1 belong to...

Страница 1159: ...int13 Vlan int14 Vlan int14 Vlan int15 Vlan int15 Vlan int16 Vlan int16 Vlan int17 Vlan int17 Vlan int18 Vlan int18 Vlan int19 Vlan int19 Device Interface IP address Device Interface IP address S 1 10...

Страница 1160: ...instance a multicast domain share group 239 1 1 1 binding mtunnel 0 PE1 vpn instance a quit Configure an IP address and enable PIM SM and LDP capability on the public network interface VLAN interface...

Страница 1161: ...quit PE1 bgp quit With BGP peers configured on PE 1 the interfaces MTI 0 will automatically obtain an IP address which is the loopback interface address specified in the BGP peer configuration The PI...

Страница 1162: ...ticast routing in VPN instance a configure a share group address associate an MTI with the VPN instance PE2 vpn instance a multicast routing enable PE2 vpn instance a multicast domain share group 239...

Страница 1163: ...vpnv4 peer 1 1 1 1 group vpn g PE2 bgp af vpnv4 peer 1 1 1 3 group vpn g PE2 bgp af vpnv4 quit PE2 bgp quit With BGP peers configured on PE 2 the interfaces MTI 0 and MTI 1 will automatically obtain...

Страница 1164: ...instance a quit Create VPN instance b configure a RD for it and create an egress route and an ingress route for it PE3 ip vpn instance b PE3 vpn instance b route distinguisher 200 1 PE3 vpn instance...

Страница 1165: ...interface loopback 2 PE3 LoopBack2 ip binding vpn instance b PE3 LoopBack2 ip address 33 33 33 33 32 PE3 LoopBack2 pim sm PE3 LoopBack2 quit Configure Loopback 2 as a C BSR and a C RP for VPN b PE3 pi...

Страница 1166: ...3 rip 2 quit PE3 rip 3 vpn instance b PE3 rip 3 network 10 0 0 0 PE3 rip 3 network 33 0 0 0 PE3 rip 3 import route bgp PE3 rip 3 return 4 Configure P Enable IP multicast routing in the public instance...

Страница 1167: ...ce P pim P pim c bsr loopback 1 P pim c rp loopback 1 P pim quit Configure OSPF P ospf 1 P ospf 1 area 0 0 0 0 P ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 P ospf 1 area 0 0 0 0 network 192 168 0 0 0...

Страница 1168: ...dress for VLAN interface 40 and enable IGMP and PIM SM on the interface CEa2 interface vlan interface 40 CEa2 Vlan interface40 ip address 10 110 9 1 24 CEa2 Vlan interface40 igmp enable CEa2 Vlan inte...

Страница 1169: ...an interface17 ip address 10 110 5 2 24 CEa3 Vlan interface17 pim sm CEa3 Vlan interface17 quit Configure an IP address for VLAN interface 16 and enable PIM SM on the interface CEa3 interface vlan int...

Страница 1170: ...PE2 display multicast domain vpn instance b share group local MD local share group information for VPN Instance b Share group 239 2 2 2 MTunnel address 1 1 1 2 View the local share group information o...

Страница 1171: ...ork routes between them z Configure MPLS separately in AS 100 and AS 200 IP multicast routing z Enable IP multicast routing in the public instance on PE 1 PE 2 PE 3 and PE 4 z Enable IP multicast rout...

Страница 1172: ...2 168 1 2 24 Vlan int12 10 11 2 1 24 Loop1 1 1 1 3 32 Loop1 1 1 1 1 32 Loop2 22 22 22 22 32 PE 2 Vlan int2 10 10 1 2 24 PE 4 Vlan int4 10 10 2 2 24 Vlan int3 192 168 1 1 24 Vlan int13 10 11 3 1 24 Loo...

Страница 1173: ...rt extcommunity PE1 vpn instance b multicast routing enable PE1 vpn instance b multicast domain share group 239 4 4 4 binding mtunnel 1 PE1 vpn instance b quit Configure an IP address and enable PIM S...

Страница 1174: ...able PE1 bgp af vpnv4 quit PE1 bgp quit With BGP peers configured on PE 1 the interfaces MTI 0 and MTI 1 will automatically obtain IP addresses which are the loopback interface addresses specified in...

Страница 1175: ...mpls ldp PE2 Vlan interface2 quit Configure an IP address and enable PIM SM and MPLS capability on the public network interface VLAN interface 3 PE2 interface vlan interface 3 PE2 Vlan interface3 ip a...

Страница 1176: ...pe3 ebgp max hop 255 PE2 bgp peer pe2 pe3 route policy map1 export PE2 bgp peer pe2 pe3 label route capability PE2 bgp peer pe2 pe3 connect interface loopback 1 PE2 bgp peer 1 1 1 3 group pe2 pe3 PE2...

Страница 1177: ...nterface 3 PE3 Vlan interface3 ip address 192 168 1 2 24 PE3 Vlan interface3 pim sm PE3 Vlan interface3 mpls PE3 Vlan interface3 quit Configure an IP address for Loopback 1 and enable PIM SM PE3 inter...

Страница 1178: ...pe4 connect interface loopback 1 PE3 bgp peer 1 1 1 2 group pe3 pe4 PE3 bgp quit Configure OSPF PE3 ospf 1 PE3 ospf 1 area 0 0 0 0 PE3 ospf 1 area 0 0 0 0 network 1 1 1 3 0 0 0 0 PE3 ospf 1 area 0 0...

Страница 1179: ...unity PE4 vpn instance b vpn target 200 1 import extcommunity PE4 vpn instance b multicast routing enable PE4 vpn instance b multicast domain share group 239 4 4 4 binding mtunnel 1 PE4 vpn instance b...

Страница 1180: ...bgp b quit PE4 bgp ipv4 family vpnv4 PE4 bgp af vpnv4 peer 1 1 1 1 enable PE4 bgp af vpnv4 quit PE4 bgp quit With BGP peers configured on PE 4 the interfaces MTI 0 and MTI 1 will automatically obtain...

Страница 1181: ...m CEa1 Vlan interface11 quit Configure an IP address for Loopback 1 and enable PIM SM CEa1 interface loopback 1 CEa1 LoopBack1 ip address 2 2 2 2 32 CEa1 LoopBack1 pim sm CEa1 LoopBack1 quit Configure...

Страница 1182: ...0 ip address 10 11 7 1 24 CEa2 Vlan interface30 igmp enable CEa2 Vlan interface30 pim sm CEa2 Vlan interface30 quit Configure an IP address for VLAN interface 13 and enable PIM SM on the interface CEa...

Страница 1183: ...w the share group information of a VPN instance use the display multicast domain vpn instance share group command View the local share group information of VPN instance a on PE 1 PE1 display multicast...

Страница 1184: ...n IP address automatically and PIM is enabled on at least one interface of the VPN instance so that PIM can be enabled on the MTI interface PIM adjacencies can be established between the same VPN inst...

Страница 1185: ...y establish its MVRF z The customer DR must have a route to the private network RP Solution 1 Use the display pim bsr info command to check whether the BSR information exists in the public instance an...

Страница 1186: ...ation Prerequisites 1 15 Enabling IGMP Snooping Querier 1 15 Configuring IGMP Queries and Responses 1 15 Configuring Source IP Address of IGMP Queries 1 17 Configuring IGMP Snooping Proxying 1 17 Conf...

Страница 1187: ...P Snooping Proxying Configuration Example 1 33 Troubleshooting IGMP Snooping Configuration 1 35 Switch Fails in Layer 2 Multicast Forwarding 1 35 Configured Multicast Group Policy Fails to Take Effect...

Страница 1188: ...IRF it operates as a distributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume IGMP Snooping Overview Internet Group Management Protocol Snooping IGMP snooping is...

Страница 1189: ...ing Layer 2 broadcast packets thus saving network bandwidth z Enhancing the security of multicast traffic z Facilitating the implementation of per host accounting Basic Concepts in IGMP Snooping IGMP...

Страница 1190: ...ooping enabled switch deems that all its ports on which IGMP general queries with the source IP address other than 0 0 0 0 or PIM hello messages are received are dynamic router ports For details about...

Страница 1191: ...namic router port When receiving a membership report A host sends an IGMP report to the IGMP querier in the following circumstances z Upon receiving an IGMP query a multicast group member host respond...

Страница 1192: ...the switch discards the IGMP leave message instead of forwarding it to any port z If the forwarding table entry exists and the outgoing port list contains the port the switch forwards the leave messa...

Страница 1193: ...iguration in the IP Multicast volume Figure 1 3 Network diagram for IGMP snooping proxying As shown in Figure 1 3 Switch A works as an IGMP Snooping proxy It represents its attached hosts to send memb...

Страница 1194: ...d an IGMP snooping switch processes multicast protocol messages differently under different conditions specifically as follows 1 If only IGMP is enabled or both IGMP and PIM are enabled on the switch...

Страница 1195: ...erier Optional Configuring IGMP Queries and Responses Optional Configuring IGMP Snooping Querier Configuring Source IP Address of IGMP Queries Optional Enabling IGMP Snooping Proxying Optional Configu...

Страница 1196: ...ggregate interface view or port group view z For IGMP snooping configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports nor do they take part...

Страница 1197: ...lan vlan id Configure the version of IGMP snooping igmp snooping version version number Optional Version 2 by default If you switch IGMP snooping from version 3 to version 2 the system will clear all...

Страница 1198: ...cast group and multicast source addresses Configuring Aging Timers for Dynamic Ports If the switch receives no IGMP general queries or PIM hello messages on a dynamic router port the switch removes th...

Страница 1199: ...t a particular multicast source sends to a particular group you can configure static G or S G joining on that port namely configure the port as a group specific or source and group specific static mem...

Страница 1200: ...ticast router may deem that no member of this multicast group exists on the network segment and therefore will remove the corresponding forwarding path To avoid this situation from happening you can e...

Страница 1201: ...e than one host is attached when one host leaves a multicast group the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group Th...

Страница 1202: ...a VLAN where multicast traffic needs to be Layer 2 switched only and no multicast routers are present the Layer 2 switch will act as the IGMP snooping querier to send IGMP queries thus allowing multic...

Страница 1203: ...onfigure IGMP queries and responses globally To do Use the command Remarks Enter system view system view Enter IGMP snooping view igmp snooping Configure the maximum response time to IGMP general quer...

Страница 1204: ...re the source IP address of IGMP group specific queries igmp snooping special query source ip ip address current interface Optional 0 0 0 0 by default The source address of IGMP query messages may aff...

Страница 1205: ...ing policy prepare the following data z ACL rule for multicast group filtering z The maximum number of multicast groups that can pass the ports z 802 1p precedence for IGMP messages Configuring a Mult...

Страница 1206: ...an join any valid multicast group Configuring Multicast Source Port Filtering With the multicast source port filtering feature enabled on a port the port can be connected with multicast receivers only...

Страница 1207: ...waste and low forwarding efficiency Configuring globally the function of dropping multicast packets Follow these steps to configure globally the function of dropping multicast packets To do Use the co...

Страница 1208: ...ckets Currently the S7900E supports processing unknown multicast data packets destined for up to 2000 unknown multicast addresses at a time The switch floods excessive unknown multicast data packets d...

Страница 1209: ...arding entries persistent to that port from the IGMP snooping forwarding table and the hosts on this port need to join the multicast groups again z If you have configured static or simulated joins on...

Страница 1210: ...ystem view system view interface interface type interface number Enter Ethernet port ONU port Layer 2 aggregate interface view or port group view port group manual port group name Required Use either...

Страница 1211: ...e display igmp snooping group vlan vlan id slot slot number verbose Available in any view Display information about IGMP snooping multicast groups on a distributed IRF device display igmp snooping gro...

Страница 1212: ...nd Host B accidentally temporarily stop receiving multicast data Figure 1 4 Network diagram for group policy simulated joining configuration Source Router A Switch A Receiver Receiver Host B Host A Ho...

Страница 1213: ...cy 2001 vlan 100 SwitchA igmp snooping quit Configure GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 as simulated hosts for multicast group 224 1 1 1 SwitchA interface gigabitethernet 2 0 3 SwitchA G...

Страница 1214: ...member ports for multicast group 224 1 1 1 to enhance the reliability of multicast traffic transmission z Suppose STP runs on the network To avoid data loops the forwarding path from Switch A to Swit...

Страница 1215: ...ace and enable IGMP on GigabitEthernet 2 0 1 RouterA system view RouterA multicast routing enable RouterA interface gigabitethernet 2 0 1 RouterA Gigabitethernet2 0 1 igmp enable RouterA Gigabitethern...

Страница 1216: ...rough GigabitEthernet 2 0 5 to this VLAN and enable IGMP snooping in the VLAN SwitchC vlan 100 SwitchC vlan100 port gigabitethernet 2 0 1 to gigabitethernet 2 0 5 SwitchC vlan100 igmp snooping enable...

Страница 1217: ...MP snooping multicast group information in VLAN 100 on Switch C SwitchC display igmp snooping group vlan 100 verbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic por...

Страница 1218: ...z To prevent flooding of unknown multicast traffic within the VLAN it is required to configure all the switches to drop unknown multicast data packets z Because a switch does not enlist a port that h...

Страница 1219: ...traffic in VLAN 100 SwitchB vlan100 igmp snooping enable SwitchB vlan100 igmp snooping drop unknown SwitchB vlan100 quit Configurations on Switch C and Switch D are similar to the configuration on Swi...

Страница 1220: ...ter A IGMP querier Switch A Proxy Querier Receiver Host B Host A Host C 1 1 1 1 24 GE2 0 4 GE2 0 2 GE2 0 3 GE2 0 1 GE2 0 1 10 1 1 1 24 GE2 0 2 1 1 1 2 24 Receiver Configuration procedure 1 Configure I...

Страница 1221: ...display igmp group command to display information about IGMP snooping multicast groups and IGMP multicast groups For example Display information about IGMP snooping multicast groups on Switch A Switc...

Страница 1222: ...Real VLAN C Copy VLAN Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following ip group s match to one mac group IP group a...

Страница 1223: ...Use the display acl command to check the configured ACL rule Make sure that the ACL rule conforms to the multicast group policy to be implemented 2 Use the display this command in IGMP snooping view...

Страница 1224: ...Based Multicast VLAN 1 4 Configuring Port Based Multicast VLAN 1 4 Configuration Prerequisites 1 5 Configuring User Port Attributes 1 5 Configuring Multicast VLAN Ports 1 5 Configuring the Maximum Nu...

Страница 1225: ...ograms on demand service the Layer 3 device Router A needs to forward a separate copy of the multicast traffic in each user VLAN to the Layer 2 device Switch A This results in not only waste of networ...

Страница 1226: ...n IGMP Snooping manages router ports in the multicast VLAN and member ports in the sub VLANs When forwarding multicast data to Switch A Router A needs to send only one copy of multicast traffic to Swi...

Страница 1227: ...LAN tags refer to VLAN Configuration in the Access Volume Multicast VLAN Configuration Task List Complete the following tasks to configure multicast VLAN Task Remarks Configuring Sub VLAN Based Multic...

Страница 1228: ...AN must exist and must not be sub VLANs of any other multicast VLAN z The total number of sub VLANs of a multicast VLAN must not exceed the maximum number the system can support an S7900E series Ether...

Страница 1229: ...rface interface type interface number Enter interface view or port group view port group manual port group name aggregation agg id Required Use either command Configure the user port link type as hybr...

Страница 1230: ...orts in interface view or port group view To do Use this command Remarks Enter system view system view Configure the specified VLAN as a multicast VLAN and enter multicast VLAN view multicast vlan vla...

Страница 1231: ...ove excessive entries In this case the system does not automatically remove any existing entries or create new entries Displaying and Maintaining Multicast VLAN To do Use the command Remarks Display i...

Страница 1232: ...IP addresses Configure an IP address and subnet mask for each interface as per Figure 1 4 The detailed configuration steps are omitted here 2 Configure Router A Enable IP multicast routing enable PIM...

Страница 1233: ...4 Verify the configuration Display information about the multicast VLAN SwitchA display multicast vlan Total 1 multicast vlan s Multicast vlan 10 subvlan list vlan 2 4 port list no port View the IGMP...

Страница 1234: ...ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Host port s total 1 port GE2 0 4 D MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port GE2 0 4 Vlan id...

Страница 1235: ...ource sends multicast data to multicast group 224 1 1 1 Host A Host B and Host C are receivers of the multicast group z Configure the port based multicast VLAN feature so that Router A just sends mult...

Страница 1236: ...e VLAN 2 as the default VLAN Configure GigabitEthernet 2 0 2 to permit packets of VLAN 2 and VLAN 10 to pass and untag the packets when forwarding them SwitchA interface gigabitethernet 2 0 2 SwitchA...

Страница 1237: ...ort S Static port C Copy port Subvlan flags R Real VLAN C Copy VLAN Vlan id 10 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following...

Страница 1238: ...Configuring IPv6 Multicast Routing and Forwarding 1 5 Configuration Prerequisites 1 5 Configuring an IPv6 Multicast Routing Policy 1 5 Configuring an IPv6 Multicast Forwarding Range 1 5 Configuring t...

Страница 1239: ...X1EA do not support IPv6 features IPv6 Multicast Routing and Forwarding Overview Introduction to IPv6 Multicast Routing and Forwarding In IPv6 multicast implementations multicast routing and forwardin...

Страница 1240: ...urce as the destination address and automatically selects the optimal route as the RPF route The outgoing interface in the corresponding routing entry is the RPF interface and the next hop is the RPF...

Страница 1241: ...entry into the IPv6 multicast forwarding table with the RPF interface as the incoming interface If the interface on which the packet actually arrived is the RPF interface the RPF check succeeds and th...

Страница 1242: ...The RPF check fails and the packet is discarded Configuration Task List Complete these tasks to configure IPv6 multicast routing and forwarding Task Remarks Enabling IPv6 Multicast Routing Optional C...

Страница 1243: ...iew system view Configure the device to select the RPF route based on the longest match multicast ipv6 longest match Optional The route with the highest priority is selected as the RPF route by defaul...

Страница 1244: ...d value When forwarding IPv6 multicast traffic the router replicates a copy of the IPv6 multicast traffic for each downstream node and forwards the traffic and thus each of these downstream nodes form...

Страница 1245: ...r 2 aggregate interface view or port group view interface interface type interface number Required Configurations performed in Ethernet interface view or Layer 2 aggregate interface view take effect f...

Страница 1246: ...view Display the information of the IPv6 multicast routing table display multicast ipv6 routing table ipv6 source address prefix length ipv6 group address prefix length incoming interface interface ty...

Страница 1247: ...ets but there is no corresponding S G entry in the IPv6 PIM routing table Analysis The multicast ipv6 boundary command is used to filter IPv6 multicast packets received on an interface If an IPv6 mult...

Страница 1248: ...14 Configuring MLD Message Options 1 14 Configuring MLD Query and Response Parameters 1 15 Configuring MLD Fast Leave Processing 1 17 Configuring MLD SSM Mapping 1 18 Configuration Prerequisites 1 18...

Страница 1249: ...splaying and Maintaining MLD Configuration z MLD Configuration Examples z Troubleshooting MLD MLD Overview The Multicast Listener Discovery protocol MLD is used by an IPv6 router to discover the prese...

Страница 1250: ...often referred to as queries So a querier election mechanism is required to determine which router will act as the MLD querier on the subnet 1 Initially every MLD router assumes itself as the querier...

Страница 1251: ...ership for G1 Assume it is Host B that sends the report message Upon hearing the report from Host B Host C which is on the same subnet with Host B suppresses its own report for G1 because the MLD rout...

Страница 1252: ...up filtering MLDv2 has introduced IPv6 multicast source filtering modes Include and Exclude so that a host can specify a list of IPv6 multicast sources it expect or does not expect IPv6 multicast data...

Страница 1253: ...s The router keeps tracing the newly added or deleted IPv6 multicast source z Timers Filter timer the time the router waits before switching to the Include mode after an IPv6 multicast address times o...

Страница 1254: ...delay allowed before a host sends a report message Reserved Reserved field and initialized to zero Multicast Address z This field is set to 0 in a general query message z It is set to a specific IPv6...

Страница 1255: ...t message Field Description Type 143 Message type For a report message this field is set to 143 Reserved The Reserved fields are set to 0 on transmission and ignored on reception Checksum Standard IPv...

Страница 1256: ...st C MLDv2 Receiver As shown in Figure 1 5 on an IPv6 SSM network Host A and Host B are running MLDv1 and Host C is running MLDv2 To provide SSM service for all the hosts while it is infeasible to run...

Страница 1257: ...proxy interface is an interface on which MLD proxying is configured It is in the direction toward the root of the multicast forwarding tree An upstream interface acts as a host running MLD therefore...

Страница 1258: ...on an Interface Optional Configuring MLD Message Options Optional Configuring MLD Query and Response Parameters Optional Adjusting MLD Performance Configuring MLD Fast Leave Processing Optional Enabli...

Страница 1259: ...arks Enter system view system view Enable IPv6 multicast routing multicast ipv6 routing enable Required Disable by default Enter interface view interface interface type interface number Enable MLD mld...

Страница 1260: ...re a static member of an IPv6 multicast group or an IPv6 multicast source and group mld static group ipv6 group address source ipv6 source address Required By default an interface is not a static memb...

Страница 1261: ...interface can join any valid IPv6 multicast group Configuring the Maximum Number of IPv6 Multicast Groups on an Interface You can configure the allowed maximum number of the IPv6 multicast groups on...

Страница 1262: ...the information for all IPv6 multicast sources and groups Therefore a router may receive IPv6 multicast packets addressed to IPv6 multicast groups that have no members on the local subnet In this case...

Страница 1263: ...odically sends MLD general queries at the MLD query interval to determine whether any IPv6 multicast group member exists on the network You can modify the query interval based on the actual condition...

Страница 1264: ...nfigure the startup query interval startup query interval interval Optional For the system default see Note below Configure the startup query count startup query count value Optional For the system de...

Страница 1265: ...uery count is set to the MLD querier robustness variable By default the MLD querier robustness variable is 2 so the startup query count is also 2 z If not statically configured the other querier prese...

Страница 1266: ...command Remarks Enter system view system view Enter interface view interface interface type interface number Enable the MLD SSM mapping feature mld ssm mapping enable Required Disabled by default To e...

Страница 1267: ...able MLD proxying on the interface in the direction toward the root of the multicast forwarding tree to make the device serve as an MLD proxy Follow these steps to enable MLD proxying To do Use the co...

Страница 1268: ...of these MLD proxy devices has been elected as the querier Otherwise duplicate multicast flows may be received on the multi access network Displaying and Maintaining MLD Configuration To do Use the c...

Страница 1269: ...efix length Available in user view You cannot use the reset mld group command to clear the MLD multicast group information of static joins The reset mld group port info command cannot clear Layer 2 po...

Страница 1270: ...switches Ensure the network layer interoperation among the switches on the IPv6 PIM network and dynamic update of routing information between the switches through a unicast routing protocol The detail...

Страница 1271: ...n VLAN interface 200 of Switch B SwitchB display mld interface vlan interface 200 Vlan interface200 FE80 200 5EFF FE66 5100 MLD is enabled Current MLD version is 1 Value of query interval for MLD in s...

Страница 1272: ...ed Configure OSPFv3 for interoperability among the switches Ensure the network layer interoperation on the IPv6 PIM SM domain and dynamic update of routing information among the switches through an IP...

Страница 1273: ...D SwitchD pim ipv6 SwitchD pim6 c bsr 1003 2 SwitchD pim6 c rp 1003 2 SwitchD pim6 quit 4 Configure the IPv6 SSM group range Configure the IPv6 SSM group range FF3E 64 on Switch D SwitchD acl ipv6 num...

Страница 1274: ...table information on Switch D SwitchD display pim ipv6 routing table Total 0 G entry 2 S G entry 1001 1 FF3E 101 Protocol pim ssm Flag UpTime 00 13 25 Upstream interface Vlan interface104 Upstream nei...

Страница 1275: ...icast routing on Switch A IPv6 PIM DM on VLAN interface 101 and MLD on VLAN interface 100 SwitchA system view SwitchA multicast ipv6 routing enable SwitchA interface vlan interface 101 SwitchA Vlan in...

Страница 1276: ...Router Symptom When a host sends a message for joining IPv6 multicast group G there is no member information of multicast group G on the immediate router Analysis z The correctness of networking and i...

Страница 1277: ...Inconsistent Memberships on Routers on the Same Subnet Symptom Different memberships are maintained on different MLD routers on the same subnet Analysis z A router running MLD maintains multiple param...

Страница 1278: ...a BSR 1 21 Configuring IPv6 Multicast Source Registration 1 24 Configuring SPT Switchover 1 25 Configuring IPv6 PIM SSM 1 25 IPv6 PIM SSM Configuration Task List 1 25 Configuration Prerequisites 1 26...

Страница 1279: ...cast Distribution Tree Correctly 1 46 IPv6 Multicast Data Abnormally Terminated on an Intermediate Router 1 47 RPs Unable to Join SPT in IPv6 PIM SM 1 47 RPT Establishment Failure or Source Registrati...

Страница 1280: ...uses an IPv6 unicast routing table to perform reverse path forwarding RPF check to implement IPv6 multicast forwarding Independent of the IPv6 unicast routing protocols running on the device IPv6 mul...

Страница 1281: ...ned again z When a new receiver on a previously pruned branch joins an IPv6 multicast group to reduce the join latency IPv6 PIM DM uses the graft mechanism to resume IPv6 multicast data forwarding to...

Страница 1282: ...o that IPv6 multicast group down to this node z An S G entry contains the multicast source address S IPv6 multicast group address G outgoing interface list and incoming interface z For a given IPv6 mu...

Страница 1283: ...assert mechanism is used to shutoff duplicate IPv6 multicast flows onto the same multi access network where more than one multicast routers exists by electing a unique IPv6 multicast forwarder on the...

Страница 1284: ...implement IPv6 multicast forwarding is to build and maintain rendezvous point trees RPTs An RPT is rooted at a router in the IPv6 PIM domain as the common node or rendezvous point RP through which th...

Страница 1285: ...connects to IPv6 multicast sources or to receivers The DR at the receiver side sends join messages to the RP the DR at the IPv6 multicast source side sends register messages to the RP z A DR is electe...

Страница 1286: ...e configured in an IPv6 PIM SM domain among which an RP is dynamically elected through the bootstrap mechanism Each elected RP serves a different multicast group range For this purpose a bootstrap rou...

Страница 1287: ...his algorithm Table 1 1 Values in the hashing algorithm Value Description Value Hash value G The digest from the exclusive or XOR operation between the 32 bit segments of the IPv6 multicast group addr...

Страница 1288: ...orm the directly connected DR 2 Upon getting the IPv6 multicast group G s receiver information the DR sends a join message which is hop by hop forwarded to the RP corresponding to the multicast group...

Страница 1289: ...cast IPv6 multicast packet down the RPT and sends an S G join message hop by hop toward the IPv6 multicast source Thus the routers along the path from the RP to the IPv6 multicast source form an SPT b...

Страница 1290: ...v6 multicast source to establish an SPT between the DR at the source side and the RP Subsequent IPv6 multicast data travels along the established SPT to the RP For details about the SPT switchover ini...

Страница 1291: ...receivers know exactly where an IPv6 multicast source is located by means of advertisements consultancy and so on Therefore no RP is needed no RPT is required and is no source registration process is...

Страница 1292: ...t and receivers as its leaves This SPT is the transmission channel in IPv6 PIM SSM z If not the IPv6 PIM SM process is followed the DR needs to send a G join message to the RP and an IPv6 multicast so...

Страница 1293: ...following data z The interval between state refresh messages z Minimum time to wait before receiving a new refresh message z Hop limit value of state refresh messages z Graft retry period Enabling IPv...

Страница 1294: ...ility pim ipv6 state refresh capable Optional Enabled by default Configuring State Refresh Parameters The router directly connected with the multicast source periodically sends state refresh messages...

Страница 1295: ...Pv6 PIM DM graft is the only type of message that uses the acknowledgment mechanism In an IPv6 PIM DM domain if a router does not receive a graft ack message from the upstream router within the specif...

Страница 1296: ...IPv6 PIM SM complete the following task z Configure any IPv6 unicast routing protocol so that all devices in the domain are interoperable at the network layer Before configuring IPv6 PIM SM prepare th...

Страница 1297: ...he multicast ipv6 routing table command see IPv6 Multicast Routing and Forwarding Commands in the IP Multicast Volume Configuring an RP An RP can be manually configured or dynamically elected through...

Страница 1298: ...ing you need to configure a legal C RP address range and the range of IPv6 multicast groups to be served on the BSR In addition because every C BSR has a chance to become the BSR you need to configure...

Страница 1299: ...distribute the RP Set information within the IPv6 PIM SM domain C RPs must periodically send C RP Adv messages to the BSR The BSR learns the RP Set information from the received messages and encapsul...

Страница 1300: ...t from masquerading as a BSR The same configuration needs to be made on all routers in the IPv6 PIM SM domain The following are typical BSR spoofing cases and the corresponding preventive measures 1 S...

Страница 1301: ...twork into different IPv6 PIM SM domains Bootstrap messages cannot cross a domain border in either direction Perform the following configuration on routers that can become an IPv6 PIM domain border Fo...

Страница 1302: ...the C BSRs Perform the following configuration on C BSR routers Follow these steps to configure C BSR timers To do Use the command Remarks Enter system view system view Enter IPv6 PIM view pim ipv6 C...

Страница 1303: ...de DR Upon receiving this message the DR stops sending register messages encapsulated with IPv6 multicast data and starts a register stop timer When the register stop timer expires the DR sends a null...

Страница 1304: ...l6 number order order value Optional By default the device switches to the SPT immediately after it receives the first IPv6 multicast packet from the RPT For an S7900E series Ethernet switch once an I...

Страница 1305: ...Therefore a router is IPv6 PIM SSM capable after you enable IPv6 PIM SM on it When deploying an IPv6 PIM SM domain you are recommended to enable IPv6 PIM SM on all non border interfaces of routers Fol...

Страница 1306: ...ation on all routers in the IPv6 PIM SM domain Follow these steps to configure the IPv6 SSM group range To do Use the command Remarks Enter system view system view Enter IPv6 PIM view pim ipv6 Configu...

Страница 1307: ...age Sizes Optional Configuration Prerequisites Before configuring IPv6 PIM common features complete the following tasks z Configure any IPv6 unicast routing protocol so that all devices in the domain...

Страница 1308: ...ult z Generally a smaller distance from the filter to the IPv6 multicast source results in a more remarkable filtering effect z This filter works not only on independent IPv6 multicast data but also o...

Страница 1309: ...a downstream router is allowed to wait before sending a prune override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead...

Страница 1310: ...ault Configure IPv6 PIM neighbor timeout time pim ipv6 hello option holdtime interval Optional 105 seconds by default Configure the prune message delay time LAN delay pim ipv6 hello option lan delay i...

Страница 1311: ...has lost assert election will prune its downstream interface and maintain the assert state for a period of time When the assert state times out the assert loser will resume IPv6 multicast forwarding...

Страница 1312: ...time assert interval Optional 180 seconds by default If there are no special networking requirements we recommend that you use the default settings Configuring Join Prune Message Sizes A larger join p...

Страница 1313: ...interface number neighbor ipv6 neighbor address verbose Available in any view View IPv6 PIM neighboring information display pim ipv6 neighbor interface interface type interface number ipv6 neighbor a...

Страница 1314: ...itch B Vlan int200 2001 1 64 Vlan int101 2002 2 64 Vlan int101 2002 1 64 Vlan int102 3001 2 64 Switch C Vlan int200 2001 2 64 Vlan int102 3001 1 64 Configuration procedure 1 Enable IPv6 forwarding and...

Страница 1315: ...terface 101 SwitchD Vlan interface101 pim ipv6 dm SwitchD Vlan interface101 quit SwitchD interface vlan interface 102 SwitchD Vlan interface102 pim ipv6 dm SwitchD Vlan interface102 quit 3 Verify the...

Страница 1316: ...G entry FF0E 101 Protocol pim dm Flag WC UpTime 00 01 24 Upstream interface NULL Upstream neighbor NULL RPF prime neighbor NULL Downstream interface s information Total number of downstreams 1 1 Vlan...

Страница 1317: ...ect to N2 through their respective VLAN interface 200 and to Switch E through VLAN interface 103 and VLAN interface 104 respectively z Vlan interface 105 on Switch D and Vlan interface 102 on Switch E...

Страница 1318: ...M SM on each interface and enable MLD on VLAN interface 100 which connects Switch A to N1 SwitchA system view SwitchA multicast ipv6 routing enable SwitchA interface vlan interface 100 SwitchA Vlan in...

Страница 1319: ...ce NbrCnt HelloInt DR Pri DR Address Vlan100 0 30 1 1001 1 local Vlan101 1 30 1 1002 2 Vlan102 1 30 1 1003 2 To view the BSR election information and the locally configured C RP information in effect...

Страница 1320: ...n prefix prefix length FF0E 101 64 RP 4002 1 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 RP 1003 2 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 Assume that Host A needs to rec...

Страница 1321: ...ormation Total number of downstreams 1 1 Vlan interface100 Protocol pim sm UpTime 00 02 15 Expires 00 03 06 The information on Switch B and Switch C is similar to that on Switch A View the IPv6 PIM mu...

Страница 1322: ...The entire PIM domain operates in the SSM mode z Host A and Host C are IPv6 multicast receivers in two stub networks N1 and N2 z Switch D connects to the network that comprises the IPv6 multicast sour...

Страница 1323: ...002 2 64 Configuration procedure 1 Enable IPv6 forwarding and configure IPv6 addresses and IPv6 unicast routing Enable IPv6 forwarding on each switch and configure the IPv6 address and prefix length f...

Страница 1324: ...guration Use the display pim ipv6 interface command to view the IPv6 PIM configuration and running status on each interface For example View the IPv6 PIM configuration information on Switch A SwitchA...

Страница 1325: ...tree cannot be built correctly and clients cannot receive IPv6 multicast data Analysis z An IPv6 PIM routing entry is created based on an IPv6 unicast route whichever IPv6 PIM mode is running Multica...

Страница 1326: ...been configured through the multicast ipv6 boundary command any IPv6 multicast packet will be kept from crossing the boundary and therefore no routing entry can be created in the IPv6 PIM routing tabl...

Страница 1327: ...lly send advertisement messages to the BSR by unicast If a C RP does not have a route to the BSR the BSR will be unable to receive the advertisements from the C RP and therefore the bootstrap messages...

Страница 1328: ...Configuring IPv6 MBGP Route Attributes 1 7 Configuration Prerequisites 1 8 Configuring IPv6 MBGP Route Preferences 1 8 Configuring the Default Local Preference 1 8 Configuring the MED Attribute 1 8 C...

Страница 1329: ...uting information for IPv4 only IETF defined multi protocol BGP extensions to carry routing information for multiple network layer protocols For an IPv6 network the IPv6 multicast topology need be dif...

Страница 1330: ...figuring IPv6 MBGP Route Dampening Optional Configuring IPv6 MBGP Route Preferences Configuring the Default Local Preference Configuring the MED Attribute Optional Configuring the NEXT_HOP Attribute O...

Страница 1331: ...view bgp as number Enter IPv6 MBGP address family view ipv6 family multicast Specify a preferred value for routes received from the IPv6 MBGP peer peer group peer ipv6 group name ipv6 address preferr...

Страница 1332: ...ot injected by default Configuring IPv6 MBGP Route Redistribution Follow these steps to configure IPv6 MBGP route redistribution To do Use the command Description Enter system view system view Enter B...

Страница 1333: ...name Required Not configured by default Advertising a Default Route to a Peer or Peer Group Follow these steps to advertise a default route to a peer or peer group To do Use the command Remarks Enter...

Страница 1334: ...ple filter policies they will be applied in the following order z filter policy export z peer filter policy export z peer as path acl export z peer ipv6 prefix export z peer route policy export A filt...

Страница 1335: ...rted from a peer peer group peer ipv6 group name ipv6 address route limit limit percentage Optional The number is unlimited by default A peer can has an inbound route filtering policy different from t...

Страница 1336: ...ference values of external internal and local routes are 255 255 and 130 respectively Configuring the Default Local Preference Follow these steps to configure the default local preference To do Use th...

Страница 1337: ...a third party next hop network that is the local router has two IPv6 multicast eBGP peers in a broadcast network the router does not specify itself as the next hop of routes sent to the EBGP peers by...

Страница 1338: ...ions to make it take effect causing short time disconnections After the route refresh capability is enabled on all IPv6 MBGP routers in a network when a route selection policy is modified on a router...

Страница 1339: ...ns manually refresh bgp ipv6 multicast all ipv6 address group ipv6 group name external internal export import Optional Enabling the IPv6 MBGP ORF Capability The BGP Outbound Route Filter ORF feature a...

Страница 1340: ...both receive send Required Not supported by default Table 1 1 Description of the both send and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result receive...

Страница 1341: ...6 MBGP address family view ipv6 family multicast Enable the configured IPv6 unicast BGP peer group to create the IPv6 MBGP peer group peer ipv6 group name enable Required Add the IPv6 MBGP peer into t...

Страница 1342: ...ame export Required Not configured by default z You need to configure a route policy to define the community attribute and apply the policy to outgoing routes z For route policy configuration refer to...

Страница 1343: ...icast paths as regular expression Available in any view Display IPv6 MBGP peer peer group information display bgp ipv6 multicast peer ipv6 address verbose Available in any view Display the prefix entr...

Страница 1344: ...le in any view Display IPv6 MBGP routing statistics display bgp ipv6 multicast routing table statistic Available in any view Display the IPv6 MBGP routing table information display ipv6 multicast rout...

Страница 1345: ...int100 IPv6 MBGP peers IPv6 PIM SM 1 IPv6 PIM SM 2 Device Interface IP address Device Interface IP address Source 1002 100 64 Switch C Vlan int200 3002 1 64 Switch A Vlan int100 1002 1 64 Vlan int102...

Страница 1346: ...er on Switch A SwitchA interface vlan interface 101 SwitchA Vlan interface101 pim ipv6 bsr boundary SwitchA Vlan interface101 quit Configure an IPv6 PIM domain border on Switch B SwitchB interface vla...

Страница 1347: ...mport route ospfv3 1 SwitchB bgp af ipv6 quit SwitchB bgp ipv6 family multicast SwitchB bgp af ipv6 mul peer 1001 1 enable SwitchB bgp af ipv6 mul import route ospfv3 1 SwitchB bgp af ipv6 mul quit Sw...

Страница 1348: ...Prerequisites 1 15 Enabling MLD Snooping Querier 1 15 Configuring MLD Queries and Responses 1 15 Configuring Source IPv6 Addresses of MLD Queries 1 17 Configuring MLD Snooping Proxying 1 17 Configura...

Страница 1349: ...ii MLD Snooping Proxying Configuration Example 1 32 Troubleshooting MLD Snooping 1 35 Switch Fails in Layer 2 Multicast Forwarding 1 35 Configured IPv6 Multicast Group Policy Fails to Take Effect 1 36...

Страница 1350: ...tributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features MLD Snooping Overview Multicast L...

Страница 1351: ...Reducing Layer 2 broadcast packets thus saving network bandwidth z Enhancing the security of multicast traffic z Facilitating the implementation of per host accounting Basic Concepts in MLD Snooping M...

Страница 1352: ...ynamic ports z On an MLD snooping enabled switch the ports that received MLD general queries with the source address other than 0 0 or IPv6 PIM hello messages are dynamic router ports For details abou...

Страница 1353: ...t to the MLD querier in the following circumstances z Upon receiving an MLD query an IPv6 multicast group member host responds with an MLD report z When intended to join an IPv6 multicast group a host...

Страница 1354: ...switch does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address the switch does not immediately remove the port from the outgoing port list...

Страница 1355: ...As shown in Figure 1 3 Switch A works as an MLD Snooping proxy As a host from the perspective of the querier Router A Switch A represents its attached hosts to send their membership reports and done...

Страница 1356: ...an MLD snooping switch processes IPv6 multicast protocol messages differently under different conditions specifically as follows 1 If only MLD is enabled or both MLD and IPv6 PIM are enabled on the s...

Страница 1357: ...Optional Configuring MLD Queries and Responses Optional Configuring MLD Snooping Querier Configuring Source IPv6 Addresses of MLD Queries Optional Enabling MLD Snooping Proxying Optional Configuring M...

Страница 1358: ...aggregate interface view or port group view z For MLD snooping configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports nor do they take part...

Страница 1359: ...view vlan vlan id Configure the version of MLD snooping mld snooping version version number Optional Version 1 by default If you switch MLD snooping from version 2 to version 1 the system will clear a...

Страница 1360: ...lticast group and IPv6 multicast source addresses Configuring Aging Timers for Dynamic Ports If the switch receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port the switc...

Страница 1361: ...ata addressed to a particular IPv6 multicast group you can configure that port as a static member port for that IPv6 multicast group You can configure a port of a switch to be a static router port thr...

Страница 1362: ...e multicast router will deem that no member of this IPv6 multicast group exists on the network segment and therefore will remove the corresponding forwarding path To avoid this situation from happenin...

Страница 1363: ...rt to which more than one host is attached when one host leaves a multicast group the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data fo...

Страница 1364: ...tch in a VLAN where multicast traffic needs to be Layer 2 switched only and no Layer 3 multicast devices are present the Layer 2 switch will act as the MLD querier to send periodic MLD queries thus al...

Страница 1365: ...es globally Follow these steps to configure MLD queries and responses globally To do Use the command Remarks Enter system view system view Enter MLD snooping view mld snooping Configure the maximum re...

Страница 1366: ...address of MLD query messages may affect MLD querier election within the segment Configuring MLD Snooping Proxying Configuration Prerequisites Before configuring MLD snooping proxying in a VLAN enabl...

Страница 1367: ...ping policy prepare the following data z IPv6 ACL rule for IPv6 multicast group filtering z The maximum number of IPv6 multicast groups that can pass the ports z 802 1p precedence for MLD messages Con...

Страница 1368: ...any valid IPv6 multicast group Configuring IPv6 Multicast Source Port Filtering With the IPv6 multicast source port filtering feature enabled on a port the port can be connected with IPv6 multicast r...

Страница 1369: ...s it in the VLAN incurring network bandwidth waste and low forwarding efficiency Enabling dropping IPv6 multicast packets globally Follow these steps to enable dropping IPv6 multicast packets globally...

Страница 1370: ...ta packets Currently the S7900E supports processing unknown IPv6 multicast data packets destined for up to 1000 IPv6 unknown multicast addresses at a time The switch floods excessive unknown IPv6 mult...

Страница 1371: ...mber of IPv6 multicast groups that can be joined on a port reaches the maximum number configured the system deletes all the forwarding entries persistent to that port from the MLD snooping forwarding...

Страница 1372: ...of ports Follow these steps to configure IPv6 multicast group replacement on a port or a group of ports To do Use the command Remarks Enter system view system view interface interface type interface...

Страница 1373: ...ed device display mld snooping group vlan vlan id slot slot number verbose Available in any view Display information about MLD Snooping multicast groups on a distributed IRF device display mld snoopin...

Страница 1374: ...accidentally temporarily stop receiving IPv6 multicast data Figure 1 4 Network diagram for IPv6 group policy simulated joining configuration Source Router A Switch A Receiver Receiver Host B Host A Ho...

Страница 1375: ...group policy 2001 vlan 100 SwitchA mld snooping quit Configure GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 as simulated hosts for IPv6 multicast group FF1E 101 SwitchA interface gigabitethernet 2...

Страница 1376: ...static member ports for multicast group 224 1 1 1 to enhance the reliability of multicast traffic transmission z Suppose STP runs on the network To avoid data loops the forwarding path from Switch A...

Страница 1377: ...rface and enable MLD on GigabitEthernet 2 0 1 RouterA system view RouterA multicast ipv6 routing enable RouterA interface gigabitethernet 2 0 1 RouterA GigabitEthernet2 0 1 mld enable RouterA GigabitE...

Страница 1378: ...gh GigabitEthernet 2 0 5 to this VLAN and enable MLD snooping in the VLAN SwitchC vlan 100 SwitchC vlan100 port gigabitethernet 2 0 1 to gigabitethernet 2 0 5 SwitchC vlan100 mld snooping enable Switc...

Страница 1379: ...splay the detailed MLD snooping multicast group information in VLAN 100 on Switch C SwitchC display mld snooping group vlan 100 verbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port...

Страница 1380: ...ping is enabled on all the switches Switch A which is close to the multicast sources is chosen as the MLD snooping querier z To prevent flooding of unknown multicast traffic within the VLAN it is requ...

Страница 1381: ...vlan100 quit Configurations of Switch C and Switch D are similar to the configuration of Switch B 3 Verify the configuration When the MLD snooping querier starts to work all the switches but the quer...

Страница 1382: ...e 1 Configure IPv6 addresses for interfaces Configure an IP address and prefix length for each interface as per Figure 1 7 The configuration steps are out the scope of this document 2 Configure Router...

Страница 1383: ...bout MLD snooping multicast groups on Switch A SwitchA display mld snooping group Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port Subvlan...

Страница 1384: ...tal 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Host port s...

Страница 1385: ...Use the display acl ipv6 command to check the configured IPv6 ACL rule Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented 2 Use the display this command in...

Страница 1386: ...6 Multicast VLAN 1 4 Configuring Port Based IPv6 Multicast VLAN 1 5 Configuration Prerequisites 1 5 Configuring User Port Attributes 1 5 Configuring IPv6 Multicast VLAN Ports 1 6 Configuring the Maxim...

Страница 1387: ...ticast VLAN As shown in Figure 1 1 in the traditional IPv6 multicast programs on demand mode when hosts Host A Host B and Host C belonging to different VLANs require IPv6 multicast programs on demand...

Страница 1388: ...2 VLAN 3 VLAN 4 Switch A Receiver Host A Receiver Host B Receiver Host C IPv6 Multicast packets VLAN 2 VLAN 3 VLAN 4 VLAN 10 IPv6 Multicast VLAN After the configuration MLD snooping manages router por...

Страница 1389: ...fic to all the member ports in the IPv6 multicast VLAN z For information about MLD Snooping router ports and member ports refer to MLD Snooping Configuration in the IP Multicast Volume z For informati...

Страница 1390: ...Configure the specified VLAN as an IPv6 multicast VLAN and enter IPv6 multicast VLAN view multicast vlan ipv6 vlan id Required No IPv6 multicast VLAN configured by default Configure the specified VLA...

Страница 1391: ...able MLD Snooping in all the user VLANs Configuring User Port Attributes Configure the user ports as hybrid ports to permit packets of the specified user VLAN to pass and configure the user VLAN to wh...

Страница 1392: ...n IPv6 multicast VLAN view Follow these steps to configure IPv6 multicast VLAN ports in IPv6 multicast VLAN view To do Use the command Remarks Enter system view system view Configure the specified VLA...

Страница 1393: ...warding table for IPv6 multicast VLANs When the number of forwarding entries maintained for the IPv6 multicast VLANs reaches the threshold the device creates no more forwarding entries until some entr...

Страница 1394: ...AN 2 through VLAN 4 respectively and Host A through Host C are attached to GigabitEthernet 2 0 2 through GigabitEthernet 2 0 4 of Switch A z The IPv6 multicast source sends IPv6 multicast data to the...

Страница 1395: ...SwitchA mld snooping quit Create VLAN 2 and assign GigabitEthernet 2 0 2 to this VLAN SwitchA vlan 2 SwitchA vlan2 port gigabitethernet 2 0 2 SwitchA vlan2 quit The configuration for VLAN 3 and VLAN 4...

Страница 1396: ...333 0000 0101 Host port s total 1 port GE2 0 2 Vlan id 3 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 0 port IP group s the following ip group s match to one mac grou...

Страница 1397: ...itEthernet 2 0 1 and to Switch A through GigabitEthernet 2 0 2 z MLDv1 is required on Router A MLDv1 Snooping is required on Switch A Router A acts as the MLD querier z Switch A s GigabitEthernet 2 0...

Страница 1398: ...able IPv6 PIM DM on each interface and enable MLD on the host side interface GigabitEthernet 2 0 2 RouterA system view RouterA multicast ipv6 routing enable RouterA interface gigabitethernet 2 0 1 Rou...

Страница 1399: ...similar The detailed configuration steps are omitted Configure VLAN 10 as an IPv6 multicast VLAN SwitchA multicast vlan ipv6 10 Assign GigabitEthernet 2 0 2 and GigabitEthernet 2 0 3 to IPv6 multicast...

Страница 1400: ...t GE2 0 1 D IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Host port s total 3 port GE2 0 2 D GE2 0 3 D GE2 0 4 D MAC group s MAC group address 3333 0000...

Страница 1401: ...E MPLS Basics MPLS integrates both Layer 2 fast switching and Layer 3 routing and forwarding satisfying the networking requirements of various new applications This document describes z MPLS Overview...

Страница 1402: ...over public networks This document describes z VPLS Overview z Configuring VPLS Instances z Binding VPLS Instances z Configuring VPLS Attributes MPLS TE Combining the MPLS technology and traffic engi...

Страница 1403: ...ge between a MCE and a Site 2 3 Configuring to Use Static Routes between a MCE and a Site 2 3 Configuring to Use RIP between a MCE and a Site 2 4 Configuring to Use OSPF between a MCE and a Site 2 4 C...

Страница 1404: ...and convenient support for MPLS QoS and MPLS TE Hence it is widely used The BGP MPLS VPN model consists of three kinds of devices z Customer edge device CE A CE resides on a customer network and has...

Страница 1405: ...the ingress LSR the egress PE functions as the egress LSR while P routers function as the transit LSRs You can use S7900E series switches as the CEs in a BGP MPLS VPN implementation BGP MPLS VPN Conce...

Страница 1406: ...s the route distinguisher RD route filtering policy and member interface list LFIBs of VPN instances exist on only PEs supporting MPLS No LFIBs of VPN instances exist on MCE capable devices VPN IPv4 a...

Страница 1407: ...nt of VPN routing information A VPN instance on a PE supports two types of VPN target attributes z Export target attribute A local PE sets this type of VPN target attribute for VPN IPv4 routes learnt...

Страница 1408: ...LAN interface 2 can be bound to VPN 1 and VLAN interface 3 can be bound to VPN 2 When receiving a piece of routing information MCE determines the source of the routing information according to the num...

Страница 1409: ...e binding configured on CE and site private network routes of different VPNs can be exchanged between CEs and sites through different RIP processes thus isolating and securing VPN routes OSPF An S7900...

Страница 1410: ...o use EBGP to exchange private routes between a CE and a site you need to configure BGP peers for VPN instances on CEs and import IGP routing information from corresponding VPNs Normally sites reside...

Страница 1411: ...1 8 z RIP z OSPF z IS IS z EBGP For information on how to configure the routing protocols and how to import routes refer to the IP Routing Volume...

Страница 1412: ...is an integration of the VPN membership and routing rules of its corresponding site A VPN instance takes effect only after a route distinguisher RD is configured for it For a VPN instance with the RD...

Страница 1413: ...associated with a VPN instance Executing the ip binding vpn instance command invalidates the IP address configured for the current interface so you need to configure an IP address for an interface aga...

Страница 1414: ...outes matching the VPN target attribute are permitted z This attribute can be advertised with a route only when BGP runs between the MCE and the PE Otherwise this attribute is of no sense z The VPN ta...

Страница 1415: ...gure RIP between a MCE and a site To do Use the command Remarks Enter system view system view Enable RIP for a VPN instance This operation also leads you to RIP view rip process id vpn instance vpn in...

Страница 1416: ...figuration on the site you can just enable OSPF as usual Configure the type codes of OSPF extended community attributes ext community type domain id type code1 router id type code2 route type type cod...

Страница 1417: ...er enabling IS IS for a VPN instance you need also to configure to use IS IS for routing information exchange Configuring to Use EBGP between a MCE and a Site 1 Configuration on the MCE device Follow...

Страница 1418: ...l AS number So do the routes advertised by the site In this case you need to configure to permit the routes with their AS numbers contained in their AS_PATH attributes being the local AS number on MCE...

Страница 1419: ...a VPN instance To do Use the command Remarks Enter system view system view ip route static dest address mask mask length gateway address interface type interface number gateway address vpn instance d...

Страница 1420: ...the MCE device to the routing table of the PE Follow these steps to enable RIP for a VPN instance To do Use the command Remarks Enter system view system view Enable RIP for a VPN instance and enter R...

Страница 1421: ...e maintained by the MCE device to the routing table of the PE In IS IS routes discovered by other routing protocols are external routes While importing routes of other protocols you can specify the de...

Страница 1422: ...filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default no filter policy is applied Apply a filter policy for received...

Страница 1423: ...tatistic Available in any view Perform a soft reset of the BGP connections in a specified VPN instance refresh bgp vpn instance vpn instance name ip address all external group group name export import...

Страница 1424: ...nd advertises all the VPN routes to the PE device using OSPF Network diagram Figure 2 1 Network diagram for MCE configuration A CE Site 1 VPN2 PE PE PE VPN 2 VR2 VPN1 VR1 MCE GE2 0 18 GE2 0 10 Vlan in...

Страница 1425: ...responding VLAN interfaces Then bind VLAN 30 to VPN 1 and VLAN 40 to VPN 2 and configure IP addresses of the VLAN interfaces MCE vlan 30 MCE vlan30 quit MCE interface Vlan interface 30 MCE Vlan interf...

Страница 1426: ...d advertise the network segments 192 168 10 0 and 10 214 20 0 VR2 system view VR2 rip 20 VR2 rip 20 network 192 168 10 0 VR2 rip 20 network 10 0 0 0 RIP is running within VPN2 so you can configure RIP...

Страница 1427: ...are omitted here Configure Loopback0 of MCE and CE to specify the router ID for MCE and PE respectively The IP addresses for Loopback0 of MCE and CE are 101 101 10 1 and 100 100 10 1 respectively Con...

Страница 1428: ...he information displayed below verifies the configuration PE display ip routing table vpn instance vpn2 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 6 Routes 6 Destinati...

Страница 1429: ...10 1 and 20 1 for both the import and export extended community attribute list MCE system view MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target...

Страница 1430: ...g vpn instance vpn2 MCE Vlan interface40 ip address 10 214 40 1 30 MCE Vlan interface40 quit z Configure the routing protocol running between MCE and a site The procedure of enabling OSPF in the two V...

Страница 1431: ...0 127 0 0 1 InLoop0 172 16 20 0 24 OSPF 10 1 10 100 20 2 Vlan3 z Configure the routing protocol running between MCE and PE The procedure of connecting MCE to PE through trunk ports is similar to that...

Страница 1432: ...tion procedures are omitted here Followed is the result of the above configurations PE display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre...

Страница 1433: ...Configuring PHP 1 18 Configuration Prerequisites 1 18 Configuration Procedure 1 18 Configuring a Static LSP 1 19 Configuration Prerequisites 1 19 Configuration Procedure 1 19 Configuring MPLS LDP 1 20...

Страница 1434: ...8 Configuring MPLS Statistics 1 29 Setting the Interval for Reporting Statistics 1 29 Inspecting an MPLS LSP 1 30 Enabling MPLS Trap 1 30 Displaying and Maintaining MPLS 1 31 Resetting LDP Sessions 1...

Страница 1435: ...t MPLS TE refer to MPLS TE Configuration in the MPLS Volume z For detailed information about QoS refer to the QoS Volume z The S7900E Series Ethernet Switches are distributed devices supporting Intell...

Страница 1436: ...red while a label can only represent a single FEC A label is carried in the header of a packet It does not contain any topology information and is local significant A label is four octets or 32 bits i...

Страница 1437: ...ress of the MPLS network to the egress It functions like a virtual circuit in ATM or frame relay Each node of an LSP is an LSR Label distribution protocol A label distribution protocol is a protocol u...

Страница 1438: ...t out LIFO stack which is called a label stack A packet with multiple levels of labels can travel along more than one level of LSP tunnel The ingress and egress of each tunnel perform Push and Pop ope...

Страница 1439: ...t hop along the LSP 3 After receiving a packet each transit LSR looks up its Label Forwarding Information Base LFIB for the next hop according to the label of the packet swaps the label and then forwa...

Страница 1440: ...protocols such as IGPs and BGP LDP only uses the routing information indirectly it has no direct relationship with routing protocols On the other hand existing protocols such as BGP and RSVP can be e...

Страница 1441: ...e for establishing LSPs between them managing VPN users and advertising routes among different branches of the same VPN Route advertisement among PEs is usually implemented by LDP or extended BGP MPLS...

Страница 1442: ...ore information refer to LDP Label Distribution Currently the S7900E series supports only the DU mode Label distribution control mode There are two label distribution control modes z Independent In th...

Страница 1443: ...s the label from the packet and forwards the packet based on the network layer destination address In fact on a relatively simple MPLS application network the label of a packet is useless for the egre...

Страница 1444: ...til it reaches the destination router of the LSP where it is forwarded by IP routing Such processing increases the network traffic and the packet forwarding delay For description and configuration of...

Страница 1445: ...ng paths directly and further establish LSPs LSPs can be established between both neighboring LSRs and LSRs that are not directly connected making label switching possible at all transit nodes on the...

Страница 1446: ...of 1 means that the label space is per interface a label space ID of 0 means that the label space is per platform Currently only per platform label space is supported LDP Label Distribution Figure 1 7...

Страница 1447: ...g LSRs periodically announcing its presence This way LSRs can automatically find their peers without manual configuration LDP provides two discovery mechanisms z Basic discovery mechanism The basic di...

Страница 1448: ...a label to the FEC and sends the new label binding information to its own upstream LSRs 4 When the ingress LER receives the label binding message it adds an entry in its LFIB Thus an LSP is establishe...

Страница 1449: ...stream neighbor based on the split horizon mechanism The LDP label filtering feature allows the LDP protocol to accept and advertise label bindings selectively It provides two filtering mechanisms lab...

Страница 1450: ...To support GR a GR device must backup the FECs and label information When an LDP session is GR capable 1 Whenever the GR restarter restarts a GR helper will detect that the related LDP session is down...

Страница 1451: ...es z Assigning IP addresses to relevant interfaces z Configuring static routes or an IGP protocol ensuring that LSRs can reach each other at Layer 3 MPLS basic capability can be configured on LSRs eve...

Страница 1452: ...VLAN tag 14 bytes for the Ethernet frame header For descriptions of the jumboframe function refer to Ethernet Port Configuration in the Access Volume Configuring PHP Configure PHP on an egress and se...

Страница 1453: ...layer label the switch will forward the packet based on the inner layer label otherwise the switch will forward the packet based on the IP address Configuring a Static LSP An LSP can be static or dyn...

Страница 1454: ...nt in the routing table you also need to specify the next hop when configuring the static IP route z The value of the next hop addr argument cannot be any local public network IP address z For informa...

Страница 1455: ...ns will be deleted z Usually you do not need to configure the LDP LSR ID which defaults to the MPLS LSR ID In some VPN applications for example MPLS L3VPN applications however you need to ensure that...

Страница 1456: ...ote peer name Required Configure the remote peer IP address remote ip ip address Required Configure LDP to advertise prefix based labels through a remote session prefix label advertise Optional By def...

Страница 1457: ...Static and IGP routes permitted by an IP address prefix list Follow these steps to configure the policy for triggering LSP establishment To do Use the command Remarks Enter system view system view Ent...

Страница 1458: ...ing LDP Loop Detection Follow these steps to configure LDP loop detection To do Use the command Remarks Enter system view system view Enable LDP capability globally and enter MPLS LDP view mpls ldp Re...

Страница 1459: ...policy accept label peer peer id ip prefix ip prefix name Optional Not configured by default Configure a label advertisement control policy advertise label ip prefix ip prefix name peer peer ip prefi...

Страница 1460: ...rations in MPLS LDP view do not affect interfaces bound to VPN instances When configuring the transport address of an LDP instance you need to use the IP address of the interface bound to the VPN inst...

Страница 1461: ...out main backup switchover you can restart MPLS LDP gracefully You are not recommended to perform this operation in normal cases Follow these steps to restart MPLS LDP gracefully To do Use the command...

Страница 1462: ...VPN packets carry two layers of labels outer and inner for transmission in the public network and private network respectively The LSQ1SRP1CB engine and EA series LPUs have to copy the IP TTL of priva...

Страница 1463: ...the TTL of an MPLS packet expires ttl expiration pop Specify that ICMP responses travel along the LSP when the TTL of an MPLS packet expires undo ttl expiration pop Optional Configure one of them as...

Страница 1464: ...MPLS trap function enabled trap packets of the notifications level will be generated to report critical MPLS events Such trap packets will be sent to the information center of the device Whether and w...

Страница 1465: ...Available in any view Display information about ILM entries On a distributed stacking device display mpls ilm label chassis chassis number slot slot number include text Available in any view Display...

Страница 1466: ...cs interface interface type interface number all Available in any view Displaying MPLS LDP Operation To do Use the command Remarks Display information about LDP display mpls ldp all verbose begin excl...

Страница 1467: ...t a specified LDP instance display mpls ldp vpn instance vpn instance name begin exclude include regular expression Available in any view Clearing MPLS Statistics To do Use the command Remarks Clear M...

Страница 1468: ...it SwitchA ospf 1 quit Configure Switch B Sysname system view Sysname sysname SwitchB SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 SwitchB ospf 1 area 0 0 0 0...

Страница 1469: ...the state of Full The following takes Switch A as an example SwitchA display ospf peer verbose OSPF Process 1 with Switch ID 1 1 1 9 Neighbors Area 0 0 0 0 interface 10 1 1 1 Vlan interface10 s neigh...

Страница 1470: ...essions have been established or use the display mpls ldp peer command to check the peers The following takes Switch A as an example SwitchA display mpls ldp session LDP Session s in Public Network To...

Страница 1471: ...0 3 3 3 9 Remote Peer peerc Example for Configuring LDP to Establish LSPs Network requirements On the network in Figure 1 10 an LSP is required between Switch A and Switch C Check the validity and re...

Страница 1472: ...tes press CTRL_C to break Reply from 20 1 1 2 bytes 100 Sequence 1 time 1 ms Reply from 20 1 1 2 bytes 100 Sequence 2 time 1 ms Reply from 20 1 1 2 bytes 100 Sequence 3 time 1 ms Reply from 20 1 1 2 b...

Страница 1473: ...peer switchb SwitchA mpls ldp remote switchb remote ip 2 2 2 9 SwitchA mpls ldp remote switchb remote ip bfd SwitchA mpls ldp remote switchb quit SwitchA mpls ldp remote peer switchc SwitchA mpls ldp...

Страница 1474: ...id 3 3 3 9 SwitchC mpls SwitchC mpls quit SwitchC mpls ldp SwitchC mpls ldp quit SwitchC mpls ldp remote peer switcha SwitchC mpls ldp remote switcha remote ip 1 1 1 9 SwitchC mpls ldp remote switcha...

Страница 1475: ...255 SwitchA ospf 1 area 0 0 0 0 network 13 1 1 1 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure OSPF basic capability on...

Страница 1476: ...chB vsi vpna ldp quit SwitchB vsi vpna quit Configure a VSI instance on Switch C SwitchC mpls l2vpn SwitchC vsi vpna static SwitchC vsi vpna pwsignal ldp SwitchC vsi vpna ldp vsi id 100 SwitchC vsi vp...

Страница 1477: ...tal 2 connection s connection s 1 up 1 block 0 down VSI Name vpna Signaling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState 100 vlan 2 2 2 9 134312 138882 1 up 100 vlan 3 3 3 9 134216 14047...

Страница 1478: ...aling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState 100 vlan 2 2 2 9 134312 138882 1 block 100 vlan 3 3 3 9 134216 140476 2 up SwitchA display vpls fib vsi vpna verbose VSI Name vpna VSI...

Страница 1479: ...ng Martini MPLS L2VPN 1 9 Configuration Prerequisites 1 9 Configuration Procedure 1 9 Configuring Kompella MPLS L2VPN 1 10 Configuration Prerequisites 1 10 Configuration Procedure 1 11 Configuring an...

Страница 1480: ...Frame Relay FR are quite popular They share the network infrastructure of carriers However they have some inherent disadvantages z Dependence on dedicated media To provide both ATM based and FR based...

Страница 1481: ...g information of users guaranteeing the security of the user VPN routing information z Support for multiple network layer protocols such as IP IPX and SNA Basic concepts of MPLS L2VPN In MPLS L2VPN th...

Страница 1482: ...ol to advertise Layer 2 reachability information and VC labels The following sections describe these implementation methods for MPLS L2VPN in detail CCC MPLS L2VPN Unlike common MPLS L2VPN Circuit Cro...

Страница 1483: ...at is the bidirectional virtual connection between VSIs A PW consists of two unidirectional MPLS virtual circuits VCs Martini MPLS L2VPN employs VC type and VC ID to identify a VC The VC type indicate...

Страница 1484: ...e some labels for the VPN for future use This wastes some label resources in a short term but can reduce the VPN deployment and configuration workload in the case of expansion Imagine that an enterpri...

Страница 1485: ...these encapsulation types z Ethernet z VLAN Configuring a PE Interface Connecting a CE to Use Ethernet z An Ethernet interface can use the encapsulation type of Ethernet For Ethernet interface config...

Страница 1486: ...a point to point link for example when the outgoing interface is a VLAN interface you need to specify the IP address of the next hop If not you need to specify the outgoing interface Configuration Pr...

Страница 1487: ...used Configuration Prerequisites Before configuring SVC MPLS L2VPN complete these tasks z Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone z Configuring M...

Страница 1488: ...establish a remote session between the two PEs so that VC FECs and VC labels can be transferred through the session Configuration Prerequisites Before configuring Martini MPLS L2VPN complete these ta...

Страница 1489: ...D conflicts Configuring Kompella MPLS L2VPN Kompella MPLS L2VPN uses extended BGP as the signaling protocol to transfer L2VPN information between PEs To create a Kompella local connection you only nee...

Страница 1490: ...y vpn target Optional Enabled by default Enable the specified peer or peers to exchange BGP routing information of the BGP L2VPN address family peer group name ip address enable Required For informati...

Страница 1491: ...do not specify the CE offset the following are true z For the first connection of the CE the CE offset is the value specified by the default offset parameter in the ce command z For any other connect...

Страница 1492: ...e inbound Layer 2 Ethernet interfaces and the VLAN tags in the packets In other words only packets that are received on the same Layer 2 Ethernet interface and carry the same VLAN tag are forwarded th...

Страница 1493: ...ace type interface number Create a service instance and enter service instance view service instance instance id Required By default no service instance is created Configure a packet matching rule for...

Страница 1494: ...onnections display mpls l2vpn connection vpn name vpn name remote ce ce id down up verbose summary interface interface type interface number Available in any view Display information about L2VPN in th...

Страница 1495: ...between CE 1 and CE 2 The main steps for configuring a CCC remote connection are z Create remote CCC connections on the PEs No static LSP is required on the PEs z Configure two static LSPs on the P d...

Страница 1496: ...using the interface connecting CE 1 as the incoming interface and that connecting the P device as the outgoing interface setting the incoming label to 100 and the outgoing label to 200 PE1 ccc ce1 ce2...

Страница 1497: ...igure interface VLAN interface 20 and enable MPLS PE2 interface vlan interface 20 PE2 Vlan interface20 ip address 10 2 2 1 24 PE2 Vlan interface20 mpls PE2 Vlan interface20 quit Create a remote connec...

Страница 1498: ...tl 255 time 60 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 10 76 180 ms Example for Configuring SVC MPLS L2VPN Network requirements...

Страница 1499: ...ack0 ip address 192 2 2 2 32 PE1 LoopBack0 quit PE1 mpls lsr id 192 2 2 2 PE1 mpls Configure the LSP establishment triggering policy PE1 mpls lsp trigger all PE1 mpls quit Enable MPLS L2VPN and LDP gl...

Страница 1500: ...ce P interface vlan interface 20 P Vlan interface20 ip address 10 1 1 2 24 P Vlan interface20 mpls P Vlan interface20 mpls ldp P Vlan interface20 quit Configure the interface connected with PE 2 namel...

Страница 1501: ...0 0 0 0 network 10 2 2 1 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit On the interface connecting CE 2 namely VLAN interface 10 create an SV...

Страница 1502: ...ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 140 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 80 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 p...

Страница 1503: ...emote 1 remote ip 192 3 3 3 PE1 mpls ldp remote 1 quit Configure the interface connected with the P device namely VLAN interface 20 and enable LDP on the interface PE1 interface vlan interface 20 PE1...

Страница 1504: ...dp P Vlan interface20 quit Configure the interface connected with PE 2 namely VLAN interface 30 and enable LDP on the interface P interface vlan interface 30 P Vlan interface30 ip address 10 2 2 2 24...

Страница 1505: ...1 area 0 PE2 ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 10 2 2 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit On the interface connecting CE 2 namely VLAN...

Страница 1506: ...1 2 bytes 56 Sequence 5 ttl 255 time 70 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 30 50 70 ms Example for Configuring Kompella MPL...

Страница 1507: ...Sysname system view Sysname sysname PE1 PE1 mpls l2vpn PE1 bgp 100 PE1 bgp peer 4 4 4 4 as number 100 PE1 bgp peer 4 4 4 4 connect interface loopback 0 PE1 bgp l2vpn family PE1 bgp af l2vpn policy vpn...

Страница 1508: ...ve configurations you can issue the display mpls l2vpn connection command on the PEs You should see that an L2VPN connection is established between the PEs and the connection is up CE 1 and CE 2 shoul...

Страница 1509: ...rface IP address Device Interface IP address CE 1 Vlan int10 100 1 1 1 24 P Loop0 192 4 4 4 32 PE 1 Loop0 192 2 2 2 32 Vlan int23 23 1 1 2 24 Vlan int23 23 1 1 1 24 Vlan int26 26 2 2 2 24 CE 2 Vlan in...

Страница 1510: ...tance and then establish an MPLS L2VPN connection PE1 interface gigabitethernet 2 0 1 PE1 GigabitEthernet2 0 1 port access vlan 10 PE1 GigabitEthernet2 0 1 service instance 1000 PE1 GigabitEthernet2 0...

Страница 1511: ...Back0 ip address 192 3 3 3 32 PE2 LoopBack0 quit Configure the LSR ID and enable MPLS globally PE2 mpls lsr id 192 3 3 3 PE2 mpls PE2 mpls quit Enable MPLS L2VPN and LDP globally PE2 mpls l2vpn PE2 mp...

Страница 1512: ...CE 2 should be able to ping each other Display the L2VPN connection information on PE 1 PE1 display mpls l2vc Total ldp vc 1 1 up 0 down Transport Client Service VC Local Remote Tunnel VC ID Intf ID S...

Страница 1513: ...down and the remote VC label is invalid Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types Solution z Check whether the local PE and the peer PE a...

Страница 1514: ...26 Configuration Prerequisites 1 26 Configuring a VPN Instance 1 26 Configuring Route Advertisement between PE and CE 1 27 Configuring Route Advertisement Between PEs 1 31 Configuring Routing Features...

Страница 1515: ...MPLS L3VPNs 1 47 Example for Configuring Inter Provider VPN Option A 1 55 Example for Configuring Inter Provider VPN Option B 1 60 Example for Configuring Inter Provider VPN Option C 1 65 Example for...

Страница 1516: ...MPLS L3VPN Networking Schemes z MPLS L3VPN Routing Information Advertisement z Multi AS VPN z Carrier s Carrier z Nested VPN z HoVPN z OSPF VPN Extension z BGP AS Number Substitution Introduction to M...

Страница 1517: ...information of a CE it uses BGP to exchange VPN routing information with other PEs A PE maintains routing information about only VPNs that are directly connected rather than all VPN routing informatio...

Страница 1518: ...the route distinguisher RD route filtering policy and member interface list VPN IPv4 address Traditional BGP cannot process VPN routes which have overlapping address spaces If for example both VPN 1 a...

Страница 1519: ...information A VPN instance on a PE supports two types of VPN target attributes z Export target attribute A local PE sets this type of VPN target attribute for VPN IPv4 routes learnt from directly conn...

Страница 1520: ...the remote PEs Based on layer 1 labels VPN packets can be label switched along the LSPs to the remote PEs z Layer 2 labels Inner labels used for forwarding packets from the remote PEs to the CEs An in...

Страница 1521: ...hile that for VPN 2 is 200 1 The two VPN 1 sites can communicate with each other and the two VPN 2 sites can communicate with each other However the VPN 1 sites cannot communicate with the VPN 2 sites...

Страница 1522: ...e with each other through the hub site z The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly adv...

Страница 1523: ...PLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN routing information A PE m...

Страница 1524: ...sites of a VPN may be connected to multiple ISPs in different ASs or to multiple ASs of an ISP Such an application is called multi AS VPN RFC 2547bis presents three inter provider VPN solutions z VRF...

Страница 1525: ...ubinterface for each VPN also calls for higher performance of the PEs Inter provider VPN option B In this kind of solution two ASBRs use MP EBGP to exchange labeled VPN IPv4 routes that they have obta...

Страница 1526: ...hed agreement on the route exchange Inter provider VPN option C The above two kinds of solutions can satisfy the needs for inter provider VPNs However they require that the ASBRs maintain and advertis...

Страница 1527: ...f the MPLS L3VPN service provider is also a service provider In this case the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier while the customer is called the custome...

Страница 1528: ...VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier it only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an o...

Страница 1529: ...quest is to implement internal VPN configuration on the service provider s PEs This solution is easy to deploy but it increases the network operation cost and brings issues on management and security...

Страница 1530: ...PNv4 routes which carry the comprehensive VPN information to the other PEs of the service provider 4 After another provider PE receives the VPNv4 routes it matches the VPNv4 routes based on its local...

Страница 1531: ...ayer to the access layer the performance requirements on the devices reduce while the network expands MPLS L3VPN on the contrary is a plane model where performance requirements are the same for all PE...

Страница 1532: ...of its directly connected sites and advertises the labels to the SPE along with VPN routes through MP BGP z An SPE manages and advertises VPN routes It maintains all the routes of the VPNs connected...

Страница 1533: ...z HoVPN supports multi level recursion With recursion of HoPEs a VPN can be extended infinitely in theory Figure 1 15 Recursion of HoPEs Figure 1 15 shows a three level HoPE The PE in the middle is ca...

Страница 1534: ...he MPLS VPN backbone That is if a VPN site contains an OSPF area 0 the PE connected with the CE must be connected with the area 0 in this VPN site through an area 0 the virtual link can be used for lo...

Страница 1535: ...nd a VPN site is connected to multiple PEs when a PE advertises the BGP VPN routes learnt from MPLS BGP to the VPN site through LSAs the LSAs may be received by another PE resulting in a routing loop...

Страница 1536: ...istributed into BGP as a VPN IPv4 route A sham link can be configured in any area You need to configure it manually In addition the local VPN instance must have a route to the destination of the sham...

Страница 1537: ...ultiple CEs through different interfaces such as PE 2 in Figure 1 18 which connects CE 2 and CE 3 For a multi homed CE that is a CE connected with multiple PEs the BGP AS number substitution function...

Страница 1538: ...ite A VPN instance takes effect only after you configure an RD for it Before configuring an RD for a VPN instance you can configure no parameters for the instance other than a description A VPN instan...

Страница 1539: ...attribute of the VPN instance associated with the CE z The VPN instance determines which routes it can accept and redistribute according to the import extcommunity in the VPN target z The VPN instance...

Страница 1540: ...Remarks Enter system view system view Create a tunneling policy and enter tunneling policy view tunnel policy tunnel policy name Required Specify the priorities of tunnels and the number of tunnels f...

Страница 1541: ...ion refer to the related sections in this chapter In configuring MPLS L3VPN the key task is to manage the advertisement of VPN routes on the MPLS backbone and includes the management of route advertis...

Страница 1542: ...t between PE and CE Route advertisement between PE and CE can depend on static routes RIP OSPF IS IS or EBGP You may choose one as needed Configuring static routes between PEs and CEs Follow these ste...

Страница 1543: ...t start RIP by using the same method for starting a common RIP process z For description and detailed configuration about RIP refer to RIP Configuration in the IP Routing Volume Configuring OSPF betwe...

Страница 1544: ...ferent VPNs can be configured with domain IDs as desired The domain ID of an OSPF process is included in the routes generated by the process When an OSPF route is injected into BGP the OSPF domain ID...

Страница 1545: ...he local CEs import route protocol process id med med value route policy route policy name Required A PE needs to inject the routes of the local CEs into its VPN routing table so that it can advertise...

Страница 1546: ...mport route protocol process id med med value route policy route policy name Optional A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE z Exchange...

Страница 1547: ...dress family Every command in the following table has the same function on BGP routes for each type of the address families Follow these steps to configure common routing features for all types of sub...

Страница 1548: ...name ip address capability advertise orf ip prefix both receive send Optional By default the ORF capability is disabled on a BGP peer or peer group Enable VPN target filtering for received VPNv4 route...

Страница 1549: ...spath filter number import export Optional By default no AS filtering list is applied to a peer or peer group Specify to advertise all default routes of a VPN instance to a peer or peer group peer gro...

Страница 1550: ...in the AS z Configuring basic MPLS capabilities for the MPLS backbones of each AS z Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established z Configuring basic MPLS L3VPN for e...

Страница 1551: ...Return to system view quit Enter BGP view bgp as number Enter BGP VPNv4 subaddress family view ipv4 family vpnv4 Disable VPN target filtering for VPNv4 routes undo policy vpn target Required By defau...

Страница 1552: ...en PEs of different ASs The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes Follow these steps to configure a PE for inter provider VPN option C To do Use the command Remarks En...

Страница 1553: ...equired By default the device does not advertise labeled routes to the IPv4 peer peer group Configure the ASBR PE to change the next hop to itself when advertising routes to PEs in the same AS peer gr...

Страница 1554: ...with many VPNs if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs nested VPN is a good solution By using nested VPN you can implement layered management...

Страница 1555: ...address ranges for sub VPNs of a user VPN cannot overlap z It is not recommended to give nested VPN peers addresses that public network peers use z Before specifying a nested VPN peer or peer group be...

Страница 1556: ...resent in the local routing table or not z The default routes of a VPN instance can be advertised to only a BGP peer or peer group that is UPE z It is not recommended to configure the peer default rou...

Страница 1557: ...ommand Remarks Enter system view system view Enter BGP view bgp as number Required Enter BGP VPN instance view ipv4 family vpn instance vpn instance name Required Inject direct routes that is loopback...

Страница 1558: ...ore configuring BGP AS number substitution complete these tasks z Configuring basic MPLS L3VPN z Configuring CEs at different sites to have the same AS number Configuration Procedure When CEs at diffe...

Страница 1559: ...BGP VPNv4 connections reset bgp vpnv4 as number ip address all external internal group group name Available in user view Displaying and Maintaining MPLS L3VPN To do Use the command Remarks Display in...

Страница 1560: ...ce vpn instance name peer group name log info ip address log info verbose verbose Available in any view Display the IP prefix information of the ORF packets received from the specified BGP peer displa...

Страница 1561: ...ng table network address mask mask length longer prefixes as path acl as path acl number cidr community aa nn 1 13 no export s ubconfed no advertise no export whole match community list basic communit...

Страница 1562: ...ce name flap info ip address mask mask length as path acl as path acl number regexp as path regexp Available in user view For commands to display information about a routing table refer to IP Routing...

Страница 1563: ...lan int11 172 2 1 2 24 CE 2 Vlan int1 10 2 1 1 24 Vlan int12 10 3 1 2 24 CE 3 Vlan int12 10 3 1 1 24 Vlan int13 10 4 1 2 24 CE 4 Vlan int13 10 4 1 1 24 Configuration procedure 1 Configure IGP on the M...

Страница 1564: ...2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the above configurations OSPF adjacency should be established between PE 1 P and PE 2 Issuing the display ospf peer command you can see th...

Страница 1565: ...terface13 mpls ldp PE1 Vlan interface13 quit Configure the P device P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 13 P Vlan interface13 mpls P Vlan int...

Страница 1566: ...gure VPN instances on PEs to allow CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 qu...

Страница 1567: ...stances configured 2 VPN Instance Name RD Create Time vpn1 100 1 2006 08 13 09 32 45 vpn2 100 2 2006 08 13 09 42 59 PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to brea...

Страница 1568: ...E and CE and has reached the state of Established The following takes PE 1 and CE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total num...

Страница 1569: ...9 NULL0 PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 3 Routes 3 Destination Mask Proto Pre Cost NextHop Interface 10 2 1 0 24 Direct 0 0 10 2 1 2 Vlan12 10 2 1 2 32...

Страница 1570: ...CE 2 AS 65001 AS 65002 PE 1 PE 2 ASBR PE 2 ASBR PE 1 MPLS backbone MPLS backbone AS 100 AS 200 Vlan int11 Vlan int11 Vlan int11 Vlan int12 Vlan int12 Vlan int13 Vlan int13 Vlan int12 Vlan int12 Devic...

Страница 1571: ...r id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 12 PE1 Vlan interface12 mpls PE1 Vlan interface12 mpls ldp PE1 Vlan interface12 quit Configure MPLS basi...

Страница 1572: ...formation 3 Configure VPN instances on PEs to allow CEs to access The VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR PEs in the same AS It is not requi...

Страница 1573: ...g the instance to the interface connected with ASBR PE 1 Note that ASBR PE 2 considers ASBR PE 1 its CE ASBR PE2 ip vpn instance vpn1 ASBR PE2 vpn vpn vpn1 route distinguisher 200 1 ASBR PE2 vpn vpn v...

Страница 1574: ...PE1 bgp quit Configure ASBR PE 1 ASBR PE1 bgp 100 ASBR PE1 bgp ipv4 family vpn instance vpn1 ASBR PE1 bgp vpn1 peer 192 1 1 2 as number 200 ASBR PE1 bgp vpn1 quit ASBR PE1 bgp peer 1 1 1 9 as number...

Страница 1575: ...IS between them z PE 1 and ASBR PE 1 exchange labeled IPv4 routes by MP IBGP z PE 2 and ASBR PE 2 exchange labeled IPv4 routes by MP IBGP z ASBR PE 1 and ASBR PE 2 exchange labeled IPv4 routes by MP E...

Страница 1576: ...nd start IS IS on it PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes...

Страница 1577: ...E1 Vlan interface12 ip address 1 1 1 1 255 0 0 0 ASBR PE1 Vlan interface12 isis enable 1 ASBR PE1 Vlan interface12 mpls ASBR PE1 Vlan interface12 mpls ldp ASBR PE1 Vlan interface12 quit Configure inte...

Страница 1578: ...PE2 Vlan interface12 ip address 9 1 1 1 255 0 0 0 ASBR PE2 Vlan interface12 isis enable 1 ASBR PE2 Vlan interface12 mpls ASBR PE2 Vlan interface12 mpls ldp ASBR PE2 Vlan interface12 quit Configure int...

Страница 1579: ...n interface12 ip address 9 1 1 2 255 0 0 0 PE2 Vlan interface12 isis enable 1 PE2 Vlan interface12 mpls PE2 Vlan interface12 mpls ldp PE2 Vlan interface12 quit Configure interface Loopback 0 and start...

Страница 1580: ...the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600 z PEs in the same AS runs IS IS between them z PE 1 and ASBR PE 1 exchange labeled IPv4 routes by MP IBGP z PE...

Страница 1581: ...on it PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes PE1 ip vpn in...

Страница 1582: ...gure LSR ID enable MPLS and LDP ASBR PE1 mpls lsr id 3 3 3 9 ASBR PE1 mpls ASBR PE1 mpls label advertise non null ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit Configure interface VLAN i...

Страница 1583: ...capability Specify to use routing policy policy1 to filter routes advertised from EBGP peer 11 0 0 1 ASBR PE1 bgp peer 11 0 0 1 as number 600 ASBR PE1 bgp peer 11 0 0 1 route policy policy1 export Co...

Страница 1584: ...nject routes of IS IS process 1 ASBR PE2 bgp 600 ASBR PE2 bgp import route isis 1 Configure the capability to advertise labeled routes to IBGP peer 5 5 5 9 and to receive labeled routes from the peer...

Страница 1585: ...inguisher 11 11 PE2 vpn instance vpn1 vpn target 1 1 2 2 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 quit Configure interface Loopback 1 and...

Страница 1586: ...2 are devices of the Level 2 carrier and work as CE to access the Level 1 carrier backbone z PE 3 and PE 4 are devices of the Level 2 carrier and work as PE to provide access service for the customers...

Страница 1587: ...4 4 4 9 32 Vlan int11 11 1 1 2 24 Vlan int12 30 1 1 2 24 Vlan int12 30 1 1 1 24 Vlan int11 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the Level 1 carrier backbone start IS IS as the...

Страница 1588: ...that the BGP peer relationship has been established and has reached the state of Established Issuing the display isis peer command you should see that the IS IS neighbor relationship has been set up T...

Страница 1589: ...2 mpls ldp PE3 Vlan interface12 mpls ldp transport address interface PE3 Vlan interface12 quit Configure CE 1 CE1 system view CE1 interface loopback 0 CE1 LoopBack0 ip address 2 2 2 9 32 CE1 LoopBack0...

Страница 1590: ...0000 0003 00 PE1 isis 2 import route bgp PE1 isis 2 quit PE1 interface vlan interface 11 PE1 Vlan interface11 ip binding vpn instance vpn1 PE1 Vlan interface11 ip address 11 1 1 2 24 PE1 Vlan interfa...

Страница 1591: ...nstance vpn1 vpn target 1 1 PE3 vpn instance vpn1 quit PE3 interface vlan interface 11 PE3 Vlan interface11 ip binding vpn instance vpn1 PE3 Vlan interface11 ip address 100 1 1 2 24 PE3 Vlan interface...

Страница 1592: ...127 0 0 1 InLoop0 30 1 1 2 32 Direct 0 0 30 1 1 2 Vlan12 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ip routing table vpn instance command o...

Страница 1593: ...127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ip routing table command on PE 3 and PE 4 you should see that the internal routes of the Level 2 carrier network are present in the public...

Страница 1594: ...1 1 1 bytes 56 Sequence 1 ttl 252 time 102 ms Reply from 120 1 1 1 bytes 56 Sequence 2 ttl 252 time 69 ms Reply from 120 1 1 1 bytes 56 Sequence 3 ttl 252 time 105 ms Reply from 120 1 1 1 bytes 56 Se...

Страница 1595: ...S 200 VPN 1 AS 200 VPN 1 CE 5 AS 65411 SUB_VPN 2 Vlan int13 Vlan int13 CE 4 AS 65420 SUB_VPN 1 Vlan int11 Vlan int11 Device Interface IP address Device Interface IP address CE 1 Loop0 2 2 2 9 32 CE 2...

Страница 1596: ...here After completing the configurations above you can execute commands display mpls ldp session display bgp peer and display isis peer respectively on either PE 1 or PE 2 You should see that the LDP...

Страница 1597: ...2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 interface vlan interface 12 PE3 Vlan interface12 ip address 10 1 1 1 24 PE3 Vlan interface12 isis enable 2 PE3 Vlan i...

Страница 1598: ...get 1 1 PE1 vpn instance vpn1 quit PE1 interface vlan interface11 PE1 Vlan interface11 ip binding vpn instance vpn1 PE1 Vlan interface11 ip address 11 1 1 2 24 PE1 Vlan interface11 mpls PE1 Vlan inter...

Страница 1599: ...vpn target 2 1 PE3 vpn instance SUB_VPN1 quit PE3 interface vlan interface 11 PE3 Vlan interface11 ip binding vpn instance SUB_VPN1 PE3 Vlan interface11 ip address 100 1 1 2 24 PE3 Vlan interface11 qu...

Страница 1600: ...PE 1 CE1 bgp 200 CE1 bgp ipv4 family vpnv4 CE1 bgp af vpnv4 peer 11 1 1 2 enable Specify to allow the local AS number to appear in the AS PATH attribute of the routes received CE1 bgp af vpnv4 peer 1...

Страница 1601: ...ng table command on PE 1 and PE 2 to verify that the public routing tables contain only routes on the service provider network The following takes PE 1 for illustration PE1 display ip routing table Ro...

Страница 1602: ...the VPNv4 routing tables on the customer VPN contain internal sub VPN routes The following takes CE 1 for illustration CE1 display bgp vpnv4 all routing table BGP Local router ID is 11 11 11 11 Statu...

Страница 1603: ...ntain routes of remote sub VPNs The following takes CE 3 for illustration CE3 display ip routing table Routing Tables Public Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 1...

Страница 1604: ...essfully CE5 ping 130 1 1 1 PING 130 1 1 1 56 data bytes press CTRL_C to break Reply from 130 1 1 1 bytes 56 Sequence 1 ttl 252 time 102 ms Reply from 130 1 1 1 bytes 56 Sequence 2 ttl 252 time 69 ms...

Страница 1605: ...tches Device Interface IP address Device Interface IP address CE 1 Vlan int12 10 2 1 1 24 CE 3 Vlan int12 10 1 1 1 24 CE 2 Vlan int13 10 4 1 1 24 CE 4 Vlan int13 10 3 1 1 24 UPE 1 Loop0 1 1 1 9 32 UPE...

Страница 1606: ...2 both UPE1 vpn instance vpn2 quit UPE1 interface vlan interface 12 UPE1 Vlan interface12 ip binding vpn instance vpn1 UPE1 Vlan interface12 ip address 10 2 1 2 24 UPE1 Vlan interface12 quit UPE1 inte...

Страница 1607: ...0 UPE2 Loopback0 ip address 4 4 4 9 32 UPE2 Loopback0 quit UPE2 mpls lsr id 4 4 4 9 UPE2 mpls UPE2 mpls quit UPE2 mpls ldp UPE2 mpls ldp quit UPE2 interface vlan interface 11 UPE2 Vlan interface11 ip...

Страница 1608: ...er 3 3 3 9 enable UPE2 bgp af vpnv4 quit UPE2 bgp ipv4 family vpn instance vpn1 UPE2 bgp vpn1 peer 10 1 1 1 as number 65430 UPE2 bgp vpn1 import route direct UPE2 bgp vpn1 quit UPE2 bgp ipv4 family vp...

Страница 1609: ...0 network 172 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 network 180 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 quit SPE1 ospf 1 quit Configure VPN instances vpn1 and vpn2 SPE1 ip vpn instance vpn1 SPE1 v...

Страница 1610: ...apability and MPLS LDP to establish LDP LSPs SPE2 system view SPE2 interface loopback 0 SPE2 LoopBack0 ip address 3 3 3 9 32 SPE2 LoopBack0 quit SPE2 mpls lsr id 3 3 3 9 SPE2 mpls SPE2 mpls quit SPE2...

Страница 1611: ...peer 2 2 2 9 enable SPE2 bgp af vpnv4 peer 4 4 4 9 enable SPE2 bgp af vpnv4 peer 4 4 4 1 9 upe SPE2 bgp af vpnv4 quit SPE2 bgp ipv4 family vpn instance vpn1 SPE2 bgp vpn1 quit SPE2 bgp ipv4 family vpn...

Страница 1612: ...ps are omitted After completing the configurations CE 1 and CE 2 should be able to learn the OSPF route to the VLAN interface 1 of each other The following takes CE 1 as an example CE1 display ip rout...

Страница 1613: ...E1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure MPLS basic capability and MPL...

Страница 1614: ...interface12 quit PE1 ospf 100 vpn instance vpn1 PE1 ospf 100 domain id 10 PE1 ospf 100 area 1 PE1 ospf 100 area 0 0 0 1 network 100 1 1 0 0 0 0 255 PE1 ospf 100 area 0 0 0 1 quit PE1 ospf 100 quit PE2...

Страница 1615: ...F 10 3126 100 1 1 1 Vlan12 4 Configure a sham link Configure PE 1 PE1 interface loopback 1 PE1 LoopBack1 ip binding vpn instance vpn1 PE1 LoopBack1 ip address 3 3 3 3 32 PE1 LoopBack1 quit PE1 ospf 10...

Страница 1616: ...2 Vlan11 30 1 1 0 24 OSPF 10 1574 100 1 1 2 Vlan12 100 1 1 0 24 Direct 0 0 100 1 1 1 Vlan12 100 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 12 100 1 1 2 Vlan12 127 0 0 0 8 Direct 0 0 1...

Страница 1617: ...ackbone to establish LDP LSPs z Establish MP IBGP peer relationship between the PEs to advertise VPN IPv4 routes z Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network z Con...

Страница 1618: ...PE 2 advertises the route to 100 1 1 1 32 and the AS_PATH is 100 600 PE2 terminal monitor PE2 terminal debugging PE2 debugging bgp update vpn instance vpn1 verbose PE2 refresh bgp vpn instance vpn1 a...

Страница 1619: ...10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interf...

Страница 1620: ...1 105 Reply from 200 1 1 1 bytes 56 Sequence 5 ttl 253 time 70 ms 200 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...

Страница 1621: ...Extensions 1 9 Configuring MPLS L2VPN 1 9 Configuring a VPLS Instance 1 10 Configuring an LDP VPLS Instance 1 10 Configuring a BGP VPLS Instance 1 11 Binding the VPLS Instance 1 12 Configuring VPLS A...

Страница 1622: ...erview Virtual Private LAN Service VPLS also called Transparent LAN Service TLS or virtual private switched network service can deliver a point to multipoint L2VPN service over public networks With VP...

Страница 1623: ...point to multipoint L2VPN service mechanism With QinQ the private network VLAN tags of packets are encapsulated into the public network VLAN tags allowing packets to be transmitted with two layers of...

Страница 1624: ...udes two parts z Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs A PW is up only when both of the VC LSPs are up When the inbound VC LSP learns a new MAC ad...

Страница 1625: ...a backup link becomes active and a message with the instruction of relearning MAC entries arrives a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the messag...

Страница 1626: ...service delimiter for the service provider network to identify the user The tag is called a P Tag z Ethernet access The Ethernet header of a packet upstream from the CE or downstream from the PE does...

Страница 1627: ...ket with the MPLS label for the U PW namely the multiplex distinguishing flag and then sends the packet to NPE 1 z When receiving the packet NPE 1 determines which VSI the packet belongs to by the lab...

Страница 1628: ...tion MAC address of the packet labels the packet with the VLAN tag Then it forwards the packet through the QinQ tunnel to MTU which in turn forwards the packet to the CE For packets to be exchanged be...

Страница 1629: ...List Complete the following tasks to configure VPLS Task Remarks Configuring MPLS Basic Capability Required Configuring Remote LDP Sessions Configuring BGP Extensions Required Choose either Configuri...

Страница 1630: ...w these steps to configure BGP extensions To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter VPLS address family view vpls family Required Activate a peer p...

Страница 1631: ...PN implementation the Martini mode uses extended LDP remote LDP sessions as the signaling for transferring PW information Therefore the LDP mode is also called the Martini mode 3 Specify the ID of the...

Страница 1632: ...class name Required Enable the PW switchback function and set the switchback delay time dual npe revertive wtr time wtr time Optional Disabled by default Configuring a BGP VPLS Instance Configuration...

Страница 1633: ...g the VPLS instance Configuration procedure To bind a Layer 2 Ethernet interface and one or more VLANs with a VPLS instance you need to create a service instance on the Layer 2 Ethernet interface conf...

Страница 1634: ...sulation type of the VPLS instance encapsulation bgp vpls ethernet vlan Optional vlan by default which corresponds to the VSI PW encapsulation type of tagged Set the description of the VPLS instance d...

Страница 1635: ...Available in any view Display information about one or all PW class templates display pw class pw class name Available in any view Clear the MAC address table of one or all VPLS instances reset mac ad...

Страница 1636: ...p quit Configure PE 1 to establish an LDP remote session with PE 2 PE1 mpls ldp remote peer 1 PE1 mpls ldp remote 1 remote ip 3 3 3 9 PE1 mpls ldp remote 1 quit Configure the interface connected with...

Страница 1637: ...g CE 1 create service instance 1000 to bind the interface and VLAN 100 with VPLS instance aaa and create service instance 2000 to bind the interface and VLAN 200 with VPLS instance bbb PE1 interface g...

Страница 1638: ...0 network 26 2 2 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 quit 3 Configure PE 2 Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip...

Страница 1639: ...stance bbb which uses BGP PE2 vsi bbb auto PE2 vsi bbb pwsignal bgp PE2 vsi bbb bgp route distinguisher 100 1 PE2 vsi bbb bgp vpn target 111 1 PE2 vsi bbb bgp site 11 range 12 PE2 vsi bbb bgp quit PE2...

Страница 1640: ...PW is required between NPE 1 and NPE 3 CE 3 accesses the network through NPE 3 z CE 1 and CE 3 access the UPE and NPE3 through interface GigabitEthernet 2 0 1 respectively and send the packet of VLAN...

Страница 1641: ...LS L2VPN UPE mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP UPE vsi aaa static UPE vsi aaa pwsignal ldp UPE vsi aaa ldp vsi id 500 UPE vsi aaa ldp peer 2 2 2 9 UPE vsi a...

Страница 1642: ...s ldp remote peer 2 NPE1 mpls remote 2 remote ip 1 1 1 9 NPE1 mpls remote 2 quit Configure the remote LDP session with NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls remote 3 remote ip 3 3 3 9 NPE1 mpls...

Страница 1643: ...ance 1000 NPE3 GigabitEthernet2 0 1 srv1000 encapsulation s vid 100 NPE3 GigabitEthernet2 0 1 srv1000 xconnect vsi aaa NPE3 GigabitEthernet2 0 1 srv1000 quit After completing the above configurations...

Страница 1644: ...LoopBack0 quit UPE mpls lsr id 1 1 1 1 UPE mpls UPE mpls quit UPE mpls ldp UPE mpls ldp quit Configure MPLS basic capability on the interface connected with NPE 1 UPE interface vlan interface 12 UPE V...

Страница 1645: ...mpls ldp UPE Vlan interface13 quit On the interface connected with CE 1 that is GigabitEthernet 2 0 1 create a service instance and bind the L2VPN UPE interface gigabitethernet 2 0 1 UPE GigabitEthern...

Страница 1646: ...2 remote ip 1 1 1 1 NPE1 mpls remote 2 quit Configure the remote LDP session with NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls remote 3 remote ip 4 4 4 4 NPE1 mpls remote 3 quit Configure MPLS L2VPN N...

Страница 1647: ...on of VLAN interface 15 and VLAN interface 16 is similar to the configuration of VLAN interface 12 and VLAN interface 13 on UPE The configuration procedure is omitted After completing the above config...

Страница 1648: ...with Dynamic Signaling Protocol 1 17 Configuration Prerequisites 1 17 Configuration Procedure 1 17 Configuring RSVP TE Advanced Features 1 21 Configuration Prerequisites 1 21 Configuration Procedure 1...

Страница 1649: ...Examples 1 40 MPLS TE Using Static CR LSP Configuration Example 1 40 MPLS TE Using RSVP TE Configuration Example 1 44 RSVP TE GR Configuration Example 1 50 CR LSP Backup Configuration Example 1 53 FRR...

Страница 1650: ...R LSP z RSVP TE z Traffic Forwarding z CR LSP Backup z Fast Reroute z DiffServ Aware TE z Protocols and Standards Traffic Engineering and MPLS TE Traffic engineering Network congestion is one of the m...

Страница 1651: ...traffic engineering for the following z MPLS supports explicit LSP routing z LSP routing is easy to manage and maintain compared with traditional packet by packet IP forwarding z Constraint based Rout...

Страница 1652: ...e the shortest path to each network node In MPLS TE the Constraint based Shortest Path First CSPF algorithm is used It is derived from SPF and makes calculation based on two conditions z Constraints o...

Страница 1653: ...aking preemption decision Both setup and holding priorities range from 0 to 7 with a lower numerical number indicating a higher priority For a new path to preempt an existing path the setup priority o...

Страница 1654: ...RSVP is designed for IntServ It reserves resources on each node along a path RSVP operates at the transport layer but does not participate in data transmission It is an Internet control protocol simil...

Страница 1655: ...h Figure 1 1 Diagram for make before break Figure 1 1 presents a scenario where a path Router A Router B Router C Router D is established with 30 Mbps reserved bandwidth between Router A and Router D...

Страница 1656: ...abel bindings but also routing constraints supporting CR LSP and FRR z New objects added to the Path message include LABEL_REQUEST EXPLICIT_ROUTE RECORD_ROUTE and SESSION_ATTRIBUTE z New objects added...

Страница 1657: ...hat the interface resends the message at an exponentially increased retransmission interval equivalent to 1 Delta Rf seconds 2 Summary refresh extension Send summary refreshes Srefreshes rather than r...

Страница 1658: ...GR helper and the GR restarter reestablish a Hello session before the restart timer expires the recovery timer is started and signaling packet exchanging is triggered to restore the original soft sta...

Страница 1659: ...o known as autoroute announce considers a TE tunnel as a logical interface directly connected to the destination when computing IGP routes on the ingress of the TE tunnel IGP shortcut and forwarding a...

Страница 1660: ...SP is created immediately after a primary CR LSP is created MPLS TE switches traffic to the secondary CR LSP after the primary CR LSP fails z Standard backup where a secondary CR LSP is created to tak...

Страница 1661: ...s LSP As shown in Figure 1 5 the primary LSP is Router A Router B Router C Router D Router E and the bypass LSP is Router B Router F Router D Router C is the protected device Figure 1 5 FRR node prote...

Страница 1662: ...e class level For traffic trunks which are distinguished by class of service this means varied bandwidth constraints Essentially what DS TE does is to map traffic trunks with LSPs making each traffic...

Страница 1663: ...ters Optional Configuring CR LSP Backup Optional Configuring FRR Optional Configuring MPLS TE Basic Capabilities MPLS TE basic capabilities are essential to MPLS TE feature configurations After config...

Страница 1664: ...ses the basic capabilities you configured in this section may be inadequate for the tunnel to work and you may need to make extra configurations z For information about tunnel interfaces refer to Tunn...

Страница 1665: ...ddr out label out label value bandwidth bc0 bc1 bandwidth value Create a static CR LSP on your device depending on its location in the network At the egress static cr lsp egress tunnel name incoming i...

Страница 1666: ...the IGP TE extension is not configured the CR LSP is created based on IGP routing rather than computed by CSPF Configuration Prerequisites Before making the configuration do the following z Configure...

Страница 1667: ...d by default Enter OSPF area view area area id Required Enable MPLS TE in the OSPF area mpls te enable Required Disabled by default Exit to OSPF view quit z For more information about OSPF opaque LSA...

Страница 1668: ...wide wide compatible compatible narrow compatible relax spf limit Required By default IS IS uses narrow metric style Enable IS IS TE traffic eng level 1 level 2 level 1 2 Required Disabled by default...

Страница 1669: ...hop is a strict node by default Repeat this step to define a sequential set of the hops that the explicit path traverses Modify the IP address of current node on the explicit path modify hop ip addres...

Страница 1670: ...t tunnel configuration mpls te commit Required To use RSVP TE as the signaling protocol for setting up the MPLS TE tunnel you must enable both MPLS TE and RSVP TE on the interface for the tunnel to us...

Страница 1671: ...s are reserved for senders on the same session and shared among them Follow these steps to configure RSVP reservation style To do Use the command Remarks Enter system view system view Enter MPLS TE tu...

Страница 1672: ...ing summary refreshes Follow these steps to configure RSVP refreshing mechanism To do Use the command Remarks Enter system view system view Enter interface view of MPLS TE link interface interface typ...

Страница 1673: ...e resource reservation confirmation mpls rsvp te resvconfirm Required Disabled by default z Reservation confirmation is initiated by the receiver which sends the Resv message with an object requesting...

Страница 1674: ...s Enable global RSVP hello extension mpls rsvp te hello Required Disabled by default Enable MPLS RSVP TE GR mpls rsvp te graceful restart Required Disabled by default Set the RSVP TE GR restart timer...

Страница 1675: ...ive group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together with the link administrative group it decides which...

Страница 1676: ...red Configuring CR LSP reoptimization Dynamic CR LSP optimization involves periodic calculation of paths that traffic trunks should traverse If a better route is found for an existing CR LSP a new CR...

Страница 1677: ...tunnel interface view interface tunnel tunnel number Enable the system to perform loop detection when setting up a tunnel mpls te loop detection Required Disabled by default Submit current tunnel conf...

Страница 1678: ...igned to paths for MPLS TE to make preemption decision For a new path to preempt an existing path the setup priority of the new path must be greater than the holding priority of the existing path To a...

Страница 1679: ...ugh automatic route advertisement Two approaches IGP shortcut and forwarding adjacency are available to automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs allowing traf...

Страница 1680: ...F view ospf process id Enable the IGP shortcut function enable traffic adjustment Required Disabled by default 2 Configure forwarding adjacency You need to create a bi directional MPLS TE tunnel and e...

Страница 1681: ...failed link timer z Configuring the link metric used for routing a tunnel z Configuring the traffic flow type of a tunnel Configuring the failed link timer A CSPF failed link timer starts once a link...

Страница 1682: ...nk mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used as the TE metric by default z The metric type configured in MPLS TE tunnel interface view takes priority ove...

Страница 1683: ...atically You do not need to configure them Configuring FRR As mentioned earlier Fast Reroute FRR provides quick but temporary per link or per node local protection on an LSP FRR uses bypass tunnels to...

Страница 1684: ...it current tunnel configuration mpls te commit Required Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface its corresponding LSP becomes a bypass LSP Setting up...

Страница 1685: ...of the outgoing interface of the protected LSP interface interface type interface number Bind the bypass tunnel with the protected interface mpls te fast reroute bypass tunnel tunnel tunnel number Req...

Страница 1686: ...onfigure cooperation of MPLS RSVP TE and BFD To do Use the command Remarks Enter system view system view Enter view of the interface enabled with MPLS RSVP TE interface interface type interface number...

Страница 1687: ...umber begin exclude include regular expression Available in any view Display information about RSVP requests display mpls rsvp te request interface interface type interface number begin exclude includ...

Страница 1688: ...el name Available in any view Display tunnel statistics display mpls te tunnel statistics Available in any view Display statistics about MPLS TE tunnels display mpls te tunnel interface tunnel number...

Страница 1689: ...ork requirements z Switch A Switch B and Switch C run IS IS z Establish a TE tunnel using a static CR LSP between Switch A and Switch C Figure 1 6 Set up MPLS TE tunnels using static CR LSPs Loop0 2 2...

Страница 1690: ...it SwitchC interface vlan interface 2 SwitchC Vlan interface2 isis enable 1 SwitchC Vlan interface2 quit SwitchC interface loopback 0 SwitchC LoopBack0 isis enable 1 SwitchC LoopBack0 quit Perform the...

Страница 1691: ...mpls lsr id 3 3 3 3 SwitchC mpls SwitchC mpls mpls te SwitchC mpls quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 mpls SwitchC Vlan interface2 mpls te SwitchC Vlan interface2 quit 4 C...

Страница 1692: ...h Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds ou...

Страница 1693: ...l0 30 NULL Vlan2 Up On an MPLS TE tunnel configured using a static CR LSP traffic is forwarded directly based on label at the transit nodes and egress node Therefore it is normal that the FEC field in...

Страница 1694: ...with LSR IDs as destinations Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 00 0005 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 1 Switc...

Страница 1695: ...k0 isis circuit level level 2 SwitchC LoopBack0 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 network entity 00 0005 0000 0000 0004 00 SwitchD isis 1 quit SwitchD interface...

Страница 1696: ...terface1 mpls rsvp te SwitchA Vlan interface1 quit Configure Switch B SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls mpls te cspf SwitchB mpls qui...

Страница 1697: ...interface3 mpls rsvp te SwitchD Vlan interface3 quit 4 Configure IS IS TE Configure Switch A SwitchA isis 1 SwitchA isis 1 cost style wide SwitchA isis 1 traffic eng level 2 SwitchA isis 1 quit Config...

Страница 1698: ...4 4 9 Tunnel protocol transport CR_LSP Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes...

Страница 1699: ...k Number 6 Id MPLS LSR Id IGP Process Id Area Link Count 1 3 3 3 9 ISIS 1 Level 2 2 2 2 2 2 9 ISIS 1 Level 2 2 3 4 4 4 9 ISIS 1 Level 2 1 4 1 1 1 9 ISIS 1 Level 2 1 7 Create a static route for routing...

Страница 1700: ...erface 1 SwitchA Vlan interface1 mpls SwitchA Vlan interface1 mpls te SwitchA Vlan interface1 mpls rsvp te SwitchA Vlan interface1 mpls rsvp te hello SwitchA Vlan interface1 quit Configure Switch B Sw...

Страница 1701: ...e RSVP TE GR Configure Switch A SwitchA system view SwitchA mpls SwitchA mpls mpls rsvp te graceful restart Configure Switch B SwitchB system view SwitchB mpls SwitchB mpls mpls rsvp te graceful resta...

Страница 1702: ...2 2 9 32 Switch C Loop0 3 3 3 9 32 Vlan int1 10 1 1 2 24 Vlan int2 20 1 1 2 24 Vlan int2 20 1 1 1 24 Vlan int3 40 1 1 2 24 Configuration procedure 1 Assign IP addresses and masks to interfaces see Fig...

Страница 1703: ...ion 3 3 3 9 SwitchA Tunnel1 mpls te tunnel id 10 Enable hot LSP backup SwitchA Tunnel1 mpls te backup hot standby SwitchA Tunnel1 mpls te commit SwitchA Tunnel1 quit Perform the display interface tunn...

Страница 1704: ...1 1 Hop 1 30 1 1 2 Hop 2 4 4 4 9 Hop 3 40 1 1 1 Hop 4 40 1 1 2 Hop 5 3 3 3 9 Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination Swit...

Страница 1705: ...Switch D use FRR to protect the link Switch B Switch C and use BFD to detect the status of link Switch B Switch C Do the following z Create a bypass LSP that traverses the path Switch B Switch E Swit...

Страница 1706: ...oop0 2 2 2 2 32 ISIS 15 10 2 1 1 2 Vlan1 3 1 1 0 24 ISIS 15 20 2 1 1 2 Vlan1 3 2 1 0 24 ISIS 15 20 2 1 1 2 Vlan1 3 3 1 0 24 ISIS 15 30 2 1 1 2 Vlan1 3 3 3 3 32 ISIS 15 20 2 1 1 2 Vlan1 4 1 1 0 24 ISIS...

Страница 1707: ...h A and configurations on Switch C are similar to those on Switch B 4 Create an MPLS TE tunnel on Switch A the headend of the primary LSP Create an explicit path for the primary LSP SwitchA explicit p...

Страница 1708: ...ommand on Switch A to verify the configuration of the tunnel interface SwitchA display mpls te tunnel interface Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc CR LSP is Up Tunnel...

Страница 1709: ...15 SwitchB Tunnel5 mpls te path explicit path by path preference 1 Configure the bandwidth that the bypass tunnel protects SwitchB Tunnel5 mpls te backup bandwidth 10000 SwitchB Tunnel5 mpls te commi...

Страница 1710: ...d Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan1 Tunnel4 SwitchB display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan1 Vlan2 Tunnel4 2 2 2 2 1 3 3 3 3 Vlan4 Tunnel5 Swit...

Страница 1711: ...pe Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 6 Verify the FRR function Shut down the protected outgoing interface on PLR SwitchB interface vlan interface 2 SwitchB Vlan...

Страница 1712: ...e Pinning Disabled Retry Limit 5 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected V...

Страница 1713: ...icy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status Up If you perform the display mpls te tunnel interface command immediately after an FRR protection switch you are...

Страница 1714: ...hB mpls quit Bring the protected outgoing interface up on PLR SwitchB interface vlan interface 2 SwitchB Vlan interface2 undo shutdown Sep 7 09 01 31 2004 SwitchB IFNET 5 UPDOWN Line protocol on the i...

Страница 1715: ...lication in VPN Configuration procedure 1 Configure OSPF ensuring that PE 1 and PE 2 can learn LSR ID routes from each other Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip ad...

Страница 1716: ...lan interface2 s neighbors Router ID 3 3 3 3 Address 10 0 0 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR None BDR None Dead timer due in 30 sec Neighbor is up for 00 01 00 Authenticat...

Страница 1717: ...mpls te cspf PE2 mpls quit PE2 interface vlan interface 2 PE2 Vlan interface2 mpls te PE2 Vlan interface2 quit PE2 ospf PE2 ospf 1 opaque capability enable PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 m...

Страница 1718: ...on each PE and bind it to the interface connected to the CE Configure on CE 1 CE1 interface vlan interface 1 CE1 Vlan interface1 ip address 192 168 1 2 255 255 255 0 CE1 Vlan interface1 quit Configur...

Страница 1719: ...ctivity For example ping CE 1 on PE 1 PE1 ping vpn instance vpn1 192 168 1 2 PING 192 168 1 2 56 data bytes press CTRL_C to break Reply from 192 168 1 2 bytes 56 Sequence 1 ttl 255 time 47 ms Reply fr...

Страница 1720: ...n see that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached the established state Take PE 1 for example PE1 bgp display bgp peer BGP local router ID 2 2...

Страница 1721: ...s 192 168 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 35 48 74 ms The sample output shows that CE 1 and CE 2 can reach each other 7 Verify th...

Страница 1722: ...POP Perform the display interface tunnel command on PE 1 You can see that traffic is being forwarded along the CR LSP of the TE tunnel PE1 display interface tunnel 1 Tunnel1 current state UP Line prot...

Страница 1723: ...OSPF neighbor must reach the FULL state Solution 1 Perform the display current configuration command to check that MPLS TE is configured on involved interfaces 2 Perform the debugging ospf mpls te co...

Страница 1724: ...scribes z QoS overview z QoS policy configuration z Priority mapping configuration z Traffic policing Configuration z Traffic shaping Configuration z Line rate configuration z Congestion management z...

Страница 1725: ...iew 3 1 Introduction to Priority Mapping 3 1 Priority Mapping Tables 3 1 Priority Trust Mode on a Port 3 2 Priority Mapping Procedure 3 2 Priority Mapping Configuration Tasks 3 3 Configuring Priority...

Страница 1726: ...WRED Configuration Approaches 6 2 Introduction to WRED Parameters 6 2 Configuring WRED on an Interface 6 2 Configuration Procedure 6 3 Configuration Example 6 3 Displaying and Maintaining WRED 6 3 7...

Страница 1727: ...Example 11 2 12 QoS in an EPON System 4 QoS in an EPON System 4 QoS Functions for Uplink Traffic 4 QoS Functions for Downlink Traffic 5 Configuring QoS in an EPON System 6 QoS Configuration Task List...

Страница 1728: ...packet loss rate The network resources are always scarce QoS requirements exist on any occasion where traffic flows contend for network resources QoS is a relative concept for traffic flows that is g...

Страница 1729: ...tify and guarantee QoS for each data flow and provides the most granularly differentiated QoS However the Inter Serv model imposes extremely high requirements on devices In a network with heavy data t...

Страница 1730: ...directions of a port When a flow exceeds the specification some restriction or punishment measures can be taken to prevent overconsumption of network resources z Traffic shaping proactively adjusts th...

Страница 1731: ...ring QoS policies A QoS policy defines what QoS actions to take on what class of traffic for purposes such as traffic shaping or traffic policing Before configuring a QoS policy be familiar with these...

Страница 1732: ...rator and or Required By default the relationship between match criteria is AND Configure match criteria if match match criteria Required match criteria Match criterion Table 2 1 shows the available c...

Страница 1733: ...or a word representing the specific value For the number to word mapping see Table 13 21 ip precedence ip precedence list Match IP precedence The ip precedence list is a list of up to eight IP precede...

Страница 1734: ...erencing the class cannot be applied to interfaces successfully z customer dot1p 8021p list z destination mac mac address z dscp dscp list z ip precedence ip precedence list z service dot1p 8021p list...

Страница 1735: ...havior associations if the action of creating an outer VLAN tag the action of setting customer network VLAN ID or the action of setting service provider network VLAN ID is configured in a traffic beha...

Страница 1736: ...nd Settings in interface view take effect on the current interface settings in port group view take effect on all ports in the port group Apply the policy to the interface port group qos apply policy...

Страница 1737: ...tive by default z If a user profile is active the QoS policy except ACLs referenced in the QoS policy applied to it cannot be configured or removed If the user profile is being used by online users th...

Страница 1738: ...red with data plane units they allow for great packet processing flexibility but have lower throughput When the data plane receives packets that it cannot recognize or process it transmits them to the...

Страница 1739: ...splay traffic class information display traffic classifier user defined tcl name Available in any view Display traffic behavior configuration information display traffic behavior user defined behavior...

Страница 1740: ...any view Display information about pre defined control plane QoS policies on a distributed IRF device display qos policy control plane pre defined chassis chassis number slot slot number Available in...

Страница 1741: ...sions Packets with the highest drop precedence are dropped preferentially When a packet enters the device from a port the device assigns a set of QoS priority parameters to the packet based on a certa...

Страница 1742: ...ority of the packet for priority mapping table lookup The priority mapping procedure varies with the priority modes as described in the next section Priority Mapping Procedure Priority Mapping Procedu...

Страница 1743: ...riority marking is configured the device performs priority marking before priority mapping and then uses the re marked packet carried priority for priority mapping or directly uses the re marked sched...

Страница 1744: ...to EXP priority mapping table dot1p exp and the EXP to 802 1p priority mapping table exp dot1p are available only for the EB and SD cards Configuring the Priority Trust Mode on a Port Follow these ste...

Страница 1745: ...ort group manual port group name Use either command Settings in interface view take effect on the current interface settings in port group view take effect on all ports in the port group Configure the...

Страница 1746: ...to GigabitEthernet 2 0 3 of Device which sets the 802 1p priority of traffic from the management department to 5 Configure port priority 802 1p to local priority mapping table and priority marking to...

Страница 1747: ...gabitEthernet2 0 1 quit Set the port priority of GigabitEthernet 2 0 2 to 4 Device interface gigabitethernet 2 0 2 Device GigabitEthernet2 0 2 qos priority 4 Device GigabitEthernet2 0 2 quit Set the p...

Страница 1748: ...vior admin quit Device qos policy admin Device qospolicy admin classifier http behavior admin Device qospolicy admin quit Device interface gigabitethernet 2 0 3 Device GigabitEthernet2 0 3 qos apply p...

Страница 1749: ...it it is shaped or policed to ensure that it is under the specifications Generally token buckets are used to evaluate traffic specifications Traffic Evaluation and Token Buckets Token bucket features...

Страница 1750: ...e allowed by the E bucket z Excess burst size EBS Size of the E bucket that is transient burst of traffic that the E bucket can forward CBS and EBS are carried by two different token buckets In each e...

Страница 1751: ...ing traffic and forwarding it Traffic Shaping Traffic shaping supports shaping traffic to the outgoing traffic Traffic shaping provides measures to adjust the rate of outbound traffic actively A typic...

Страница 1752: ...his way all the traffic sent to Switch B conforms to the traffic specification defined in Switch B Line Rate Line rate supports rate limiting traffic in the outbound direction The line rate of a physi...

Страница 1753: ...packets on a port using line rate is easier Configuring Traffic Policing Configuration Procedure Follow these steps to configure traffic policing To do Use the command Remarks Enter system view syste...

Страница 1754: ...2 kbps and drop the exceeding traffic Enter system view Sysname system view Configure advanced ACL 3000 to match HTTP traffic Sysname acl number 3000 Sysname acl adv 3000 rule permit tcp destination p...

Страница 1755: ...queue qos gts queue queue number cir committed information rate cbs committed burst size Required z On SC SA and EA LPUs the granularity of GTS is 64 kbps z On SD and EB LPUs the granularity of GTS i...

Страница 1756: ...r interface interface type interface number Available in any view Configuration Example Limit the outbound line rate of GigabitEthernet 2 0 1 to 512 kbps Enter system view Sysname system view Enter in...

Страница 1757: ...4 9...

Страница 1758: ...ows two common cases Figure 5 1 Traffic congestion causes 100M 10M 100M 10M 50M 100M 100M 100M 100M 50M 10M 10M 1 2 Congestion may bring these negative results z Increased delay and jitter during pack...

Страница 1759: ...es numbered 7 to 0 in descending priority order SP queuing schedules the eight queues strictly according to the descending order of priority It sends packets in the queue with the highest priority fir...

Страница 1760: ...advantage of WRR queuing is that while the queues are scheduled in turn the service time for each queue is not fixed that is if a queue is empty the next queue will be scheduled immediately This impro...

Страница 1761: ...port currently with the precedence being 0 1 2 3 and 4 and the minimum guaranteed bandwidth being 128 kbps 128 kbps 128 kbps 64 kbps and 64 kbps respectively z The assignable bandwidth 10 Mbps 128 kb...

Страница 1762: ...in port group view take effect on all ports in the port group Configure SP queuing qos sp Optional The default queuing algorithm on an interface is SP queuing Display SP queuing configuration display...

Страница 1763: ...h their weights being 1 3 3 5 8 8 10 and 15 2 Configuration procedure Enter system view Sysname system view Configure WRR queuing on GigabitEthernet 2 0 1 Sysname interface gigabitethernet 2 0 1 Sysna...

Страница 1764: ...nteed bandwidth and scheduling weight configurations z The EA cards support both configurations too but the scheduling weight for each queue can only be 1 z The SA cards support only the scheduling we...

Страница 1765: ...work requirements z Configure to adopt SP WRR queue scheduling algorithm on GigabitEthernet2 0 1 z Configure queue 0 queue 1 queue 2 and queue 3 on GigabitEthernet2 0 1 to be in SP queue scheduling gr...

Страница 1766: ...figuration information display qos wrr interface interface type interface number Display SP queue configuration information display qos sp interface interface type interface number Display WFQ queue c...

Страница 1767: ...the flow control mechanism at the source end can maximize throughput and utilization rate of the network and minimize packet loss and delay Traditional packet drop policy The traditional packet drop p...

Страница 1768: ...When the average queue size is between the lower threshold and the upper threshold packets are dropped randomly The longer a queue the higher the drop probability When the average queue size exceeds...

Страница 1769: ...fect on all ports in the port group Apply the WRED table qos wred apply table name Required Configuration Example Network requirements Apply a queue based WRED table to port GigabitEthernet 2 0 1 Conf...

Страница 1770: ...6 4...

Страница 1771: ...to configure traffic filtering To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl name operator and or Configure the match criteria...

Страница 1772: ...ds for the traffic filtering action for the inbound and outbound traffic For line card categories and their description refer to the 3Com S7900E Family Getting Started Guide Table 7 1 Support of line...

Страница 1773: ...match acl 3000 DeviceA classifier classifier_1 quit Create a behavior named behavior_1 and configure the traffic filtering action for the behavior DeviceA traffic behavior behavior_1 DeviceA behavior...

Страница 1774: ...change its transmission priority in the network To configure priority marking you can associate a class with a behavior configured with the priority marking action to set the priority fields or flag b...

Страница 1775: ...a policy and enter policy view qos policy policy name Associate the class with the traffic behavior in the QoS policy classifier tcl name behavior behavior name Exit policy view quit To an interface...

Страница 1776: ...orted Not supported Supported Not supported Remarking the local precedence for packets Supported Not supported Supported Not supported Supported Not supported Remarking the specified QoS local ID for...

Страница 1777: ...Device z The data server mail server and file server are connected to GigabitEthernet 2 0 2 of Device Configure priority marking on Device to satisfy the following requirements Traffic source Destinat...

Страница 1778: ...server if match acl 3002 Device classifier classifier_fserver quit Create a behavior named behavior_dbserver and configure the action of setting the local precedence value to 4 for the behavior Device...

Страница 1779: ...S local ID create a class to match the QoS local ID and associate this class with the traffic policing action The configuration procedure is as follows Create ACL 2000 to match packets with source IP...

Страница 1780: ...ssociate class class_b with behavior behavior_b Sysname qos policy car_policy Sysname qospolicy car_policy classifier class_a behavior behavior_a Sysname qospolicy car_policy classifier class_b behavi...

Страница 1781: ...ecting traffic to the next hop redirects packets which require processing by an interface to the interface This action is applicable to only Layer 3 packets Configuring Traffic Redirecting Follow thes...

Страница 1782: ...edirecting action can be applied only to the incoming traffic z To implement QoS policy routing successfully ensure that the next hop address specified in the redirect action exist and the outgoing in...

Страница 1783: ...You have determined the traffic behavior to reference the aggregation CAR Configuration procedure Follow these steps to reference an aggregation CAR in a traffic behavior To do Use the command Remarks...

Страница 1784: ...to rate limit the traffic of VLAN 10 and VLAN 100 received on GigabitEthernet 2 0 1 using these parameters CIR is 256 kbps CBS is 2000 bytes and the action for red packets is discard Configure an aggr...

Страница 1785: ...vior 2 Sysname qos policy car Sysname qospolicy car classifier 1 behavior 1 Sysname qospolicy car classifier 2 behavior 2 Sysname qospolicy car quit Apply the QoS policy to the incoming traffic of Gig...

Страница 1786: ...e steps to configure class based accounting To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl name operator and or Configure the ma...

Страница 1787: ...dress 1 1 1 1 DeviceA system view DeviceA acl number 2000 DeviceA acl basic 2000 rule permit source 1 1 1 1 0 DeviceA acl basic 2000 quit Create a class named classifier_1 and reference ACL 2000 in th...

Страница 1788: ...configuration DeviceA display qos policy interface gigabitethernet 2 0 1 Interface GigabitEthernet2 0 1 Direction Inbound Policy policy Classifier classifier_1 Operator AND Rule s If match acl 2000 Be...

Страница 1789: ...cy z Configuring the ONU to perform traffic policing for uplink traffic of a UNI z Configuring the UNI to tag the uplink 802 1q untagged traffic with the default VLAN tag and adding the UNI priority t...

Страница 1790: ...gns to the ONU z Configuring high priority packet buffer for downlink traffic that the OLT sends to the specified ONU Processing on an ONU z Filtering the packets matching certain match criteria accor...

Страница 1791: ...Trust Mode on a Port Configure traffic policing for uplink traffic of all ONUs through QoS Configuring Traffic Policing Configure QoS for uplink traffic Configure congestion management on the uplink...

Страница 1792: ...e Modify the priority mapping on the OLT port Follow these steps to modify the 802 1p to local mapping on the OLT port To do Use the command Remarks Enter system view system view Enter OLT port view i...

Страница 1793: ...r ONU port view interface interface type interface number Reserve high priority buffer for the current ONU bandwidth downstream high priority enable Optional By default the OLT reserves no high priori...

Страница 1794: ...fer size of the OLT port and that of the downlink bandwidth limit take effect only when the downlink bandwidth allocation policy is enabled z The configured downlink bandwidth limitation takes effect...

Страница 1795: ...refer to Table 12 4 Table 12 4 Relationship between VLAN operation modes and priority remarking VLAN operation mode With or without VLAN tag Packet processing With VLAN tag z In the case of traffic c...

Страница 1796: ...in the tag does not match any VLAN translation entry on the port The packet is dropped Translation mode Without VLAN tag The packet is tagged with the VLAN tag corresponding to the default PVID of th...

Страница 1797: ...fic classification rule is the same as the priority of the UNI the traffic classification rule will not take effect Priority remarking based on VLAN ID The configuration of VLAN ID based priority rema...

Страница 1798: ...for both UNI 1 and UNI 2 z Configure priority remarking for UNI 1 Remark tagged packets sourced from the MAC address of 000A EB7F AAAB with CoS 3 precedence z Configure priority remarking for UNI 2 R...

Страница 1799: ...uni 1 classification marking index 1 queue 3 priority 3 src mac equal 000A EB7F AAAB Sysname Onu3 0 1 1 uni 2 classification marking index 1 queue 1 priority 1 src mac equal 001B EB7F 21AC After the...

Страница 1800: ...lass Based Weighted Fair Queuing CE Customer Edge CIR Committed Information Rate CQ Custom Queuing DAR Deeper Application Recognition DiffServ Differentiated Service DSCP Differentiated Services Codep...

Страница 1801: ...Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection Appendix B Default Priority Mapping Tables Uncolored Priority Mapping Tables z Some devices support four forwarding classes and...

Страница 1802: ...default dscp lp dscp dp dscp dot1p and dscp exp priority mapping tables Input priority value dscp lp mapping dscp dp mapping dscp dot1p mapping dscp exp mapping DSCP Local precedence lp Drop preceden...

Страница 1803: ...0 0 2 16 0 1 3 24 0 1 4 32 0 2 5 40 0 2 6 48 0 2 7 56 0 2 Table 13 6 The default lp dot1p and lp dscp priority mapping tables Input priority value lp dot1p mapping lp dscp mapping Local precedence lp...

Страница 1804: ...lp mappin g up rpr mappin g up fc 4 mappin g up fc 8 mappin g User precede nce up 802 1p priority dot1p DSCP EXP Drop precede nce dp Local precede nce lp RPR fc 4 fc 8 0 0 0 0 0 2 0 0 0 1 1 8 1 0 0 0...

Страница 1805: ...nd dscp lp priority mapping tables for yellow packets Input priority value dscp dot1p mapping dscp dp mapping dscp exp mapping dscp lp mapping DSCP of yellow packets 802 1p priority dot1p Drop precede...

Страница 1806: ...cp priority mapping tables for green packets Input priority value exp dp mapping exp dscp mapping EXP of green packets Drop precedence dp DSCP 0 0 0 1 0 8 2 0 16 3 0 24 4 0 32 5 0 40 6 0 48 7 0 56 Tab...

Страница 1807: ...put priority value lp dp mapping lp dot1p mapping lp dscp mapping Local precedence lp of green packets Drop precedence dp 802 1p priority dot1p DSCP 0 0 1 0 1 0 2 8 2 0 0 16 3 0 3 24 4 0 4 32 5 0 5 40...

Страница 1808: ...d packets Drop precedence dp 802 1p priority dot1p DSCP 0 2 1 0 1 2 2 8 2 2 0 16 3 2 3 24 4 2 4 32 5 2 5 40 6 2 6 48 7 2 7 56 Table 13 19 The default up dscp priority mapping table for green yellow re...

Страница 1809: ...le 13 20 Description on IP precedence IP precedence decimal IP precedence binary Description 0 000 Routine 1 001 priority 2 010 immediate 3 011 flash 4 100 flash override 5 101 critical 6 110 internet...

Страница 1810: ...ID two bytes in length whose value is 0x8100 and the tag control information TCI two bytes in length Figure 13 3 presents the format of the 802 1Q tag header The Priority field in the 802 1Q tag heade...

Страница 1811: ...13 12 EXP Values The EXP field lies in MPLS labels and is used for QoS Figure 13 4 MPLS label structure As shown in Figure 13 4 the EXP field is 3 bits long and ranges from 0 to 7...

Страница 1812: ...er Profile Overview 1 1 User Profile Configuration Task List 1 1 Creating a User Profile 1 2 Configuration Prerequisites 1 2 Creating a User Profile 1 2 Configuring a User Profile 1 2 Enabling a User...

Страница 1813: ...profile is applicable to restricting online users access if no users are online no user access no users pass the authentication or users have logged out user profile does not take effect as it is a p...

Страница 1814: ...er profile already exists you will directly enter the corresponding user profile view The configuration made in user profile view takes effect when the user profile is enabled and a user using the use...

Страница 1815: ...ofile A created user profile takes effect only after being enabled Follow these steps to enable a user profile To do Use the command Remarks Enter system view system view Enable a user profile user pr...

Страница 1816: ...1X configuration z 802 1X Guest VLAN configuration MAC Authentication MAC authentication provides a way for authenticating users based on ports and MAC addresses it requires no client software to be...

Страница 1817: ...FTP Client Public Key This document describes Public Key Configuration ACL An ACL is used for identifying traffic based on a series of preset matching criteria This document describes z ACL overview a...

Страница 1818: ...thods for an ISP Domain 1 17 Configuring AAA Accounting Methods for an ISP Domain 1 19 Configuring Local User Attributes 1 21 Configuring User Group Attributes 1 22 Tearing down User Connections Forci...

Страница 1819: ...Related to the Data Sent to HWTACACS Server 1 38 Specifying the Source IP Address for HWTACACS Packets to be Sent 1 39 Setting Timers Regarding HWTACACS Servers 1 39 Displaying and Maintaining HWTACA...

Страница 1820: ...z Introduction to AAA z Introduction to RADIUS z Introduction to HWTACACS z Domain Based User Management z Protocols and Standards z AAA Configuration Task List z Configuring AAA z Configuring RADIUS...

Страница 1821: ...ding the service type start and end time and traffic In this way accounting can be used for not only charging but also network security surveillance You can use AAA to provide only one or two security...

Страница 1822: ...r example rejecting or accepting the user access request to the clients In general the RADIUS server maintains three databases namely Users Clients and Dictionary as shown in Figure 1 2 Figure 1 2 RAD...

Страница 1823: ...orization information If the authentication fails it returns an Access Reject message 4 The RADIUS client permits or denies the user according to the returned authentication result If it permits the u...

Страница 1824: ...sponse 4 Accounting Request From the client to the server A packet of this type carries user information for the server to start stop accounting for the user It contains the Acct Status Type attribute...

Страница 1825: ...s Its format and content depend on the Type and Length fields Table 1 2 RADIUS attributes No Attribute No Attribute 1 User Name 45 Acct Authentic 2 User Password 46 Acct Session Time 3 CHAP Password 4...

Страница 1826: ...nt Auth id 44 Acct Session Id 91 Tunnel Server Auth id z The attribute types listed in Table 1 2 are defined by RFC 2865 RFC 2866 RFC 2867 and RFC 2868 z For information about commonly used standard R...

Страница 1827: ...e implementing AAA using a client server model using shared keys for user information security and having good flexibility and extensibility Meanwhile they also have differences as listed in Table 1 3...

Страница 1828: ...rization response indicating successful authorization 14 The user logs in successfully 15 Start accounting request 16 Accounting response indicating the start of accounting 17 The user logs off 18 Sto...

Страница 1829: ...WTACACS server 19 The HWTACACS server sends back a stop accounting response indicating that the stop accounting request has been received Domain Based User Management An Internet service provider ISP...

Страница 1830: ...guration in the Security Volume Login such as SSH Telnet FTP and terminal SSH2 0 Configuration in the Security Volume FTP and TFTP Configuration in the IP Services Volume Portal Portal Configuration i...

Страница 1831: ...sers it is necessary to configure the authentication mode for logging into the user interface as scheme For detailed information refer to Login Configuration of the System Volume AAA Configuration Tas...

Страница 1832: ...rs Optional Configuring Attributes Related to Data to Be Sent to the RADIUS Server Optional Enabling the RADIUS Trap Function Optional Specifying the Source IP Address for RADIUS Packets to Be Sent Op...

Страница 1833: ...ssword structure service type and rights you need to configure ISP domains to distinguish the users In addition you need to configure different AAA methods for the ISP domains For the NAS each user be...

Страница 1834: ...lt an ISP domain has no default authorization user profile A self service RADIUS server for example Intelligent Management Center iMC is required for the self service server localization function to w...

Страница 1835: ...access mode and service type limiting the authentication protocols that can be used for access z Determine whether to configure an authentication method for all access modes or service types Follow t...

Страница 1836: ...o switch the privilege level to 3 the system uses enab3 aaa for authentication when the domain name is required and uses enab3 for authentication when the domain name is not required Configuring AAA A...

Страница 1837: ...an ISP domain To do Use the command Remarks Enter system view system view Enter ISP domain view domain isp name Specify the default authorization method for all types of users authorization default hw...

Страница 1838: ...AAA accounting is a separate process at the same level as authentication and authorization Its responsibility is to send accounting start update end requests to the specified accounting server Account...

Страница 1839: ...al The default accounting method is used by default z With the accounting optional command configured a user that would be otherwise disconnected can still use the network resources even when no accou...

Страница 1840: ...assword display mode for all local users local user password display mode auto cipher force Optional auto by default indicating to display the password of a local user in the way indicated by the pass...

Страница 1841: ...HWTACACS authentication the commands that a login user can use after logging in depend on the level of the user With other authentication methods which commands are available depends on the level of t...

Страница 1842: ...nections at present Tear down AAA user connections forcibly on a distributed IRF device cut connection all domain isp name ucibindex ucib index user name user name chassis chassis number slot slot num...

Страница 1843: ...RF device display local user idle cut disable enable service type ftp lan access portal ssh telnet terminal state active block user name user name vlan vlan id chassis chassis number slot slot number...

Страница 1844: ...cheme can be referenced by more than one ISP domain at the same time Specifying the RADIUS Authentication Authorization Servers Follow these steps to specify the RADIUS authentication authorization se...

Страница 1845: ...use IP addresses of the same IP version Specifying the RADIUS Accounting Servers and Relevant Parameters Follow these steps to specify the RADIUS accounting servers and perform related configurations...

Страница 1846: ...smission attempts on the device allowing the device to disconnect a user when the number of accounting request transmission attempts for the user reaches the limit but it still receives no response to...

Страница 1847: ...ault z The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75 z Refer to the timer response timeout command i...

Страница 1848: ...and Remarks Enter system view system view Enter RADIUS scheme view radius scheme radius scheme name Set the status of the primary RADIUS authentication authorization server state primary authenticatio...

Страница 1849: ...sername is sent without the ISP domain name do not apply the RADIUS scheme to more than one ISP domain Otherwise users using the same username but in different ISP domains will be considered the same...

Страница 1850: ...device can enable the following three timers z RADIUS server response timeout response timeout If a NAS receives no response from the RADIUS server in a period of time after sending a RADIUS request...

Страница 1851: ...product of the two parameters cannot exceed 30 seconds For detailed information about timeout time of a specific access module refer to the corresponding part in the Access Volume z To configure the...

Страница 1852: ...s attribute 25 to a RADIUS client However the RFC only requires the RADIUS client to send the attribute to the accounting server it does not require the RADIUS client to resolve the attribute Currentl...

Страница 1853: ...ot slot number Available in user view Display information about buffered stop accounting requests that get no responses on a distributed device display stop accounting buffer radius scheme radius serv...

Страница 1854: ...atter whether there are users online or not This is different from RADIUS Creating an HWTACACS scheme The HWTACACS protocol is configured on a per scheme basis Before performing other HWTACACS configu...

Страница 1855: ...ntication servers are specified the secondary one is used when the primary one is not reachable z The IP addresses of the primary and secondary authentication servers cannot be the same Otherwise the...

Страница 1856: ...ets is using it Specifying the HWTACACS Accounting Servers Follow these steps to specify the HWTACACS accounting servers and perform related configurations To do Use the command Remarks Enter system v...

Страница 1857: ...ckets exchanged between them and a shared key to verify the packets Only when the same key is used can they properly receive the packets and make responses Follow these steps to set the shared key for...

Страница 1858: ...o be sent if the physical port for sending the HWTACACS packets fails response packets from the server will be able to arrive at the NAS Follow these steps to specify the source IP address for HWTACAC...

Страница 1859: ...nformation or statistics of the specified or all HWTACACS schemes on a distributed device display hwtacacs hwtacacs server name statistics slot slot number Available in any view Display configuration...

Страница 1860: ...t Switch Telnet user Authentication Accounting server 10 1 1 1 24 Configuration procedure Configure the IP addresses of the interfaces omitted Enable the Telnet server on the switch Switch system view...

Страница 1861: ...nting default hwtacacs scheme hwtac When telneting into the switch a user enters username userid bbb for authentication using domain bbb AAA for Telnet Users by Separate Servers Network requirements A...

Страница 1862: ...uthorization expert Switch hwtacacs hwtac user name format without domain Switch hwtacacs hwtac quit Configure the RADIUS scheme Switch radius scheme rd Switch radius rd primary accounting 10 1 1 1 18...

Страница 1863: ...erver to expert and specify that a username sent to the RADIUS server carries the domain name The RADIUS server provides different user services according to the domain names Figure 1 11 Configure AAA...

Страница 1864: ...management Log into the iMC management platform select the User tab and select Access User View Device Mgmt User from the navigation tree to enter the Device Management User page Then click Add to ent...

Страница 1865: ...ure the IP address of VLAN interface 3 through which the switch access the server Switch interface vlan interface 3 Switch Vlan interface3 ip address 10 1 1 2 255 255 255 0 Switch Vlan interface3 quit...

Страница 1866: ...p bbb authentication login radius scheme rad Switch isp bbb authorization login radius scheme rad Switch isp bbb accounting login radius scheme rad Switch isp bbb quit When using SSH to log in a user...

Страница 1867: ...message exchange and specify that usernames sent to the HWTACACS server carry no domain name Configure the domain to use the HWTACACS scheme hwtac for user privilege level switching authentication z C...

Страница 1868: ...it Create ISP domain bbb Switch domain bbb Configure the ISP domain to use local authentication for Telnet users Switch isp bbb authentication login local Configure to use HWTACACS scheme hwtac for pr...

Страница 1869: ...enter the user interface of the switch and access all level 0 commands Switch telnet 192 168 1 70 Trying 192 168 1 70 Press CTRL K to abort Connected to 192 168 1 70 Copyright c 2004 2009 3Com Corp a...

Страница 1870: ...ation Switch super 3 Password Enter the password for HWTACACS privilege level switching authentication Error Invalid configuration or no response from the authentication server Info Change authenticat...

Страница 1871: ...d link layers 2 The IP address of the RADIUS server is correctly configured on the NAS 3 UDP ports for authentication authorization accounting configured on the NAS are the same as those configured on...

Страница 1872: ...o be configured for the user 11 Filter ID Name of the filter list 12 Framed MTU Maximum transmission unit MTU for the data link between the user and NAS For example with 802 1X EAP authentication NAS...

Страница 1873: ...on 61 NAS Port Type Type of the physical port of the NAS that is authenticating the user which can be z 15 Ethernet z 16 Any type of ADSL z 17 Cable with cable for cable TV z 201 VLAN z 202 ATM If the...

Страница 1874: ...Trigger Function 1 17 Enabling the Unicast Trigger Function 1 17 Specifying a Mandatory Authentication Domain for a Port 1 18 Enabling the Quiet Timer Function 1 18 Enabling the Re Authentication Func...

Страница 1875: ...vices that fail to pass the authentication are denied access to the LAN The port security feature provides rich security modes that combine or extend 802 1X and MAC address authentication In a network...

Страница 1876: ...between the client device and authentication server z Between the client and the device EAP protocol packets are encapsulated using EAPOL to be transferred on the LAN z Between the device and the RADI...

Страница 1877: ...rts to access the network without authentication z unauthorized force Places the port in the unauthorized state denying any access requests from users of the ports z auto Places the port in the unauth...

Страница 1878: ...client and a device z Length Length of the data that is length of the Packet body field in bytes If the value of this field is 0 no subsequent data field is present z Packet body Content of the packe...

Страница 1879: ...e EAP Message The EAP Message attribute is used to encapsulate EAP packets Figure 1 6 shows its encapsulation format The value of the Type field is 79 The String field can be up to 253 bytes If the EA...

Страница 1880: ...ggering mode The device multicasts EAP Request Identify packets periodically every 30 seconds by default to clients z Unicast triggering mode The device deems that a new user is attached to itself upo...

Страница 1881: ...entity packet it encapsulates the username in an EAP Response Identity packet and sends the packet to the device 5 Upon receiving the EAP Response Identity packet the device relays the packet in a RAD...

Страница 1882: ...s gone offline and performs the necessary operations guaranteeing that the device always knows when a client goes offline 12 The client can also send an EAPOL Logoff packet to the device to go offline...

Страница 1883: ...rmation from the client to the RADIUS server for authentication 802 1X Access Control Method 3Com devices not only implement the port based access control method defined in the 802 1X protocol but als...

Страница 1884: ...e client is offline z Quiet timer quiet period When a client fails the authentication the device refuses further authentication requests from the client in this period of time z Periodic re authentica...

Страница 1885: ...a port that uses the port based access control method With PGV configured on a port if no user initiates authentication on the port in a certain period of time 90 seconds by default the port will be a...

Страница 1886: ...ils the authentication the port stays in the Auth Fail VLAN If the user passes the authentication successfully the port leaves the Auth Fail VLAN and z If the authentication server assigns a VLAN the...

Страница 1887: ...cifying a Mandatory Authentication Domain for a Port Optional Enabling the Quiet Timer Function Optional Enabling the Re Authentication Function Optional Configuring a Guest VLAN Optional Configuring...

Страница 1888: ...The defaults are as follows 15 seconds for the handshake timer 60 seconds for the quiet timer 3600 seconds for the periodic re authentication timer 100 seconds for the server timeout timer 30 seconds...

Страница 1889: ...users for the port dot1x max user user number Optional 1024 by default Note that z Enabling 802 1X on a port is mutually exclusive with adding the port to an aggregation group and adding the port to a...

Страница 1890: ...need to disable the online user handshake function on the device otherwise the device will tear down the connections with such online users for not receiving handshake responses Enabling the Proxy Det...

Страница 1891: ...authentication This function is used for clients that cannot initiate authentication unsolicitedly Follow these steps to configure the multicast trigger function To do Use the command Remarks Enter sy...

Страница 1892: ...or the port dot1x mandatory domain domain name Required Not specified by default Enabling the Quiet Timer Function After the quiet timer is enabled on the device when a client fails 802 1X authenticat...

Страница 1893: ...the access port you are recommended to configure different VLAN IDs for the voice VLAN default VLAN of the port and 802 1X guest VLAN This is to ensure the normal use of the functions z A super VLAN c...

Страница 1894: ...function and the free IP function in EAD fast deployment are mutually exclusive on a port z If the traffic from a user side device carries VLAN tags and the 802 1X authentication and guest VLAN functi...

Страница 1895: ...ntaining 802 1X To do Use the command Remarks Display 802 1X session information statistics or configuration information of specified or all ports display dot1x sessions statistics interface interface...

Страница 1896: ...ver 20 minutes Figure 1 10 Network diagram for 802 1X configuration Configuration procedure The following configuration procedure covers most AAA RADIUS configuration commands for the device while con...

Страница 1897: ...he RADIUS server Device radius radius1 user name format without domain Device radius radius1 quit Create domain aabbcc net and enter its view Device domain aabbcc net Set radius1 as the RADIUS scheme...

Страница 1898: ...ns RADIUS and is in VLAN 2 z The update server which is in VLAN 10 is for client software download and upgrade z Port GigabitEthernet 2 0 3 of the device which is in VLAN 5 is for accessing the Intern...

Страница 1899: ...e following configuration procedure uses many AAA RADIUS commands For detailed configuration of these commands refer to AAA Configuration in the Security Volume z Configurations on the 802 1X client a...

Страница 1900: ...vice vlan 10 Device vlan10 quit Specify port GigabitEthernet 2 0 2 to use VLAN 10 as its guest VLAN Device dot1x guest vlan 10 interface gigabitethernet 2 0 2 You can use the display current configura...

Страница 1901: ...accounting abc Device radius 2000 user name format without domain Device radius 2000 quit Create an ISP domain and specify the AAA schemes Device domain 2000 Device isp 2000 authentication default ra...

Страница 1902: ...1 28 Pinging 10 0 0 1 with 32 bytes of data Request timed out Request timed out Request timed out Request timed out Ping statistics for 10 0 0 1 Packets Sent 4 Received 0 Lost 4 100 loss C...

Страница 1903: ...be time consuming and inefficient To address the issue quick EAD deployment was developed In conjunction with 802 1X it can have an access switch to force all attached devices to download and install...

Страница 1904: ...AD is enabled Follow these steps to configure a freely accessible network segment To do Use the command Remarks Enter system view system view Configure a freely accessible network segment dot1x free i...

Страница 1905: ...user accesses the network this timer is started If the user neither downloads client software nor performs authentication before the timer expires the occupied ACL will be released so that other user...

Страница 1906: ...support EAD fast deployment Configure the IP addresses of the interfaces omitted Configure the free IP Device system view Device dot1x free ip 192 168 2 0 24 Configure the redirect URL for client sof...

Страница 1907: ...ting system of the host regards the string a website name and tries to have it resolved If the resolution fails the operating system sends an ARP request with the address in the format other than X X...

Страница 1908: ...1 2 Quiet MAC Address 1 2 VLAN Assigning 1 2 ACL Assigning 1 2 Configuring MAC Authentication 1 3 Configuration Prerequisites 1 3 Configuration Procedure 1 3 Displaying and Maintaining MAC Authenticat...

Страница 1909: ...r serves as both the username and password z Fixed username where all users use the same preconfigured username and password for authentication regardless of the MAC addresses Multiple users can be au...

Страница 1910: ...l be discarded silently by the device until the quiet timer expires This prevents the device from authenticating an illegal user repeatedly in a short time If a quiet MAC address is the same as a stat...

Страница 1911: ...hentication To do Use the command Remarks Enter system view system view Enable MAC authentication globally mac authentication Required Disabled by default mac authentication interface interface list E...

Страница 1912: ...ng the port to a service loopback group z For details about the default ISP domain refer to AAA Configuration in the Security Volume Displaying and Maintaining MAC Authentication To do Use the command...

Страница 1913: ...uthentication for port GigabitEthernet 2 0 1 Device mac authentication interface gigabitethernet 2 0 1 Specify the ISP domain for MAC authentication Device mac authentication domain aabbcc net Set the...

Страница 1914: ...Total 1 connection s matched on slot 2 Total 1 connection s matched RADIUS Based MAC Authentication Configuration Example Network requirements As illustrated in Figure 1 2 a host is connected to the d...

Страница 1915: ...ization default radius scheme 2000 Device isp 2000 accounting default radius scheme 2000 Device isp 2000 quit Enable MAC authentication globally Device mac authentication Enable MAC authentication for...

Страница 1916: ...MAC 00e0 fc12 3456 Total 1 connection s matched on slot 2 Total 1 connection s matched ACL Assignment Configuration Example Network requirements As shown in Figure 1 3 a host is connected to port Giga...

Страница 1917: ...imary authentication 10 1 1 1 1812 Sysname radius 2000 primary accounting 10 1 1 2 1813 Sysname radius 2000 key authentication abc Sysname radius 2000 key accounting abc Sysname radius 2000 user name...

Страница 1918: ...at mac address Enable MAC authentication for port GigabitEthernet 2 0 1 Sysname interface gigabitethernet 2 0 1 Sysname GigabitEthernet2 0 1 mac authentication After completing the above configuration...

Страница 1919: ...pecifying a Mandatory Authentication Domain 1 10 Specifying a NAS ID Profile for an Interface 1 11 Setting the Maximum Number of Online Portal Users 1 12 Displaying and Maintaining Portal 1 12 Portal...

Страница 1920: ...l website enter username and password for authentication This authentication mode is called active authentication There is still another authentication mode namely forced authentication in which the a...

Страница 1921: ...security authentication of a client depends on the communications between the portal client and the security policy server Access device Device for broadband access It can be a switch or a router that...

Страница 1922: ...ity authentication result z Since a portal client uses an IP address as its ID ensure that there is no Network Address Translation NAT device between the authentication client access device portal ser...

Страница 1923: ...a client is uniquely identified by an IP address This is because the mode supports Layer 3 forwarding devices between the authentication client and the access device but the access device does not le...

Страница 1924: ...equest message and sends it to the access device Meanwhile the portal server starts a timer to wait for an authentication acknowledgment message 4 The access device and the RADIUS server exchange RADI...

Страница 1925: ...received the access device notifies the portal server of the change 10 The portal server notifies the authentication client of logon success 11 The portal server sends a user IP address change acknow...

Страница 1926: ...With re DHCP authentication the invalid IP address check function of DHCP relay is enabled on the access device and the DHCP server is installed and configured properly z With RADIUS authentication u...

Страница 1927: ...enced by any interface z The portal server to be referenced must exist z Only Layer 3 portal authentication mode portal server server name method layer3 can be used in applications with Layer 3 forwar...

Страница 1928: ...n modifying it Configuring an Authentication Subnet By configuring authentication subnets you can allow portal authentication to be triggered by only packets from users on the authentication subnets I...

Страница 1929: ...as ip ip address Optional By default there is no source IP address specified for portal packets and the IP address of the user login interface will be used as the source IP address of the portal packe...

Страница 1930: ...NAS ID will be used as that of the NAS identifier attribute in the RADIUS packets to be sent to the RADIUS server A NAS ID profile defines the binding relationship between VLANs and NAS IDs A NAS ID...

Страница 1931: ...s the command can be executed successfully and will not impact the online portal users but the system will not allow new portal users to log in until the number drops down below the limit Displaying a...

Страница 1932: ...portal server statistics all interface interface type interface number Available in user view Clear TCP spoofing statistics reset portal tcp cheat statistics Available in user view Portal Configurati...

Страница 1933: ...Portal Service Management Server from the navigation tree to enter the portal server configuration page as shown in Figure 1 5 z Input the URL address of the portal authentication main page in the fo...

Страница 1934: ...necting the user z Type the key which must be the same as that configured on the switch z Set whether to enable IP address reallocation Direction portal authentication is used in this example and ther...

Страница 1935: ...to make the previous configurations take effect 2 Configure the switch z Configure a RADIUS scheme Create a RADIUS scheme named rs1 and enter its view Switch system view Switch radius scheme rs1 Set t...

Страница 1936: ...z Configure portal authentication Configure the portal server as follows z Name newpt z IP address 192 168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal Switch portal server n...

Страница 1937: ...s z You need to configure IP addresses for the devices as shown in Figure 1 10 and ensure that routes are available between devices z Perform configurations on the RADIUS server to ensure that the use...

Страница 1938: ...server as follows z Name newpt z IP address 192 168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal Switch portal server newpt ip 192 168 0 111 key portal port 50100 url http 19...

Страница 1939: ...ure that routes are available between devices z Perform configurations on the RADIUS server to ensure that the user authentication and accounting functions can work normally Configure Switch A 1 Confi...

Страница 1940: ...168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal SwitchA portal server newpt ip 192 168 0 111 key portal port 50100 url http 192 168 0 111 portal Enable portal authentication...

Страница 1941: ...IUS scheme Create a RADIUS scheme named rs1 and enter its view Switch system view Switch radius scheme rs1 Set the server type for the RADIUS scheme When using the iMC server you need set the server t...

Страница 1942: ...for unrestricted resources On the security policy server you need to specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL Switch acl number 3000 Switch acl adv 3000 rule permit ip d...

Страница 1943: ...onfigure re DHCP portal authentication with extended functions Configuration procedure z For re DHCP authentication you need to configure a public address pool 20 20 20 0 24 in this example and a priv...

Страница 1944: ...1 quit 2 Configure an authentication domain Create an ISP domain named dm1 and enter its view Switch domain dm1 Configure the ISP domain to use RADIUS scheme rs1 Switch isp dm1 authentication portal r...

Страница 1945: ...10 0 0 1 255 255 255 0 sub Switch Vlan interface100 dhcp select relay Switch Vlan interface100 dhcp relay server select 0 Switch Vlan interface100 dhcp relay address check enable Enable re DHCP porta...

Страница 1946: ...for the RADIUS scheme When using the iMC server you need set the server type to extended SwitchA radius rs1 server type extended Specify the primary authentication server and primary accounting serve...

Страница 1947: ...ACL SwitchA acl number 3000 SwitchA acl adv 3000 rule permit ip destination 192 168 0 0 0 0 0 255 SwitchA acl adv 3000 rule deny ip SwitchA acl adv 3000 quit SwitchA acl number 3001 SwitchA acl adv 3...

Страница 1948: ...thentication client Analysis When you execute the portal delete user command on the access device to force the user to log out the access device actively sends a REQ_LOGOUT message to the portal serve...

Страница 1949: ...e 1 7 Configuring Port Security Features 1 8 Configuring NTK 1 8 Configuring Intrusion Protection 1 8 Configuring Trapping 1 9 Configuring Secure MAC Addresses 1 10 Configuration Prerequisites 1 10 Co...

Страница 1950: ...needed When a port security enabled device detects an illegal frame it triggers the corresponding port security feature and takes a pre defined action automatically This reduces your maintenance workl...

Страница 1951: ...d access to the port is not restricted In this mode neither the NTK nor the intrusion protection feature is triggered autoLearn In this mode a port can learn a specified number of MAC addresses and sa...

Страница 1952: ...ceiving non 802 1X frames and performs 802 1X authentication upon receiving 802 1X frames macAddressElseUserLo ginSecure This mode is the combination of the macAddressWithRadius and userLoginSecure mo...

Страница 1953: ...s specifies MAC address authentication z Else specifies that the authentication method before Else is applied first If the authentication fails the protocol type of the authentication request determin...

Страница 1954: ...Follow these steps to enable port security To do Use the command Remarks Enter system view system view Enable port security port security enable Required Disabled by default Note that 1 Enabling port...

Страница 1955: ...ort To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Set the maximum number of secure MAC addresses allowed on a port port sec...

Страница 1956: ...o Use the command Remarks Enter system view system view Set an OUI value for user authentication port security oui oui value index index value Optional Not configured by default The command is require...

Страница 1957: ...low frames to be forwarded to only devices passing authentication The NTK feature supports three modes z ntkonly Forwards only frames destined for authenticated MAC addresses z ntk withbroadcasts Forw...

Страница 1958: ...ring which a port remains disabled port security timer disableport time value Optional 20 seconds by default On a port operating in either the macAddressElseUserLoginSecure mode or the macAddressElseU...

Страница 1959: ...do Use the command Remarks Enter system view system view In system view port security mac address security mac address interface interface type interface number vlan vlan id interface interface type...

Страница 1960: ...y interface interface type interface number vlan vlan id count Available in any view Display information about blocked MAC addresses display port security mac address block interface interface type in...

Страница 1961: ...the port security configuration information Switch display port security interface gigabitethernet 2 0 1 Equipment port security is enabled Intrusion trap is enabled Disableport Timeout 30s OUI value...

Страница 1962: ...abitethernet 2 0 1 GigabitEthernet2 0 1 current state Port Security Disabled IP Packet Frame Type PKTFMT_ETHNT_2 Hardware Address 000f cb00 5558 Description GigabitEthernet2 0 1 Interface The port sho...

Страница 1963: ...or configuring the userLoginWithOUI mode Configuration procedure z The following configuration steps cover some AAA RADIUS configuration commands For details about the commands refer to AAA Configurat...

Страница 1964: ...ui 1234 0300 1111 index 3 Switch port security oui 1234 0400 1111 index 4 Switch port security oui 1234 0500 1111 index 5 Switch interface gigabitethernet 2 0 1 Set the port security mode to userLogin...

Страница 1965: ...disabled Disableport Timeout 20s OUI value Index is 1 OUI value is 123401 Index is 2 OUI value is 123402 Index is 3 OUI value is 123403 Index is 4 OUI value is 123404 Index is 5 OUI value is 123405 G...

Страница 1966: ...domain NOT configured Guest VLAN NOT configured Auth Fail VLAN NOT configured Max number of on line users is 256 EAPOL Packet Tx 16331 Rx 102 Sent EAP Request Identity Packets 16316 EAP Request Challe...

Страница 1967: ...1 Configure the RADIUS protocol The required RADIUS authentication accounting configurations and ISP domain configurations are the same as those in Configuring the userLoginWithOUI Mode 2 Configure po...

Страница 1968: ...display mac authentication interface gigabitethernet 2 0 1 MAC address authentication is enabled User name format is fixed account Fixed username aaa Fixed password 123456 Offline detect period is 60...

Страница 1969: ...ed Proxy logoff checker is disabled The port is an authenticator Periodic reauthentication is disabled Authentication Mode is Auto Port Control Type is Mac based 802 1X Multicast trigger is enabled Ma...

Страница 1970: ...re secure MAC addresses Switch GigabitEthernet2 0 1 port security mac address security 1 1 2 vlan 1 Error Security MAC address configuration failed Analysis No secure MAC address can be configured on...

Страница 1971: ...er is online Solution Use the cut command to forcibly disconnect the user from the port before changing the port security mode Switch GigabitEthernet2 0 1 quit Switch cut connection interface gigabite...

Страница 1972: ...taining IP Source Guard 1 3 IP Source Guard Configuration Examples 1 4 Static Binding Entry Configuration Example 1 4 Dynamic Binding Function Configuration Example 1 1 5 Dynamic Binding Function Conf...

Страница 1973: ...egal usages of network resources and improve the network security For example IP source guard can prevent an illegal host from pretending to be a legal user to access the network With IP source guard...

Страница 1974: ...service loopback group Configuring a Static Binding Entry Follow these steps to configure a static binding entry To do Use the command Remarks Enter system view system view Enter interface view interf...

Страница 1975: ...p address mac address mac address Required Not configured by default z To implement dynamic binding in IP source guard make sure that DHCP snooping or DHCP Relay is configured and works normally For D...

Страница 1976: ...itch A Configure port GigabitEthernet 2 0 2 of Switch A to allow only IP packets with the source MAC address of 00 01 02 03 04 05 and the source IP address of 192 168 0 3 to pass SwitchA system view S...

Страница 1977: ...us 0001 0203 0406 192 168 0 1 N A GigabitEthernet2 0 2 Static 0001 0203 0407 192 168 0 2 N A GigabitEthernet2 0 1 Static Dynamic Binding Function Configuration Example 1 Network requirements As shown...

Страница 1978: ...0 1 display this interface GigabitEthernet2 0 1 port link mode bridge ip check source ip address mac address return Display the dynamic binding entries that port GigabitEthernet 2 0 1 has obtained fro...

Страница 1979: ...user device is generated on the OLT device z Enable IP Source Guard on OLT 3 0 1 to protect the server against attacks launched by clients using fake source IP addresses This example shows only the OL...

Страница 1980: ...ned by OLT 3 0 1 Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Type IP Address MAC Address Lease VLAN Interface D 192...

Страница 1981: ...face 100 SwitchA Vlan interface100 dhcp select relay Correlate VLAN interface 100 with DHCP server group 1 SwitchA Vlan interface100 dhcp relay server select 1 2 Verify the configuration Display the g...

Страница 1982: ...and Maintaining SSH 1 12 SSH Server Configuration Examples 1 13 When Switch Acts as Server for Password Authentication 1 13 When Switch Acts as Server for Publickey Authentication 1 15 SSH Client Con...

Страница 1983: ...logging into a remote device securely By encryption and strong authentication it protects devices against attacks such as IP spoofing and plain text password interception The device can not only work...

Страница 1984: ...number while the software version number is used for debugging 3 The client receives and resolves the packet If the protocol version of the server is lower but supportable the client uses the protocol...

Страница 1985: ...name and password locally or by a remote AAA server and then informs the client of the authentication result z Publickey authentication The server authenticates the client by the digital signature Dur...

Страница 1986: ...ver and the client exchanges data in the following way z The client encrypts and sends the command to be executed to the server z The server decrypts and executes the command and then encrypts and sen...

Страница 1987: ...ts may use different publickey algorithms though a single client usually uses only one type of publickey algorithm z The public key local create rsa command generates two RSA key pairs a server key pa...

Страница 1988: ...red By default the authentication mode is password Configure the user interface s to support SSH login protocol inbound all ssh Optional All protocols are supported by default z For detailed informati...

Страница 1989: ...SSH server Configuring a client public key manually Follow these steps to configure the client public key manually To do Use the command Remarks Enter system view system view Enter public key view pub...

Страница 1990: ...the service type and authentication mode To do Use the command Remarks Enter system view system view For Stelnet users ssh user username service type stelnet authentication type password any password...

Страница 1991: ...ssh user command z The configured authentication method takes effect only for users logging in after the configuration For users using publickey authentication z You must configure on the device the...

Страница 1992: ...maximum number of SSH authentication attempts ssh server authentication retries times Optional 3 by default Authentication will fail if the number of authentication attempts including both publickey a...

Страница 1993: ...configured with the server host public key accesses the server for the first time the user can continue accessing the server and save the host public key on the client When accessing the server again...

Страница 1994: ...s aes128 des prefer ctos hmac md5 md5 96 sha1 sha1 96 prefer kex dh group exchange dh group1 dh group14 prefer stoc cipher 3des aes128 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Establish a connecti...

Страница 1995: ...ny view For information about the display public key local and display public key peer commands refer to Public Key Commands in the Security Volume SSH Server Configuration Examples When Switch Acts a...

Страница 1996: ...Switch local user client001 Switch luser client001 password simple aabbcc Switch luser client001 service type ssh Switch luser client001 authorization attribute level 3 Switch luser client001 quit Spe...

Страница 1997: ...interface When Switch Acts as Server for Publickey Authentication Network requirements z As shown in Figure 1 3 a local SSH connection is established between the host the SSH client and the switch the...

Страница 1998: ...o 3 Switch ui vty0 4 user privilege level 3 Switch ui vty0 4 quit Before performing the following tasks you must use the client software to generate an RSA key pair on the client save the public key i...

Страница 1999: ...key pair 1 While generating the key pair you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1 5 Otherwise the process bar stops moving and the key pair g...

Страница 2000: ...file name as key pub to save the public key Figure 1 6 Generate a client key pair 3 Likewise to save the private key click Save private key A warning window pops up to prompt you whether to save the p...

Страница 2001: ...e client Specify the private key file and establish a connection with the SSH server Launch PuTTY exe to enter the following interface In the Host Name or IP address text box enter the IP address of t...

Страница 2002: ...as Client for Password Authentication Network requirements z As shown in Figure 1 10 Switch A the SSH client needs to log into Switch B the SSH server through the SSH protocol z The username of the SS...

Страница 2003: ...level 3 SwitchB luser client001 quit Specify the service type for user client001 as Stelnet and the authentication type as password This step is optional SwitchB ssh user client001 service type stelne...

Страница 2004: ...code 94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02 492B3959EC6499625BC4FA5082E22C5 SwitchA pkey key code B374E16DD00132CE71B020217091AC717B612391C76C1FB2E 88317C1BD8171D41ECB83E210C03CC9 SwitchA p...

Страница 2005: ...t will use as the destination for SSH connection SwitchB interface vlan interface 1 SwitchB Vlan interface1 ip address 10 165 87 136 255 255 255 0 SwitchB Vlan interface1 quit Set the authentication m...

Страница 2006: ...a DSA key pair SwitchA public key local create dsa Export the DSA public key to the file key pub SwitchA public key local export dsa ssh2 key pub SwitchA quit After generating a key pair on a client y...

Страница 2007: ...TP client enabling a user to login from the device to a remote device for secure file transfer Configuring an SFTP Server Configuration Prerequisites z You have configured the SSH server For the detai...

Страница 2008: ...r the SFTP Client You can configure a client to use only a specified source IP address or interface to access the SFTP server thus enhancing the service manageability Follow these steps to specify a s...

Страница 2009: ...14 prefer stoc cipher 3des aes128 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Required Use either command in user view Working with the SFTP Directories SFTP directory operations include z Changing o...

Страница 2010: ...Changing the name of a file z Downloading a file z Uploading a file z Displaying a list of the files z Deleting a file Follow these steps to work with SFTP files To do Use the command Remarks Enter S...

Страница 2011: ...ver port number identity key dsa rsa prefer ctos cipher 3des aes128 des prefer ctos hmac md5 md5 96 sha1 sha1 96 prefer kex dh group exchange dh group1 dh group14 prefer stoc cipher 3des aes128 des pr...

Страница 2012: ...guration procedure 1 Configure the SFTP server Switch B Generate RSA and DSA key pairs and enable the SSH server SwitchB system view SwitchB public key local create rsa SwitchB public key local create...

Страница 2013: ...itch A Configure an IP address for VLAN interface 1 SwitchA system view SwitchA interface vlan interface 1 SwitchA Vlan interface1 ip address 192 168 0 2 255 255 255 0 SwitchA Vlan interface1 quit Gen...

Страница 2014: ...5 pub Add a directory named new1 and check if it has been created successfully sftp client mkdir new1 New directory created sftp client dir rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrw...

Страница 2015: ...ient quit Bye Connection closed SwitchA SFTP Server Configuration Example Network requirements As shown in Figure 2 2 an SSH connection is established between the host and the switch The host an SFTP...

Страница 2016: ...type being SSH Switch local user client002 Switch luser client002 password simple aabbcc Switch luser client002 service type ssh Switch luser client002 quit Configure the user authentication type as...

Страница 2017: ...2 11 Figure 2 3 SFTP client interface...

Страница 2018: ...Asymmetric Key Pair 1 2 Creating an Asymmetric Key Pair 1 2 Displaying or Exporting the Local RSA or DSA Host Public Key 1 3 Destroying an Asymmetric Key Pair 1 3 Configuring the Public Key of a Peer...

Страница 2019: ...ntiality The cipher text is transmitted in the network and then is decrypted by the receiver to obtain the original pain text Figure 1 1 Encryption and decryption There are two types of key algorithms...

Страница 2020: ...dleman Algorithm RSA and Digital Signature Algorithm DSA are all asymmetric key algorithms RSA can be used for data encryption decryption and signature whereas DSA is used for signature only Asymmetri...

Страница 2021: ...key on the screen or export it to a specified file so as to configure the local RSA or DSA host public key on the remote end Follow these steps to display or export the local RSA or DSA host public ke...

Страница 2022: ...m a public key file z The device supports up to 20 host pubic keys of peers Follow these steps to configure the public key of a peer manually To do Use the command Remarks Enter system view system vie...

Страница 2023: ...e A is configured manually on Device B Figure 1 2 Network diagram for manually configuring the public key of a peer Configuration procedure 1 Configure Device A Create RSA key pairs on Device A Device...

Страница 2024: ...DeviceB system view DeviceB public key peer devicea Public key view return to System View with peer public key end DeviceB pkey public key public key code begin Public key code view return to last vie...

Страница 2025: ...ublic key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Press CTRL C to abort Input the bits of the modulus default...

Страница 2026: ...authorization attribute level 3 DeviceB luser ftp quit 3 Upload the public key file of Device A to Device B FTP the public key file devicea pub to Device B with the file transfer mode of binary Device...

Страница 2027: ...030818902818100D90003FA95F5A44A2A2CD3F814F985 4C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A78 4AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326...

Страница 2028: ...onfiguration 2 1 Creating a Time Range 2 1 Configuring a Basic IPv4 ACL 2 2 Configuring an Advanced IPv4 ACL 2 4 Configuring an Ethernet Frame Header ACL 2 6 Copying an IPv4 ACL 2 7 Displaying and Mai...

Страница 2029: ...ering can be used to efficiently prevent illegal users from accessing networks and to control network traffic and save network resources Access control lists ACL are often used to filter packets with...

Страница 2030: ...4 ACL This section covers these topics z IPv4 ACL Classification z IPv4 ACL Naming z IPv4 ACL Match Order z IPv4 ACL Step z Effective Period of an IPv4 ACL z IP Fragments Filtering with IPv4 ACL IPv4...

Страница 2031: ...N instance first and compare packets against the rule configured with a VPN instance 2 In case of a tie sort rules by source IP address wildcard mask and compare packets against the rule configured wi...

Страница 2032: ...s masks are the same compare packets against the one configured first The comparison of a packet against an ACL stops once a match is found The packet is then processed as per the rule IPv4 ACL Step M...

Страница 2033: ...tion about types of LPUs refer to the 3Com S7900E Family Getting Started Guide Introduction to IPv6 ACL This section covers these topics z IPv6 ACL Classification z IPv6 ACL Naming z IPv6 ACL Match Or...

Страница 2034: ...ook at the protocol type field in the rules first A rule with no limit to the protocol type that is configured with the ipv6 keyword has the lowest precedence Rules each of which has a single specifie...

Страница 2035: ...onfiguration Procedure Follow these steps to create a time range To do Use the command Remarks Enter system view system view Create a time range time range time range name start time to end time days...

Страница 2036: ...ime range is from the time the configuration takes effect to the latest time that the system can express that is 24 00 12 31 2100 z Up to 256 time ranges can be defined Configuration Examples Create a...

Страница 2037: ...ult no IPv4 ACL description is present Create a rule description rule rule id comment text Optional By default no rule description is present Note that z You can only modify the existing rules of an A...

Страница 2038: ...re an advanced IPv4 ACL To do Use the command Remarks Enter system view system view Create and enter advanced IPv4 ACL view acl number acl number name acl name match order auto config Required The def...

Страница 2039: ...o a newly created rule will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same z You can modify the match order of an ACL with the...

Страница 2040: ...addr dest mask lsap lsap code lsap wildcard source mac sour addr source mask time range time range name type type code type wildcard Required To create multiple rules repeat this step Note that the ls...

Страница 2041: ...t effort Copying an IPv4 ACL This feature allows you to copy an existent IPv4 ACL to generate a new one which is of the same type and has the same match order match rules rule numbering step and descr...

Страница 2042: ...any view Display information about ACL uses of a switch distributed IRF device display acl resource chassis chassis number slot slot number Available in any view Display the configuration and state o...

Страница 2043: ...source 192 168 2 0 0 0 0 255 destination 192 168 4 1 0 0 0 0 time range trname Switch acl adv 3000 quit Configure a rule to control access of the Marketing Department to the salary query server Switch...

Страница 2044: ...Switch qospolicy p_rd classifier c_rd behavior b_rd Switch qospolicy p_rd quit Configure QoS policy p_market to use traffic behavior b_market for class c_market Switch qos policy p_market Switch qospo...

Страница 2045: ...ime range command first Configuration Procedure Follow these steps to configure a basic IPv6 ACL To do Use the command Remarks Enter system view system view Create and enter basic IPv6 ACL view acl ip...

Страница 2046: ...e will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same z You can modify the match order of an IPv6 ACL with the acl ipv6 number...

Страница 2047: ...ipv6 name acl6 name command to enter the view of the ACL later Create or modify a rule rule rule id deny permit protocol established ack ack value fin fin value psh psh value rst rst value syn syn va...

Страница 2048: ...e rule specified in the rule comment command must have existed Configuration Examples Create IPv6 ACL 3000 to permit the TCP packets with the source address 2030 5060 9050 64 to pass Sysname system vi...

Страница 2049: ...IRF device display acl ipv6 acl6 number all name acl6 name chassis chassis number slot slot number Available in any view Display information about ACL uses of a switch display acl resource slot slot...

Страница 2050: ...tch classifier c_rd if match acl ipv6 2000 Switch classifier c_rd quit Configure traffic behavior b_rd to deny matching packets Switch traffic behavior b_rd Switch behavior b_rd filter deny Switch beh...

Страница 2051: ...ion 1 3 Configuring Source MAC Address Based ARP Attack Detection 1 3 Introduction 1 3 Configuration Procedure 1 3 Displaying and Maintaining Source MAC Address Based ARP Attack Detection 1 4 Configur...

Страница 2052: ...f ARP packets to bring a great impact to the CPU For details about ARP attack features and types refer to ARP Attack Protection Technology White Paper Currently ARP attacks and viruses are threatening...

Страница 2053: ...the following five seconds If the packets have various source addresses you can enable the ARP black hole routing function After receiving an IP packet whose destination IP address cannot be resolved...

Страница 2054: ...d Disabled by default Configuring Source MAC Address Based ARP Attack Detection Introduction This feature allows the device to check the source MAC address of ARP packets If the number of ARP packets...

Страница 2055: ...attack source mac slot slot number interface interface type interface number Available in any view Display attacking entries detected for distributed IRF devices display arp anti attack source mac cha...

Страница 2056: ...Specified Objects With this feature configured the device permits the ARP packets received from an ARP trusted port to pass directly and checks the ARP packets received from an ARP untrusted port You...

Страница 2057: ...valid and is forwarded If an entry with a matching IP address but an unmatched MAC address is found the ARP packet is considered invalid and is discarded If no entry with a matching IP address is foun...

Страница 2058: ...packets with an OUI MAC address as the sender MAC address when voice VLAN is enabled z When configuring an IP Source Guard binding entry you need to specify the VLAN otherwise no ARP packet will pass...

Страница 2059: ...ration procedure is omitted 4 Configure Switch B Enable DHCP snooping SwitchB system view SwitchB dhcp snooping SwitchB interface gigabitethernet 2 0 3 SwitchB gigabitethernet2 0 3 dhcp snooping trust...

Страница 2060: ...1 2 configure Switch A as a DHCP server and enable 802 1X on Switch B Enable ARP detection for VLAN 10 to allow only packets from valid clients to pass Configure Host A and Host B as local 802 1X acce...

Страница 2061: ...r test password simple test SwitchB luser test quit Enable ARP detection for VLAN 10 SwitchB vlan 10 SwitchB vlan10 arp detection enable Configure the upstream port as a trusted port and the downstrea...

Страница 2062: ...i Table of Contents 1 URPF Configuration 1 1 URPF Overview 1 1 What is URPF 1 1 How URPF Works 1 1 Configuring URPF 1 2...

Страница 2063: ...even access the system as the administrator Even if the attackers cannot receive any response packets the attacks are still disruptive to the attacked target Figure 1 1 Attack based on source address...

Страница 2064: ...t route is not configured the packet is discarded Configuring URPF Follow these steps to configure URPF globally To do Use the command Remarks Enter system view system view Enable URPF check globally...

Страница 2065: ...ter you enable URPF z If the number of route entries on an LPU exceeds half the number of route entries that the LPU can accommodate the URPF function cannot be enabled which avoids loss of route entr...

Страница 2066: ...es including a master and multiple backups on a LAN into a virtual router called VRRP group VRRP streamlines host configuration while providing high reliability This document describes z VRRP overview...

Страница 2067: ...t Packets z Setting the DelayDown Timer z Setting the Port Shutdown Mode z Configuring DLDP Authentication z Resetting DLDP State Ethernet OAM Ethernet OAM is a tool monitoring Layer 2 link status It...

Страница 2068: ...z Track Overview z Configuring Collaboration Between the Track Module and the Detection Modules z Configuring Collaboration Between the Track Module and the Application Modules GR Overview Graceful R...

Страница 2069: ...1 Introduction to Dual SRPU System 1 1 Dual SRPU System Configuration Task List 1 2 Ignoring Version Check of the SMB 1 2 Restarting the SMB 1 2 Manually Configuring Switchover Between the AMB and SM...

Страница 2070: ...SMB when the device works in the IRF mode you can only use the display switchover state command to view the backup state of the main boards and other functions and commands do not take effect When con...

Страница 2071: ...from checking the version of the SMB To do Use the command Remarks Enter system view system view Ignore version check of the SMB ha slave ignore version check Required The version check of the SMB is...

Страница 2072: ...anual switchover between the AMB and SMB slave switchover disable enable Optional Enabled by default Manually configure switchover between the AMB and SMB slave switchover Required The original AMB wi...

Страница 2073: ...rap Function of VRRP 1 18 Displaying and Maintaining VRRP for IPv4 1 18 Configuring VRRP for IPv6 1 19 VRRP for IPv6 Configuration Task List 1 19 Configuring the Association Between Virtual IPv6 Addre...

Страница 2074: ...r a Layer 3 switch z At present the interfaces that VRRP involves can only be VLAN interfaces z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features VRRP Overview Normally as shown...

Страница 2075: ...ngle link VRRP works in one of the following two modes z Standard protocol mode Includes two versions based on RFCs VRRPv2 and VRRPv3 VRRPv2 is based on IPv4 and VRRPv3 is based on IPv6 The two versio...

Страница 2076: ...d the IP address owner z In a VRRP group you can configure only one IP address owner z Status of a router in a VRRP group includes master backup and initialize VRRP priority VRRP determines the role m...

Страница 2077: ...ation header The router receiving the packet performs the same operation using the authentication key and MD5 algorithm and compares the result with the content in the authentication header If the res...

Страница 2078: ...cation data 2 IPv6 address n 0 7 15 23 31 3 A VRRP packet consists of the following fields z Version Version number of the protocol 2 for VRRPv2 and 3 for VRRPv3 z Type Type of the VRRPv2 or VRRPv3 pa...

Страница 2079: ...ecome the master even if the backup is configured with a higher priority z If the timer of a backup expires but the backup still does not receive any VRRP advertisement it considers that the master fa...

Страница 2080: ...shown in Figure 1 5 Figure 1 5 VRRP in master backup mode At the beginning Router A is the master and therefore can forward packets to external networks whereas Router B and Router C are backups and a...

Страница 2081: ...each VRRP group that it will take the expected role in the group VRRP Load Balancing Mode Overview When VRRP works in the standard protocol mode only the master can forward packets and the backups ar...

Страница 2082: ...ckup routers however do not reply the ARP requests for the IPv4 network or ND requests for the IPv6 network from the hosts Figure 1 7 Allocating virtual MAC addresses As shown in Figure 1 7 the virtua...

Страница 2083: ...he higher the weight the higher the forwarding capability When the weight is lower than a specified value which is the lower limit of failure the router will not be capable of forwarding packets for t...

Страница 2084: ...ress of the AVF as their gateway MAC address cannot access the external network You can solve this problem through the VF tracking function You can monitor the uplink state by using network quality an...

Страница 2085: ...ess Optional When VRRP works in the load balancing mode the association between the virtual IP address and the MAC address can be configured but is not effective Configuring VRRP Working Mode Optional...

Страница 2086: ...virtual MAC address is associated with the virtual IP address by default z When VRRP works in the load balancing mode the association between the virtual IP address and the MAC address can be configu...

Страница 2087: ...ed to create VRRP groups on the VLAN interface of a super VLAN Otherwise network performance may be affected Configuration prerequisites Before creating a VRRP group and configuring a virtual IP addre...

Страница 2088: ...uch as 0 0 0 1 z Only when the configured virtual IP address and the interface IP address belong to the same segment and are legal host addresses can the VRRP group operate normally If the configured...

Страница 2089: ...removed to up the priority of the router corresponding to the interface is restored automatically z If the state of a Track object changes from negative or invalid to positive the priority of the rou...

Страница 2090: ...VRRP Packet Attributes Configuration prerequisites Before configuring the relevant attributes of VRRP packets you should first create a VRRP group and configure a virtual IP address for it Configurati...

Страница 2091: ...estination For information center configurations refer to Information Center Configuration in the System Volume Follow these steps to enable the trap function of VRRP To do Use the command Remarks Ent...

Страница 2092: ...iation between the IPv6 address and the MAC address and thus forward the packets to be forwarded to the other network segments to the master There are two types of association between virtual IPv6 add...

Страница 2093: ...You can configure multiple virtual IPv6 addresses for a VRRP group A VRRP group is created automatically when you specify the first virtual IPv6 address for the VRRP group If you specify another virtu...

Страница 2094: ...collision In such a case it is recommended to modify the IPv6 address of the interface on the IP address owner to resolve the collision Configuring Router Priority Preemptive Mode and Tracking Functi...

Страница 2095: ...negative or invalid to positive the priority of the router corresponding to the Track object is restored automatically Configuring VF Tracking Configuration prerequisites Before configuring the VF tr...

Страница 2096: ...P packet attributes To do Use the command Remarks Enter system view system view Enter the specified interface view interface interface type interface number Configure the authentication mode and authe...

Страница 2097: ...gle VRRP Group Configuration Example Network requirements z Host A needs to access Host B on the Internet using 202 38 160 111 24 as its default gateway z Switch A and Switch B belong to VRRP group 1...

Страница 2098: ...160 111 SwitchB Vlan interface2 vrrp vrid 1 virtual ip 202 38 160 111 Set Switch B to work in preemptive mode The preemption delay is five seconds SwitchB Vlan interface2 vrrp vrid 1 preempt mode time...

Страница 2099: ...ard Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 5 Au...

Страница 2100: ...111 Configure the priority of Switch A in the VRRP group to 110 SwitchA Vlan interface2 vrrp vrid 1 priority 110 Configure the authentication mode of the VRRP group as simple and authentication key as...

Страница 2101: ...g Pri 110 Preempt Mode Yes Delay Time 0 Auth Type Simple Key hello Virtual IP 202 38 160 111 Virtual MAC 0000 5e00 0101 Master IP 202 38 160 1 VRRP Track Information Track Interface Vlan3 State Up Pri...

Страница 2102: ...rface2 VRID 1 Adver Timer 5 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 0 Auth Type Simple Key hello Virtual IP 202 38 160 111 Virtual MAC 0000 5e00 0101 Ma...

Страница 2103: ...vlan 2 SwitchA vlan2 port gigabitethernet 2 0 5 SwitchA vlan2 quit SwitchA interface vlan interface 2 SwitchA Vlan interface2 ip address 202 38 160 1 255 255 255 128 Create a VRRP group 1 and set its...

Страница 2104: ...p 2 to 110 SwitchB Vlan interface3 vrrp vrid 2 priority 110 3 Verify the configuration You can use the display vrrp verbose command to verify the configuration Display detailed information of the VRRP...

Страница 2105: ...itch A is the master Switch B is the backup and hosts with the default gateway of 202 38 160 100 25 accesses the Internet through Switch A in VRRP group 2 Switch A is the backup Switch B is the master...

Страница 2106: ...rtual IP address as 10 1 1 1 SwitchA interface vlan interface 2 SwitchA Vlan interface2 ip address 10 1 1 2 24 SwitchA Vlan interface2 vrrp vrid 1 virtual ip 10 1 1 1 Set the priority of Switch A in V...

Страница 2107: ...RP group 1 and configure its virtual IP address as 10 1 1 1 SwitchC interface vlan interface 2 SwitchC Vlan interface2 ip address 10 1 1 4 24 SwitchC Vlan interface2 vrrp vrid 1 virtual ip 10 1 1 1 Se...

Страница 2108: ...hB Vlan interface2 display vrrp verbose IPv4 Standby Information Run Mode Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Sta...

Страница 2109: ...Auth Type None Virtual IP 10 1 1 1 Master IP 10 1 1 2 Forwarder Information 3 Forwarders 1 Active Config Weight 255 Running Weight 255 Forwarder 01 State Listening Virtual MAC 000f e2ff 0011 Learnt Ow...

Страница 2110: ...000f e2ff 0011 Take Over Owner ID 0000 5e01 1101 Priority 85 Active local Redirect Time 577 secs Time out Time 1777 secs Forwarder 02 State Listening Virtual MAC 000f e2ff 0012 Learnt Owner ID 0000 5...

Страница 2111: ...an int2 FE80 1 1 1 64 Vlan int2 FE80 2 1 2 64 Host B Gateway 1 10 64 Internet Configuration procedure 1 Configure Switch A Configure VLAN 2 SwitchA system view SwitchA ipv6 SwitchA vlan 2 SwitchA vlan...

Страница 2112: ...mer delay 5 Enable Switch B to send RA messages SwitchB Vlan interface2 vrrp ipv6 vrid 1 preempt mode timer delay 5 3 Verify the configuration After the configuration Host B can be pinged through on H...

Страница 2113: ...un Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 5 Auth...

Страница 2114: ...1 virtual ip fe80 10 link local SwitchA Vlan interface2 vrrp ipv6 vrid 1 virtual ip 1 10 Set the priority of Switch A in VRRP group 1 to 110 SwitchA Vlan interface2 vrrp ipv6 vrid 1 priority 110 Set t...

Страница 2115: ...preemption delay is five seconds SwitchB Vlan interface2 vrrp ipv6 vrid 1 preempt mode timer delay 5 Enable Switch B to send RA messages SwitchB Vlan interface2 undo ipv6 nd ra halt 3 Verify the confi...

Страница 2116: ...h A is not available the detailed information of VRRP group 1 on Switch A is displayed SwitchA Vlan interface2 display vrrp ipv6 verbose IPv6 Standby Information Run Mode Standard Run Method Virtual M...

Страница 2117: ...d Switch B belong to both VRRP group 1 and VRRP group 2 The virtual IPv6 addresses of VRRP group 1 are 1 10 64 and FE80 10 and those of VRRP group 2 are 2 10 64 and FE90 10 z In VRRP group 1 Switch A...

Страница 2118: ...fe90 1 link local SwitchA Vlan interface3 ipv6 address 2 1 64 Create VRRP group 2 and set its virtual IPv6 addresses to FE90 10 and 2 10 SwitchA Vlan interface3 vrrp ipv6 vrid 2 virtual ip fe90 10 lin...

Страница 2119: ...vrrp ipv6 verbose command to verify the configuration Display detailed information of the VRRP group on Switch A SwitchA Vlan interface3 display vrrp ipv6 verbose IPv6 Standby Information Run Mode Sta...

Страница 2120: ...h Switch A in VRRP group 2 Switch A is the backup Switch B is the master and hosts with the default gateway of 2 10 64 accesses the Internet through Switch B Multiple VRRP groups are commonly used in...

Страница 2121: ...itchA interface vlan interface 2 SwitchA Vlan interface2 ipv6 address fe80 1 link local SwitchA Vlan interface2 ipv6 address 1 1 64 SwitchA Vlan interface2 vrrp ipv6 vrid 1 virtual ip fe80 10 link loc...

Страница 2122: ...2 SwitchC system view SwitchC vlan 2 SwitchC vlan2 port gigabitethernet 2 0 5 SwitchC vlan2 quit Configure VRRP to work in the load balancing mode SwitchC vrrp mode load balance Create VRRP group 1 a...

Страница 2123: ...e2ff 4012 Learnt Owner ID 0000 5e01 1103 Priority 127 Active FE80 2 Forwarder 03 State Listening Virtual MAC 000f e2ff 4013 Learnt Owner ID 0000 5e01 1105 Priority 127 Active FE80 3 Display detailed...

Страница 2124: ...play vrrp ipv6 verbose IPv6 Standby Information Run Mode Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Ba...

Страница 2125: ...Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Backup Config Pri 100 Running Pri 100 Preempt Mode Yes Del...

Страница 2126: ...n technical measures Symptom 2 Multiple masters are present in the same VRRP group Analysis z Multiple masters coexist for a short period This is normal and requires no manual intervention z Multiple...

Страница 2127: ...figuring Role Preemption for a Smart Link Group 1 7 Enabling the Sending of Flush Messages 1 8 Configuring the Collaboration Between Smart Link and CC of CFD 1 8 Smart Link Device Configuration Exampl...

Страница 2128: ...ice connects to two different upstream devices as shown in Figure 1 1 Figure 1 1 Diagram for a dual uplink network GE2 0 1 GE2 0 2 GE2 0 1 GE2 0 1 GE2 0 2 GE2 0 2 A dual uplink network demonstrates hi...

Страница 2129: ...ch form a smart link group with GE2 0 1 being active and GE2 0 2 being standby Master slave port Master port and slave port are two port roles in a smart link group When both ports in a smart link gro...

Страница 2130: ...nge z To keep traffic forwarding stable the master port that has been blocked due to link failure does not take over immediately upon its recovery Instead link switchover will occur at next link switc...

Страница 2131: ...nk status smart link ports need to use link detection protocols When a fault is detected or cleared the link detection protocols inform Smart Link to switch over the links With the collaboration betwe...

Страница 2132: ...link group and make sure that the ports are not member ports of any aggregation group or service loopback group A loop may occur on the network during the time when STP is disabled but Smart Link has...

Страница 2133: ...re member ports for a smart link group in interface view To do Use the command Remarks Enter system view system view Enter Ethernet interface view or layer 2 aggregate interface view interface interfa...

Страница 2134: ...t remove the control VLAN Otherwise flush messages cannot be sent properly Configuring the Collaboration Between Smart Link and CC of CFD Follow these steps to configure the collaboration between Smar...

Страница 2135: ...undo stp enable Sysname GigabitEthernet2 0 2 port link type trunk Sysname GigabitEthernet2 0 2 port trunk permit vlan 20 Sysname GigabitEthernet2 0 2 quit Sysname smart link group 1 Sysname smlk group...

Страница 2136: ...es directly without any processing z Do not remove the control VLANs Otherwise flush messages cannot be sent properly z Make sure that the control VLANs are existing VLANs and assign the ports capable...

Страница 2137: ...Configure Smart Link on the devices for dual uplink backup using VLAN 1 the default for flush update Figure 1 2 Single smart link group configuration Configuration procedure 1 Configuration on Device...

Страница 2138: ...ort gigabitethernet 2 0 2 slave Enable flush message sending in smart link group 1 DeviceC smlk group1 flush enable DeviceC smlk group1 quit 2 Configuration on Device D Create VLANs 1 through 30 map V...

Страница 2139: ...iceB GigabitEthernet2 0 1 port trunk permit vlan 1 to 30 DeviceB GigabitEthernet2 0 1 smart link flush enable DeviceB GigabitEthernet2 0 1 quit DeviceB interface gigabitethernet 2 0 2 DeviceB GigabitE...

Страница 2140: ...to 30 DeviceA GigabitEthernet2 0 1 smart link flush enable DeviceA GigabitEthernet2 0 1 quit DeviceA interface gigabitethernet 2 0 2 DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEt...

Страница 2141: ...oup 1 references MSTI 0 and smart link group 2 references MSTI 2 z The control VLAN of smart link group 1 is VLAN 10 and that of smart link group 2 is VLAN 101 Figure 1 3 Multiple smart link groups lo...

Страница 2142: ...lk group 1 flush enable control vlan 10 DeviceC smlk group 1 quit Create smart link group 2 and configure all VLANs mapped to MSTI 2 as the protected VLANs for smart link group 2 DeviceC smart link gr...

Страница 2143: ...igabitethernet 2 0 2 DeviceD GigabitEthernet2 0 2 port link type trunk DeviceD GigabitEthernet2 0 2 port trunk permit vlan 1 to 200 DeviceD GigabitEthernet2 0 2 smart link flush enable control vlan 10...

Страница 2144: ...ROLE Control VLAN 101 Protected VLAN Reference Instance 2 Member Role State Flush count Last flush time GigabitEthernet2 0 2 MASTER ACTVIE 5 16 37 20 2009 02 21 GigabitEthernet2 0 1 SLAVE STANDBY 1 1...

Страница 2145: ...w 1 1 Terminology 1 1 How Monitor Link Works 1 1 Configuring Monitor Link 1 2 Configuration Prerequisites 1 2 Configuration Procedure 1 2 Monitor Link Configuration Example 1 2 Displaying and Maintain...

Страница 2146: ...port can be assigned to only one monitor link group Both Layer 2 Ethernet ports and Layer 2 aggregate interfaces can be assigned to a monitor link group Uplink The uplink is the link monitored by the...

Страница 2147: ...h Repeat this step to add more uplink ports In monitor link group view port interface type interface number downlink Configure the downlink for the monitor link group In Ethernet port view or Layer 2...

Страница 2148: ...can sense the link failure and perform link switchover in the smart link group For detailed information about smart link refer to Smart Link Configuration in the High Availability Volume Figure 1 1 Ne...

Страница 2149: ...A interface gigabitethernet 2 0 2 DeviceA GigabitEthernet2 0 2 smart link flush enable 3 Configuration on Device B Create monitor link group 1 DeviceB system view DeviceB monitor link group 1 Configur...

Страница 2150: ...thernet 2 0 1 and GigabitEthernet 2 0 2 separately DeviceD interface gigabitethernet 2 0 1 DeviceD GigabitEthernet2 0 1 smart link flush enable DeviceD GigabitEthernet2 0 1 quit DeviceD interface giga...

Страница 2151: ...RPP Rings 1 13 Configuring RRPP Ports 1 13 Configuring RRPP Nodes 1 14 Activating an RRPP Domain 1 16 Configuring RRPP Timers 1 16 Configuring RRPP Fast Detection 1 17 Enabling Fast Detection 1 17 Con...

Страница 2152: ...IEEE spanning tree protocols RRPP features the following z Fast topology convergence z Convergence time independent of Ethernet ring size Background Metropolitan area networks MANs and enterprise netw...

Страница 2153: ...ne of the following two states z Health state All the physical links on the Ethernet ring are connected z Disconnect state Some physical links on the Ethernet ring are broken As shown in Figure 1 1 Do...

Страница 2154: ...detect the integrity of the primary ring and perform loop guard As shown in Figure 1 1 Ring 1 is the primary ring and Ring 2 is a subring Device A is the master node of Ring 1 Device B Device C and D...

Страница 2155: ...n edge node RRPP ring group is allowed to send Edge Hello packets RRPPDUs Table 1 1 shows the types of RRPPDUs and their functions Table 1 1 RRPPDU types and their functions Type Description Hello The...

Страница 2156: ...pecifies the maximum delay between the master node sending Fast Hello packets out the primary port and the secondary port receiving the Fast Hello packets from the primary port If the secondary port r...

Страница 2157: ...failure As shown in Figure 1 5 Ring 1 is the primary ring and Ring 2 and Ring 3 are subrings When the two SRPTs between the edge node and the assistant edge node are down the master nodes of Ring 2 a...

Страница 2158: ...evel convergence To address this problem a fast detection mechanism was introduced The mechanism works as follows z The master node sends Fast Hello packets out its primary port at the interval specif...

Страница 2159: ...rings In this case you need to define an RRPP domain for each ring Figure 1 3 Schematic diagram for a tangent ring network Intersecting rings As shown in Figure 1 4 there are two or more rings in the...

Страница 2160: ...for a dual homed ring network Single ring load balancing In a single ring network you can achieve load balancing by configuring multiple domains As shown in Figure 1 6 Ring 1 is configured as the pri...

Страница 2161: ...Device E is configured as the master node of Ring 2 in both Domain 1 and Domain 2 However different ports on Device E are blocked in Domain 1 and Domain 2 With the configurations you can enable traff...

Страница 2162: ...Fast Detection Optional Perform this task on the master node edge node and assistant edge node in the RRPP domain Configuring RRPP Fast Detection Configuring Fast Detection Timers Optional Perform thi...

Страница 2163: ...f RRPPDUs do not enable QinQ or VLAN mapping on the control VLANs z To ensure that RRPPDUs can be sent and received correctly do not configure the default VLAN of a port accessing an RRPP ring as the...

Страница 2164: ...rts that is ports connecting devices to an RRPP ring must be Layer 2 Ethernet ports Layer 2 GE ports Layer 2 XGE ports or Layer 2 aggregate interfaces and cannot be member ports of any aggregation gro...

Страница 2165: ...You are recommended to use the link delay command to enable link status rapid report function on an RRPP port by setting the link delay of the port to 0 to accelerate topology convergence For detailed...

Страница 2166: ...configuring an edge node you must first configure the primary ring before configuring the subrings Perform this configuration on a device to be configured as an edge node Follow these steps to specif...

Страница 2167: ...main on the current device Perform this operation on all nodes in the RRPP domain Follow these steps to activate an RRPP domain To do Use the command Remarks Enter system view system view Enable RRPP...

Страница 2168: ...alue of the master node of the subring Configuring RRPP Fast Detection The S7900E series Ethernet switches support RRPP fast detection only after SD or EB cards are mounted in them Enabling Fast Detec...

Страница 2169: ...r than 600ms and the difference between the Fast Fail timer value on the master node of the subring and that on the master node of the primary ring is greater than twice the Fast Hello timer value of...

Страница 2170: ...ining RRPP To do Use the command Remarks Display brief RRPP information display rrpp brief Display RRPP group configuration information display rrpp ring group ring group id Display detailed RRPP info...

Страница 2171: ...2 link delay 0 DeviceA GigabitEthernet2 0 2 undo stp enable DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEthernet2 0 2 port trunk permit vlan all DeviceA GigabitEthernet2 0 2 quit...

Страница 2172: ...f RRPP domain 1 and configure the VLANs mapped to MSTIs 0 through 31 as the protected VLANs of RRPP domain 1 DeviceB rrpp domain 1 DeviceB rrpp domain1 control vlan 4092 DeviceB rrpp domain1 protected...

Страница 2173: ...0 3 is the edge port z Device D is the transit node of primary ring 1 GigabitEthernet 2 0 1 is the primary port and GigabitEthernet 2 0 2 is the secondary port Figure 1 9 Network diagram for intersec...

Страница 2174: ...1 DeviceB GigabitEthernet2 0 1 link delay 0 DeviceB GigabitEthernet2 0 1 undo stp enable DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vlan all Devic...

Страница 2175: ...bitEthernet2 0 2 link delay 0 DeviceC GigabitEthernet2 0 2 undo stp enable DeviceC GigabitEthernet2 0 2 port link type trunk DeviceC GigabitEthernet2 0 2 port trunk permit vlan all DeviceC GigabitEthe...

Страница 2176: ...GigabitEthernet2 0 2 quit Create RRPP domain 1 configure VLAN 4092 as the primary control VLAN of RRPP domain 1 and configure VLANs mapped to MSTIs 0 through 31 as the protected VLANs of RRPP domain 1...

Страница 2177: ...uration and operational information on each device Intersecting Ring Load Balancing Configuration Example Networking requirements z Device A Device B Device C Device D and Device F constitute RRPP dom...

Страница 2178: ...region quit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 as zero disable STP configure the two ports as trunk ports remove them from...

Страница 2179: ...protected VLAN of RRPP domain 2 DeviceA rrpp domain 2 DeviceA rrpp domain2 control vlan 105 DeviceA rrpp domain2 protected vlan reference instance 2 Configure Device A as the master node of primary ri...

Страница 2180: ...uit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 4 as zero disable STP configure the port as a trunk port remove it from VLAN 1 and assign it to VLAN 10 DeviceB...

Страница 2181: ...2 ring 2 enable DeviceC rrpp domain2 quit Enable RRPP DeviceB rrpp enable 3 Configuration on Device C Create VLANs 10 and 20 map VLAN 10 to MSTI 1 and VLAN 20 to MSTI 2 and activate MST region configu...

Страница 2182: ...unk DeviceC GigabitEthernet2 0 4 undo port trunk permit vlan 1 DeviceC GigabitEthernet2 0 4 port trunk permit vlan 10 DeviceC GigabitEthernet2 0 4 quit Create RRPP domain 1 configure VLAN 10 as the pr...

Страница 2183: ...instance 2 vlan 20 DeviceD mst region active region configuration DeviceD mst region quit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0...

Страница 2184: ...ry port gigabitethernet 2 0 1 secondary port gigabitethernet 2 0 2 level 0 DeviceD rrpp domain2 ring 1 enable DeviceD rrpp domain2 quit Enable RRPP DeviceD rrpp enable 5 Configuration on Device E Crea...

Страница 2185: ...0 quit DeviceF stp region configuration DeviceF mst region instance 1 vlan 10 DeviceF mst region active region configuration DeviceF mst region quit Configure the suppression time of physical link sta...

Страница 2186: ...ring 3 Create RRPP ring group 1 on Device C and add subrings 2 and 3 to the RRPP ring group DeviceC rrpp ring group 1 DeviceC rrpp ring group1 domain 2 ring 2 DeviceC rrpp ring group1 domain 1 ring 3...

Страница 2187: ...2 undo stp enable DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEthernet2 0 2 port trunk permit vlan all DeviceA GigabitEthernet2 0 2 quit Create RRPP domain 1 configure VLAN 4092 a...

Страница 2188: ...tEthernet2 0 2 port trunk permit vlan all 3 Configuration on Device C Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 as zero disable S...

Страница 2189: ...port gigabitethernet 2 0 1 secondary port gigabitethernet 2 0 2 level 0 DeviceD rrpp domain1 ring 1 enable DeviceD rrpp domain1 quit Enable the RRPP protocol DeviceD rrpp enable 5 Verification After...

Страница 2190: ...1 39 z Use the debugging rrpp command on each node to check whether a port receives or transmits Hello packets If not Hello packets are lost...

Страница 2191: ...g the Interval for Sending Advertisement Packets 1 10 Setting the DelayDown Timer 1 10 Setting the Port Shutdown Mode 1 11 Configuring DLDP Authentication 1 11 Resetting DLDP State 1 12 Resetting DLDP...

Страница 2192: ...hooting Overview Background Sometimes unidirectional links appear in networks On a unidirectional link one end can receive packets from the other end but the other end cannot Unidirectional links resu...

Страница 2193: ...ends of a link are operating normally at the physical layer DLDP detects whether the link is correctly connected at the link layer and whether the two ends can exchange packets properly This is beyond...

Страница 2194: ...timer This timer is set to 10 seconds and is triggered when a device transits to the Probe state or an enhanced detect is launched When the Echo timer expires and no Echo packet has been received from...

Страница 2195: ...d DLDP mode when an entry timer expires the Enhanced timer is triggered and the device sends up to eight Probe packets at a frequency of one packet per second to test the neighbor If no Echo packet is...

Страница 2196: ...The receiving side checks the values of the two fields of received DLDP packets and drops the packets with the two fields conflicting with the corresponding local configuration z Plain text authentic...

Страница 2197: ...onding neighbor entry does not exist creates the neighbor entry triggers the Entry timer and transits to Probe state Advertisement packet with RSY tag Retrieving the neighbor information If the corres...

Страница 2198: ...es in Enhanced mode If yes and the local port is not in Disable state the local transits to Disable state 3 If no echo packet is received from the neighbor DLDP performs the following processing Table...

Страница 2199: ...ate or Unidirectional state after the probe operation finishes Two way A neighbor is in this state after it receives response from its peer This state indicates the link is a two way link Unidirection...

Страница 2200: ...sabled by default Enter Ethernet port view interface interface type interface number Enter Ethernet port view or port group view Enter port group view port group manual port group name Either of the t...

Страница 2201: ...using more traffic forwarding errors if the interval is too short unnecessary Advertisement packets can be generated to consume bandwidth Therefore you are recommended to use the default value z To en...

Страница 2202: ...de To do Use the command Remarks Enter system view system view Set port shutdown mode dldp unidirectional shutdown auto manual Optional auto by default z On a port with both remote OAM loopback and DL...

Страница 2203: ...tate in Port view Port Group View The DLDP state that the port transits to upon the DLDP state reset operation depends on its physical state If the port is physically down it transits to Inactive stat...

Страница 2204: ...user view DLDP Configuration Example Network requirements z Device A and Device B are connected through two fiber pairs in which two fibers are cross connected as shown in Figure 1 4 z It is desired t...

Страница 2205: ...nfiguration information on all the DLDP enabled ports of Device A DeviceA display dldp DLDP global status enable DLDP interval 6s DLDP work mode enhance DLDP authentication mode none DLDP unidirection...

Страница 2206: ...dex 59 Neighbor state two way Neighbor aged time 11 The output information indicates that both GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 are in Advertisement state and the links are up which mea...

Страница 2207: ...onfiguring Errored Frame Event Detection 1 7 Configuring Errored Frame Period Event Detection 1 7 Configuring Errored Frame Seconds Event Detection 1 7 Enabling OAM Remote Loopback 1 8 Displaying and...

Страница 2208: ...net has been absent all along hindering the usage of Ethernet in MANs and WANs Implementing Operation Administration and Maintenance OAM on Ethernet networks has now become an urgent matter As a tool...

Страница 2209: ...be forwarded Source addr Source MAC address of the Ethernet OAMPDU It is the bridge MAC address of the sending side and is a unicast MAC address Type Type of the encapsulated protocol in the Ethernet...

Страница 2210: ...and establishes sessions with them In this phase interconnected OAM entities notify the peer of their OAM configuration information and the OAM capabilities of the local nodes by exchanging Informati...

Страница 2211: ...ially when the physical connection in the network is not disconnected but network performance is degrading gradually Link monitoring is used to detect and indicate link faults in various environments...

Страница 2212: ...ts listed in Table 1 5 Table 1 5 Critical link error events Ethernet OAM link events Description Link Fault Peer link signal is lost Dying Gasp An unexpected fault such as power failure occurred Criti...

Страница 2213: ...te Loopback Optional Configuring Basic Ethernet OAM Functions As for Ethernet OAM connection establishment a device can operate in active mode or passive mode After Ethernet OAM is enabled on an Ether...

Страница 2214: ...occurs if the number of frame errors in specific number of received frames exceeds the predefined threshold Follow these steps to configure errored frame period event detection To do Use the command...

Страница 2215: ...OAM Remote Loopback After enabling OAM remote loopback on a port you can send loopback frames from the port to a remote port and then observe how many of these loopback frames are returned In this way...

Страница 2216: ...roups or service loopback groups For more information about link aggregation groups and service loopback groups refer to Link Aggregation Configuration and Service Loopback Group Configuration in the...

Страница 2217: ...uit Set the errored frame detection interval to 20 seconds and set the errored frame event triggering threshold to 10 DeviceA oam errored frame period 20 DeviceA oam errored frame threshold 10 2 Confi...

Страница 2218: ...lay the statistics of Ethernet OAM critical link events on all the ports of Device A DeviceA display oam critical event Port GigabitEthernet2 0 1 Link Status Up Event statistic Link Fault 0 Dying Gasp...

Страница 2219: ...xchange various management information Extended information OAMPDU Extended OAM adds an Organization Specific Information TLV to the information OAMPDU For details about information OAMPDUs refer to E...

Страница 2220: ...cation Used for performing DBA configuration and query z Payload Carries the function codes and configuration contents corresponding to the user s query or configuration instructions An OLT can config...

Страница 2221: ...le extend OAM manually instead extended OAM is enabled on a port automatically when you enable Ethernet OAM on the port Configuring Extended OAM Discovery Timeout Time Extended OAM discovery timeout t...

Страница 2222: ...ation Prerequisites 1 8 Configuring Procedure 1 8 Configuring LB on MEPs 1 9 Configuration Prerequisites 1 9 Configuration Procedure 1 9 Configuring LT on MEPs 1 10 Configuration Prerequisites 1 10 Fi...

Страница 2223: ...ic Concepts in CFD Maintenance domain A maintenance domain MD defines the network where CFD plays its role The MD boundary is defined by some maintenance association end points MEPs configured on the...

Страница 2224: ...EP ID The MEPs of an MD define the range and boundary of the MD The MA and MD that a MEP belongs to define the VLAN attribute and level of the packets sent by the MEP MEPs fall into inward facing MEPs...

Страница 2225: ...forwards packets at a higher level without any processing Figure 1 4 demonstrates a grading example of the CFD module In the figure there are six devices labeled 1 through 6 respectively Suppose each...

Страница 2226: ...ce faults or configuration errors This function is implemented through periodic sending of continuity check messages CCMs by the MEPs As a multicast message a CCM sent by one MEP is intended to be rec...

Страница 2227: ...nt devices z Define the MA in each MD according to the VLAN you want to monitor z Assign a name for each MA Make sure that the same MA in the same MD has the same name on different devices z Determine...

Страница 2228: ...nd Remarks Enter system view system view Enable CFD cfd enable Required CFD is disabled by default Configure the CFD protocol version cfd version draft5 standard Optional By default CFD uses the stand...

Страница 2229: ...thernet interface view interface interface type interface number Create a MEP cfd mep mep id service instance instance id inbound outbound Required Not configured by default Enable the MEP cfd mep ser...

Страница 2230: ...or deleting the MEPs on a port z Changes occur to the VLAN attribute of a port z The rule specified in the cfd mip rule command changes Configuring CC on MEPs After the CC function is configured MEPs...

Страница 2231: ...f the remote MEP is illustrated in Table 1 2 Table 1 2 Relationship of the interval field value the interval between CCM messages and the timeout time of the remote MEP The interval field value The in...

Страница 2232: ...ithin 3 5 sending intervals the link between the two is regarded as faulty and LTMs will be sent out Based on the LTRs that echo back the fault source can be located Configuration Prerequisites Before...

Страница 2233: ...reply service instance instance id mep mep id Available in any view Display the information of a remote MEP display cfd remote mep service instance instance id mep mep id Available in any view Displa...

Страница 2234: ...nce 2 md MD_B ma MA_MD_B 3 Configuration on Device B configuration on Device D is the same as that on Device B DeviceB system view DeviceB cfd enable DeviceB cfd md MD_A level 5 DeviceB cfd ma MA_MD_A...

Страница 2235: ...twork diagram of MD and MEP configuration Configuration procedure 1 On Device A DeviceA system view DeviceA cfd meplist 1001 4002 5001 service instance 1 DeviceA cfd meplist 2001 4001 service instance...

Страница 2236: ...ommands display cfd mp and display cfd mep to verify your configuration Configuring the Rules for Generating MIPs Network requirements After finishing MEP configuration you can continue to configure t...

Страница 2237: ...trace the fault source after CC detects a link fault As shown in Figure 1 6 enable LB on Device A so that Device A can send LBM messages to MEPs on Device D Configuration procedure Configure Device A...

Страница 2238: ...1 16 DeviceA cfd linktrace service instance 1 mep 1001 target mep 4002...

Страница 2239: ...on to BFD 1 1 How BFD Works 1 2 BFD Packet Format 1 4 Supported Features 1 5 Protocols and Standards 1 6 Configuring BFD Basic Functions 1 6 Configuration Prerequisites 1 6 Configuration Procedure 1 6...

Страница 2240: ...ng z Hardware detection Detects link failures by sending hardware detection signals such as SDH synchronous digital hierarchy transmission system alarms Hardware detection can quickly detect failures...

Страница 2241: ...sures Operation of BFD Figure 1 1 BFD session establishment on OSPF routers OSPF neighbors BFD neighbors Router A Router B 1 2 3 2 OSPF advertises the BFD neighbor relationship BFD session establishme...

Страница 2242: ...s the packets back to the originating end thereby monitoring link status in both directions BFD operating modes Before a BFD session is established there are two BFD operating modes active and passive...

Страница 2243: ...he related BFD parameters such as the minimum transmit interval minimum receive interval initialization mode and packet authentication mode After that both ends use the negotiated parameters without a...

Страница 2244: ...of the BFD Control packet in bytes z My Discriminator A unique nonzero discriminator value generated by the transmitting system used to demultiplex multiple BFD sessions between the same pair of syst...

Страница 2245: ...the network layer z Configure the routing protocols that support BFD Configuration Procedure Follow these steps to configure BFD basic functions To do Use the command Remarks Enter system view system...

Страница 2246: ...the System Volume Follow these steps to enable BFD trap To do Use the command Remarks Enter system view system view Enable BFD trap snmp agent trap enable bfd Optional Enabled by default For the descr...

Страница 2247: ...1 8 To do Use the command Remarks Clear BFD session statistics on a distributed IRF device reset bfd session statistics chassis chassis number slot slot number Available in user view...

Страница 2248: ...ng Collaboration Between the Track Module and the Application Modules 1 4 Configuring Track VRRP Collaboration 1 4 Configuring Track Static Routing Collaboration 1 6 Displaying and Maintaining Track E...

Страница 2249: ...s through the track module More specifically the detection modules probe the link status network performance and so on and inform the application modules of the detection result through the track modu...

Страница 2250: ...on may be interrupted because routes cannot be recovered in time For example the master in a VRRP group monitors the uplink interface through the track module When the uplink interface fails the track...

Страница 2251: ...the specified NQA test group and reaction entry can be nonexistent In this case the status of the configured track entry is Invalid Configuring Track BFD Collaboration Through the following configurat...

Страница 2252: ...ion is created by default Configuring Collaboration Between the Track Module and the Application Modules Configuring Track VRRP Collaboration VRRP is an error tolerant protocol It adds a group of rout...

Страница 2253: ...ess Required No VRRP group is created by default Specify a track entry to be monitored by VRRP vrrp ipv6 vrid virtual router id track track entry number reduced priority reduced switchover Required No...

Страница 2254: ...oute the track module and detection modules and thus check the reachability of the static route according to the status of the track entry z If the status of the track entry is Positive then the next...

Страница 2255: ...recursion the associated track entry must monitor the next hop of the recursive route instead of that of the static route otherwise a valid route may be considered invalid z For details of static rout...

Страница 2256: ...ion entry 1 specifying that five consecutive probe failures trigger the Track NQA collaboration SwitchA nqa admin test icmp echo reaction 1 checked element probe fail threshold type consecutive 5 acti...

Страница 2257: ...an interface2 vrrp vrid 1 authentication mode simple hello Configure the master to send VRRP packets at an interval of five seconds SwitchB Vlan interface2 vrrp vrid 1 timer advertise 5 Configure Swit...

Страница 2258: ...is a fault on the link between Switch A and Switch C IPv4 Standby Information Run Mode Standard Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 5...

Страница 2259: ...z If BFD is not configured when the master in a VRRP group fails the backup cannot become the master until the configured timeout timer expires The timeout is generally three to four seconds and there...

Страница 2260: ...ter SwitchB interface vlan interface 2 SwitchB Vlan interface2 vrrp vrid 1 virtual ip 192 168 0 10 SwitchB Vlan interface2 vrrp vrid 1 track 1 switchover SwitchB Vlan interface2 return 5 Verify the co...

Страница 2261: ...chB debugging bfd event When Switch A fails the following output information is displayed on Switch B Dec 17 14 44 34 142 2008 SwitchB BFD 7 EVENT Send sess down Msg Src 192 168 0 102 Dst 192 168 0 10...

Страница 2262: ...s the master thus ensuring that the hosts in the LAN can access the external network through Switch B Figure 1 4 Network diagram for monitoring uplinks using BFD Internet Master uplink device Backup u...

Страница 2263: ...ual ip 192 168 0 10 SwitchB Vlan interface2 return 5 Verify the configuration Display the detailed information of the VRRP group on Switch A SwitchA display vrrp verbose IPv4 Standby Information Run M...

Страница 2264: ...in seconds Reference object BFD session Packet type Echo Interface Vlan interface2 Remote IP 1 1 1 2 Local IP 1 1 1 1 display the detailed information of VRRP group 1 on Switch A SwitchA display vrrp...

Страница 2265: ...ch C Figure 1 5 Network diagram for Static Routing Track NQA collaboration configuration Vlan int2 10 1 1 1 24 Vlan int2 10 1 1 2 24 Vlan int3 10 2 1 1 24 Switch C Vlan int3 10 2 1 2 24 Switch B Switc...

Страница 2266: ...itchA display track all Track ID 1 Status Positive Notification delay Positive 0 Negative 0 in seconds Reference object NQA entry admin test Reaction 1 Display the routing table of Switch A SwitchA di...

Страница 2267: ...As shown in Figure 1 6 the next hop of the static route from Switch A to Switch C is Switch B z Configure Static Routing Track BFD collaboration on Switch A to implement real time monitoring of the va...

Страница 2268: ...Switch A SwitchA display ip routing table Routing Tables Public Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 Static 60 0 10 2 1 1 Vlan3 10 2 1 0 24 Direct 0 0...

Страница 2269: ...itors the Uplink Interface Network requirements z As shown in Figure 1 7 Host A needs to access Host B on the Internet The default gateway of Host A is 10 1 1 10 24 z Switch A and Switch B belong to V...

Страница 2270: ...Host B on Host A and you can see that Host B is reachable Use the display vrrp command to view the configuration result Display detailed information about VRRP group 1 on Switch A SwitchA Vlan interf...

Страница 2271: ...ters 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Status Up State Backup Config Pri 110 Running Pri 80 Preempt Mode Yes Delay Time 0 Auth Type None Virtual IP 10 1 1 10 Master IP 10 1 1 2 VR...

Страница 2272: ...ntents 1 GR Overview 1 1 Introduction to Graceful Restart 1 1 Basic Concepts in Graceful Restart 1 1 Graceful Restart Communication Procedure 1 2 Graceful Restart Mechanism for Several Commonly Used P...

Страница 2273: ...t to the state prior to the restart in minimal time No route flapping occurs during the restart the packet forwarding path remains the same and the whole system can forward data continuously Hence it...

Страница 2274: ...Helper must support GR or be GR capable Thus when GR Restarter restarts its GR Helper can know its restart process In some cases GR Restarter and GR Helper can replace each other The communication pro...

Страница 2275: ...the GR Time expires the GR Helper will neither terminate the session with the GR Restarter nor delete the topology or routing information of the latter 3 Signaling to GR Helper Figure 1 3 The GR Rest...

Страница 2276: ...ommonly Used Protocols Comware supports Graceful Restart based on protocols supporting IPv6 such as MPLS Label Distribution Protocol MPLS LDP MPLS with Resource Reservation Protocol Traffic Engineerin...

Страница 2277: ...ntly This document describes z Introduction to User Interface z Logging In Through the Console Port z Logging In Through Telnet SSH z Logging In Using Modem z Logging In Through NMS z Specifying Sourc...

Страница 2278: ...ystem creating deleting modifying and renaming a file or a directory and opening a file This document describes z File system management z Configuration File Management SNMP Simple network management...

Страница 2279: ...er z Configuring PoE Power Management z Configuring the PoE Monitoring Function z Configuring PoE Interface through PoE Profile z Upgrading PSE Processing Software in Service NQA NQA analyzes network...

Страница 2280: ...silient Framework IRF allows you to build an IRF namely a united device by interconnecting multiple devices through IRF ports You can manage all the devices in the IRF by managing the united device Th...

Страница 2281: ...n Procedure 2 7 Configuration Example 2 8 Console Port Login Configuration with Authentication Mode Being Scheme 2 9 Configuration Procedure 2 9 Configuration Example 2 11 Configuring Command Authoriz...

Страница 2282: ...troduction 6 1 Connection Establishment Using NMS 6 1 7 Specifying Source for Telnet Packets 7 1 Introduction 7 1 Specifying Source IP address Interface for Telnet Packets 7 1 Displaying the source IP...

Страница 2283: ...e AUX port and the Console port of a 3Com series switch are the same one you will be in the AUX user interface if you log in through this port 3Com S7900E series Ethernet switch supports two types of...

Страница 2284: ...guration in user interface view of VTY 1 applies User Interface Number User interfaces can be numbered in two ways absolute numbering and relative numbering Absolute numbering Absolute numbering allow...

Страница 2285: ...Set the banner header incoming legal login shell motd text Optional Set a system name for the switch sysname string Optional Enter one or more user interface views user interface type first number las...

Страница 2286: ...to a switch It is also the prerequisite to configure other login methods By default you can log in to an 3Com S7900E series Ethernet switch through its Console port only To log in to an Ethernet swit...

Страница 2287: ...as Terminal in Windows 3 X or HyperTerminal in Windows 9X Windows 2000 Windows XP and perform the configuration shown in Figure 2 2 through Figure 2 4 for the connection to be created Normally the pa...

Страница 2288: ...itch or check the information about the switch by executing commands You can also acquire help by type the character Refer to the following chapters for information about the commands Console Port Log...

Страница 2289: ...to the AUX user interface Make terminal services available shell Optional By default terminal services are available in all user interfaces Set the maximum number of lines the screen can contain scre...

Страница 2290: ...al authentication or RADIUS authentication Optional Local authentication is performed by default Refer to the AAA Configuration in the Security Volume for details Configure user name and password Conf...

Страница 2291: ...switch is configured to allow you to login through Telnet and your user level is set to the administrator level level 3 After you telnet to the switch you need to limit the console user at the followi...

Страница 2292: ...he configuration consistent with that on the switch Refer to Setting Up the Connection to the Console Port for details Console Port Login Configuration with Authentication Mode Being Password Configur...

Страница 2293: ...z The timeout time of the AUX user interface is 6 minutes Network diagram Figure 2 6 Network diagram for AUX user interface configuration with the authentication mode being password Configuration proc...

Страница 2294: ...Setting Up the Connection to the Console Port for details Console Port Login Configuration with Authentication Mode Being Scheme Configuration Procedure Follow these steps to perform Console port log...

Страница 2295: ...of AAA server Create a local user Enter local user view local user user name Required No local user exists by default Set the authentication password for the local user password simple cipher passwor...

Страница 2296: ...r logging in to the AUX user interface z The baud rate of the Console port is 19 200 bps z The screen can contain up to 30 lines z The history command buffer can store up to 20 commands z The timeout...

Страница 2297: ...el for a login user depends on the user level The user is authorized the command with the default level not higher than the user level With the command authorization configured the command level for a...

Страница 2298: ...s will be recorded on the HWTACACS server The command accounting configuration involves two steps 1 Enable command accounting See the following table for details 2 Configure a command accounting schem...

Страница 2299: ...oute between the switch and the Telnet terminal is available Switch The authentication mode and other settings are configured Refer to Table 3 2 and Table 3 3 Telnet is running Telnet terminal The IP...

Страница 2300: ...the password authentication to login Step 3 Connect your PC to the Switch as shown in Figure 3 1 Make sure the Ethernet port to which your PC is connected belongs to the management VLAN of the switch...

Страница 2301: ...by executing the telnet command and then to configure the later Figure 3 3 Network diagram for Telnetting to another switch from the current switch Step 1 Configure the user name and password for Teln...

Страница 2302: ...e supported VTY user interface configuration Set the command that is automatically executed when a user logs into the user interface auto execute command text Optional By default no command is automat...

Страница 2303: ...elnet configuration with authentication mode being none To do Use the command Remarks Enter system view system view Enter one or more VTY user interface views user interface vty first number last numb...

Страница 2304: ...command buffer can store to 20 Sysname ui vty0 history command max size 20 Set the timeout time to 6 minutes Sysname ui vty0 idle timeout 6 Telnet Login Configuration with Authentication Mode Being Pa...

Страница 2305: ...dure Enter system view and enable the Telnet service Sysname system view Sysname telnet server enable Enter VTY 0 user interface view Sysname user interface vty 0 Configure to authenticate users loggi...

Страница 2306: ...rning local user as well If you specify to apply an existing scheme by providing the radius scheme name argument you need to perform the following configuration as well z Perform AAA RADIUS configurat...

Страница 2307: ...mode z The commands of level 2 are available to users logging in to VTY 0 z Telnet protocol is supported in VTY 0 z The screen can contain up to 30 lines z The history command buffer can store up to 2...

Страница 2308: ...orized If yes the command can be executed The authorization server checks the commands authorized for users through the username and thus the command authorization configuration involves three steps 1...

Страница 2309: ...to enable command accounting To do Use the command Remarks Enter system view system view Enter AUX user interface view user interface vty first number last number Enable command accounting command acc...

Страница 2310: ...witch using a modem Item Requirement The PC can communicate with the modem connected to it The modem is properly connected to PSTN Administrator side The telephone number of the switch side is availab...

Страница 2311: ...Console port is usually set to a value lower than the transmission speed of the modem Otherwise packets may get lost z Other settings of the Console port such as the check mode the stop bits and the...

Страница 2312: ...the output of different modems may differ Refer to the user manual of the modem when performing the above configuration z It is recommended that the baud rate of the AUX port also the Console port be...

Страница 2313: ...an also enter the character at anytime for help Refer to the following chapters for information about the configuration commands If you perform no AUX user related configuration on the switch the comm...

Страница 2314: ...gnal after the off hook action during incoming call connection setup modem timer answer seconds Optional 30 seconds by default Configuration Example Network requirements Configure the switch side mode...

Страница 2315: ...word is 123 Figure 5 1 Network diagram for configuring user authentication Configuration procedure Assign an IP address to Device to make Device be reachable from Host A Host B Host C and RADIUS serve...

Страница 2316: ...and use local authentication as the backup Device domain system Device isp system authentication login radius scheme rad local Device isp system authorization login radius scheme rad local Device isp...

Страница 2317: ...tandard Specify Device to remove the domain name in the username sent to the HWTACACS server for the scheme Device hwtacacs scheme tac Device hwtacacs tac primary authentication 192 168 2 20 49 Device...

Страница 2318: ...ce user interface aux 0 Device ui aux0 command accounting Device ui aux0 quit Enable command accounting for users logging in through telnet or SSH Device user interface vty 0 4 Device ui vty0 4 comman...

Страница 2319: ...t Create ISP domain system and configure the ISP domain system to use HWTACACS scheme tac for accounting of command line users Device domain system Device isp system accounting command hwtacacs scheme...

Страница 2320: ...rotocol is applied between the NMS and the agent To log in to a switch through an NMS you need to perform related configuration on both the NMS and the switch Table 6 1 Requirements for logging in to...

Страница 2321: ...security Specifying source IP address interfaces for Telnet packets also provides a way to successfully connect to servers that only accept packets with specific source IP addresses Specifying Source...

Страница 2322: ...or Telnet packets make sure the interface already exists z Before specifying the source IP address interface for Telnet packets make sure the route between the interface and the Telnet server is reach...

Страница 2323: ...ugh Layer 2 ACLs Controlling Telnet Users by Source MAC Addresses SNMP By source IP addresses Through basic ACLs Controlling Network Management Users by Source IP Addresses Controlling Telnet Users Pr...

Страница 2324: ...L refer to ACL Configuration in the Security Volume Follow these steps to control Telnet users by source and destination IP addresses To do Use the command Remarks Enter system view system view Create...

Страница 2325: ...e ACL rule rule id permit deny rule string Required You can define rules as needed to filter by specific source MAC addresses Quit to system view quit Enter user interface view user interface type fir...

Страница 2326: ...t Users by Source IP Addresses You can manage a 3Com S7900E series Ethernet switch through network management software Network management users can access switches through SNMP You need to perform the...

Страница 2327: ...fy view notify view acl acl number snmp agent group v3 group name authentication privacy read view read view write view write view notify view notify view acl acl number Apply the ACL while configurin...

Страница 2328: ...basic 2000 rule 1 permit source 10 110 100 52 0 Sysname acl basic 2000 rule 2 permit source 10 110 100 46 0 Sysname acl basic 2000 rule 3 deny source any Sysname acl basic 2000 quit Apply the ACL to o...

Страница 2329: ...yright Information 1 6 Configuring a Banner 1 7 Configuring CLI Hotkeys 1 8 Configuring Command Aliases 1 9 Configuring User Privilege Levels and Command Levels 1 10 Displaying and Maintaining Basic C...

Страница 2330: ...en it has no configuration file or the configuration file is damaged z Current configuration The currently running configuration on the device z Saved configuration Configurations saved in the startup...

Страница 2331: ...he system divides the command line interface into multiple command views which adopts a hierarchical structure For example there is system view under user view and interface view and VLAN view under s...

Страница 2332: ...system view system view Set the time zone clock timezone zone name add minus zone offset Optional clock summer time zone name one off start time start date end time end date add time Set a daylight s...

Страница 2333: ...7 3 3 Display 03 00 00 zone time Sat 03 03 2007 If the original system clock is not in the daylight saving time range the original system clock is displayed Configure clock summer time ss one off 1 00...

Страница 2334: ...the original system clock zone offset is not in the summer time range the original system clock zone offset is displayed Configure clock timezone zone time add 1 and clock summer time ss one off 1 00...

Страница 2335: ...r quits user view after logging in to the device through the console port or AUX port The copyright information will not be displayed under other circumstances The display format of copyright informat...

Страница 2336: ...e is to input all the banner information right after the command keywords The start and end characters of the input text must be the same but are not part of the banner information In this case the in...

Страница 2337: ...in any view Refer to Table 1 2 for hotkeys reserved by the system By default the Ctrl G Ctrl L and Ctrl O hotkeys are configured with command line and the Ctrl T and Ctrl U commands are NULL z Ctrl G...

Страница 2338: ...the cursor as the ending of the clipboard These hotkeys are defined by the device When you interact with the device from terminal software these keys may be defined to perform other operations If so t...

Страница 2339: ...in they can only use commands at their own or lower levels All the commands are categorized into four levels which are visit monitor system and manage from low to high and identified respectively by 0...

Страница 2340: ...x vty first num2 last num2 Configure the authentication mode for logging in to the user interface as scheme authentication mode scheme Required By default the authentication mode for VTY users is pass...

Страница 2341: ...ername test and password 123 After passing the authentication users can only use the commands of level 0 If the users need to use commands of levels 0 1 2 and 3 the following configuration is required...

Страница 2342: ...ce to log in to the device authentication mode none password Optional By default the authentication mode for VTY user interfaces is password and AUX user interfaces do not need authentication Configur...

Страница 2343: ...passwords and specify the user privilege levels as 2 Sysname system view Sysname user interface vty 0 4 Sysname ui vty0 4 authentication mode password Sysname ui vty0 4 set authentication password cip...

Страница 2344: ...e user passes the authentication the user privilege level will be switched successfully otherwise the user privilege level will remain unchanged With no local switch authentication password configured...

Страница 2345: ...r is easily cracked z The timeout time of AAA authentication is 120 seconds after that the AAA authentication is considered as no response z The privilege level switch fails after three consecutive un...

Страница 2346: ...higher level or improve device security Follow these steps to modify the command level To do Use the command Remarks Enter system view system view Configure the command level in a specified view comma...

Страница 2347: ...in the system Execution of the display diagnostic information command equals execution of the commands display clock display version display device and display current configuration one by one For the...

Страница 2348: ...e types of online help available with the CLI z Full help z Fuzzy help To obtain the desired help information you can 1 Enter in any view to access all the commands in this view and brief description...

Страница 2349: ...nformation output refers to the feature that if the user s input is interrupted by system output then after the completion of system output the system will display a command line prompt and your input...

Страница 2350: ...ommand line you can use other shortcut keys For details see Table 1 2 besides the shortcut keys defined in Table 1 4 or you can define shortcut keys by yourself For details see Configuring CLI Hotkeys...

Страница 2351: ...n match zo and zoo but not z Vertical bar used to match the whole string on the left or right of it For example def int can only match a character string containing def or int _ Underline If it is at...

Страница 2352: ...tring ending with string For example do can match word undo or string abcdo bcharacter2 Used to match character1character2 character1 can be any character except number letter or underline and b equal...

Страница 2353: ...n information display pauses Continues to display information of the next line Press Ctrl C when information display pauses Stops the display and the command execution Ctrl E Moves the cursor to the e...

Страница 2354: ...ess the next history command Down arrow key or Ctrl N Displays the next history command if there is any You may use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet Howe...

Страница 2355: ...ve Standby Mode for Service Ports on SRPUs 1 11 Configuring the Traffic Forwarding Mode of SRPUs 1 12 Configuring the Working Mode of LPUs 1 14 Introduction to the Working Mode of LPUs 1 14 Configurin...

Страница 2356: ...Configuring the Scheduled Automatic Execution Function z Upgrading Device Software z Configuring Temperature Alarm Thresholds for a board z Clearing the 16 bit Interface Indexes Not Used in the Curren...

Страница 2357: ...al Configuring the Exception Handling Method When the system detects any software abnormality it handles the situation with one of the following two methods z reboot The system recovers itself through...

Страница 2358: ...exception handling method is effective to the failed member device only and does not influence the operations of other IRF members Rebooting a Device When a fault occurs to a running device you can r...

Страница 2359: ...default Available in user view z Distributed IRF device Follow the step below to reboot a device through command lines immediately To do Use the command Remarks Reboot a member device or all IRF membe...

Страница 2360: ...n active SRPU and standby SRPU switchover will occur distributed device z If a main boot file fails or does not exist the device cannot be rebooted with the reboot command In this case you can re spec...

Страница 2361: ...ds used to switch views such as system view quit and the commands used to modify status of a user that is executing commands such as super the operation interface command view and status of the curren...

Страница 2362: ...ng FTP or TFTP 2 Use a command to specify the Boot ROM program for the next boot 3 Reboot the device to make the specified Boot ROM program take effect z Distributed device Since the Boot ROM programs...

Страница 2363: ...y the boot file for the next boot of the active SRPU and standby SRPU respectively 4 Reboot the device to make the new boot file take effect z Distributed IRF device 1 Save the boot file to the root d...

Страница 2364: ...ributed device Configuring Temperature Alarm Thresholds for a board You can set temperature alarm thresholds for a card by using the following commands When the temperature of a card reaches the thres...

Страница 2365: ...heir interface indexes remain unchanged Follow these steps to clear the 16 bit interface indexes not used in the current system To do Use the command Remarks Clear the 16 bit interface indexes saved b...

Страница 2366: ...the LSQ1SRP2XB or LSQ1SRP12GB work in one of the following mode z Concurrent processing mode All services ports on both of the two SRPUs can forward data concurrently If the active and standby switch...

Страница 2367: ...Traffic forwarding modes supported by S7900E SRPUs SRPU model Supported traffic forwarding mode Feature Recommended application environment Enhanced Layer 2 forwarding mode Supporting selective QinQ...

Страница 2368: ...XB LSQ1SRPB LSQ1MPUA LSQ1CGP24TSC LSQ1CGV24PSC LSQ1SRPD or LSQ1SRP12GB To do Use the command Remarks Enter system view system view Configure the traffic forwarding mode of the SRPU switch mode l2 enha...

Страница 2369: ...mode in a Layer 2 network with a large MAC address table z Route extension mode The EB LPU can provide a 256K routing table and the SD LPU can provide 128K routing table It is recommended to use this...

Страница 2370: ...ndard routing routing z When the SRPU of the S7900E switch is LSQ1SRP1CB it is recommended not to modify the default working mode the EA LPUs as other modes z When the SRPU of the S7900E switch is LSQ...

Страница 2371: ...e or upgrade the software version for them for the first time after working mode switch the EB or SD LPU may be rebooted for once or twice because of system optimization which takes six to ten minutes...

Страница 2372: ...lication environment Whether can be an optical transceiver Whether can be an electrical transceiver SFP Small Form factor Pluggable Generally used for 100M 1000M Ethernet interfaces or POS 155M 622M 2...

Страница 2373: ...formation for you to diagnose and troubleshoot faults of pluggable transceivers Optical transceivers customized by H3C also support the digital diagnosis function which monitors the key parameters of...

Страница 2374: ...w Display the power state of the device display power power id Available in any view Display the reboot time of a device display schedule reboot Available in any view Display detailed configurations o...

Страница 2375: ...e in any view Display detailed configurations of the scheduled automatic execution function display schedule job Available in any view Display the reboot time of a device display schedule reboot Avail...

Страница 2376: ...ess to the aaa directory FTP Server luser aaa service type ftp FTP Server luser aaa authorization attribute level 3 z Configuration on Device If the size of the flash on the device is not large enough...

Страница 2377: ...boot loader file slot1 flash soft version2 app slot 1 main Reboot the device The software version is upgraded now Device reboot After the device reboots use the display version command to check if th...

Страница 2378: ...t types of servers IRF tftp 2 2 2 2 get new config cfg File will be transferred in binary mode Downloading file from remote TFTP server please wait TFTP 917 bytes received in 1 second s File downloade...

Страница 2379: ...ontinue Y N y The specified file will be used as the main boot file at the next reboot on chassis 1 slot 0 IRF boot loader file chassis1 slot1 flash soft version2 app chassis 1 slot 1 main This comman...

Страница 2380: ...he Space of a Storage Medium 1 7 Mounting Unmounting a Storage Medium 1 7 Setting File System Prompt Modes 1 8 File System Operations Example 1 8 2 Configuration File Management 2 1 Configuration File...

Страница 2381: ...for the Next System Startup 2 9 Backing Up the Startup Configuration File 2 10 Deleting the Startup Configuration File for the Next Startup 2 10 Restoring the Startup Configuration File 2 11 Displayin...

Страница 2382: ...information you are interested in z File System z Directory Operations z File Operations z Batch Operations z Storage Medium Operations z Setting File System Prompt Modes z File System Operations Exa...

Страница 2383: ...the display device command to view the correspondence between a board and its slot number 1 to 135 characters flash test a cfg indicates a file named a cfg in the test folder under the root directory...

Страница 2384: ...ory on the AMB of the IRF To read and write the a cfg file under the root directory of the flash on an SMB of the IRF the member ID and slot number of the SMB are 2 and 5 respectively input chassis2 s...

Страница 2385: ...ion refer to the delete command for subdirectory deletion refer to the rmdir command z After you execute the rmdir command successfully the files in the recycle bin under the directory will be automat...

Страница 2386: ...url source fileurl dest Required Available in user view Copying a File To do Use the command Remarks Copy a file copy fileurl source fileurl dest Required Available in user view Moving a File To do Us...

Страница 2387: ...Emptying the Recycle Bin To do Use the command Remarks Enter the original working directory of the file to be deleted cd directory Optional If the original directory of the file to be deleted is not...

Страница 2388: ...he space of a storage medium fixdisk device Optional Available in user view Format a storage medium format device FAT16 FAT32 Optional FAT16 and FAT32 are not applicable to a flash card Available in u...

Страница 2389: ...ns on it do not unplug or switchover the storage medium or the card where the storage medium resides Otherwise the file system could be damaged z Before removing a mounted storage medium from the syst...

Страница 2390: ...under the test directory Sysname cd test Sysname mkdir mytest Created dir flash test mytest Display the current working directory Sysname pwd flash test Display the files and the subdirectories under...

Страница 2391: ...that is using the default parameters z Current configuration which refers to the currently running configuration of the system The current configuration may include the startup configuration if the s...

Страница 2392: ...g the consistency of the configuration files on the AMB and SMB z If the configuration file auto save function is not enabled when you save the current configuration by executing the save safely comma...

Страница 2393: ...e file more slowly but can retain the configuration file in the device even if the device reboots or the power fails during the process The fast saving mode is suitable for environments where power su...

Страница 2394: ...Save distributed IRF device z During the execution of the save safely command the startup configuration file to be used at the next system startup may be lost if the device reboots or the power suppl...

Страница 2395: ...ecutes the commands only present in the replacement configuration file but not in the current configuration file z The rollback operation removes the commands that are different in the replacement con...

Страница 2396: ...les If you change the path of the saved configuration files the files in the original path become common configuration files and are not processed as saved configuration files The number of saved conf...

Страница 2397: ...ation files are cleared z The value of the file number argument is determined by the memory space You are recommended to set a comparatively small value for the file number argument if the available m...

Страница 2398: ...can save the current running configuration manually before you modify it Therefore if it really fails the device can revert to the configuration state before the modification Follow the step below to...

Страница 2399: ...tion file to be used at the next system startup You can specify a configuration file as the startup configuration file to be used at the next system startup in the following two ways z Use the save co...

Страница 2400: ...lay startup command in user view to see whether you have set the startup configuration file and use the dir command to see whether this file exists If the file is set as NULL or does not exist the bac...

Страница 2401: ...To do Use the command Remarks Restore the startup configuration file to be used at the next system startup restore startup configuration from src addr src filename Required Available in user view z Be...

Страница 2402: ...the current configuration display current configuration configuration configuration interface interface type interface number by linenum begin include exclude text Available in any view For detailed...

Страница 2403: ...ation 1 3 Configuring SNMP Logging 1 5 Introduction to SNMP Logging 1 5 Enabling SNMP Logging 1 5 Configuring SNMP Trap 1 6 Enabling the Trap Function 1 6 Configuring Trap Parameters 1 7 Displaying an...

Страница 2404: ...NMP makes the management tasks independent of both the physical features of the managed devices and the underlying networking technologies Thus SNMP achieves effective management of devices from diffe...

Страница 2405: ...used to encrypt packets between the NMS and agents preventing the packets from being intercepted USM ensures a more secure communication between SNMP NMS and SNMP agent by authentication with privacy...

Страница 2406: ...ults are as follows 3Com Corporation for contact Marlborough MA 01752 USA for location and SNMP v3 for the version Configure a local engine ID for an SNMP entity snmp agent local engineid engineid Opt...

Страница 2407: ...uired The defaults are as follows 3Com Corporation for contact Marlborough MA 01752 USA for location and SNMP v3 for the version Configure a local engine ID for an SNMP entity snmp agent local enginei...

Страница 2408: ...ndex of the SET response These logs will be sent to the information center and the level of them is informational that is they are taken as the system prompt information With parameters for the inform...

Страница 2409: ...aps which are generated by different modules As traps that occupy large device memory affect device performance it is recommended not to enable the trap function for all modules but for the specific m...

Страница 2410: ...ate changes you need to enable the trap function of interface state changes on an interface and globally Use the enable snmp trap updown command to enable the trap function on an interface and use the...

Страница 2411: ...ps defined in RFC snmp agent trap if mib link extended Optional Standard linkUp linkDown traps defined in RFC are used by default Configure the size of the trap send queue snmp agent trap queue size s...

Страница 2412: ...mp agent trap list Display SNMPv3 agent user information display snmp agent usm user engineid engineid username user name group group name Display SNMPv1 or v2c agent community information display snm...

Страница 2413: ...get host command is the same with that on the NMS otherwise the NMS cannot receive any trap 2 Configuring the SNMP NMS With SNMPv1 v2c the user needs to specify the read only community the read and wr...

Страница 2414: ...tact person and physical location information of the device Sysname snmp agent sys info contact Mr Wang Tel 3306 Sysname snmp agent sys info location telephone closet 3rd floor Enable sending of traps...

Страница 2415: ...v1 SNMPv2c Configuration Example and SNMPv3 Configuration Example Enable logging display on the terminal This function is enabled by default so that you can omit this configuration Sysname terminal mo...

Страница 2416: ...of the NMS op SNMP operation type GET or SET node Node name of the SNMP operations and OID of the instance erroIndex Error index with 0 meaning no error errorstatus Error status with noError meaning...

Страница 2417: ...t Statistics Function 1 4 Configuring the RMON History Statistics Function 1 4 Configuring the RMON Alarm Function 1 5 Configuration Prerequisites 1 5 Configuration Procedure 1 5 Displaying and Mainta...

Страница 2418: ...ort rate reaches a certain value or the potion of broadcast packets received in the total packets reaches a certain value Both the RMON protocol and the Simple Network Management Protocol SNMP are use...

Страница 2419: ...statistics group defines that the system collects statistics on various traffic information on an interface at present only Ethernet interfaces are supported and saves the statistics in the Ethernet s...

Страница 2420: ...of alarm variables and compares the result with the defined threshold thereby realizing a more comprehensive alarming function System handles the prialarm alarm table entry as defined by the user in t...

Страница 2421: ...he RMON history statistics function To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface number Create an entry in the RMON hist...

Страница 2422: ...umber description string log log trap log trapcommunity none trap trap community owner text Required Create an entry in the alarm table rmon alarm entry number alarm variable sampling interval absolut...

Страница 2423: ...le in any view Display the RMON history control entry and history sampling information display rmon history interface type interface number Available in any view Display RMON alarm configuration infor...

Страница 2424: ...ts 307 etherStatsBroadcastPkts 56 etherStatsMulticastPkts 34 etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 0 etherStatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollision...

Страница 2425: ...tEthernet2 0 1 display rmon history HistoryControlEntry 2 owned by null is VALID Samples interface GigabitEthernet2 0 1 ifIndex 19 Sampling interval 10 sec with 8 buckets max Sampled values of record...

Страница 2426: ...CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampled values of record 8 dropevents 0 octets 1154 packets 13 broadcast packets 1 multi...

Страница 2427: ...snmp agent target host trap address udp domain 1 1 1 2 params securityname public Configure RMON to gather statistics on interface GigabitEthernet 2 0 1 Sysname interface GigabitEthernet 2 0 1 Sysname...

Страница 2428: ...e 2 has sampled alarm value 0 less than or 50 Private Alarm Group Configuration Example Network requirements As shown in Figure 1 4 monitor the utilization rate of interface GigabitEthernet 2 0 1 when...

Страница 2429: ...n prialarm 1 1 3 6 1 2 1 16 1 1 1 4 1 8 1 3 6 1 2 1 16 1 1 1 5 1 16 100 1 3 6 1 2 1 2 2 1 5 1 1 0 SpeedRatio 10 delta rising threshold 80 1 falling threshold 5 2 entrytype forever owner v3user The OID...

Страница 2430: ...g the MAC Learning Limit 1 7 Displaying and Maintaining MAC Address Tables 1 7 MAC Address Table Configuration Example 1 8 2 MAC Information Configuration 2 1 Overview 2 1 Introduction to MAC Informat...

Страница 2431: ...e this device is connected and to which VLAN the interface belongs When forwarding a frame the device first looks up the MAC address table by the destination MAC address of the frame for the outgoing...

Страница 2432: ...prevent hackers from stealing data using forged MAC addresses Types of MAC Address Table Entries A MAC address table may contain these types of entries z Static entries which are manually configured...

Страница 2433: ...table automatically by learning the source MAC addresses of received frames To improve port security you can manually add MAC address entries to the MAC address table to bind ports with MAC addresses...

Страница 2434: ...ent interface only Add modify MAC address entries under the specified interface view mac address dynamic static mac address vlan vlan id Required z When using the mac address command to add a MAC addr...

Страница 2435: ...face view interface interface type interface number Enter port group view port group manual port group name Enter Ethernet interface view port group view or Layer 2 aggregate interface view Enter Laye...

Страница 2436: ...mechanism for dynamic entries In this way dynamic MAC address entries that are not updated within their aging time will be deleted to make room for new entries and the MAC address table can be timely...

Страница 2437: ...s to configure the MAC learning limit on an Ethernet port or the Ethernet ports in a port group or ONU port To do Use the command Remarks Enter system view system view Enter Ethernet interface view in...

Страница 2438: ...g timer for dynamic MAC address entries to 500 seconds Configuration procedure Add a static MAC address entry Sysname system view Sysname mac address static 000f e235 dc71 interface gigabitethernet 2...

Страница 2439: ...tion Works When a new MAC address is learned or an existing MAC address is deleted on a device the device writes related information about the MAC address to the buffer area used to store user informa...

Страница 2440: ...g the Interval for Sending Syslog or Trap Messages To prevent Syslog or trap messages being sent too frequently and thus affecting system performance you can set the interval for sending Syslog or tra...

Страница 2441: ...re 2 1 Network diagram for MAC Information configuration Configuration procedure 1 Configure Device to send Syslog messages to Host B Refer to Information Center Configuration in the System Volume for...

Страница 2442: ...2 4 Set the interval for sending Syslog or trap messages to 20 seconds Device mac address information interval 20...

Страница 2443: ...d Debugging 1 1 Ping 1 1 Introduction 1 1 Configuring Ping 1 1 Ping Configuration Example 1 2 Tracert 1 4 Introduction 1 4 Configuring Tracert 1 4 System Debugging 1 5 Introduction to System Debugging...

Страница 2444: ...the destination device 2 The source device determines whether the destination is reachable based on whether it receives an ICMP echo reply if the destination is reachable the source device determines...

Страница 2445: ...n the two devices get the detailed information of routes from Device A to Device C Figure 1 1 Ping network diagram Configuration procedure Use the ping command to display whether an available route ex...

Страница 2446: ...2 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 11 53 ms The principle of ping r is as shown in Figure 1 1 1 The source Device A sends an ICMP...

Страница 2447: ...s the packet responds by sending a TTL expired ICMP error message to the source with its IP address 1 1 1 2 encapsulated In this way the source device can get the address 1 1 1 2 of the first Layer 3...

Страница 2448: ...the introduction to the tracert lsp command refer to MPLS Basics Commands in the MPLS Volume System Debugging Introduction to System Debugging The device provides various debugging functions For the...

Страница 2449: ...You can also output debugging information to other destinations For the detailed configurations refer to Information Center Commands in the System Volume By default you can output debugging informatio...

Страница 2450: ...eed to locate the failed nodes in the network Figure 1 4 Ping and tracert network diagram Configuration procedure Use the ping command to display whether an available route exists between Device A and...

Страница 2451: ...B an error occurred on the connection between Device B and Device C In this case you can use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the device...

Страница 2452: ...Information to the Console 1 7 Outputting System Information to a Monitor Terminal 1 8 Outputting System Information to a Log Host 1 9 Outputting System Information to the Trap Buffer 1 10 Outputting...

Страница 2453: ...rs and developers in monitoring network performance and diagnosing network problems The following describes the working process of information center z Receives the log trap and debugging information...

Страница 2454: ...ree types z Log information z Trap information z Debugging information Eight Levels of System Information The information is classified into eight levels by severity The severity levels in the descend...

Страница 2455: ...channels and output destinations can be changed through commands Besides you can configure channels 6 7 and 8 without changing the default configuration of the seven channels Table 1 2 Information cha...

Страница 2456: ...o be output to the log file log information with severity level equal to or higher than informational is allowed to be output to the log host log information with severity level equal to or higher tha...

Страница 2457: ...or log file the system information is in the following format timestamp sysname module level digest content For example a monitor terminal connects to the device When a terminal logs in to the device...

Страница 2458: ...ify the system name Refer to Basic System Configuration Commands in the System Volume for details This field is a preamble used to identify a vendor It is displayed only when the output destination is...

Страница 2459: ...Log Host Optional Outputting System Information to the Trap Buffer Optional Outputting System Information to the Log Buffer Optional Outputting System Information to the SNMP Module Optional Saving S...

Страница 2460: ...command Remarks Enable the monitoring of system information on the console terminal monitor Optional Enabled on the console and disabled on the monitor terminal by default Enable the display of debugg...

Страница 2461: ...monitor terminal you need to enable the associated display function in order to display the output information on the monitor terminal Follow these steps to enable the display of system information on...

Страница 2462: ...al Refer toDefault Output Rules of System Information Specify the source IP address for the log information info center loghost source interface type interface number Optional By default the source in...

Страница 2463: ...You can configure to output log trap and debugging information to the log buffer but the log buffer receives the log and debugging information only and discards the trap information To do Use the comm...

Страница 2464: ...the SNMP module To do Use the command Remarks Enter system view system view Enable information center info center enable Optional Enabled by default Name the channel with a specified channel number i...

Страница 2465: ...Optional The default value is 86 400 seconds Configure the maximum storage space reserved for a log file info center logfile size quota size Optional The default value is 1 MB Configure the directory...

Страница 2466: ...stem will not display the command line prompt but your previous input in a new line Disabling a Port from Generating Link Up Down Logging Information By default all the ports of the device generate li...

Страница 2467: ...Display the state of the log buffer and the log information recorded on a distributed IRF device display logbuffer reverse level severity size buffersize chassis chassis number slot slot number begin...

Страница 2468: ...nformation of all modules on channel loghost Sysname info center source default channel loghost debug state off log state off trap state off As the default system configurations for different channels...

Страница 2469: ...onf file must be identical to those configured on the device using the info center loghost and info center source commands otherwise the log information may not be output properly to the log host Step...

Страница 2470: ...f log trap and debugging information of all modules on the specified channel loghost in this example first and then configure the output rule as needed so that unnecessary information will not be outp...

Страница 2471: ...he log information may not be output properly to the log host Step 4 After log file info log is created and file etc syslog conf is modified you need to issue the following commands to display the pro...

Страница 2472: ...output Configure the information output rule allow log information of ARP and IP modules with severity equal to or higher than informational to be output to the console Note that the source modules a...

Страница 2473: ...m PSE Power 1 7 Configuring the Maximum PoE Interface Power 1 7 Configuring PoE Power Management 1 7 Configuring PSE Power Management 1 8 Configuring PoE Interface Power Management 1 8 Configuring the...

Страница 2474: ...E Interface through PoE Profile z Upgrading PSE Processing Software in Service z Displaying and Maintaining PoE z PoE Configuration Example z Troubleshooting PoE PoE Overview Introduction to PoE Power...

Страница 2475: ...follows the slot number of LPU x 3 1 For example if the slot number is 3 the PSE ID is 3 x 3 1 z After the S7900E series Ethernet switch configured the IRF the formula for calculating PSE IDs is as fo...

Страница 2476: ...r a PoE Interface Required Detecting PDs Enabling the PSE to Detect Nonstandard PDs Optional Configuring the Maximum PoE Power Optional Configuring the Maximum PSE Power Optional Configuring the PoE P...

Страница 2477: ...re not allowed to enable PoE for the PSE z If the PSE is enabled with the PoE power management function you are allowed to enable PoE for the PSE whether the PSE can supply power depends on other fact...

Страница 2478: ...mitting data in category 3 5 twisted pair cables to supply DC power to PDs z When the sum of the power consumption of all powered PoE interfaces on a PSE exceeds the maximum power of the PSE the syste...

Страница 2479: ...are factor determining the maximum PoE power z User configuration through command lines PoE power supply has self protection mechanism with which hardware protection measures will be taken for example...

Страница 2480: ...ximum power of the PSE must be greater than or equal to the sum of maximum power of all critical PoE interfaces on the PSE to guarantee the power supply to these PoE interfaces Configuring the Maximum...

Страница 2481: ...m power of the PSE you will fail to set the power priority of the PSE to critical Otherwise you can succeed in setting the power priority to critical and this PSE will preempt the power of the PSE wit...

Страница 2482: ...PD power results in PSE power overload power supply to the PD on the PoE interface with a lower priority will be stopped to ensure the power supply to the PD with a higher priority If the guaranteed r...

Страница 2483: ...er voltage threshold for the PoE power supply poe power input threshold lower value Optional The default AC input under voltage threshold is 90 00 Configure an AC input under voltage threshold for the...

Страница 2484: ...nfigure a PoE interface in either of the following two ways z Using command lines z Using a PoE profile and applying the PoE profile to the specified PoE interface s When configuring a single PoE inte...

Страница 2485: ...be configured modified and deleted in only one way If a parameter configured in a way for example through command lines is then configured in the other way for example through PoE profile the latter...

Страница 2486: ...processing software and reloads it If the PSE processing software is damaged in this case you can execute none of PoE commands successfully you can upgrade the PSE processing software in full mode to...

Страница 2487: ...ted with the PSE display poe pse pse id interface power Display information of the PoE power supply display poe power Display information of the PoE power supply distributed IRF device display poe pow...

Страница 2488: ...poe profile index index name profile name Display all information of the configurations and applications of the PoE profile applied to the specified PoE interface display poe profile interface interfa...

Страница 2489: ...et5 0 1 poe enable Sysname GigabitEthernet5 0 1 quit Enable PoE on GigabitEthernet 3 0 2 and set its power priority to critical Sysname interface gigabitethernet 3 0 2 Sysname GigabitEthernet3 0 2 poe...

Страница 2490: ...me configurations in the PoE profile do not meet the configuration requirements of the PoE interface z Another PoE profile is already applied to the PoE interface Solution z In the first case you can...

Страница 2491: ...g a DLSw Test 1 18 Configuring the Collaboration Function 1 19 Configuring Trap Delivery 1 20 Configuring the NQA Statistics Function 1 20 Configuring the History Records Saving Function 1 21 Configur...

Страница 2492: ...d provides you with network performance and service quality parameters such as jitter TCP connection delay FTP connection delay and file transfer rate With the NQA test results you can 1 Know network...

Страница 2493: ...application modules then deal with the changes accordingly based on the status of the track entry and thus collaboration is implemented Take static routing as an example You have configured a static r...

Страница 2494: ...test one probe means to carry out a corresponding function z For an ICMP echo or UDP echo test one packet is sent in one probe z For an SNMP test three packets are sent in one probe NQA client and se...

Страница 2495: ...QA client 1 Enable the NQA client 2 Create a test group and configure test parameters according to the test type The test parameters may vary with test types 3 Start the NQA test After the test you ca...

Страница 2496: ...r tcp connect udp echo ip address port number Required The IP address and port number must be consistent with those configured on the NQA client and must be different from those of an existing listeni...

Страница 2497: ...cho Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation Configure the size of pro...

Страница 2498: ...ry for the DHCP server to respond to a client request and assign an IP address to the client Configuration prerequisites Before performing a DHCP test you need to configure the DHCP server If the NQA...

Страница 2499: ...to configure a DNS test To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Configure the test type as DNS and enter test type view...

Страница 2500: ...peration destination ip ip address Required By default no destination IP address is configured for a test operation The destination IP address for a test operation is the IP address of the FTP server...

Страница 2501: ...s detecting the connectivity and performance of the HTTP server Configuration prerequisites Before performing an HTTP test you need to configure the HTTP server Configuring an HTTP test Follow these s...

Страница 2502: ...ailable Real time services such as voice and video have high requirements on delay jitters With the UDP jitter test uni bi directional delay jitters can be obtained to judge whether a network can carr...

Страница 2503: ...he source port number for a request source port port number Optional By default no source port number is specified Configure the size of a probe packet sent data size size Optional 100 bytes by defaul...

Страница 2504: ...SNMP test Follow these steps to configure an SNMP test To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Configure the test type...

Страница 2505: ...type as TCP and enter test type view type tcp Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for...

Страница 2506: ...udp echo Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The destination addr...

Страница 2507: ...n sends it back to the source 3 Upon receiving the packets the source calculates the delay jitter and delay by calculating the difference between the interval for the destination to receive two succes...

Страница 2508: ...t of the existing listening service on the NQA server Configure the destination port for a test operation destination port port number Required By default no destination port number is configured for...

Страница 2509: ...milliseconds by default Configure the timeout for waiting for a response in a voice test probe packet timeout packet timeout Optional 5000 milliseconds by default Configure common optional parameters...

Страница 2510: ...the threshold the configured action is triggered Follow these steps to configure the collaboration function To do Use the command Remarks Enter system view system view Enter NQA test group view nqa e...

Страница 2511: ...ent server by default Only the reaction trap test complete command is supported in a voice test namely in a voice test traps are sent to the NMS only if the test succeeds Configuring the NQA Statistic...

Страница 2512: ...ated Configuring the History Records Saving Function With the history records saving function enabled the system will save the history records of the NQA test You can view the history records of a tes...

Страница 2513: ...ers common to an NQA test group To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Enter test type view of a test group type dhcp...

Страница 2514: ...n be forever which indicates that a test will not stop until you use the undo nqa schedule command to stop the test A test group performs tests when the system time is between the start time and the e...

Страница 2515: ...ion information display nqa history admin name operation tag Display the results of the last NQA test display nqa result admin name operation tag Display the statistics of a type of NQA test display n...

Страница 2516: ...ss 10 2 2 2 Send operation times 10 Receive response times 10 Min Max Average round trip time 2 5 3 Square Sum of round trip time 96 Last succeeded probe time 2007 08 23 15 00 01 2 Extended results Pa...

Страница 2517: ...admin test start time now lifetime forever Disable DHCP test after the test begins for a period of time SwitchA undo nqa schedule admin test Display the result of the last DHCP test SwitchA display n...

Страница 2518: ...history records DeviceA nqa admin test dns history record enable DeviceA nqa admin test dns quit Enable DNS test DeviceA nqa schedule admin test start time now lifetime forever Disable DNS test after...

Страница 2519: ...view DeviceA nqa entry admin test DeviceA nqa admin test type ftp DeviceA nqa admin test ftp destination ip 10 2 2 2 DeviceA nqa admin test ftp source ip 10 1 1 1 DeviceA nqa admin test ftp operation...

Страница 2520: ...st the connection with a specified HTTP server and the time required to obtain data from the HTTP server Figure 1 7 Network diagram for the HTTP tests Configuration procedure Create an HTTP test group...

Страница 2521: ...0 Display the history of HTTP tests DeviceA display nqa history admin test NQA entry admin admin tag test history record s Index Response Status Time 1 64 Succeeded 2007 11 22 10 12 47 9 UDP Jitter Te...

Страница 2522: ...s Packet lost in test 0 Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to sequence error 0 Failures due to internal error 0 Failures due to other e...

Страница 2523: ...te 0 UDP jitter results RTT number 410 Min positive SD 3 Min positive DS 1 Max positive SD 30 Max positive DS 79 Positive SD number 186 Positive DS number 158 Positive SD sum 2602 Positive DS sum 1928...

Страница 2524: ...gent service and set the SNMP version to all the read community to public and the write community to private DeviceB system view DeviceB snmp agent sys info version all DeviceB snmp agent community re...

Страница 2525: ...admin test NQA entry admin admin tag test history record s Index Response Status Time 1 50 Timeout 2007 11 22 10 24 41 1 TCP Test Configuration Example Network requirements Use the NQA TCP function t...

Страница 2526: ...ge round trip time 13 13 13 Square Sum of round trip time 169 Last succeeded probe time 2007 11 22 10 27 25 1 Extended results Packet lost in test 0 Failures due to timeout 0 Failures due to disconnec...

Страница 2527: ...record number 10 DeviceA nqa admin test udp echo quit Enable UDP echo test DeviceA nqa schedule admin test start time now lifetime forever Disable UDP echo test after the test begins for a period of...

Страница 2528: ...view DeviceA nqa entry admin test DeviceA nqa admin test type voice DeviceA nqa admin test voice destination ip 10 2 2 2 DeviceA nqa admin test voice destination port 9000 DeviceA nqa admin test voic...

Страница 2529: ...691776 One way results Max SD delay 343 Max DS delay 985 Min SD delay 343 Min DS delay 985 Number of SD delay 1 Number of DS delay 1 Sum of SD delay 343 Sum of DS delay 985 Square sum of SD delay 1176...

Страница 2530: ...59 Max DS delay 985 Min SD delay 0 Min DS delay 0 Number of SD delay 4 Number of DS delay 4 Sum of SD delay 1390 Sum of DS delay 1079 Square sum of SD delay 483202 Square sum of DS delay 973651 SD los...

Страница 2531: ...2 Send operation times 1 Receive response times 1 Min Max Average round trip time 19 19 19 Square Sum of round trip time 361 Last succeeded probe time 2007 11 22 10 40 27 7 Extended results Packet lo...

Страница 2532: ...ho Configure the destination IP address of the ICMP echo test operation as 10 2 1 1 SwitchA nqa admin test icmp echo destination ip 10 2 1 1 Configure the interval between two consecutive tests as 100...

Страница 2533: ...of VLAN interface 3 on Switch B SwitchB system view SwitchB interface vlan interface 3 SwitchB Vlan interface3 undo ip address On Switch A display information about all the Track entries SwitchA disp...

Страница 2534: ...abling an Interface from Receiving NTP Messages 1 13 Configuring the Maximum Number of Dynamic Sessions Allowed 1 13 Configuring Access Control Rights 1 13 Configuration Prerequisites 1 14 Configurati...

Страница 2535: ...o means keep time synchronized among all the devices within a network by changing the system clock on each station because this is a huge amount of workload and cannot guarantee the clock precision NT...

Страница 2536: ...e A Device B Device A Device B Device A Device B Device A 10 00 00 am 11 00 01 am 10 00 00 am NTP message 10 00 00 am 11 00 01 am 11 00 02 am NTP message NTP message NTP message received at 10 00 03 a...

Страница 2537: ...p 64 bits Transmit timestamp 64 bits Authenticator optional 96 bits Reference timestamp 64 bits Originate timestamp 64 bits 1 4 Main fields are described as follows z LI 2 bit leap indicator When set...

Страница 2538: ...ement clock synchronization in one of the following modes z Client server mode z Symmetric peers mode z Broadcast mode z Multicast mode You can select operation modes of NTP as needed In case that the...

Страница 2539: ...ssage the client sends a request Clock synchronization message exchange Mode 3 and Mode 4 Periodically broadcasts clock synchronization messages Mode 5 Calculates the network delay between client and...

Страница 2540: ...d the server Then the client enters the multicast client mode and continues listening to multicast messages and synchronizes its local clock based on the received multicast messages In symmetric peers...

Страница 2541: ...k List Complete the following tasks to configure NTP Task Remarks Configuring the Operation Modes of NTP Required Configuring the Local Clock as a Reference Source Optional Configuring Optional Parame...

Страница 2542: ...evices working in the client server mode you only need to make configurations on the clients but not on the servers Follow these steps to configure an NTP client To do Use the command Remarks Enter sy...

Страница 2543: ...icast address or the IP address of the local clock z When the source interface for NTP messages is specified by the source interface argument the source IP address of the NTP messages will be configur...

Страница 2544: ...thentication keyid keyid version number Required A broadcast server can synchronize broadcast clients only after its clock has been synchronized Configuring NTP Multicast Mode The multicast server per...

Страница 2545: ...ticast clients among which 128 can take effect at the same time Configuring the Local Clock as a Reference Source A network device can get its clock synchronized in one of the following two ways z Syn...

Страница 2546: ...P address of the NTP messages as the primary IP address of the specified interface when sending the NTP messages When the device responds to an NTP request received the source IP address of the NTP re...

Страница 2547: ...rmits the peer devices to perform control query to the NTP service on the local device but does not permit a peer device to synchronize its clock to that of the local device The so called control quer...

Страница 2548: ...izing with a device that has failed authentication Configuration Prerequisites The configuration of NTP authentication involves configuration tasks to be implemented on the client and on the server Wh...

Страница 2549: ...nfigure the key as a trusted key ntp service reliable authentication keyid keyid Required No authentication key is configured to be trusted by default Client server mode ntp service unicast server ip...

Страница 2550: ...pecify it as a trusted key after associating the key with the NTP server The procedure of configuring NTP authentication on a server is the same as that on a client and the same authentication key mus...

Страница 2551: ...000 UTC Jan 1 1900 00000000 00000000 Specify Device A as the NTP server of Device B so that Device B is synchronized to Device A DeviceB system view DeviceB ntp service unicast server 1 0 1 11 View t...

Страница 2552: ...while Device B is the symmetric passive peer Figure 1 8 Network diagram for NTP symmetric peers mode configuration Switch A Switch B Switch C 3 0 1 31 24 3 0 1 32 24 3 0 1 33 24 Configuration procedu...

Страница 2553: ...nchronized to Device C and the clock stratum level of Device B is 2 while that of Device C is 1 View the NTP session information of Device B which shows that an association has been set up between Dev...

Страница 2554: ...D to work in the broadcast client mode and receive broadcast messages on VLAN interface 2 SwitchD system view SwitchD interface vlan interface 2 SwitchD Vlan interface2 ntp service broadcast client 3...

Страница 2555: ...rce peer 3 selected 4 candidate 5 configured Total associations 1 Configuring NTP Multicast Mode Network requirements z Switch C s local clock is to be used as a reference source with the stratum leve...

Страница 2556: ...z Clock precision 2 18 Clock offset 0 0000 ms Root delay 31 00 ms Root dispersion 8 31 ms Peer dispersion 34 30 ms Reference time 16 01 51 713 UTC Sep 19 2005 C6D95F6F B6872B02 As shown above Switch D...

Страница 2557: ...e status Clock status synchronized Clock stratum 3 Reference clock ID 3 0 1 31 Nominal frequency 100 0000 Hz Actual frequency 100 0000 Hz Clock precision 2 18 Clock offset 0 0000 ms Root delay 40 00 m...

Страница 2558: ...Device B DeviceB ntp service authentication enable Set an authentication key DeviceB ntp service authentication keyid 42 authentication mode md5 aNiceKey Specify the key as a trusted key DeviceB ntp s...

Страница 2559: ...urce peer 3 selected 4 candidate 5 configured Total associations 1 Configuring NTP Broadcast Mode with Authentication Network requirements z Switch C s local clock is to be used as a reference source...

Страница 2560: ...interface 2 and Switch C can send broadcast messages through VLAN interface 2 Upon receiving a broadcast message from Switch C Switch D synchronizes its clock to that of Switch C View the NTP status...

Страница 2561: ...tric peers mode but not in the multicast or broadcast mode Figure 1 13 Network diagram for MPLS VPN time synchronization configuration CE 1 CE 2 CE 4 CE 3 PE 1 PE 2 P VPN 1 VPN 2 VPN 1 VPN 2 Vlan int...

Страница 2562: ...time later The information should show that CE 3 has been synchronized to CE 1 with the clock stratum level of 2 CE3 display ntp service status Clock status synchronized Clock stratum 2 Reference cloc...

Страница 2563: ...time later The information should show that PE 2 has been synchronized to PE 1 with the clock stratum level of 2 PE2 display ntp service status Clock status synchronized Clock stratum 2 Reference cloc...

Страница 2564: ...1 6 Step by Step Patch Installation Task List 1 6 Configuring the Patch File Location 1 6 Loading a Patch File 1 7 Activating Patches 1 7 Confirming Running Patches 1 8 One Step Patch Uninstallation...

Страница 2565: ...device that is it can repair the software defects of the current version without rebooting the device Basic Concepts in Hotfix Patch and patch file A patch also called patch unit is a package to fix...

Страница 2566: ...be in the state of IDLE DEACTIVE ACTIVE and RUNNING Load run temporarily confirm running stop running delete install and uninstall represent operations corresponding to commands of patch load patch ac...

Страница 2567: ...memory patch area and are in the DEACTIVE state At this time the patch states in the system are as shown in Figure 1 3 The patches that are in the DEACTIVE state will be still in the DEACTIVE state af...

Страница 2568: ...of the system are as shown in Figure 1 5 Figure 1 5 Patches are running The patches that are in the RUNNING state will be still in the RUNNING state after system reboot Hotfix Configuration Task List...

Страница 2569: ...roduct Card type PATCH FLAG Default patch name mpu PATCH MPU patch_mpu bin lpb PATCH LPB patch_lpb bin S7900E lpr PATCH LPR patch_lpr bin The loading and installation are performed on all cards that a...

Страница 2570: ...Location Optional Loading a Patch File Required Activating Patches Required Confirming Running Patches Optional Configuring the Patch File Location If you save the patch files to other storage media e...

Страница 2571: ...ill try to load the patch file from the CF card Set the file transfer mode to binary mode before using FTP or TFTP to upload download patch files to from the flash of the device Otherwise patch file c...

Страница 2572: ...slot slot number Required Confirming Running Patches After you confirm the running of a patch the patch state becomes RUNNING and the patch is in the normal running stage After the device is reset or...

Страница 2573: ...IVE and the system runs in the way before it is installed with the patch Follow the steps below to stop running patches distributed device To do Use the command Remarks Enter system view system view S...

Страница 2574: ...n any view Hotfix Configuration Examples Hotfix Configuration Example Network requirements z The software running on Device is of some problem and thus hotfixing is needed z The patch files patch_mpu...

Страница 2575: ...n from the TFTP server to the AMB Device tftp 2 2 2 2 get patch_mpu bin Device tftp 2 2 2 2 get patch_lpr bin Device tftp 2 2 2 2 get patch_lpb bin Copy the patch files to the root directory of the SM...

Страница 2576: ...rating Mode 1 9 Configuring IRF 1 10 Setting a Member ID for a Device 1 10 Specifying a Priority for an IRF Member 1 11 Configuring IRF Ports 1 11 Specifying the Preservation Time of IRF Bridge MAC Ad...

Страница 2577: ...y configurations and then these devices are virtualized into a virtual device This virtualization technology realizes the cooperation of multiple devices unified management and non stop maintenance He...

Страница 2578: ...thus the reliability of the IRF system is increased through the link backup z Powerful network expansion capability By adding member devices you can increase the number of IRF ports and expand network...

Страница 2579: ...following describes some basic concepts in IRF Operation mode The device can operate in either of the following two modes z Standalone mode The device operates in a standalone manner It does not form...

Страница 2580: ...cal standby SRPU A local standby SRPU is the standby SRPU of a member device As an optional hardware configuration it acts as the backup of the local active SRPU The active SRPU of the IRF The active...

Страница 2581: ...nt involves four stages Physical Connections Topology Collection Role Election and IRF Management and Maintenance You need to first connect the IRF members physically and then the devices will perform...

Страница 2582: ...2 Upon receiving the topology information from the directly connected neighbor it updates the local topology information 3 If there is a local standby SRPU configured the local active SRPU synchronize...

Страница 2583: ...chassis2 slot1 flash test cfg indicates that a file named test cfg is saved under the root directory of the flash on the SRPU in slot 1 of member device 2 Therefore to ensure the uniqueness of member...

Страница 2584: ...ctive ID to operate normally The state of all the other IRFs will be set to recovery and all the ports in them will be shut down except for the IRF ports and ports manually specified not to shut down...

Страница 2585: ...g LACP MAD detection Optional Specifying the reserved ports Optional Configuring MAD Detection Failure recovery Optional Accessing the Master Required Accessing an IRF Accessing a Slave Optional After...

Страница 2586: ...reboot automatically as soon as you confirm the operation of switching the operating mode Configuring IRF Setting a Member ID for a Device The member ID of a device defaults to 1 Before an IRF is for...

Страница 2587: ...n modify the priority through command lines Follow these steps to specify a priority for an IRF member To do Use the command Remarks Enter system view system view Specify a priority for an IRF member...

Страница 2588: ...king mode of a physical IRF port By default the working mode of a physical IRF port is normal An SC interface card does not support configuration of the working mode of physical IRF ports as enhanced...

Страница 2589: ...address To do Use the command Remarks Enter system view system view Configure the IRF bridge MAC address to be preserved permanently after the master leaves irf mac address persistent always Specify...

Страница 2590: ...erwise the IRF system will not be aware of the IRF topology changes in time and thus the service will be recovered slowly Configuring MAD Detection IRF of distributed devices supports two MAD approach...

Страница 2591: ...ive z When the IRF operates normally only the MAD IP address of the master is effective and the BFD session is down z When the IRF splits into two or multiple IRFs all the MAD IP addresses of the mast...

Страница 2592: ...a common IP address are not mutually interfered they can coexist the MAD IP address automatically becomes the slave address after being configured and the common IP address becomes the primary addres...

Страница 2593: ...it system view quit Enter the view of the port that connects to the LACP MAD detection link interface interface type interface number Assign the port to the aggregation group for LACP MAD detection po...

Страница 2594: ...se the command Remarks Enter system view system view Restore devices in the recovery state to the normal state mad restore Required Accessing an IRF Accessing the Master After an IRF is formed you can...

Страница 2595: ...view system view Log in to the specified slave device of an IRF irf switch to chassis chassis number slot slot number Required By default you actually log in to the master device of an IRF when you l...

Страница 2596: ...ns z To increase the number of access ports additional devices are needed In this example Device B is added z To address the requirements for high availability ease of management and maintenance use I...

Страница 2597: ...to make the configuration of member ID take effect After logging in to the device again create IRF port2 1 of the device and bind it to the physical IRF port Ten GigabitEthernet 2 3 0 25 and then save...

Страница 2598: ...GE2 3 0 25 IRF port2 1 GE1 3 0 2 GE2 3 0 2 Device A Device B IRF IRF link Note The solid orange line represents the IRF link the solid magenta lines represent links used for LACP MAD detection the sol...

Страница 2599: ...Ten GigabitEthernet1 3 0 25 save Configure Device B Sysname system view Sysname chassis convert mode irf This command will convert the device to IRF mode and the device will reboot Are you sure Y N y...

Страница 2600: ...evice A and Device B Sysname interface gigabitethernet 1 3 0 2 Sysname GigabitEthernet1 3 0 2 port link aggregation group 2 Sysname GigabitEthernet1 3 0 2 quit Sysname interface gigabitethernet 2 3 0...

Страница 2601: ...i Table of Contents 1 IPC Configuration 1 1 IPC Overview 1 1 Introduction to IPC 1 1 Enabling IPC Performance Statistics 1 2 Displaying and Maintaining IPC 1 3...

Страница 2602: ...efore a distributed device corresponds to multiple nodes Therefore in actual application IPC is mainly applied on an IRF or distributed device it provides a reliable transmission mechanism between dif...

Страница 2603: ...ate multiple multicast groups The creation and deletion of a multicast group and multicast group members depend on the application module z Mixcast namely both unicast and multicast are supported Enab...

Страница 2604: ...a node display ipc multicast group node node id self node Display packet information of a node display ipc packet node node id self node Display link status information of a node display ipc link nod...

Страница 2605: ...CFP The Application Control Forwarding Protocol ACFP is developed based on the OAA architecture This document describes z Introduction to ACFP z Configuring the ACFP Server Switch z Configuring ACFP C...

Страница 2606: ...i Table of Contents 1 OAP Configuration 1 1 OAP Overview 1 1 Configuring an OAP Card 1 1 Logging In to the Software System of an OAP Card Through the Switch 1 1 Restarting an OAP Card 1 2...

Страница 2607: ...to load software of different functions Meanwhile after an OAP card is installed into the switch it can quickly implement applications such as security and wireless control which satisfies users dive...

Страница 2608: ...an OAP Card If the software system of an OAP card works abnormally or is under other anomalies you can restart the OAP card with the following command Follow the step to restart an OAP card To do Use...

Страница 2609: ...P Collaboration 1 2 ACFP Management 1 2 ACFP Information Overview 1 2 Using ACFP 1 5 ACFP Configuration Task List 1 5 Configuring the ACFP Server Switch 1 6 Enabling the ACFP Server 1 6 Enabling the A...

Страница 2610: ...e advantages of respective manufacturers for better support of new services while reducing user investments The open application architecture OAA is an open service architecture developed with this co...

Страница 2611: ...cluding inbound interface and outbound interface of the packet and collaboration rules When the packet received by the ACFP server is redirected or mirrored to the ACFP client after matching a collabo...

Страница 2612: ...the context ID the HGPlus context only The above mentioned information indicates the collaboration capabilities of an ACFP server ACFP clients can access this information through a collaboration prot...

Страница 2613: ...P collaboration rules refer to the collaboration rules that the ACFP client sends to the ACFP server for application There are three types of collaboration rules z Monitoring rules that is to monitor...

Страница 2614: ...ules that belong to it Using ACFP z In a GRE tunneling environment an ACFP policy can be configured on a tunnel interface only z QoS processing such as marking the QoS local ID and local priority for...

Страница 2615: ...ings ACFP server does not support the working mode of the ACFP client errors Expiration period of ACFP collaboration policy changed notifications ACFP collaboration rules are created informational ACF...

Страница 2616: ...face type interface number out interface interface type interface number active inactive Display ACFP rule configuration information display acfp rule info in interface interface type interface number...

Страница 2617: ...I Startup and Running 1 2 ACSEI Server Configuration Switch 1 2 Enabling ACSEI Server 1 2 Configuring the Clock Synchronization Timer 1 3 Configuring the Monitoring Timer 1 3 Closing an ACSEI Client 1...

Страница 2618: ...Open Application Architecture OAA The collaborating IDS Intrusion Detection System cards or IDS devices serve as the ACFP clients which run applications of other vendors and support the IPS Intrusion...

Страница 2619: ...sts to the ACSEI server You cannot set this timer ACSEI Startup and Running ACSEI starts up and runs in the following procedures 1 Run the ACSEI client application to enable ACSEI client 2 Start up th...

Страница 2620: ...view system view Enable the ACSEI server function acsei server enable Required Enter ACSEI server view acsei server Configure the monitoring timer for ACSEI server to monitor ACSEI client acsei timer...

Страница 2621: ...Display ACSEI client summary display acsei client summary client id Display ACSEI client information display acsei client info client id Available in any view Configuring ACSEI Client OAP Card As a f...

Результаты поиска

Содержание S7906E - Switch

Отзывы:

Похожие инструкции для S7906E - Switch

Бренды по названию

Популярные бренды

3Com S7906E - Switch, Руководство по настройке

Результаты поиска

Содержание S7906E - Switch

Отзывы:

Похожие инструкции для S7906E - Switch

Бренды по названию

Популярные бренды