3Com Switch 7757 Скачать руководство пользователя страница 391 | Manualshive

Страница: 391 / 940

background image

Introduction to 802.1x

391

The Mechanism of an

802.1x Authentication

System

IEEE 802.1x authentication system uses extensible authentication protocol (EAP) to
exchange information between the supplicant system and the authentication
server.

Figure 89

The mechanism of an 802.1x authentication system

■

EAP protocol packets transmitted between the supplicant system and the
authenticator system are encapsulated as EAPoL packets.

■

EAP protocol packets transmitted between the supplicant system PAE and the
RADIUS server can either be encapsulated as EAPoR (EAP over RADIUS) packets
or be terminated at system PAEs (The system PAEs then communicate with
RADIUS servers through PAP (password authentication protocol) or CHAP
(challenge-handshake authentication protocol) protocol packets.)

■

When a supplicant system passes the authentication, the authentication server
passes the information about the supplicant system to the authenticator
system. The authenticator system in turn determines the state (authorized or
unauthorized) of the controlled port according to the instructions (accept or
reject) received from the RADIUS server.

Encapsulation of EAPoL

Messages

The format of an EAPoL packet

EAPoL is a packet encapsulation format defined in 802.1x. To enable EAP protocol
packets to be transmitted between supplicant systems and authenticator systems
through LANs, EAP protocol packets are encapsulated in EAPoL format. The
following figure illustrates the structure of an EAPoL packet.

Figure 90

The format of an EAPoL packet

In an EAPoL packet:

■

The PAE Ethernet type field holds the protocol identifier. The identifier for
802.1x is 0x888E.

■

The Protocol version field holds the version of the protocol supported by the
sender of the EAPoL packet.

■

The Type field can be one of the following:

00: Indicates that the packet is an EAP-packet, which carries authentication
information.

01: Indicates that the packet is an EAPoL-start packet, which initiates
authentication.

Supplicant system

PAE

Authenticator system

PAE

Authentication server

system

EAPOL

RADIUS

0

15

PAE Ethernet type

Packet body

Type

Protocol version

Length

7

2

4

6

N

«
...
389
390
391
392
393
...
»

Содержание Switch 7757

Страница 1: ...3Com Switch 7750 Family Configuration Guide Switch 7750 Switch 7754 Switch 7757 Switch 7758 www 3Com com Part Number 10015462 Rev AD Published December 2007...

Страница 2: ...252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or d...

Страница 3: ...Authentication Mode Being None 39 Console Port Login Configuration with Authentication Mode Being Password 42 Console Port Login Configuration with Authentication Mode Being Scheme 46 4 LOGGING IN TH...

Страница 4: ...FILE MANAGEMENT Introduction to Configuration File 83 Configuration File Related Operations 83 10 VLAN OVERVIEW VLAN Overview 87 Port Based VLAN 89 Protocol Based VLAN 91 11 VLAN CONFIGURATION VLAN C...

Страница 5: ...ecial IP Packets to CPU 132 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network 132 Disabling ICMP Error Message Sending 133 Displaying and Debugging IP Performance 133 Troubles...

Страница 6: ...89 Displaying and Maintaining Link Aggregation Configuration 192 Link Aggregation Configuration Example 193 24 PORT ISOLATION CONFIGURATION Port Isolation Overview 195 Configuring Port Isolation 195 D...

Страница 7: ...figuration 264 Digest Snooping Configuration 268 Rapid Transition Configuration 269 BPDU Tunnel Configuration 272 STP Maintenance Configuration 274 MSTP Displaying and Debugging 274 MSTP Implementatio...

Страница 8: ...IS IS Configuration Example 345 36 BGP CONFIGURATION BGP Overview 349 BGP Configuration Tasks 354 Basic BGP Configuration 355 Configuring the Way to Advertise Receive Routing Information 356 Configuri...

Страница 9: ...Architecture 416 Forwarding Mechanism of Multicast Packets 420 42 GMRP CONFIGURATION GMRP Overview 423 Configuring GMRP 423 Displaying and Maintaining GMRP 424 GMRP Configuration Example 424 43 IGMP...

Страница 10: ...93 MSDP Configuration Example 494 Troubleshooting MSDP Configuration 504 49 AAA RADIUS HWTACACS CONFIGURATION Overview 507 Configuration Tasks 516 AAA Configuration 518 RADIUS Configuration 525 HWTACA...

Страница 11: ...xample 584 56 DHCP OVERVIEW Introduction to DHCP 589 DHCP IP Address Assignment 589 DHCP Packet Format 590 DHCP Packet Processing Modes 592 Protocols and Standards 592 57 DHCP SERVER CONFIGURATION Int...

Страница 12: ...playing ACL Configuration 652 ACL Configuration Example 653 61 QOS CONFIGURATION Overview 657 QoS Supported by the Switch 7750 666 Setting Port Priority 666 Configuring Priority to Be Used When a Pack...

Страница 13: ...oE Supervision Information 729 PoE PSU Supervision Configuration Example 729 66 POE PROFILE CONFIGURATION Introduction to PoE Profile 731 PoE Profile Configuration Tasks 731 Displaying PoE Profile Con...

Страница 14: ...n Tasks 798 Basic Configuration of BIMS Device 798 Configuring BIMS Access Mode 799 BIMS Configuration Example 800 74 FTP AND TFTP CONFIGURATION FTP Configuration 803 TFTP Configuration 810 75 INFORMA...

Страница 15: ...kets Monitoring 868 Displaying the Device Management Configuration 869 Remote Switch Update Configuration Example 870 81 REMOTE PING CONFIGURATION Remote ping Overview 873 Remote ping Configuration 87...

Страница 16: ...r Link Configuration 934 Monitor Link Configuration Example 934 86 CONFIGURING HARDWARE DEPENDENT SOFTWARE Configuring Boot ROM Upgrade with App File 937 Configuring Inter Card Link State Adjustment 9...

Страница 17: ...hat are used throughout this guide Related Documentation The following manuals offer additional information necessary for managing your Switch 7750 Switch 7750 Command Reference Guide Provides detaile...

Страница 18: ...If information in this guide differs from information in the release notes use the information in the Release Notes These documents are available in Adobe Acrobat Reader Portable Document Format PDF...

Страница 19: ...level Commands at this level are mainly used to diagnose network and change the language mode of user interface and cannot be saved in configuration files For example the ping tracert and language mo...

Страница 20: ...into four command levels visit monitor system and manage which are identified as 0 1 2 and 3 respectively The administrator can change the command level a command belongs to Table 3 lists the operatio...

Страница 21: ...iew Ethernet port view Null interface view Tunnel interface view AUX interface view VLAN view VLAN interface view Loopback interface view Local user view User interface view FTP client view SFTP clien...

Страница 22: ...estination prefix aggregation view Netstream source and destination aggregation view Smart link group view Table 4 lists information about CLI views including the operations you can performed in these...

Страница 23: ...rn to system view Execute the return command to return to user view Tunnel interface view Configure tunnel interface parameters SW7750 Tunne l0 Execute the interface tunnel 0 command in system view Ex...

Страница 24: ...meters sftp client Execute the sftp 10 1 1 1 command in system view Execute the quit command to return to user view Cluster view Configure cluster parameters SW7750 cluster Execute the cluster command...

Страница 25: ...and in system view Execute the peer public key end command to return to system view Public key code view Edit RSA public keys of SSH users SW7750 rsa ke y code Execute the public key code begin comman...

Страница 26: ...user view ES IS view Configure parameters for the ES IS protocol SW7750 esis Execute the esis command in system view Execute the quit command to return to system view Execute the return command to ret...

Страница 27: ...view Execute the quit command to return to system view Execute the return command to return to user view QinQ view Create QinQ instances and configure parameters for QinQ SW7750 Gigabi tEthernet4 0 1...

Страница 28: ...tion view Configure netstream protocol port aggregation parameters SW7750 aggregation pr otport Execute the ip netstream aggregation protocol port command in system view Execute the quit command to re...

Страница 29: ...in this position of the command on your terminal to display all the available keywords and their brief descriptions The following takes the clock command as an example SW7750 clock datetime Specify t...

Страница 30: ...ranslate the help into Chinese Terminal Display CLI provides the following display feature Display suspending That is the displaying of output information can be split when the screen is full and you...

Страница 31: ...ed too many parameters Ambiguous command The parameters entered are ambiguous Wrong parameter The input parameter is wrong Table 8 Edit operations Press To A common key Insert the character the key re...

Страница 32: ...32 CHAPTER 1 CLI OVERVIEW...

Страница 33: ...er Two kinds of user interface index exist absolute user interface index and relative user interface index 1 The absolute user interface indexes are as follows AUX user interface 0 VTY user interfaces...

Страница 34: ...connect a specified user interface free user interface type number Optional Execute this command in user view Enter system view system view Enable copyright information displaying copyright info enabl...

Страница 35: ...ough the Console Port Following are the procedures to connect to a switch through the Console port 1 Connect the serial port of your PC terminal to the Console port of the switch as shown in Figure 1...

Страница 36: ...36 CHAPTER 3 LOGGING IN THROUGH THE CONSOLE PORT Figure 2 Create a connection Figure 3 Specify the port used to establish the connection...

Страница 37: ...e character The commands available on a switch are described in the related module of the command manual Console Port Login Configuration Common Configuration Table 12 lists the common configuration o...

Страница 38: ...ble Optional By default terminal services are available in all user interfaces Set the maximum number of lines the screen can contain Optional By default the screen can contain up to 24 lines Set hist...

Страница 39: ...RADIUS users Required The user name and password of a local user are configured on the switch The user name and password of a RADIUS user are configured on the RADIUS server Refer to user manual of RA...

Страница 40: ...and level available to users logging into the user interface user privilege level level Optional By default commands of level 3 are available to users logging into the AUX user interface Make terminal...

Страница 41: ...can contain up to 20 commands The timeout time of the AUX user interface is 6 minutes Set the timeout time for the user interface idle timeout minutes seconds Optional The default timeout time of a us...

Страница 42: ...user privilege level 2 Set the baud rate of the Console port to 19 200 bps SW7750 ui aux0 speed 19200 Set the maximum number of lines the screen can contain to 30 SW7750 ui aux0 screen length 30 Set t...

Страница 43: ...trol Set the stop bits stopbits 1 1 5 2 Optional The default stop bits of a Console port is 1 Set the data bits databits 7 8 Optional The default data bits of a Console port is 8 Configure the command...

Страница 44: ...can store up to 20 commands The timeout time of the AUX user interface is 6 minutes Set the timeout time for the user interface idle timeout minutes seconds Optional The default timeout time of a use...

Страница 45: ...he local password to 123456 in plain text SW7750 ui aux0 set authentication password simple 123456 Specify commands of level 2 are available to users logging into the AUX user interface SW7750 ui aux0...

Страница 46: ...nt you need to perform the following configuration as well Perform AAA RADIUS configuration on the switch Refer to AAA Configuration on page 518 and RADIUS Configuration on page 525 for more Configure...

Страница 47: ...does not perform flow control Set the stop bits stopbits 1 1 5 2 Optional The default stop bits of a Console port is 1 Set the data bits databits 7 8 Optional The default data bits of a Console port i...

Страница 48: ...and buffer can store up to 10 commands by default Set the timeout time for the user interface idle timeout minutes seconds Optional The default timeout time of a user interface is 10 minutes With the...

Страница 49: ...er view SW7750 local user guest Set the authentication password to 1234567890 in plain text SW7750 luser guest password simple 1234567890 Set the service type of the local user to Terminal with the av...

Страница 50: ...50 CHAPTER 3 LOGGING IN THROUGH THE CONSOLE PORT SW7750 ui aux0 history command max size 20 Set the timeout time of the AUX user interface to 6 minutes SW7750 ui aux0 idle timeout 6...

Страница 51: ...Configuration Description VTY user interface configuration Configure the command level available to users logging into the VTY user interface Optional By default commands of level 0 are available to...

Страница 52: ...r RADIUS authentication Optional Local authentication is performed by default Refer to Configuring RADIUS Authentication Authorization Servers on page 525 for more Configure user name and password Con...

Страница 53: ...s are available in all user interfaces Set the maximum number of lines the screen can contain screen length screen length Optional By default the screen can contain up to 24 lines You can use the scre...

Страница 54: ...for Telnet configuration with the authentication mode being none Configuration procedure Enter system view SW7750 system view Enter VTY 0 user interface view SW7750 user interface vty 0 Configure not...

Страница 55: ...tion mode being password Operation Command Description Enter system view system view Enter one or more VTY user interface views user interface vty first number last number Configure to authenticate us...

Страница 56: ...ormation in pages Set the history command buffer size history command max size value Optional The default history command buffer size is 10 That is a history command buffer can store up to 10 commands...

Страница 57: ...ure to authenticate users logging into VTY 0 using the local password SW7750 ui vty0 authentication mode password Set the local password to 123456 in plain text SW7750 ui vty0 set authentication passw...

Страница 58: ...accordingly on the AAA server Refer to the user manual of AAA server Configure the AAA scheme to be applied to the domain scheme local none radius scheme radius scheme name local hwtacacs scheme hwta...

Страница 59: ...screen can contain screen length screen length Optional By default the screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information in pages...

Страница 60: ...authenticated in the RSA mode of SSH The user privilege level level command is not executed and the service type command does not specify the available command level Level 0 The user privilege level...

Страница 61: ...and buffer can store up to 20 commands The timeout time of VTY 0 is 6 minutes Network diagram Figure 10 Network diagram for Telnet configuration with the authentication mode being scheme Configuration...

Страница 62: ...u log in through the Console port Connect the serial port of your PC terminal to the Console port of the switch as shown in Figure 11 Figure 11 Diagram for establishing connection to a Console port La...

Страница 63: ...parameter as shown in Figure 13 Figure 13 Launch Telnet 5 Enter the password when the Telnet window displays Login authentication and prompts for login password The CLI prompt such as SW7750 appears i...

Страница 64: ...m Telnet related configuration on the switch operating as the Telnet server Refer to Telnet Configuration with Authentication Mode Being None on page 52 Telnet Configuration with Authentication Mode B...

Страница 65: ...switch side is available Configuration on the Switch Side Modem Configuration Perform the following configuration on the modem directly connected to the switch AT F Restore the factory settings ATS0 1...

Страница 66: ...tion mode configuration Configuration on switch when the authentication mode is none Refer to Console Port Login Configuration with Authentication Mode Being None on page 39 Configuration on switch wh...

Страница 67: ...X port also the Console port be set to a value lower than the transmission speed of the modem Otherwise packets may get lost 3 Connect your PC the modems and the switch as shown in the following figur...

Страница 68: ...ted modules in the command manual for detailed configuration commands n If you perform no AUX user related configuration on the switch the commands of level 3 are available to modem users Refer to Com...

Страница 69: ...n procedures of the Modem attribute Operation Command Description Enter system view system view Enter AUX user interface view user interface aux 0 Enable Modem call in call in and call out modem call...

Страница 70: ...70 CHAPTER 5 LOGGING IN USING MODEM...

Страница 71: ...in Create a Web user account setting both the user name and the password to admin and the user level to 3 SW7750 system view SW7750 local user admin SW7750 luser admin service type telnet level 3 SW77...

Страница 72: ...is configured with the header command when a user logs in through Web the banner page is displayed before the user login authentication page The contents of the banner page are the login banner infor...

Страница 73: ...of the switch in the address bar of the browser running on the user terminal and press Enter the browser will display the banner page as shown in Figure 21 Figure 21 Banner page displayed when a user...

Страница 74: ...HTTP service is enabled disabled after the corresponding configuration Enabling the Web server by using the undo ip http shutdown command opens TCP 80 port Disabling the Web server by using the ip htt...

Страница 75: ...uration on both the NMS and the switch Connection Establishment Using NMS Figure 22 Network diagram for logging in through an NMS Table 34 Requirements for logging into a switch through an NMS Item Re...

Страница 76: ...76 CHAPTER 7 LOGGING IN THROUGH NMS...

Страница 77: ...olling Telnet Users by Source IP Addresses on page 77 By source and destination IP address Through advanced ACL Controlling Telnet Users by Source and Destination IP Addresses on page 78 SNMP By sourc...

Страница 78: ...tion Enter system view system view Create an advanced ACL or enter advanced ACL view acl number acl number name acl name advanced match order config auto As for the acl number command the config keywo...

Страница 79: ...stem view Create a basic ACL or enter basic ACL view acl number acl number name acl name basic match order config auto As for the acl number command the config keyword is specified by default Define r...

Страница 80: ...ample Network requirements Only SNMP users sourced from the IP addresses of 10 110 100 52 and 10 110 100 46 are permitted to access the switch Network diagram Figure 23 Network diagram for controlling...

Страница 81: ...commands Configuration Example Network requirements Only the Web users sourced from the IP address of 10 110 100 52 are permitted to access the switch Table 39 Control Web users by source IP addresse...

Страница 82: ...a basic ACL SW7750 system view SW7750 acl number 2030 SW7750 acl basic 2030 rule 1 permit source 10 110 100 52 0 SW7750 acl basic 2030 quit Apply ACL 2030 to only permit the Web users sourced from th...

Страница 83: ...into sections by command view The commands that are of the same command view are grouped into one section Sections are separated by empty lines or comment lines A line is a comment line if it starts...

Страница 84: ...the system saves the configuration files in the safely saving mode In this mode the configuration files are saved slowly However the original configuration files will be saved in the Flash if the dev...

Страница 85: ...the configuration before restarting a device so that the current configuration remains after the device is restarted If you use the save command to save the current configuration file without specifyi...

Страница 86: ...86 CHAPTER 9 CONFIGURATION FILE MANAGEMENT...

Страница 87: ...t the inbound port of the packet In this case a host in the network receives a lot of packets whose destination is not the host itself Thus plenty of bandwidth resources are wasted causing potential s...

Страница 88: ...hosts When the physical position of a host changes within the range of the VLAN you need not change its network configuration VLAN Principles VLAN tags in the packets are necessary for the switch to i...

Страница 89: ...hen the switch receives an un VLAN tagged packet it will encapsulate a VLAN tag with the default VLAN ID of the inbound port for the packet and the packet will be assigned to the default VLAN of the i...

Страница 90: ...with a default VLAN the port receives and sends packets in a way related to its link type For detailed description refer to Table 42 Table 43 and Table 44 Table 42 Packet processing of an Access port...

Страница 91: ...ernet data for you to understand well the procedure for the switch to identify the packet protocols Ethernet II and 802 2 802 3 encapsulation In the link layer there are two main packet encapsulation...

Страница 92: ...col supports 802 3 raw encapsulation format currently This format is identified by the two bytes whose value is 0xFFFF after the length field 802 2 logical link control LLC encapsulation the length fi...

Страница 93: ...tion Control field Invalid packets that cannot be matched dsap ssap value 802 2 SNAP encapsulation Match the dsap ssap value 802 2 LLC encapsulation Match the type value 802 3 raw encapsulation 0x05DD...

Страница 94: ...eria The user defined template adopts the user defined encapsulation formats and values of some specific fields as the matching criteria After configuring the protocol template you must add a port to...

Страница 95: ...he system can suppress broadcast storm avoid network congestion and ensure normal network operation Table 46 Basic VLAN configuration Operation Command Description Enter system view system view Create...

Страница 96: ...e VLAN interface are down the VLAN interface is down disabled if one or more ports of the VLAN interface are up the VLAN interface is up enabled Enter VLAN view vlan vlan id Set VLAN broadcast storm s...

Страница 97: ...1 Display VLAN configuration Operation Command Description Display the VLAN interface information display interface Vlan interface vlan id You can execute the display command in any view Display the V...

Страница 98: ...you need to use the Access port as a medium For example the Trunk port has to be configured as an Access port first and then a Hybrid port To do Use the command Remarks Enter system view system view...

Страница 99: ...0 2 to VLAN 2 and add Ethernet2 0 3 and Ethernet2 0 4 to VLAN 3 Network diagram Figure 34 Network diagram for VLAN configuration Configuration procedure Create VLAN 2 and enter its view SW7750 system...

Страница 100: ...gure both ipx raw standard template and LLC user defined template whose dsap and ssap are both ff in the same VLAN It is not allowed to configure both ipx ethernetii standard template and EthernetII u...

Страница 101: ...ot be removed If a protocol of a VLAN has been distributed to a port the VLAN cannot be removed from the port If a protocol of a VLAN has been distributed to a port the protocol cannot be removed from...

Страница 102: ...ation Table 55 Protocol based VLAN creation on different cards Description Type A card Non Type A card Create protocol based VLAN on specific module in system view Not supported Supported only for all...

Страница 103: ...t to be a hybrid port SW7750 Ethernet2 0 5 port link type hybrid Add the port to VLAN 5 and add VLAN 5 to the untagged VLAN list of the port SW7750 Ethernet2 0 5 port hybrid vlan 5 untagged Associate...

Страница 104: ...50 vlan7 protocol vlan 2 mode snap etype abcd Enter port view of the Ethernet2 0 7 SW7750 vlan7 interface Ethernet 2 0 7 Configure Ethernet2 0 7 as a hybrid port SW7750 Ethernet2 0 7 port link type hy...

Страница 105: ...bits of a MAC address The following table shows the five default OUI addresses of a switch You can create multiple voice VLANs and bind each voice VLAN to a port In this way the voice traffic received...

Страница 106: ...it As multiple types of IP voice devices exist you need to match port mode with types of voice stream sent by IP voice devices as listed in Table 58 Table 58 Matching relationship between port modes...

Страница 107: ...ice VLAN And the access port permits the packets of the default VLAN Hybrid Supported Make sure the default VLAN of the port exists and is in the list of the tagged VLANs whose packets are permitted b...

Страница 108: ...N to the port as a voice VLAN voice vlan vlan id Required By default no voice VLAN is bound to a port Enable the voice VLAN legacy function on the port voice vlan legacy Optional By default voice VLAN...

Страница 109: ...Add the port to the VLAN port interface list Trunk or Hybrid port Enter port view interface interface type interface number Add the port to the voice VLAN port trunk permit vlan vlan id port hybrid vl...

Страница 110: ...eature realizes the communication between 3Com s devices and other vendor s voice devices by automatically adding the voice VLAN tag to the voice data coming from other vendors voice devices The voice...

Страница 111: ...ind VLAN 2 to Ethernet 2 0 3 as a voice VLAN Configure the OUI address to be 0011 2200 0000 with the description string being test Configuration procedure Create VLAN 3 SW7750 system view SW7750 vlan...

Страница 112: ...aging time 1440 minutes Current voice vlan enabled port mode PORT MODE STATUS Voice Vlan ID Ethernet2 0 3 MANUAL ENABLE 3 Remove Ethernet2 0 3 port from the voice VLAN SW7750 interface Ethernet2 0 3...

Страница 113: ...without VLAN tags Therefore the switch can reset the local VLAN structure to save VLAN resource without considering the VLAN configuration in the lower layer Isolate User VLAN Packets Forwarding Proce...

Страница 114: ...thernet2 0 1 of Switch B the packets are automatically added with default VLAN ID that is the tag of VLAN 5 2 According to the MAC address forwarding table copied in the outbound process the system wi...

Страница 115: ...VLAN and the secondary VLAN must be hybrid ports and all ports must perform untag operation on all VLAN packets Configure the mapping between the isolate user VLAN and the secondary VLAN Required Conf...

Страница 116: ...he VLAN configurations of the lower layer switches VLAN 5 on Switch B is an isolate user VLAN which includes the uplink port Ethernet2 0 1 and two secondary VLANs VLAN 2 and VLAN 3 VLAN 3 includes por...

Страница 117: ...id broadcast SwitchB vlan2 quit SwitchB interface Ethernet 2 0 2 SwitchB Ethernet2 0 2 port link type hybrid SwitchB Ethernet2 0 2 port hybrid vlan 3 untagged SwitchB Ethernet2 0 2 port hybrid vlan 5...

Страница 118: ...secondary VLAN SwitchC vlan6 quit SwitchC vlan 3 SwitchC vlan3 vlan 4 Add port Ethernet2 0 3 to the isolate user VLAN and the secondary VLAN and configure the port to untag the VLAN packets Remove th...

Страница 119: ...olate user VLAN to secondary VLAN mapping SwitchC Ethernet2 0 1 quit SwitchC isolate user vlan 6 secondary 3 to 4 After the above configurations Switch A can receive packets from Switch B and Switch C...

Страница 120: ...120 CHAPTER 13 ISOLATE USER VLAN CONFIGURATION...

Страница 121: ...oxy function is used ARP proxy enables Layer 3 connectivity between Layer 2 isolated ports by performing ARP request and forwarding and handling response packets Super VLAN Configuration Super VLAN Co...

Страница 122: ...Sub VLAN You can use the following commands to establish the mapping between a super VLAN and a sub VLAN c CAUTION The sub VLAN must exist before you create mapping between the sub VLAN and the super...

Страница 123: ...the outside network Configuration Procedure n A super VLAN interface can only correspond to one DHCP server group The last configuration will take effect if you execute the dhcp server groupNo command...

Страница 124: ...it SW7750 system view SW7750 vlan 10 SW7750 vlan10 supervlan Create VLAN2 VLAN3 and VLAN5 and add corresponding ports to them SW7750 vlan10 quit SW7750 vlan 2 SW7750 vlan2 port Ethernet 2 0 1 Ethernet...

Страница 125: ...igure it as a super VLAN SW7750 system view SW7750 vlan 6 SW7750 vlan6 supervlan Create VLAN 2 and VLAN 3 and establish the mapping between them and VLAN 6 SW7750 vlan6 quit SW7750 vlan 2 SW7750 vlan2...

Страница 126: ...126 CHAPTER 14 SUPER VLAN...

Страница 127: ...ed decimal notation Each IP address contains four decimal integers with each integer corresponding to one byte for example 10 110 50 101 Some IP addresses are reserved for special use The IP address r...

Страница 128: ...by hosts when they are booted but is not used afterward An IP address with all 0s network ID represents a specific host on the local network and can be used as a source address but cannot be used as a...

Страница 129: ...ss 138 38 128 0 101 Subnet address 138 38 160 0 110 Subnet address 138 38 192 0 111 Subnet address 138 38 224 0 Subnet number Host number Subnet address 10001010 00100110 000 00000 00000000 ClassB 138...

Страница 130: ...You can perform troubleshooting as follows Check the configuration of the switch and then use the display arp command to check whether the host has an corresponding ARP entry in the ARP table maintain...

Страница 131: ...Introduction to FIB Every switch stores a forwarding information base FIB FIB is used to store the forwarding information of the switch and guide Layer 3 packet forwarding You can know the forwarding...

Страница 132: ...e subnet If a directed broadcast packet reaches the destination network after being forwarded by the switch the switch will receive the broadcast packet for the switch also belongs to the subnet Since...

Страница 133: ...ng table becomes very large If a host sends malicious ICMP destination unreachable packets end users may be affected To solve such problems you can disable a device from sending ICMP error packets Cur...

Страница 134: ...port 4296 Use the debugging tcp packet command to enable the TCP debugging to trace TCP packets Switch terminal debugging Switch debugging tcp packet Table 81 Display IP performance Operation Command...

Страница 135: ...will be displayed in the following format in real time TCP output packet Source IP address 202 38 160 1 Source port 1024 Destination IP Address 202 38 160 1 Destination port 4296 Sequence number 4185...

Страница 136: ...136 CHAPTER 16 IP PERFORMANCE CONFIGURATION...

Страница 137: ...0 0cb 47 0000 00cb 0047 is the node address You can also write an IPX address in the form of N H H H where N is the network number and H H H is the node address Routing Information Protocol IPX uses...

Страница 138: ...outing Configuring IPX static routes Table 83 Configure IPX Configuration task Description Detailed configuration Basic IPX configuration Required Basic IPX Configuration on page 138 IPX routing confi...

Страница 139: ...s needed Enable IPX ipx enable Required IPX is disabled by default Enter VLAN interface view interface Vlan interface vlan id Configure an IPX network number for the VLAN interface ipx network network...

Страница 140: ...ks 1 tick 1 18 seconds indicate the delay that a VLAN interface experiences Table 87 Configure IPX RIP Operation Command Description Enter system view system view Enable IPX ipx enable Required IPX is...

Страница 141: ...where the switches mistake an operating server for a failed one The aging period of IPX SAP is a multiple of the IPX RIP update interval You can set multiple update intervals as an aging period Table...

Страница 142: ...VLAN interface Configure the aging period of IPX SAP ipx sap multiplier multiplier Optional By default an IPX SAP service entry is deleted if it is not updated after three update intervals Enter VLAN...

Страница 143: ...the information of the server picked out by round robin polling ipx sap gns load balance Optional By default the switch responds to SAP GNS requests with the information of a server that is picked out...

Страница 144: ...ence preference Optional By default no static service entry is found in the service information table Configure the maximum length of the service information reserve queue for one service type ipx sap...

Страница 145: ...the IPX network The node address of the server is 0000 0c91 f61f Enable the forwarding of type 20 broadcast packets ipx netbios propagation Optional By default type 20 broadcast packets are not forwa...

Страница 146: ...e 2 Switch Vlan interface2 ipx encapsulation ethernet 2 Switch Vlan interface2 quit Assign the network number 1000 to VLAN interface 1 to enable IPX on the VLAN interface Switch interface Vlan interfa...

Страница 147: ...451 hop 2 Configure a service information entry indicating that the server can provide the printing service Switch ipx service 7 printserver 2 0000 0c91 f61f 5 hop 2 Troubleshooting IPX Troubleshooti...

Страница 148: ...empt the packet is dropped Troubleshooting IPX RIP Symptom 1 The switch cannot learn routes from the peer device Solutions Use the debugging ipx rip packet verbose command to enable debugging for IPX...

Страница 149: ...rface command Check whether the hop count of the route to the server is smaller than 16 with the display ipx routing table command Check whether adequate memory is available for adding the service ent...

Страница 150: ...se the display current configuration command to check whether the triggered updates feature is configured on the VLAN interface Periodical update is disabled when the triggered updates feature applies...

Страница 151: ...ent switch with the display ipx routing table verbose command Solutions Use the display current configuration command to view the maximum number of dynamic routes for each destination network number T...

Страница 152: ...152 CHAPTER 17 IPX CONFIGURATION...

Страница 153: ...the received declarations withdrawal declarations GARP members exchange information through sending messages There mainly are 3 types of GARP messages including Join Leave and LeaveAll When a GARP pa...

Страница 154: ...eaveALL message after the timer times out so that other GARP participants can re register all the attribute information on this participant After that the participant restarts the LeaveAll timer to be...

Страница 155: ...bute List It contains multiple attributes Attribute Each general attribute consists of three parts Attribute Length Attribute Event and Attribute Value Each LeaveAll attribute consists of two parts At...

Страница 156: ...ue Table 95 GVRP Configuration procedure Operation Command Description Enter system view system view Configure the LeaveAll timer garp timer leaveall timer value Optional By default the LeaveAll timer...

Страница 157: ...hanging the timeout time of the Hold timer This upper threshold is less than one half of the timeout time of the Leave timer You can change the threshold by changing the timeout time of the Leave time...

Страница 158: ...ll the VLANs SW7750 interface Ethernet2 0 1 SW7750 Ethernet2 0 1 port link type trunk SW7750 Ethernet2 0 1 port trunk permit vlan all Enable GVRP on the trunk port SW7750 Ethernet2 0 1 gvrp GVRP is en...

Страница 159: ...llustrates the structure of a packet with single VLAN tag Figure 43 Structure of the packets with single VLAN tag Figure 44 illustrates the structure of a packet with nested VLAN tags Figure 44 Struct...

Страница 160: ...tructure of tagged packets of Ethernet frames The user priority field is the 802 1p priority of the tag This 3 bit field is in the range of 0 to 7 Through configuring inner to outer tag priority mappi...

Страница 161: ...quirements Switch A Switch B and Switch C are Switch 7750s Two networks are connected to the Ethernet2 0 1 ports of Switch A and Switch C Switch B only permits the packets of VLAN 10 It is required th...

Страница 162: ...ernet2 0 1 port access vlan 10 SwitchA Ethernet2 0 1 stp disable SwitchA Ethernet2 0 1 undo ntdp enable SwitchA Ethernet2 0 1 vlan vpn enable SwitchA Ethernet2 0 1 quit 2 Configure Switch B Configure...

Страница 163: ...2 port of Switch B it is forwarded in VLAN 10 and is passed to Ethernet2 0 1 port The packet is forwarded from Ethernet2 0 1 port of Switch B to the network on the other side and reaches Ethernet2 0...

Страница 164: ...164 CHAPTER 19 QINQ CONFIGURATION...

Страница 165: ...VLAN tags according to the VLAN ID they carry This is achieved by using the corresponding commands n For Switch 7750 Ethernet switches the selective QinQ feature can also be achieved through using ACL...

Страница 166: ...ew Enter Ethernet port view interface interface type interface number Enable QinQ for the port vlan vpn enable Required By default QinQ is disabled Configure the outer VLAN tag to be added to a packet...

Страница 167: ...Enter system view SwitchA system view Enter GigabitEthernet2 0 1 port view SwitchA interface GigabitEthernet 2 0 1 Configure this port to be a hybrid port And configure to keep the outer tags of packe...

Страница 168: ...f VLAN 100 to be inserted to packets and specify the upstream port of the tag to be GigabitEthernet2 0 1 which does not remove the outer VLAN tags of packets when transmitting these packets SwitchA Gi...

Страница 169: ...of VLAN 4 When a packet is received its source MAC address MAC A is learned into the MAC address table of the default VLAN VLAN 2 of the port When a response packet is returned to the device from VLAN...

Страница 170: ...shared VLAN enabled the packets of the current I O Module or Fabric are forwarded according to the MAC address table of the shared VLAN So you need to add the ports of all the packets to be forwarded...

Страница 171: ...ure 49 Network diagram for Shared VLAN configuration Configuration Procedure Enable selective QinQ on Ethernet2 0 6 Refer to Selective QinQ Configuration Example on page 167 for the details Specify VL...

Страница 172: ...172 CHAPTER 21 SHARED VLAN CONFIGURATION...

Страница 173: ...he Ethernet port description text Optional By default no description is defined for the port Set the duplex mode of the Ethernet port duplex auto full half Optional By default the duplex mode of the p...

Страница 174: ...to full or auto 100 Mbps optical Ethernet port It works in full duplex mode and its duplex mode can be set to full or auto Gigabit optical Ethernet port It works in full duplex mode and its duplex mo...

Страница 175: ...multicast unknown unicast suppression on ports Configure the available auto negotiation speed s for the port speed auto 10 100 1000 Optional By default the port speed is determined through auto negot...

Страница 176: ...sical state of its ports n The delays set with the above commands are weight values rather than exact time values The greater the delay weight the longer the delay You can set the delay of reporting d...

Страница 177: ...e port is an edge port Port configuration includes link type of the port port rate and duplex mode n To copy the configuration of a source port to a member port of a link aggregation group you should...

Страница 178: ...ring the specified interval and displays the average rates in the interval For example if you set this interval to 100 seconds the displayed information is as follows Table 113 Set loopback detection...

Страница 179: ...g the function you can choose to monitor certain Ethernet ports instead of monitoring all ports so as to reduce the quantity of log information output to the log server n After you allow a port to out...

Страница 180: ...rface interface type interface number Allow the port to output the UP Down log information enable log updown Required By default a port is allowed to output the UP Down log information Table 118 Displ...

Страница 181: ...t2 0 1 Set Ethernet2 0 1 as a trunk port SW7750 Ethernet2 0 1 port link type trunk Allow packets of VLAN 2 VLAN 6 through VLAN 50 and VLAN 100 to pass Ethernet2 0 1 SW7750 Ethernet2 0 1 port trunk per...

Страница 182: ...182 CHAPTER 22 PORT BASIC CONFIGURATION...

Страница 183: ...QoS configuration including traffic limiting priority marking default 802 1p priority bandwidth assurance congestion avoidance traffic redirection traffic statistics and so on VLAN configuration inclu...

Страница 184: ...member ports that can be set as selected ports in an aggregation group exceeds the maximum number supported by the device the system will choose the ports with lower port numbers as the selected port...

Страница 185: ...alf duplex low speed The system sets the following ports to standby state ports that are not connected to the same peer device as the master port selected port with the minimum port number and ports t...

Страница 186: ...Ds system priority system MAC address between the two parties First compare the two system priorities then the two system MAC addresses if the system priorities are equal The device with smaller devic...

Страница 187: ...descriptions Aggregation type Basic description Specific description Manual aggregation Support up to 384 aggregation groups including 64 load sharing aggregation groups For Type A modules an aggrega...

Страница 188: ...ources are as follows Table 120 Restriction of type A I O Modules on link aggregation I O Module type Cross chip aggregation Aggregation type I O Module specificatio n Maximum number of ports in an ag...

Страница 189: ...esources c CAUTION A load sharing aggregation group contains up to two selected ports however a non load sharing aggregation group can only have one selected port at most and others are standby ports...

Страница 190: ...m one or more dynamic aggregation groups You can manually add remove a port to from a static aggregation group and a port can only be manually added removed to from a static aggregation group Add a gr...

Страница 191: ...to participate in dynamic aggregation of the system because only when LACP is enabled on those ports at both ends can the two parties reach agreement in adding removing ports to from dynamic aggregat...

Страница 192: ...ven parameters are available on type A I O Modules including 3C16860 3C16860 3C16861 3C16861 LS81FS24A LS81FS24 3C16858 3C16858 3C16859 and 3C16859 None of the above seven parameters are available on...

Страница 193: ...o User View with Ctrl Z SW7750 link aggregation group 1 mode manual Add Ethernet 2 0 1 through Ethernet 2 0 3 to aggregation group 1 SW7750 interface ethernet2 0 1 SW7750 Ethernet2 0 1 port link aggre...

Страница 194: ...2 0 2 interface ethernet2 0 3 SW7750 Ethernet2 0 3 port link aggregation group 1 3 Adopt the dynamic LACP aggregation mode Enable LACP on Ethernet 2 0 1 through Ethernet 2 0 3 SW7750 interface etherne...

Страница 195: ...the isolation group automatically When a port in an aggregation group leaves an isolation group the other ports in the aggregation group leave the isolation group automatically Configuring Port Isolat...

Страница 196: ...onfiguration Example Network requirements PC2 PC3 and PC4 connect to the switch ports Ethernet2 0 2 Ethernet2 0 3 and Ethernet2 0 4 respectively It is desired that PC2 PC3 and PC4 are isolated from ea...

Страница 197: ...ort isolate group1 port Ethernet2 0 2 to Ethernet2 0 4 Display information about the ports in the isolation group SW7750 port isolate group1 display isolate port Isolate group ID 1 Isolated port s in...

Страница 198: ...198 CHAPTER 24 PORT ISOLATION CONFIGURATION...

Страница 199: ...load and greatly enhances system security and manageability Port Security Features The following port security features are provided 1 NTK need to know feature By checking the destination MAC addresse...

Страница 200: ...nt command After the port security mode is changed to the secure mode only those packets whose source MAC addresses are security MAC addresses learned configured can pass through the port In the secur...

Страница 201: ...lar to the userlogin secure mode except that besides the packets of the single 802 1x authenticated user the packets whose source MAC addresses have a particular OUI are also allowed to pass through t...

Страница 202: ...allowed however cannot exceed the configured upper limit By setting the maximum number of MAC addresses allowed on a port you can Control the maximum number of users who are allowed to access the net...

Страница 203: ...for port mirroring Link aggregation Table 132 Set the maximum number of MAC addresses allowed on a port Operation Command Remarks Enter system view system view Enter Ethernet port view interface inter...

Страница 204: ...pe interface number Configure the NTK feature port security ntk mode ntkonly ntk withbroadcasts ntk withmulticasts Required Be default NTK is disabled on a port namely all frames are allowed to be sen...

Страница 205: ...n to secure n The security MAC addresses manually configured are written to the configuration file they will not get lost when the port is up or down As long as the configuration file is saved the sec...

Страница 206: ...1 After the number of security MAC addresses reaches 80 the port stops learning MAC addresses If any frame with an unknown MAC address arrives intrusion protection is triggered and the port will be di...

Страница 207: ...tolearn SW7750 GigabitEthernet2 0 1 quit Add the MAC address 0001 0002 0003 of Host as a security MAC address to the port in VLAN 1 SW7750 mac address security 0001 0002 0003 interface GigabitEthern e...

Страница 208: ...208 CHAPTER 25 PORT SECURITY CONFIGURATION...

Страница 209: ...e configuration you can use the display command in any view to display port binding information and verify your configuration Table 140 Configure port binding Operation Command Description Enter syste...

Страница 210: ...Host A Network diagram Figure 54 Network diagram for port binding configuration Configuration procedure Configure switch A as follows Enter system view SW7750 system view Enter Ethernet 2 0 1 port vie...

Страница 211: ...shown in Figure 55 Fibers that are not connected or disconnected as shown in Figure 56 the hollow lines in which refer to fibers that are not connected or disconnected Device link detection protocol D...

Страница 212: ...correctly and whether packets can be exchanged normally at both ends However the auto negotiation mechanism cannot implement this detection n In order for DLDP to detect fiber disconnection in one dir...

Страница 213: ...ble state Disable packets carry only the local port information instead of the neighbor information When a port detects a unidirectional link and enters the disable state the port sends disable packet...

Страница 214: ...ts with the RSY flag set or not set Advertisement Advertisement packets Probe Probe packets Table 144 The procedure to process a received DLDP packet Packet type Processing procedure Advertisement pac...

Страница 215: ...remains in active state for more than five seconds and enters this status It is a stable state where no unidirectional link is found Probe DHCP sends packets to check whether the link is a unidirectio...

Страница 216: ...when the entry aging timer expires DLDP sends an advertisement packet with an RSY tag and deletes the neighbor entry In the enhanced mode if no packet is received from the neighbor when the entry agin...

Страница 217: ...s original DLDP state if it receives a port up message before the delaydown timer expires Otherwise it removes the DLDP neighbor information and changes to the inactive state Table 147 DLDP timers Tim...

Страница 218: ...see if the neighbor information carried in the recover echo packet is consistent with that of the local port If yes the link between the local port and the neighbor is considered to be recovered to b...

Страница 219: ...is 5 seconds Set the delaydown timer dldp delaydown timer delaydown time Optional By default the delaydown timer expires after 1 second it is triggered Set the DLDP handling mode when an unidirectiona...

Страница 220: ...lization is high DLDP may issue mistaken reports You are recommended to configure the operating mode of DLDP as manual after unidirectional links are discovered For the dldp interval integer command m...

Страница 221: ...etwork traffic increases and port bandwidth is reduced DLDP is also applicable to STP Discarding ports Ports discarded by STP can set up normal DLDP neighbors and detect unidirectional links DLDP does...

Страница 222: ...nd Switch B are cross connected DLDP disconnects the unidirectional links after detecting them When the network administrator connects the fiber correctly the ports taken down by DLDP are restored Net...

Страница 223: ...the fibers are not correctly connected When the fibers are cross connected both ends are unidirectional links and the two ends are displayed as in Disable status When one end is correctly connected a...

Страница 224: ...224 CHAPTER 27 DLDP CONFIGURATION...

Страница 225: ...itch queries its MAC address table for the forwarding port number according to the destination MAC address carried in the packet and then forwards the packet through the port The dynamic address entri...

Страница 226: ...the destination device does not respond to the packet this indicates that the destination device is unreachable or that the destination device receives the packet but gives no response In this case t...

Страница 227: ...152 Characteristics of different types of MAC address entries MAC address entry Configuration method Aging time Reserved or not at reboot if the configuration is saved Static MAC address entry Manual...

Страница 228: ...no aging keyword specifies that MAC address entries do not age out Setting the Maximum Number of MAC Addresses a Port Can Learn The MAC address learning mechanism enables an Ethernet switch to acquir...

Страница 229: ...s The Switch 7750 learn MAC address entries in one of the following ways Through MAC address learning on the port By synchronizing MAC address entries between chips Table 156 Set the maximum number of...

Страница 230: ...PT4GB0 LS8M1PT8GB0 LS81PT4GA and LS81PT8GA Setting the processing method for the specific packets You can use the following commands to configure whether or not the packets with destination MAC addres...

Страница 231: ...amic MAC addresses to 500 seconds SW7750 mac address timer aging 500 Display the information about the MAC address entries in system view SW7750 display mac address interface Ethernet 2 0 2 MAC ADDR V...

Страница 232: ...232 CHAPTER 28 MAC ADDRESS TABLE MANAGEMENT...

Страница 233: ...hes authentication can be performed locally or through a RADIUS server 1 When a RADIUS server is used for authentication the switch serves as a RADIUS client Authentication is carried out through the...

Страница 234: ...esses that the port can learn you are not allowed to enable the centralized MAC address authentication function on the port If a port is already enabled with the 802 1x function and the access control...

Страница 235: ...zed MAC address authentication for a port in Ethernet port view Operation Command Description Enter system view system view Enter Ethernet port view interface interface type interface number Enable ce...

Страница 236: ...ation The period is determined by the Reauth period server Table 167 lists the operations to configure the timers used in centralized MAC address authentication Configuring Centralized MAC Address Re...

Страница 237: ...s Authentication Configuration Example n Centralized MAC address authentication configuration is similar to that of 802 1x In this example the differences between the two lie in Centralized MAC addres...

Страница 238: ...cation mode The user name and password are both 000fe2010101 Network diagram Figure 59 Enable to perform the MAC address authentication locally for access users Configuration Procedure Add a local acc...

Страница 239: ...s Authentication Configuration Example 239 SW7750 mac authentication timer offline detect 180 SW7750 mac authentication timer quiet 30 For domain related configuration refer to the 802 1x Configuratio...

Страница 240: ...240 CHAPTER 29 CENTRALIZED MAC ADDRESS AUTHENTICATION CONFIGURATION...

Страница 241: ...he forwarding loads of different VLANs MSTP is compatible with both STP and RSTP It overcomes the drawback of STP and RSTP It not only enables spanning trees to converge rapidly but also enables packe...

Страница 242: ...spanning tree in a MST region Multiple spanning trees can be established in one MST region These spanning trees are independent of each other For example each region in Figure 60 contains multiple spa...

Страница 243: ...n in Figure 60 the region root of MSTI 1 is switch B and the region root of MSTI 2 is switch C Common root bridge The common root bridge is the root of the CIST The common root bridge of the network s...

Страница 244: ...rts can be in the following three states Forwarding state Ports in this state can forward user packets and receive send BPDU packets Learning state Ports in this state can receive send BPDU packets Di...

Страница 245: ...ing itself 1 Each switch sends out its configuration BPDUs and operates in the following way when receiving a configuration BPDU on one of its ports from another switch If the priority of the configur...

Страница 246: ...receive configuration messages and cannot forward packets Otherwise the switch sets the local port to the designated port replaces the original configuration BPDU of the port with the resulting one an...

Страница 247: ...iguration Optional The default is recommended Network Diameter Configuration on page 252 MSTP time related configuration Optional The defaults are recommended MSTP Time related Configuration on page 2...

Страница 248: ...tance 1 and VLAN 20 through VLAN 30 being mapped to spanning tree 2 SW7750 system view SW7750 stp region configuration SW7750 mst region region name info SW7750 mst region instance 1 vlan 2 to 10 SW77...

Страница 249: ...s replaces the root bridge when the latter fails You can specify the network diameter and the Hello time parameters while configuring a root bridge secondary root bridge Refer to Network Diameter Conf...

Страница 250: ...ge or a secondary root bridge by using the stp root primary or stp root secondary command the bridge priority of the switch is not configurable During the selection of the root bridge if multiple swit...

Страница 251: ...ecreased by 1 every time the configuration BPDU passes a switch Such a mechanism disables the switches that are beyond the maximum hops from participating in spanning tree generation and thus limits t...

Страница 252: ...dge diameter 6 MSTP Time related Configuration You can configure three MSTP time related parameters for a switch Forward delay Hello time and Max age The Forward delay parameter sets the delay of stat...

Страница 253: ...t in normal links being regarded as invalid when packets get lost on them which in turn results in spanning trees being regenerated And a too small Hello time parameter may result in duplicated config...

Страница 254: ...devices at the interval specified by the Hello time parameter to test the links Normally a switch regards its upstream switch faulty if the former does not receive any protocol packets from the latte...

Страница 255: ...rts that neither directly connects to other switches nor indirectly connects to other switches through network segments After a port is configured as an edge port rapid transition is applicable to the...

Страница 256: ...ted Configuration A point to point link directly connects two switches If the roles of the two ports at the two ends of a point to point link meet certain criteria the two ports can transit to the for...

Страница 257: ...force false auto Required The auto keyword is adopted by default The force true keyword specifies that the links connected to the specified ports are point to point links The force false keyword speci...

Страница 258: ...on specified ports stp interface interface list disable Optional By default MSTP is enabled on all ports after you enable MSTP in system view To enable a switch to operate more flexibly you can disabl...

Страница 259: ...tus root branch or leaf of each switch in each spanning tree instance is determined Table 189 Leaf node configuration Operation Remarks Related section MSTP configuration Required To prevent network t...

Страница 260: ...determined by switch or through manual configuration Standards for calculating path costs of ports Currently a switch can calculate the path costs of ports based on one of the following standards dot...

Страница 261: ...2 ports Aggregated link 3 ports Aggregated link 4 ports 19 15 15 15 200 000 100 000 66 666 50 000 200 180 160 140 1 000 Mbps Full duplex Aggregated link 2 ports Aggregated link 3 ports Aggregated link...

Страница 262: ...etermining the root port In the same condition ports with smaller port priority values are more potential to become the root port than those with bigger priority values A port on a MSTP enabled switch...

Страница 263: ...256 MSTP Configuration Refer to MSTP Configuration on page 258 The mCheck Configuration As mentioned previously ports on an MSTP enabled switch can operate in three modes STP compatible RSTP compatibl...

Страница 264: ...tion Configuration Introduction The following protection functions are available on an MSTP enabled switch BPDU protection root protection loop guard and topology change BPDU TC BPDU attack guard BPDU...

Страница 265: ...d period Loop guard A switch maintains the states of the root port and other blocked ports by receiving and processing BPDUs from the upstream switch These BPDUs may get lost because of network conges...

Страница 266: ...tion function and edge port setting only one can be valid on a port at one time BPDU Protection Configuration Configuration prerequisites MSTP is enabled on the current switch Configuration procedure...

Страница 267: ...200 Enable the root guard function in Ethernet port view Operation Command Description Enter system view system view Enter Ethernet port view Interface interface type interface number Enable the root...

Страница 268: ...on such as region ID and configuration digest As some partners switches adopt proprietary spanning tree protocols they cannot interwork with other switches in an MST region even if they are configured...

Страница 269: ...configured with exactly the same MST region related configurations including region name revision level and VLAN to MSTI mapping The digest snooping feature must be enabled on all the ports of your S...

Страница 270: ...witch Figure 62 and Figure 63 illustrate the RSTP and MSTP rapid transition mechanisms Figure 62 The RSTP rapid transition mechanism Figure 63 The MSTP rapid transition mechanism Limitation on the com...

Страница 271: ...tree protocol you can enable the rapid transition feature on the ports of the 3Com series switch operating as the downstream switch Among these ports those operating as the root ports will then send...

Страница 272: ...operator s network comprises packet ingress egress devices and the user s network has networks A and B On the operator s network configure the arriving BPDU packets at the ingress to have MAC addresse...

Страница 273: ...802 1x GVRP GMRP STP or NTDP enabled the BPDU Tunnel function is not applicable to these ports Network Network A Network B Customer networks Service provider network Packet input output device Packet...

Страница 274: ...cs Table 208 Enable log trap output for ports of MSTP instance Operation Command Description Enter system view system view Enable log trap output for the ports of a specified instance stp instance ins...

Страница 275: ...re configured as the root bridges of spanning tree instance 1 and spanning tree instance 3 respectively Switch C is configured as the root bridge of spanning tree instance 4 Network diagram Figure 66...

Страница 276: ...guration Specify Switch B as the root bridge of spanning tree instance 3 SW7750 stp instance 3 root primary 3 Configure Switch C Enter MST region view SW7750 system view SW7750 stp region configuratio...

Страница 277: ...operate as the access devices of the user s network that is Switch A and Switch B in the network diagram Switch C and Switch D connect to each other through the configured trunk port of the switch and...

Страница 278: ...nd then enable the VLAN VPN function on it SW7750 interface Ethernet 1 0 1 SW7750 Ethernet1 0 1 port access vlan 10 SW7750 Ethernet1 0 1 stp disable SW7750 Ethernet1 0 1 vlan vpn enable SW7750 Etherne...

Страница 279: ...1 0 2 SW7750 Ethernet1 0 2 port access vlan 10 SW7750 Ethernet1 0 2 stp disable SW7750 Ethernet1 0 2 vlan vpn enable SW7750 Ethernet1 0 2 quit Configure port Ethernet1 0 1 as a trunk port SW7750 inter...

Страница 280: ...280 CHAPTER 30 MSTP CONFIGURATION...

Страница 281: ...directly to the destination host if the host is on a network directly connected to the router Each entry in a routing table contains Destination address It identifies the address of the destination ho...

Страница 282: ...the network where the destination resides In order to avoid an oversized routing table you can set a default route All the packets for which the router fails to find a matching entry in the routing ta...

Страница 283: ...ng protocols may discover different routes to the same destination but only one route among these routes and the static routes is optimal In fact at any given moment only one routing protocol can dete...

Страница 284: ...of the routes has the highest preference and is called primary route The other routes have descending preferences and are called backup routes Normally the router sends data through the main route Wh...

Страница 285: ...will be discarded and the source hosts will be informed of the unreachability of the destination Blackhole route route with blackhole attribute If a static route destined for a destination has the bl...

Страница 286: ...table will be forwarded through the default route Do not configure the next hop address of a static route to the address of an interface on the local switch The preference can be configured different...

Страница 287: ...c route display ip routing table ip address mask longer match verbose Display the routes in a specified address range display ip routing table ip address1 mask1 ip address2 mask2 verbose Display the r...

Страница 288: ...atic 1 1 1 0 255 255 255 0 1 1 2 1 SwitchC ip route static 1 1 4 0 255 255 255 0 1 1 3 2 Configure the default gateway of Host A to 1 1 5 1 Detailed configuration procedure is omitted Configure the de...

Страница 289: ...RIP manages a routing database which contains routing entries to all the reachable destinations in the internetwork Each routing entry contains the following information Destination address IP address...

Страница 290: ...bors every 30 seconds Upon receiving the packets the neighbors maintain their own routing tables and select optimal routes and then advertise update information to their respective neighbors so as to...

Страница 291: ...Setting RIP preference Optional Setting RIP preference on page 295 Enabling RIP traffic sharing across interfaces Optional Enabling RIP traffic sharing across interfaces on page 295 Configuring RIP to...

Страница 292: ...e Specifying the RIP version on an interface Table 214 Enable RIP globally and on the interface of a specified network segment Operation Command Description Enter system view system view Enable RIP gl...

Страница 293: ...rm the following tasks Configuring network layer addresses of interfaces so that adjacent nodes are reachable to each other at the network layer Configuring basic RIP functions Configuring RIP Route C...

Страница 294: ...elp in route addressing but consume a lot of network resources After host route receiving is disabled a router can refuse any incoming host routes Set the additional routing metric to be added for inc...

Страница 295: ...sharing across interfaces Table 220 Configure RIP to filter incoming outgoing routes Operation Command Description Enter system view system view Enter RIP view rip Configure RIP to filter incoming rou...

Страница 296: ...an interface or link with special requirements Configuration Prerequisites Before adjusting RIP perform the following tasks Configuring the network layer addresses of interfaces so that adjacent node...

Страница 297: ...for RIP 2 Setting RIP 2 packet authentication mode RIP 2 supports two authentication modes simple authentication and MD5 authentication Table 224 Configure RIP timers Operation Command Description En...

Страница 298: ...ssword md5 rfc2453 key string rfc2082 key string key id Required If you specify to use MD5 authentication you must specify one of the following MD5 authentication types rfc2453 this type supports the...

Страница 299: ...ion related to RIP is listed below Before the following configuration make sure the Ethernet link layer works normally and the IP addresses of VLAN interfaces are configured correctly 1 Configure Swit...

Страница 300: ...configuration rip command to verify RIP is enabled on the interface with the network command Use the display this command in VLAN interface view to verify the undo rip work command was not executed o...

Страница 301: ...OSPF supports multiple equivalent routes to the same destination Routing hierarchy OSPF has a four level routing hierarchy It prioritizes the routes as intra area inter area external type 1 and exter...

Страница 302: ...gured the system will automatically select an IP address from the IP addresses of the interfaces as the router ID A router ID is selected in the following way if loopback interface addresses are confi...

Страница 303: ...y After an AS is divided into different areas that are interconnected through OSPF ABRs The routing information between areas can be reduced through route summary This reduces the size of routing tabl...

Страница 304: ...e network are not directly reachable to each other you must configure the corresponding interface type to P2MP If a router in the network has only one peer you can change the corresponding interface t...

Страница 305: ...ead of being manually configured DR and BDR are elected by all the routers on the current network segment The priority of a router interface determines the qualification of the interface in DR BDR ele...

Страница 306: ...R packets contain the digest of the needed LSAs LSU packet Link state update LSU packets are used to transmit the needed LSAs to the peer router An LSU packet is a collection of multiple LSAs complete...

Страница 307: ...ogy in a stub area OSPF multi process Multiple OSPF processes can be run on a router Sharing discovered routing information with other dynamic routing protocols At present OSPF supports importing the...

Страница 308: ...iguring OSPF Route Summary Optional Configuring OSPF Route Summary on page 314 Configuring OSPF to Filter Received Routes Optional Configuring OSPF to Filter Received Routes on page 314 Configuring th...

Страница 309: ...OSPF Timers Optional Configuring OSPF Timers on page 317 Configuring the LSA transmission delay Optional Configuring the LSA transmission delay on page 318 Configuring the SPF Calculation Interval Opt...

Страница 310: ...The undo protocol multicast mac enable command must be configured if Layer 2 Layer 3 multicast function is enabled in the system In router ID selection the priorities of the router IDs configured with...

Страница 311: ...ith the backbone area and the backbone area must keep connectivity in itself If the physical connectivity cannot be ensured due to various restrictions you can configure OSPF virtual links to satisfy...

Страница 312: ...ection in the network Thus the router with higher performance and reliability can be selected as a DR or BDR Configuration Prerequisites Before configuring the network type of an OSPF interface perfor...

Страница 313: ...a neighbor has the right to vote If you specify the priority to 0 when configuring a neighbor the local router will believe that the neighbor has no right to vote and sends no Hello packet to it This...

Страница 314: ...w system view Enter OSPF view ospf process id router id router id Enter area view area area id Enable ABR route summary abr summary ip address mask advertise not advertise Required This command takes...

Страница 315: ...t for sending packets on an OSPF interface ospf cost value Optional By default OSPF calculates the cost for sending packets on an interface according to the current baud rate on the interface For a VL...

Страница 316: ...ed when the interfaces transmit LSAs By Adjusting SPF calculation interval you can mitigate resource consumption caused by frequent network changes In a network with high security requirements you can...

Страница 317: ...smission interval that is too short Otherwise unnecessary retransmission will occur LSA retransmission interval must be greater than the round trip time of a packet between two routers Table 242 Confi...

Страница 318: ...you can disable multiple OSPF processes from transmitting OSPF packets The silent interface command however only applies to the OSPF interface where the specified process has been enabled without aff...

Страница 319: ...MTU value of the interface is filled in the Interface MTU field of the DD packets Table 246 Configure OSPF authentication Operation Command Description Enter system view system view Enter OSPF view o...

Страница 320: ...status changes Table 249 Configure OSPF MIB binding Operation Command Description Enter system view system view Configure OSPF MIB binding ospf mib binding process id Optional By default MIB is bound...

Страница 321: ...Display OSPF statistics display ospf process id cumulative Display OSPF LSDB information display ospf process id area id lsdb brief asbr ase network nssa router summary ip address verbose originate ro...

Страница 322: ...an interface1 ospf dr priority 0 SwitchB router id 2 2 2 2 SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 196 1 1 0 0 0 0 255 Configure SwitchC SwitchC system view SwitchC inte...

Страница 323: ...chB interface Vlan interface 1 SwitchB Vlan interface1 ospf dr priority 200 On SwitchA run the display ospf peer command to display its OSPF peers Note that the priority of SwitchB has been changed to...

Страница 324: ...witchB Vlan interface1 ip address 196 1 1 2 255 255 255 0 SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 ip address 197 1 1 2 255 255 255 0 SwitchB router id 2...

Страница 325: ...routers reaches the FULL state Note On a broadcast or NBMA network if the interfaces between two routers are in DROther state the peer state machine between the two routers are in 2 way state instead...

Страница 326: ...should be configured to be connected to the backbone area As shown in Figure 75 Router A and Router D are configured to belong to only one area whereas Router B Area 0 and Area 1 and Router C Area 1...

Страница 327: ...ommunication between an ES and an IS therefore an ES does not participate in the IS IS process and can be ignored in the IS IS protocol Routing domain RD A group of ISs exchange routing information wi...

Страница 328: ...ghbor relationship with the Level 2 and Level 1 2 routers in the same or in different areas It maintains a Level 2 LSDB which contains routing information for routing between areas All Level 2 routers...

Страница 329: ...in this topology The backbone is composed of all contiguous Level 2 and Level 1 2 routers which can reside in different areas Figure 77 IS IS topology II n The IS IS backbone does not need to be a spe...

Страница 330: ...tify the area and the routing domain In normal condition a router only needs one area address and all nodes must share the same area addresses in the same domain But a router can have three area addre...

Страница 331: ...ed 47 0001 aaaa bbbb cccc 00 where Area 47 0001 System ID aaaa bbbb cccc SEL 00 Here is another example A NET exists that is named 01 1111 2222 4444 00 where Area 01 System ID 1111 2222 4444 SEL 00 IS...

Страница 332: ...redistribution Optional Configuring IS IS Route Redistribution on page 335 Configure route filtering Optional Configuring Route Filtering on page 336 Configure route leaking Optional Configuring Route...

Страница 333: ...342 Configure to discard LSPs with incorrect checksum Optional Configuring to Discard LSPs with Incorrect Checksum on page 342 Configure to log peer changes Optional Configuring to Log Peer Changes o...

Страница 334: ...ea address and router system ID Enabling IS IS on the Specified Interface Configuring DIS Priority In a broadcast network IS IS needs to select a router as DIS When a DIS needs to be selected from the...

Страница 335: ...figuring IS IS Route Redistribution IS IS processes the routes discovered by other routing protocols as routes outside a routing domain You can specify the default cost for IS IS to redistribute route...

Страница 336: ...e of routes are to be filtered with the filter policy export command all the routes imported with the import route command will be filtered Table 258 Configure route redistribution Operation Command D...

Страница 337: ...ystem assigns a priority for each routing protocol When multiple routing protocols discover a route to the same destination the protocol with the highest priority will dominate Table 261 Configure rou...

Страница 338: ...ty of IS IS routes is 15 Table 264 Configure protocol priority Operation Command Description Table 265 Configure IS IS route cost style Operation Command Description Enter system view system view Ente...

Страница 339: ...mand Description Enter system view system view Enter interface view interface interface type interface number Required Configure the CSNP packets sending interval in seconds isis timer csnp seconds le...

Страница 340: ...thentication password is encapsulated in the LSP CSNP and PSNP packets at Level 1 as predefined If area authentication is also enabled on other routers in the same area area authentication works norma...

Страница 341: ...to a mesh group The interfaces in the group will flood the new LSPs to only the interfaces outside the mesh group Table 273 Configure authentication Operation Command Description Enter system view sys...

Страница 342: ...Refresh Time All LSPs are sent periodically to synchronize the LSPs in an area Add an interface to a mesh group isis mesh group mesh group numbe r mesh blocked Optional By default LSPs are flooded on...

Страница 343: ...ions SPF calculation in IS IS may occupy system resources for a long time if the routing table contains a great number of entries over 30 000 To avoid this you can configure SPF calculation durations...

Страница 344: ...n spf slice size seconds Optional By default SPF calculation is not sliced Table 283 Configure SPF to release CPU resources automatically Operation Command Description Enter system view system view En...

Страница 345: ...B Switch C and Switch D belong to the same area Table 286 Reset configuration data of the IS IS peer Operation Command Description Enter system view system view Reset configuration data of an IS IS p...

Страница 346: ...001 0000 0000 0006 00 SwitchB interface vlan interface 101 SwitchB Vlan interface101 ip address 200 10 0 1 255 255 255 0 SwitchB Vlan interface101 isis enable SwitchB interface vlan interface 102 Swit...

Страница 347: ...lan interface100 isis enable Configure Switch D SwitchD isis SwitchD isis network entity 86 0001 0000 0000 0008 00 SwitchD interface vlan interface 102 SwitchD Vlan interface102 ip address 100 20 0 2...

Страница 348: ...348 CHAPTER 35 IS IS CONFIGURATION...

Страница 349: ...nsport layer protocol with the port number being 179 to ensure reliability BGP supports classless inter domain routing CIDR With BGP employed only the changed routes are propagated This saves network...

Страница 350: ...tion is performed all the bits of this field are 1 Length 2 bytes in length This filed indicates the size in bytes of a BGP packet with the packet header counted in Type 1 byte in length This field in...

Страница 351: ...sage format An Update message can advertise a group of reachable routes with the same path attribute These routes are set in the NLRI field The Path Attributes field carries the attributes of these ro...

Страница 352: ...router it sends the whole BGP routing table to its peers to exchange routing information Afterwards BGP sends only Update messages instead of the whole table During the running BGP also sends receive...

Страница 353: ...Peer and Peer Group Definition As described in BGP Routing Mechanism on page 352 two BGP speakers capable of exchanging BGP messages with each other are peers of each other A BGP peer group is a set...

Страница 354: ...g information Optional Configuring BGP Route Receiving Policy on page 359 Configuring BGP IGP Route Synchronization Optional Configuring BGP IGP Route Synchronization on page 360 Configuring BGP route...

Страница 355: ...m view system view Start BGP and enter BGP view bgp as number Required By default the system does not run BGP Enter multicast address family view ipv4 family multicast Required Table 290 Configure bas...

Страница 356: ...the peers to establish multiple hop TCP connections between them Configuring the Way to Advertise Receive Routing Information Configuration Prerequisites Make sure the following operation is performe...

Страница 357: ...GP peer routing tables BGP supports two route aggregation modes automatic aggregation mode and manual aggregation mode Automatic aggregation mode where IGP sub network routes imported by BGP are aggre...

Страница 358: ...licy route policy name suppress policy route policy name Table 293 Enable default rout advertising Operation Command Description Enter system view system view Enable BGP and enter BGP view bgp as numb...

Страница 359: ...ring policy configured Specify an AS path ACL based BGP filtering policy for a peer group peer group name as path acl acl number export IP prefix based BGP route filtering policy for a peer group peer...

Страница 360: ...ng information Suppressed routes are neither added to the routing table nor advertised to other BGP peers Filter the routing information receivedfrom a peer peer group Specify an ACL based BGP route f...

Страница 361: ...able 15 in minutes half life unreachable 15 in minutes reuse 750 suppress 2000 ceiling 16 000 Table 298 Configure BGP load balance Operation Command Description Enter system view system view Enable BG...

Страница 362: ...oming from the neighbor routers in different ASs is disabled Configure the local address as the next hop address when a BGP router advertises a route peer group name next hop local Required In some ne...

Страница 363: ...To make a new BGP routing policy taking effect you need to reset the BGP connection This temporarily disconnects the BGP connection In the Switch 7750 BGP supports the route refresh function With rou...

Страница 364: ...address timer keepalive keepalive interval hold holdtime interval Configure the interval at which a peer group sends the same route update packet peer group name route update interval seconds Optiona...

Страница 365: ...iple BGP routers In an AS to ensure the connectivity among IBGP peers you need to set up full connection among them When there are too many IBGP peers it will cost a lot in establishing a full connect...

Страница 366: ...as the local AS number Add a peer to a peer group peer ip address group group name as number as number Create an EBGP peer group Create an EBGP peer group group group name external Optional You can ad...

Страница 367: ...bgp as number Required By default the system does not operate BGP Configure the local router as the RR and configure the peer group as the client of the RR peer group name reflect client Required By d...

Страница 368: ...table as path acl acl number Display routing information about CIDR display bgp multicast routing table cidr Display routing information about a specified BGP community display bgp multicast routing t...

Страница 369: ...nd IBGP Network diagram Figure 84 Diagram for AS confederation Table 306 Reset BGP connection Operation Command Reset all BGP connections reset bgp all Reset the BGP connection with a specified peer r...

Страница 370: ...nfed1001 external SwitchC bgp peer 172 68 10 1 group confed1001 as number 1001 SwitchC bgp group confed1002 external SwitchC bgp peer 172 68 10 2 group confed1002 as number 1002 SwitchC bgp group ebgp...

Страница 371: ...igure SwitchB Configure VLAN2 SwitchB interface Vlan interface 2 SwitchB Vlan interface2 ip address 192 1 1 2 255 255 255 0 Configure VLAN3 SwitchB interface Vlan interface 3 SwitchB Vlan interface3 i...

Страница 372: ...tchD Vlan interface4 ip address 194 1 1 2 255 255 255 0 Configure a BGP peer SwitchD bgp 200 SwitchD bgp group in internal SwitchD bgp peer 194 1 1 1 group in Use the display bgp routing table command...

Страница 373: ...hA bgp group ex192 external SwitchA bgp peer 192 1 1 2 group ex192 as number 200 SwitchA bgp group ex193 external SwitchA bgp peer 193 1 1 2 group ex193 as number 200 SwitchA bgp quit Configure the ME...

Страница 374: ...ate of neighbor Switch B 192 1 1 2 SwitchA bgp 100 SwitchA bgp peer ex193 route policy apply_med_50 export SwitchA bgp peer ex192 route policy apply_med_100 export 2 Configure Switch B SwitchB interfa...

Страница 375: ...Switch B Switch D will choose the route 1 0 0 0 coming from Switch C If you do not configure MED attribute of Switch A when you configure Switch A but configure the local preference on Switch C as fol...

Страница 376: ...kets If you cannot ping through the neighbor device check whether there is a route to the neighbor in the routing table If you can ping through the neighbor device check whether an ACL is configured t...

Страница 377: ...cols The following sections describe these filters Route policy A route policy is used to match some attributes with given routing information and the attributes of the information will be set if the...

Страница 378: ...used in BGP to define the matching conditions about AS path An as path contains a series of AS paths which are the records of routing information passed paths during BGP routing information exchange c...

Страница 379: ...ake the test of the next node If not the system goes on the test of the next node The deny argument specifies that the matching mode for the defined node in the route policy is deny In this mode no ap...

Страница 380: ...Enter system view system view Enter route policy view route policy route policy name permit deny node node number Define a rule to match the AS path field of BGP routing information if match as path...

Страница 381: ...te of BGP routing information apply community none aa nn 1 13 no export subconfed no export no advertise additive Optional Define a action to set the next hop address of routing information apply ip n...

Страница 382: ...tributes A router can decide whether to change community attributes before forwarding a route to other peer entity Community list is used to identify community information It falls in to two types bas...

Страница 383: ...routing policy configuration IP Routing Policy Configuration Example Configuring IP Routing Policy Network requirements As shown in Figure 87 Switch A communicates with Switch B using OSPF protocol S...

Страница 384: ...tic 40 0 0 1 255 0 0 0 12 0 0 2 Enable the OSPF protocol and specify the ID of the area to which the interface 10 0 0 1 belongs SwitchA system view SwitchA router id 1 1 1 1 SwitchA ospf SwitchA ospf...

Страница 385: ...on Cost Type NextHop AdvRouter Area 10 0 0 0 8 10 Net 10 0 0 1 1 1 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 20 0 0 0 8 1 2 1 10 0 0 1 1 1 1 1 40 0 0 0 8 1 2 1 10 0 0 1...

Страница 386: ...items are in the deny mode no route will pass the ip prefix filtering You can define the item permit 0 0 0 0 0 less equal 32 after multiple items in the deny mode for all other routes to pass the fil...

Страница 387: ...efore the route capacity limitation implemented by a Switch 7750 applies to OSPF and BGP routes only but not to static and RIP routes When the free memory of the switch is equal to or lower than the l...

Страница 388: ...cription Enter system view system view Set the lower limit and the safety value of switch memory memory safety safety value limit limit value Optional safety value defaults to 40 and limit value defau...

Страница 389: ...88 Architecture of 802 1x authentication The supplicant system is an entity residing at one end of the LAN segment and is authenticated by the authenticator system connected to the other end of the L...

Страница 390: ...d port and an uncontrolled port The uncontrolled port can always send and receive packets It mainly serves to forward EAPoL packets to ensure that a supplicant system can send and receive authenticati...

Страница 391: ...m in turn determines the state authorized or unauthorized of the controlled port according to the instructions accept or reject received from the RADIUS server Encapsulation of EAPoL Messages The form...

Страница 392: ...e authentication servers Network management related information such as alarming information is encapsulated in EAPoL Encapsulated ASF Alert packets which are terminated by authenticator systems The f...

Страница 393: ...age fields The type code of the EAP message field is 79 Figure 93 The format of an EAP message field The Message authenticator field as shown in Figure 94 can be used to prevent interception of access...

Страница 394: ...5 authentication procedure Figure 95 802 1x authentication procedure in EAP relay mode The detailed procedure is as follows A supplicant system launches an 802 1x client to initiate an access request...

Страница 395: ...US access request packet with the locally encrypted password If the two match it will then send feedbacks through a RADIUS access accept packet and an EAP success packet to the switch to indicate that...

Страница 396: ...equests for authentication The switch sends a unicast request identity packet to a supplicant system and then enables the transmission timer The switch sends another request identity packet to the sup...

Страница 397: ...ch quiets for the set period set by the quiet period timer before it processing another 802 1x relatedauthentication request initiated by the supplicant system ver period This timer sets the client ve...

Страница 398: ...logging in This function makes the switch to send version requesting packets again if the 802 1x client fails to send version reply packet to the switch before the version checking timer times out n...

Страница 399: ...ass the authentication through 802 1x client if they provide the user names and passwords that match with those stored in the switches You can also specify to adopt RADIUS authentication scheme with a...

Страница 400: ...latest time value obtained as the authentication interval After re authentication is enabled on a port you cannot change the dynamic VLAN delivery attribute value for the port if you do so the re aut...

Страница 401: ...ers for specified ports In system view dot1x max user user number interface interface list Optional By default up to 1 024 concurrent on line users are allowed on each port In port view dot1x max user...

Страница 402: ...ted in Table 320 takes effect only when it is performed on CAMS as well as on the switch and the client version checking function is enabled on the switch by the dot1x version check command Configurin...

Страница 403: ...rify the 802 1x related configuration by executing the display command in any view You can clear 802 1x related statistics information by executing the reset command in user view Configure the client...

Страница 404: ...accounting server The other operates as the secondary authentication server and primary accounting server The password for the switch and the authentication RADIUS servers to exchange message is name...

Страница 405: ...Configuration on page 525 for information about these commands Configuration on the client and the RADIUS servers is omitted Enable 802 1x globally SW7750 system view System View return to User View w...

Страница 406: ...the timer for the switch to send real time accounting packets to the RADIUS servers SW7750 radius radius1 timer realtime accounting 15 Configure to send the user name to the RADIUS server with the do...

Страница 407: ...Configuration Example 407 Create a local access user account SW7750 local user localuser SW7750 luser localuser service type lan access SW7750 luser localuser password simple localpass...

Страница 408: ...408 CHAPTER 39 802 1X CONFIGURATION...

Страница 409: ...tion and to be forwarded between HABP enabled switches Therefore the management devices can get the MAC addresses of their attached switches to manage them effectively HABP is implemented by HABP serv...

Страница 410: ...ets of all the VLANs Configure the current switch to be an HABP server habp server vlan vlan id Required By default a switch operates as an HABP client after you enable HABP on the switch and if you w...

Страница 411: ...abled globally Enable the 802 1x on GigabitEthernet2 0 2 SW7750 interface GigabitEthernet 2 0 2 SW7750 GigabitEthernet2 0 2 dot1x 802 1x is enabled on port GigabitEthernet2 0 2 2 Configure Switch A En...

Страница 412: ...412 CHAPTER 40 HABP CONFIGURATION...

Страница 413: ...n security legal use of paid services and network bandwidth In the network packets are sent in three modes unicast broadcast and multicast The following sections describe and compare data interaction...

Страница 414: ...erver broadcasts this information through routers and users A and C on the network also receive this information The security and payment of the information cannot be guaranteed As we can see from the...

Страница 415: ...he information is correctly delivered to users B D and E The advantages of multicast over unicast are as follows No matter how many receivers exist there is only one copy of the same multicast data fl...

Страница 416: ...iciency Multicast decreases network traffic and reduces server load and CPU load Optimal performance Multicast reduces redundant traffic Distributive application Multicast makes multiple point applica...

Страница 417: ...mmunication between the information source and members of a multicast group a group of information receivers network layer multicast addresses namely IP multicast addresses must be provided In additio...

Страница 418: ...lticast groups The IP address 224 0 0 0 is reserved Other IP addresses can be used by routing protocols 224 0 1 0 to 231 255 255 255 233 0 0 0 to 238 255 255 255 Available any source multicast ASM mul...

Страница 419: ...der 23 bits of a MAC address are the low order 23 bits of the multicast IP address Figure 103 describes the mapping relationship Figure 103 Mapping relationship between multicast IP address and multic...

Страница 420: ...omain routes Intra domain multicast routes have been quite mature Protocol independent multicast PIM is the most commonly used protocol currently PIM transmits information to receivers by means of mul...

Страница 421: ...routing protocols Based on source addresses multicast routers judge whether multicast packets come from specified interfaces that is RPF check determines whether inbound interfaces are correct by comp...

Страница 422: ...422 CHAPTER 41 MULTICAST OVERVIEW...

Страница 423: ...e VLAN where the receiving port resides In this way the multicast source in the VLAN gets aware of the existence of the multicast group member When the multicast source sends multicast packets to a gr...

Страница 424: ...configuration Configuration procedure Configure SwitchA Enable GMRP globally SW7750 system view SW7750 gmrp GMRP is enabled globally Enable GMRP on the port SW7750 interface Ethernet 2 0 1 SW7750 Ethe...

Страница 425: ...GMRP Configuration Example 425 SW7750 interface Ethernet 2 0 1 SW7750 Ethernet2 0 1 gmrp GMRP is enabled on port Ethernet 2 0 1...

Страница 426: ...426 CHAPTER 42 GMRP CONFIGURATION...

Страница 427: ...d from the router As shown in Figure 106 multicast packets are broadcasted at Layer 2 when IGMP Snooping is disabled and multicast at Layer 2 when IGMP Snooping is enabled Figure 106 Multicast packet...

Страница 428: ...ulticast MAC address Figure 107 IGMP Snooping implementation To implement Layer 2 multicast the switch processes four different types of IGMP messages it received as shown in Table 335 Table 334 IGMP...

Страница 429: ...queried IGMP host report message Host Multicast router and multicast switch Apply for joining a multicast group or respond to an IGMP query message Chec k if the IP multi cast group has a corres pond...

Страница 430: ...bers and enable the corresponding query timer If the multicast groupresponds the switch checks whether the port is the last host port corresponding to the MAC multicast group If yes remove the corresp...

Страница 431: ...zing the network topology Configure timers Optional Configuring Timers on page 432 Enable IGMP fast leave Optional Enabling IGMP Fast Leave for a Port or All Ports on page 432 Configure IGMP Snooping...

Страница 432: ...ry to the port and enables the query response timer of the IP multicast group Enabling IGMP Fast Leave for a Port or All Ports Normally when receiving an IGMP Leave message the switch does not immedia...

Страница 433: ...If yes it adds the port to the forward port list of the multicast group If not it drops the IGMP report message and does not forward the corresponding data stream to the port In this way you can cont...

Страница 434: ...layer This router or Layer 3 switch is called IGMP querier Enable IGMP Snooping filter in system view igmp snooping group policy acl number vlan vlan list Required You can configure the ACL to filter...

Страница 435: ...s enabled in a query interval the Layer 2 switch will forward only the first IGMP host report message from a multicast group to the Layer 3 switch and drop the other IGMP host report messages from the...

Страница 436: ...nsure that the IGMP entry does not age out When the simulated joining function is disabled on an Ethernet port the simulated host sends an IGMP leave message Therefore to ensure that IGMP entries will...

Страница 437: ...y if multicast VLAN is configured Perform the following configuration to configure multicast VLAN c CAUTION You can configure up to 5 multicast VLANs for the device A multicast VLAN cannot be configur...

Страница 438: ...nooping enable Table 350 Display information about IGMP Snooping Operation Command Description Display the current IGMP Snooping configuration display igmp snooping configuration You can execute the d...

Страница 439: ...abled Switch B Layer 3 switch GigabitEthernet 2 0 1 GigabitEthernet 2 0 2 GigabitEthernet 2 0 3 Router A Switch C Switch D GigabitEthernet 2 0 1 belongs to VLAN 1024 GigabitEthernet 2 0 2 is a trunk p...

Страница 440: ...the corresponding VLAN If it is disabled globally use the igmp snooping enable command in both system view and VLAN view to enable it both globally and on the corresponding VLAN at the same time If i...

Страница 441: ...rmation in the network You can configure the suppression on the multicast source port feature to filter multicast packets on the unauthorized multicast source port so as to prevent the users connected...

Страница 442: ...le 353 Enable multicast routing and configure limit on the number of multicast route entries Operation Command Description Enter system view system view Enable multicast routing multicast routing enab...

Страница 443: ...sers usually configure both primary and secondary links over a connection in order to avoid communication interruption due to link failure When the primary link fails the secondary link can replace it...

Страница 444: ...rface interface type interface number Configure static router ports multicast static router port vlan vlan id Required Operation Command Description Enter system view system view Enter VLAN view vlan...

Страница 445: ...he statistics information about the suppression on the multicast source port display multicast source deny interface interface type interface number You can execute the display commanding any view If...

Страница 446: ...mask mask length source address mask group mask mask length incoming interface interfa ce type interface number register You can execute the display commanding any view Display the information about t...

Страница 447: ...icast MAC address entries created by the mac address multicast command manually however it cannot be used to delete the multicast MAC address entries learned by the switch If you want to add a port to...

Страница 448: ...MAC ADDRESS TABLE CONFIGURATION Table 361 Display the multicast MAC addresses Operation Command Description Display the static multicast MAC addresses display mac address multicast count You can use...

Страница 449: ...IGMP is asymmetric between the host and the router The host needs to respond to the IGMP query messages of the multicast routers that is report message responses as an IGMP host The multicast router...

Страница 450: ...Version 2 It is used to dynamically adjust the maximum time for a host to respond to the membership query message Working Procedure of IGMP The working procedure of IGMP is as follows The receiver ho...

Страница 451: ...osts in the network want to join in another multicast group G2 they will send IGMP host report messages about G2 to respond to the query messages After the query response process the IGMP routers get...

Страница 452: ...n to the multicast router The multicast router relies on IGMP query response timeout to know whether a group no longer has members This adds to the leave latency In IGMPv2 on the other hand when a hos...

Страница 453: ...l on VLAN interface 1 Configure the pim neighbor policy command to filter PIM neighbors in the network segment 33 33 33 0 24 That is Switch A does not consider Switch B as its PIM neighbor In this cas...

Страница 454: ...g IGMP Query Packets on page 454 Configure IGMP multicast groups on the interface Optional Configuring IGMP Multicast Groups on the Interface on page 456 Configure IGMP simulated joining Optional Conf...

Страница 455: ...value x seconds time it will maintain the membership of the group If the IGMP querier does not receive IGMP join messages from other hosts after the robust value x seconds time it considers the group...

Страница 456: ...nabled globally IGMP is enabled on all the layer 3 interfaces automatically Configure the query interval igmp timer query seconds Optional The query interval is 60 seconds by default Configuring the i...

Страница 457: ...t routing enable Required Enter VLAN interface view interface Vlan interface interface number Enable IGMP on the current interface igmp enable By default if the IP multicast routing protocol is enable...

Страница 458: ...face view first Limit the range of multicast groups that the interface serves igmp group policy acl number vlan vlan id Optional By default the filter is not configured that is any multicast group is...

Страница 459: ...ed for one interface Configuring Suppression on IGMP Host Report Messages When a Layer 2 switch receives an IGMP host report message from a host in a multicast group the switch will forward the messag...

Страница 460: ...Configure suppression on IGMP host report messages Operation Command Description Enter system view system view Configure suppression on IGMP host report messages igmp report aggregation Required By de...

Страница 461: ...d the related resources bandwidth and the CPU of the router are consumed at the same time In order to reduce the network resource consumption PIM DM prunes the branches which do not forward multicast...

Страница 462: ...d forward the packet to all the downstream PIM DM nodes That is the process of flooding If not that is the router considers that the multicast packets travel into the router through incorrect interfac...

Страница 463: ...forwarding tree from the data source S based on the existing unicast routing table static multicast routing table and MBGP routing table The procedure is as follows When a multicast packet arrives th...

Страница 464: ...the upstream neighbor of the S G entry which is responsible for forwarding the S G multicast packets The unselected routers will prune the corresponding interfaces to disable the information forwardi...

Страница 465: ...receiver PIM SM is independent of the special unicast routing protocol Instead it performs RPF check based on the existing unicast routing table Work Mechanism of PIM SM The working procedure of PIM...

Страница 466: ...ple network there is only little multicast information One RP is enough for information forwarding In this case you can statically specify the position of RP in each router in the SM domain However PI...

Страница 467: ...itself as BSR any more Otherwise the candidate BSR will keep its own BSR address and continue to consider itself as BSR The positions of RPs and BSRs in the network are as shown in Figure 115 Figure 1...

Страница 468: ...to the receiver will send Prune messages to RP hop by hop in the direction reverse to RPT When the first upstream router receives the Prune message it will delete the links with the downstream router...

Страница 469: ...reaches the router nearest to the multicast source namely the first hop router hop by hop and all the passed routers have the S G entry As a result a branch of SPT is built Then the last hop router se...

Страница 470: ...PIM neighbors Optional Configuring PIM Neighbors on page 471 Clear the related PIM entries Optional Clearing the Related PIM Entries on page 471 Table 373 Enable PIM DM PIM SM on the interface Operati...

Страница 471: ...l multicast routing enable Required Enter VLAN interface view interface Vlan interface interface number Enable PIM DM PIM SM on the current interface pim dm pim sm Required Configure the PIM protocol...

Страница 472: ...guring BSR RP Table 377 Configure filtering policies for multicast source group Operation Command Description Enter system view system view Enable the multicast routing protocol multicast routing enab...

Страница 473: ...interface number hash mask len priority Optional By default candidate BSRs are not set for the switch and the value of priority is 0 Configure candidate RPs c rp interface type interface number group...

Страница 474: ...network can be effectively divided into domains using different BSRs Filtering the Registration Packets from RP to DR Through the registration packet filtering mechanism in PIM SM network you can dete...

Страница 475: ...t hop switch performs RPT to SPT switchover upon receiving the first multicast packet The infinity keyword specifies that RPT to SPT switchover never takes place Displaying and Debugging PIM After com...

Страница 476: ...les display pim routing table g group address mask mask length mask rp rp address mask mask length mask group address mask mask length mask source address mask mask length mask incoming interface inte...

Страница 477: ...interface 20 Lanswitch2 system view Lanswitch2 multicast routing enable Lanswitch2 interface Vlan interface 11 Lanswitch2 Vlan interface11 pim dm Lanswitch2 Vlan interface11 quit Lanswitch2 interface...

Страница 478: ...SM on each interface and enable IGMP on Vlan interface 11 SW7750 system view SW7750 multicast routing enable SW7750 interface Vlan interface 10 SW7750 Vlan interface10 pim sm SW7750 Vlan interface10...

Страница 479: ...LS_D cannot receive BSR information from LS_B any mote that is LS_D is excluded from the PIM domain Configure LS_C The configuration on LS_C is similar to the configuration on LS_A Troubleshooting PIM...

Страница 480: ...480 CHAPTER 47 PIM CONFIGURATION...

Страница 481: ...to local receivers If there is a mechanism that allows RPs of different PIM SM domains to share their multicast source information the local RP will be able to join multicast sources in other domains...

Страница 482: ...ied in the message and joins the SPT rooted at the source across the PIM SM domain When multicast data from the multicast source arrives the receiver side MSDP peer forwards the data to the receivers...

Страница 483: ...gets aware of the information related to the multicast source 2 As the source side RP RP 1 creates SA messages and periodically sends the SA messages to its MSDP peer An SA message contains the source...

Страница 484: ...o longer relies on RPs in other PIM SM domains The receivers can override the RPs in other domains and directly join the multicast source based SPT RPF check rules for SA messages As shown in Figure 1...

Страница 485: ...P 6 receives the SA messages from RP 4 and RP 5 suppose RP 5 has a higher IP address Although RP 4 and RP 5 are in the same SA AS 3 and both are MSDP peers of RP 6 because RP 5 has a higher IP address...

Страница 486: ...as this RP In this example Receiver joins the RPT rooted at RP 2 3 RPs share the registered multicast information by means of SA messages In this example RP 1 creates an SA message and sends it to RP...

Страница 487: ...only one MSDP peer known as a stub area the BGP or MBGP route is not compulsory SA messages are transferred in a stub area through the static RPF peers In addition the use of static RPF peers can avo...

Страница 488: ...om outside the mesh group it sends them to other members of the group On the other hand a mesh group member does not perform RPF check on SA messages from within the mesh group and does not forward th...

Страница 489: ...peers to each other To prevent failure of RPF check on SA messages between MSDP peers you must configure the RP address to be carried in the SA messages n In Anycast RP application C BSR and C RP must...

Страница 490: ...icast data must be encapsulated in the SA message otherwise the receiver will never receive the multicast source information By default when a new receiver joins a router does not send any SA request...

Страница 491: ...SA request message the router will get immediately a response from all active multicast sources By default the router does not send any SA request message to its MSDP peers upon receipt of a Join mess...

Страница 492: ...default an MSDP peer receives and forwards all SA messages MSDP inbound outbound filter implements the following functions Filtering out all S G entries Receiving forwarding only the SA messages permi...

Страница 493: ...onfiguration In user view you can execute the reset command to reset the MSDP counter Configure to filter SA messages to be received or forwarded peer peer address sa policy import export acl acl numb...

Страница 494: ...p is established between the RPs based on BGP routes within each PIM SM network Loopback 0 on Switch C Switch D and Switch E functions as the C BSR and C RP of its own PIM SM domain respectively An MS...

Страница 495: ...each interface according to Figure 124 The details are omitted here 2 Enable multicast and enable PIM SM on each interface Enable multicast on SwitchC and enable PIM SM on all interfaces Switch C is...

Страница 496: ...tion of C BSRs and C RPs Configure the interface Loopback0 on Switch C Switch D and Switch F and configure the locations of C BSRs and C RPs Switch C is taken for example The configuration procedures...

Страница 497: ...168 1 1 100 4 0 1 4 00 01 05 Established 192 168 3 1 200 4 0 0 0 00 00 05 Active Carry out the display bgp routing table command to view the BGP routing table information on the switches The BGP rout...

Страница 498: ...192 168 3 2 Up 00 15 32 200 8 0 SwitchD display msdp brief MSDP Peer Brief Information Peer s Address State Up Down time AS SA Count Reset Count 192 168 3 1 UP 01 07 08 200 8 0 192 168 1 1 UP 00 06 39...

Страница 499: ...In the PIM SM domain configure the interface IP addresses on the switches and interconnect the switches through OSPF Configure the IP address and mask of each interface according to Figure 125 The det...

Страница 500: ...pim c bsr loopback 10 32 SwitchC pim c rp loopback 10 SwitchC pim quit When the multicast source S1 in the PIM SM domain sends multicast information receivers on Switch D can receive multicast informa...

Страница 501: ...Count 1 1 1 1 Up 00 10 18 0 0 Configuration Example of a PIM Stub Domain Network requirements Two ISPs maintains their ASs AS 100 and AS 200 respectively OSPF is running within each AS and BGP is run...

Страница 502: ...n Figure 126 The detailed configuration steps are omitted 2 Enable multicast and enable PIM SM on each interface Enable multicast on all the switches and enable PIM SM on each interface The configurat...

Страница 503: ...tch D and Switch F are similar to the configuration procedure on Switch C so the configuration procedures are omitted SwitchC pim SwitchC pim c bsr loopback 0 32 SwitchC pim c rp loopback 0 SwitchC pi...

Страница 504: ...is configured but it is always in the down state Analysis An MSDP peer relationship between the locally configured connect interface interface address and the configured peer address is based on a TC...

Страница 505: ...entries of the local multicast domain through SA messages verify that the import source command is configured correctly Solution 1 Check the connectivity of the route between the routers Use the displ...

Страница 506: ...506 CHAPTER 48 MSDP CONFIGURATION...

Страница 507: ...s configured on this device Local authentication is fast and requires lower operational cost But the information storage capacity is limited by device hardware Remote authentication Users are authenti...

Страница 508: ...ISP domain view Introduction to RADIUS AAA is a management framework It can be implemented by not only one protocol But in practice the most commonly used protocol for AAA is RADIUS What is RADIUS RA...

Страница 509: ...RADIUS client a switch for example and the RADIUS server are verified by using a shared key This enhances the security The RADIUS protocol combines the authentication and authorization processes toget...

Страница 510: ...pts or denies the user depending on the received authentication result If it accepts the user the RADIUS client sends a start accounting request Accounting Request with the Status Type filed set to st...

Страница 511: ...k This packet carries user information It must contain the User Name attribute and may contain the following attributes NAS IP Address User Password and NAS Port 2 Access Accept Direction server clien...

Страница 512: ...otocol allows a device vendor to extend RADIUS to implement functions that are not defined in standard RADIUS Figure 130 depicts the structure of attribute 26 The Vendor ID field representing the code...

Страница 513: ...cal HWTACACS application a dial up or terminal user needs to log in to the device for operations As the client of HWTACACS in this case the switch sends the username and password to the TACACS server...

Страница 514: ...HWTACACS server HWTACACS server TACACS server User TACACS client Requests to log in Authentication start request Authentication response requesting username Requests username Enters username Authenti...

Страница 515: ...ntication continuance packet carrying the login password to the TACACS server 6 The TACACS server sends back an authentication response indicating that the user has passed the authentication 7 The TAC...

Страница 516: ...for the ISP domain Required If local authentication is adopted refer to Configuring the Attributes of a Local User on page 523 If RADIUS authentication is adopted refer to RADIUS Configuration on page...

Страница 517: ...age 528 Configure the supported RADIUS server type Optional Configuring the Supported RADIUS Server Type on page 528 Configure the status of RADIUS servers Optional Configuring the Status of RADIUS Se...

Страница 518: ...heme Required Creating a HWTACACS Scheme on page 532 Configure HWTACACS authentication servers Required Configuring HWTACACS Authentication Servers on page 532 Configure HWTACACS authorization servers...

Страница 519: ...iption Enter system view system view Create an ISP domain or enter the view of an existing ISP domain domain isp name Required Activate deactivate the ISP domain state active block Optional By default...

Страница 520: ...scheme name local command the local scheme becomes the secondary scheme in case the RADIUS server does not response normally That is if the communication between the switch and the RADIUS server is no...

Страница 521: ...orization and accounting schemes the separate ones will be adopted in precedence RADIUS scheme and local scheme do not support the separation of authentication and authorization Therefore pay attentio...

Страница 522: ...with the assigned ID and then adds the port to the newly created VLAN String If the RADIUS server assigns string type of VLAN IDs you can set the VLAN assignment mode to string on the switch Then upon...

Страница 523: ...Create an ISP domain and enter its view domain isp name Set the VLAN assignment mode vlan assignment mode inte ger string Optional By default the VLAN assignment mode is integer Create a VLAN and ente...

Страница 524: ...cut down the connection Authorize the user to access the specified type s of service s service type ftp lan access telnet ssh terminal level level Required By default the system does not authorize th...

Страница 525: ...ion exchange between the switch and the RADIUS servers To make these parameters take effect you must reference the RADIUS scheme configured with these parameters in an ISP domain view For specific con...

Страница 526: ...Command Description Enter system view system view Create a RADIUS scheme and enter its view radius scheme radius scheme name Required By default a RADIUS scheme named system has already been created...

Страница 527: ...fails to perform accounting it cuts down the connection of the user The IP address and the port number of the default primary accounting server system are 127 0 0 1 and 1646 Currently RADIUS does not...

Страница 528: ...restores the communication with the primary server instead of communicating with the secondary server and at the same time restores the status of the primary server to the active state while keeping...

Страница 529: ...ting block active Set the status of the secondary RADIUS authentication authori zation server state secondary authentication block active Set the status of the secondary RADIUS accounting server state...

Страница 530: ...uthentication servers including the default local RADIUS authentication server Configuring the Timers of RADIUS Servers If the switch gets no response from the RADIUS server after sending out a RADIUS...

Страница 531: ...art function is designed to resolve the above problem After this function is enabled every time the switch restarts 1 The switch generates an Accounting On packet which mainly contains the following i...

Страница 532: ...rotocol is configured scheme by scheme Therefore you must create a HWTACACS scheme and enter HWTACACS view before you perform other configuration tasks c CAUTION The system supports up to 16 HWTACACS...

Страница 533: ...rt number of the secondary TACACS authentication server secondary authentication ip address port Required By default the IP address of the secondary authentication server is 0 0 0 0 and the port numbe...

Страница 534: ...y TACACS accounting server primary accounting ip address port Required By default the IP address of the primary accounting server is 0 0 0 0 and the port number is 0 Set the IP address and port number...

Страница 535: ...names Set the units of measure for data flows sent to TACACS servers data flow format data byte giga byte kilo byte mega byte Optional By default in a TACACS scheme the unit of measure for data is by...

Страница 536: ...ay command in any view Display the information about user connections display connection access type dot1x domain domain name interface interface type interface number ip ip address mac mac address ra...

Страница 537: ...the RADIUS protocol reset radius statistics Table 427 Display and maintain HWTACACS protocol information Operation Command Description Display the configuration or statistic information about one spec...

Страница 538: ...user names and login passwords The Telnet user name added to the RADIUS server must be in the format of userid isp name if you have configure the switch to include domain names in the user names to b...

Страница 539: ...of Telnet users The following description only takes the local authentication of Telnet users as example Network requirements In the network environment shown in Figure 134 you are required to configu...

Страница 540: ...ith the configuration in RADIUS scheme TACACS Authentication Authorization and Accounting of Telnet Users Network requirements You are required to configure the switch so that the Telnet users logging...

Страница 541: ...n is specified on the switch Use the correct user name format or set a default ISP domain on the switch The user is not configured in the database of the RADIUS server Check the database of the RADIUS...

Страница 542: ...properly set Be sure to set a correct port number for RADIUS accounting The switch requests that both the authentication authorization server and the accounting server use the same device with the sa...

Страница 543: ...led the switch determines the validity of session control packets it receives according to the source IP address of the packets Only those session control packets sent from the authentication server a...

Страница 544: ...ard the security policy server reissues an ACL to the switch to assign the access right to the client EAD Configuration Configuration prerequisites EAD is implemented typically in RADIUS scheme Before...

Страница 545: ...erver Configure the authentication server type to extended Configure the encryption password for exchanging messages between the switch and RADIUS server to expert Configure the IP address of the secu...

Страница 546: ...radius cams primary authentication 10 110 91 164 1812 SW7750 radius cams key authentication expert SW7750 radius cams accouting optional SW7750 radius cams server type extended Configure the IP addre...

Страница 547: ...ss configured for a traffic group You can configure some network addresses for a traffic group and then traffic generated by accessing these addresses will be accounted Traffic collection module an in...

Страница 548: ...ffic accounting module periodically sends update traffic accounting statistics to the accounting server 7 When the user goes offline the authenticator device sends the total traffic amount to the acco...

Страница 549: ...raffic collection card Traffic slot slot num Required Enable the traffic accounting function accounting enable Required By default this function is disabled on the traffic accounting module Table 430...

Страница 550: ...traffic group somegroup Configure the following two destination network IP addresses for the traffic accounting group SW7750 traffic group somegroup network 11 127 1 0 24 SW7750 traffic group somegrou...

Страница 551: ...roup rate 1 SW7750 isp aaa quit Configure the traffic accounting module specify the traffic collection module and enable the traffic accounting function SW7750 traffic accounting accounting slot 2 SW7...

Страница 552: ...552 CHAPTER 51 TRAFFIC ACCOUNTING CONFIGURATION...

Страница 553: ...o the Layer 3 Switch implementing communication between these hosts and the external network If Switch fails all the hosts on this segment taking Switch as the next hop through the default routes are...

Страница 554: ...etween the hosts and the external networks This ensures the communications between the hosts and the external networks Virtual Router Overview After you enable VRRP on the switches of a backup group a...

Страница 555: ...ready enabled the system does not support this configuration By default virtual router IP addresses are mapped to the virtual MAC address of a backup group n When you map a virtual IP address to the v...

Страница 556: ...thentication key should not exceed eight characters In a vulnerable network the authentication type can be set to md5 The switch then uses the authentication type provided by the Authentication Header...

Страница 557: ...s a result other switch in the backup group may have a higher priority than this switch and therefore take over the role as a master switch n The Ethernet port tracked can be in or out of the VLAN in...

Страница 558: ...ted parameters Operation Command Description Enter system view system view Create a VLAN vlan vlan id Quit to system view quit Enter VLAN interface view interface Vlan interface valn id Configure the...

Страница 559: ...mode enabled Table 436 Display and Maintain VRRP Operation Command Description Display the VRRP statistics information display vrrp statistics interface interface type interface number vrid virtual r...

Страница 560: ...1 255 255 255 0 LSW A Vlan interface2 quit Enable a backup group to respond to ping operations destined for its virtual router IP address LSW A vrrp ping enable Create a backup group LSW A interface V...

Страница 561: ...ackup group LSW B Vlan interface2 vrrp vrid 1 preempt mode The IP address of the default gateway of Host A can be configured to be 202 38 160 111 Normally Switch A functions as the gateway but when Sw...

Страница 562: ...address 202 38 160 1 255 255 255 0 LSW A Vlan interface2 quit Configure that the virtual router can be pinged LSW A vrrp ping enable Create a backup group LSW A interface Vlan interface 2 LSW A Vlan...

Страница 563: ...erface 2 LSW B Vlan interface2 vrrp vrid 1 virtual ip 202 38 160 111 Set the authentication key for the backup group LSW B Vlan interface2 vrrp vrid 1 authentication mode md5 abc123 Set the master to...

Страница 564: ...rnet 1 0 6 LSW A vlan2 quit LSW A interface Vlan interface 2 LSW A Vlan interface2 ip address 202 38 160 1 255 255 255 0 Create backup group 1 LSW A Vlan interface2 vrrp vrid 1 virtual ip 202 38 160 1...

Страница 565: ...group or the attempt of other devices sending out illegal VRRP packets The first possible fault can be solved through modifying the configuration And as the second possibility is caused by the malici...

Страница 566: ...GURATION Symptom 3 VRRP state of a switch changes repeatedly Such problems occur when the backup group timer duration is too short They can be solved through prolonging the duration or configuring the...

Страница 567: ...nually switchover master slave You can change the current module state manually by executing command c CAUTION The HA feature of the Switch 7758 can detect the software upgrade of the two Fabric with...

Страница 568: ...lave module works normally you can set the slave system restart manually Perform the following configuration in user view Performing the Master Slave Switchover Manually When the slave module is avail...

Страница 569: ...nfiguration file to the slave module only if the slave system operates normally The configuration file will be fully copied at each time the operation is executed Displaying HA After the above configu...

Страница 570: ...570 CHAPTER 53 HA CONFIGURATION...

Страница 571: ...re All fields except for the target hardware address field are used in an ARP request The target hardware address is just what the sender wants to obtain All fields are used in an ARP reply Figure 146...

Страница 572: ...tes Protocol address length Length of the protocol address in bytes Operation code Type of the packet which can be 1 ARP request 2 ARP reply 3 RARP request 4 RARP reply Sender hardware address Hardwar...

Страница 573: ...ddress and MAC address carried in the request IP_A and MAC_A of Host A in an entry to its ARP table and then returns an ARP reply packet to the sender Host A with its MAC address carried in the packet...

Страница 574: ...This prevents traffic interruption as mentioned above How gratuitous ARP update interval works A switch periodically sends gratuitous ARP packets that carry the master IP address and secondary IP add...

Страница 575: ...on a trusted port Introduction to ARP Source Suppression With the ARP source suppression function the switch classifies incoming ARP packets and limits the maximum number of ARP packets with the same...

Страница 576: ...iguring the Aging Time for Dynamic ARP Entries on page 577 Configure ARP entry checking Optional Configuring ARP Entry Checking on page 577 Enabling ARP forwarding in the protocol based VLAN Optional...

Страница 577: ...to MAC resolutions Enter port view interface interface type interface number Configure the maximum number of dynamic ARP entries that can be learnt by the port arp max dynamic entry number Optional I...

Страница 578: ...Enter system view system view Enable gratuitous ARP learning gratuitous arp learning enable Required Disabled by default Table 455 Configure the gratuitous ARP update interval Operation Command Descr...

Страница 579: ...port is 15pps Configure the port state auto recovery interval arp protective down recover interval time Optional 300 seconds by default Configure the port as a trusted port for ARP packet rate limit a...

Страница 580: ...splay command in any view Display ARP entries display arp static dynamic ip address Display the ARP entries matching a specified rule display arp begin include exclude text Display the number limits o...

Страница 581: ...on the ports of Switch A and set the recovery interval to 200 seconds Network diagram Figure 147 ARP packet rate limit configuration Configuration procedure Enable DHCP snooping on Switch A SwitchA s...

Страница 582: ...582 CHAPTER 54 ARP CONFIGURATION SwitchA arp protective down recover interval 200...

Страница 583: ...wo hosts cannot communicate With proxy ARP enabled on the switch when VLAN interface 3 receives the ARP request if the switch finds a route to the destination IP address encapsulated in the ARP reques...

Страница 584: ...en isolate user vlan function is enabled on the Layer 2 switches connected with the Switch 7750 ports in the same VLAN are isolated with each other at Layer 2 To provide Layer 3 connectivity between L...

Страница 585: ...e3 quit Configure the IP address of VLAN interface 4 as 192 168 1 27 24 Switch interface Vlan interface 4 Switch Vlan interface4 ip address 192 168 1 27 24 Switch Vlan interface4 quit Enable proxy ARP...

Страница 586: ...Switch vlan10 supervlan Switch vlan10 subvlan 2 3 Switch vlan10 interface vlan interface 10 Switch Vlan interface10 ip address 192 168 10 100 255 255 0 0 Switch Vlan interface10 quit Enable proxy ARP...

Страница 587: ...lan 2 SwitchB vlan2 port ethernet 2 0 2 SwitchB vlan2 quit SwitchB vlan 3 SwitchB vlan3 port ethernet 2 0 3 SwitchB vlan3 quit SwitchB vlan 5 SwitchB vlan5 port ethernet 2 0 1 SwitchB vlan5 isolate us...

Страница 588: ...588 CHAPTER 55 PROXY ARP CONFIGURATION SwitchA Vlan interface5 arp proxy enable SwitchA Vlan interface5 arp proxy source vlan enable SwitchA Vlan interface5 quit...

Страница 589: ...P servers return the corresponding configuration information such as IP addresses to configure IP addresses dynamically A typical DHCP application includes one DHCP server and multiple clients such as...

Страница 590: ...ment of the IP address to the client When the client receives the DHCP ACK packet it broadcasts an ARP packet with the assigned IP address as the destination address to detect the assigned IP address...

Страница 591: ...HCP client initiates a DHCP request flags The first bit is the broadcast response flag bit It is used to identify that the DHCP response packet is sent in the unicast or broadcast mode Other bits are...

Страница 592: ...ls the DHCP server picks IP addresses from its global address pool that contains the interface address pool segment and assigns them to the DHCP clients Trunk DHCP packets received from DHCP clients a...

Страница 593: ...lease time of the IP address to the DHCP client Types of address pools The address pools of a DHCP server fall into two types global address pool and interface address pool A global address pool is c...

Страница 594: ...IP addresses from its global address pool that contains the interface address pool segment and assigns them to the DHCP clients A DHCP server assigns IP addresses in interface address pools or global...

Страница 595: ...e NetBIOS services for the DHCP server Optional Configuring NetBIOS Services for the DHCP Server on page 598 Customize DHCP service Optional Customizing DHCP Service on page 599 Configure gateway addr...

Страница 596: ...be coupled In the same global DHCP address pool if the static bind ip address command or the static bind mac address command is executed repeatedly the new configuration overwrites the previous one Th...

Страница 597: ...ddresses while assigning IP addresses to DHCP clients Currently you can configure up to eight DNS server addresses for a DHCP address pool You can configure domain names to be used by DHCP clients for...

Страница 598: ...NS server returns the IP address corresponding to the destination node name to the source node M node Nodes of this type are p nodes mixed with broadcasting features The character m stands for the wor...

Страница 599: ...ents to be of a specific NetBIOS node type netbios type b node h node m node p node Optional By default no NetBIOS node type of the DHCP client is specified and a DHCP client uses an h node Table 467...

Страница 600: ...s contained in it belong to the network segment where the interface resides and are available to the interface only You can perform certain configurations for DHCP address pools of an interface or mul...

Страница 601: ...ents When such a DHCP client applies for an IP address the DHCP server finds the IP address corresponding to the MAC address of the DHCP client and then assigns the IP address to the DHCP client Custo...

Страница 602: ...gned to DHCP clients are those not occupied by specific network devices such as gateways and FTP servers The lease time can differ with address pools But that of the IP addresses of the same address p...

Страница 603: ...erver you can configure domain names to be used by DHCP clients for address pools After you do this the DHCP server provides the domain names to the DHCP clients while the DHCP server assigns IP addre...

Страница 604: ...packet to the WINS server After receiving the unicast packet the WINS server returns the IP address corresponding to the destination node name to the source node M node Nodes of this type are p nodes...

Страница 605: ...equired By default no NetBIOS node type is specified and a DHCP client uses an h node dhcp server netbios type b node h node m node p node quit Configure multiple interfaces in system view dhcp server...

Страница 606: ...assigns the address to a DHCP client IP address detecting is achieved by performing ping operations To detect whether an IP address is currently in use the DHCP server sends an ICMP packet with the I...

Страница 607: ...the same network segment The network segment 10 1 1 0 24 to which the IP addresses of the address pool belong is divided into two sub network segments 10 1 1 0 25 and 10 1 1 128 25 The switch operati...

Страница 608: ...example in the network to which VLAN interface 1 is connected if multiple clients apply for IP addresses the child address pool 10 1 1 0 25 assigns IP addresses first When the IP addresses in the chil...

Страница 609: ...main name aabbcc com SW7750 dhcp pool 0 dns list 10 1 1 2 SW7750 dhcp pool 0 quit Configure DHCP address pool 1 including address range gateway and lease time SW7750 dhcp server ip pool 1 SW7750 dhcp...

Страница 610: ...onfigured on a host if you receive a response packet of the ping operation You can then disable the IP address from being dynamically assigned by using the dhcp server forbidden ip command on the DHCP...

Страница 611: ...P addresses In this case the DHCP clients in multiple networks can use the same DHCP server which can decrease your cost and provide a centralized administration DHCP Relay Agent Fundamentals Figure 1...

Страница 612: ...nts through which and other proper software you can achieve the DHCP assignment limitation and accounting functions Primary terminologies Option A length variable field in DHCP packets carrying inform...

Страница 613: ...o which the DHCP client belongs and the MAC address of the DHCP relay agent 5 Upon receiving the DHCP request packet forwarded by the DHCP relay agent the DHCP server stores the information contained...

Страница 614: ...ing a DHCP Relay Agent to Broadcast Responses to Clients on page 615 Specify gateways for DHCP clients Optional Specifying Gateways for DHCP Clients on page 615 Specify source IP address of uplink pac...

Страница 615: ...ents After this function is enabled even if the flag field in the DHCP DISCOVER packet is set to 0 the DHCP relay agent still broadcasts responses to the clients Specifying Gateways for DHCP Clients T...

Страница 616: ...econdary Removing all the gateways in system view Specifying the Source IP Address of Uplink Packets When a Switch 7750 Ethernet switch working as a DHCP relay agent forwards a client s packet to the...

Страница 617: ...d a DHCP relay agent inhibits a user from accessing external networks if the binding of the IP address MAC address VLAN ID and port number do not match any entries including the entries dynamically tr...

Страница 618: ...ask you can validate or invalidate the dynamic IP to MAC mapping entries generated by the DHCP relay agent DHCP client addresses are matched based on the dynamic entries generated by DHCP relay agent...

Страница 619: ...d lease time The routes between the DHCP relay agent and the DHCP server are reachable Enabling option 82 supporting on a DHCP relay agent The following operations need to be performed on a DHCP relay...

Страница 620: ...diagram Figure 156 Network diagram for DHCP relay agent Configuration procedure Enter system view SW7750 system view Table 494 Display DHCP relay agent configuration Operation Command Description Dis...

Страница 621: ...Relay Agent Symptom A client fails to obtain configuration information through a DHCP relay agent Analysis This problem may be caused by improper DHCP relay agent configuration When a DHCP relay agent...

Страница 622: ...622 CHAPTER 58 DHCP RELAY AGENT CONFIGURATION...

Страница 623: ...n unauthorized DHCP server exists in the network a DHCP client may obtain an illegal IP address To ensure that the DHCP clients obtain IP addresses from valid DHCP servers you can specify a port to be...

Страница 624: ...K packet DHCP REQUEST packet Introduction to DHCP Snooping Option 82 Introduction to Option 82 For details about Option 82 refer to Option 82 Support on page 612 Padding content and frame format of Op...

Страница 625: ...to 1 in the case of ASCII format Figure 159 Extended format of the circuit ID sub option Figure 160 Extended format of the remote ID sub option In practice some network devices do not support the type...

Страница 626: ...e will Drop Drop the packet Keep Forward the packet without changing Option 82 Replace Neither of the two sub options is configured Forward the packet after replacing the original Option 82 with the d...

Страница 627: ...which the port belongs to These records are saved as entries in the DHCP snooping table IP static binding table The DHCP snooping table only records information about clients that obtains IP address d...

Страница 628: ...ble the DHCP snooping function dhcp snooping Required By default the DHCP snooping function is disabled Enter Ethernet port view interface interface type interface number Set the port connected to a D...

Страница 629: ...CP Snooping to Support Option 82 on page 628 Configuring the padding format for Option 82 on page 631 Table 499 Enable DHCP snooping Option 82 support Operation Command Description Enter system view s...

Страница 630: ...ort aggregation Configuring the remote ID sub option You can configure the remote ID sub option in system view or Ethernet port view In system view the remote ID takes effect on all interfaces You can...

Страница 631: ...ote ID sub option in Option 82 Operation Command Description Enter system view system view Configure the remote ID sub option in system view dhcp snoopinginformation remote id sysname string string Op...

Страница 632: ...ption 82 and option 82 is enabled on the switch The Ethernet 2 0 1 port of Switch A is a trusted port Create a static binding ip source static binding ip address ip address mac address mac address Opt...

Страница 633: ...82 Support Configuration Example Network requirements As shown in Figure 164 Ethernet 2 0 5 of the switch is connected to the DHCP server and Ethernet 2 0 1 Ethernet 2 0 2 and Ethernet 2 0 3 are respe...

Страница 634: ...f the DHCP snooping device Switch dhcp snooping information remote id sysname Set the circuit ID sub option in DHCP packets from VLAN 1 to abcd on Ethernet 2 0 3 Switch interface Ethernet2 0 3 Switch...

Страница 635: ...as the trusted port Switch interface Ethernet2 0 1 Switch Ethernet2 0 1 dhcp snooping trust Switch Ethernet2 0 1 quit Enable IP filtering on Ethernet 2 0 2 Ethernet 2 0 3 and Ethernet 2 0 4 to filter...

Страница 636: ...636 CHAPTER 59 DHCP SNOOPING CONFIGURATION Switch interface Ethernet2 0 2 Switch Ethernet2 0 2 ip source static binding ip address 1 1 1 1 m ac address 0001 0001 0001...

Страница 637: ...ly Advanced ACL rules are made based on the L3 and L4 information such as the source and destination IP addresses of the data packets the type of protocol over IP protocol specific features and so on...

Страница 638: ...L are matched in the following order 1 Protocol number of ACL rules Protocol number ranges from 1 to 255 The smaller the protocol range the higher the priority 2 Range of source IP address The smaller...

Страница 639: ...range is configured and the system time is within the time range If you remove the time range of an ACL rule the ACL rule becomes invalid the next time the ACL rule timer refreshes Types of ACLs Supp...

Страница 640: ...e time range configuration tasks include configuring periodic time sections and configuring absolute time sections A periodic time section appears as a period of time in a day of the week while an abs...

Страница 641: ...configuration till the largest date available in the system Configuration Example Define a periodic time section test that will be active from 8 00 to 18 00 Monday through Friday SW7750 system view SW...

Страница 642: ...atched Defining Advanced ACLs Advanced ACLs define classification rules according to the source and destination IP addresses of packets the type of protocol over IP and protocol specific features such...

Страница 643: ...match order is config Define an rule rule rule id permit deny rule string Required Display ACL information display acl config all acl number acl name Optional This command can be executed in any view...

Страница 644: ...cedence ToS priority Value range 0 to 15 dscp dscp Packet precedence DSCP priority Value range 0 to 63 fragment Fragment information Specifies that the ACL rule is effective for non initial fragment p...

Страница 645: ...8 1000 Table 516 TCP UDP specific rule information Parameter Type Function Description source port operator port1 port2 Source port s Defines the source port information of UDP TCP packets The value o...

Страница 646: ...Parameter Type Function Description icmp type icmp type icmp code Type and message code information of ICMP packets Specifies the type and message code information of ICMP packets in the ACL rule icmp...

Страница 647: ...2 information such as the source and destination MAC address information VLAN priority and Layer 2 protocol to process packets The value range for Layer 2 ACL numbers is 4 000 to 4 999 Configuration P...

Страница 648: ...ask in the format of H H H defaults to ffff ffff ffff source vlan id source VLAN ID in the range of 1 to 4 094 any represents all packets received from all ports egress dest mac ad dr dest mac mask an...

Страница 649: ...0 acl number 4000 SW7750 acl link 4000 rule deny cos 3 source 000d 88f5 97ed ffff ff ff ffff dest 0011 4301 991e ffff ffff ffff SW7750 acl link 4000 display acl config 4000 Link ACL 4000 1 rule rule 0...

Страница 650: ...g 5001 User ACL 5001 1 rule rule 25 deny 06 ff 27 time range t1 0 times matched Inactive Applying ACLs on Ports By applying ACLs on ports you can filter certain packets Configuration Preparation You n...

Страница 651: ...nation mode Form of acl rule Apply all rules in an IP type ACL separately ip group acl number acl name Apply one rule in an IP type ACL separately ip group acl number acl name rule rule id Apply all r...

Страница 652: ...h letter a to z or A to Z without space and quotation mark case insensitive user group acl num ber acl name User defined ACL acl number ACL number ranging from 5 000 to 5 999 acl name ACL name up to 3...

Страница 653: ...L configuration are listed below 1 Define the time range Define the time range from 8 00 to 18 00 SW7750 system view SW7750 time range test 8 00 to 18 00 daily 2 Define an ACL for packets with the sou...

Страница 654: ...e range that contain a periodic time section from 8 00 to 18 00 SW7750 system view SW7750 time range test 8 00 to 18 00 working day 2 Define an ACL for filtering requests destined for the wage server...

Страница 655: ...000 Define an ACL rule to deny packets with the source MAC address of 0011 0011 0011 and destination MAC address of 0011 0011 0012 specifying the time range named test for the ACL rule SW7750 acl link...

Страница 656: ...to 18 00 SW7750 system view SW7750 time range aaa 8 00 to 18 00 daily 2 Create an ACL rule to filter TCP packets Create ACL 5000 SW7750 acl number 5000 Define a rule for TCP packets SW7750 acl user 5...

Страница 657: ...is the evaluation on the service ability to support the core requirements such as delay delay variation and packet loss ratio in the packet delivery Traffic Traffic means service traffic that is all t...

Страница 658: ...different service classes The Diff Serv network defines four traffic classes Expedited Forwarding EF class In this class packets can be forwarded regardless of link share of other traffic The class is...

Страница 659: ...le to occasions where the Layer 3 packet header does not need analysis but QoS must be assured in Layer 2 Figure 171 An Ethernet frame with a 802 1Q tag header Table 529 Description on DSCP values DSC...

Страница 660: ...specification 3 Local precedence Local precedence is the precedence of an outbound queue on a port of the switch It is in the range of 0 to 7 Each outbound queue has its own local precedence Priority...

Страница 661: ...uous burst packets if the traffic of each user is not limited The traffic of each user must be limited in order to make better use of the limited network resources and provide better service for more...

Страница 662: ...pacity of the token bucket namely the maximum traffic size that is permitted in every burst It is generally set to committed burst size CBS The set burst size must be bigger than the maximum packet le...

Страница 663: ...ors are protected For example you can limit HTTP packets within 50 of the network bandwidth If the traffic of a certain connection is excess TP can choose to drop the packets or to reset the priority...

Страница 664: ...ueue with higher priority strictly following the priority order from high to low When the queue with higher priority is empty packets in the queue with lower priority are sent You can put critical ser...

Страница 665: ...full use of Traffic based Traffic Statistics The function of traffic based traffic statistics is to use ACL rules in traffic identifying and perform traffic statistics on the packets matching with the...

Страница 666: ...is VLAN tagged the switch does not perform the operation above Configuration prerequisites The port whose priority is to be configured is specified The priority value of the specified port is specifi...

Страница 667: ...ty are sent preferentially The switch puts a packet into the corresponding queue according to the DSCP precedence IP precedence 802 1p priority or local precedence of the packet The mapping relationsh...

Страница 668: ...type A I O Module Queue 0 to 7 be 0 be 0 0 8 to 15 cs1 8 af1 10 cs1 8 af11 10 af12 12 af13 14 1 16 to 23 cs2 16 af2 18 cs2 16 af21 18 af22 20 af23 22 2 24 to 31 cs3 24 af3 26 cs3 24 af31 26 af32 28 a...

Страница 669: ...cal precedence map 2 3 4 1 7 0 5 6 SW7750 display qos cos local precedence map cos local precedence map cos 0 1 2 3 4 5 6 7 local precedence 2 3 4 1 7 0 5 6 Configuring Priority Remark Refer to Priori...

Страница 670: ...CL rules traffic priority inbound outbound acl rule system index system index dscp dscp value ip precedence pre value local precedence pre value Required Type A I O Modules support this command traffi...

Страница 671: ...es in an IP ACL separately ip group acl number acl name Apply a rule in an IP ACL separately ip group acl number acl name rule rule id Apply all the rules in a Link ACL separately link group acl numbe...

Страница 672: ...rule Applied ACL rules which can be the combination of various ACL rules Type A I O Modules ways of combinations are described in Table 540 and non type A I O Modules ways of combination is described...

Страница 673: ...edirect on page 663 for the introduction to redirect Configuration Prerequisites ACL rules used for traffic identifying are defined Refer to Choosing ACL Mode for Traffic Flows on page 639 for definin...

Страница 674: ...ue scheduling Refer to Queue Scheduling on page 663 for the introduction to queue scheduling Configuration Prerequisites The queue scheduling algorithm is specified The ports that need this configurat...

Страница 675: ...8 10 COS configuration Config max queues 8 Schedule mode weighted round robin Weighting in packets COSQ 0 10 packets COSQ 1 5 packets COSQ 2 10 packets COSQ 3 10 packets COSQ 4 5 packets COSQ 5 10 pa...

Страница 676: ...qos SW7750 qoss Ethernet2 0 1 traffic red outbound ip group 2000 64 128 20 Configuring Traffic Statistics Refer to Traffic based Traffic Statistics on page 665 for the introduction to traffic statist...

Страница 677: ...r system view system view Enter Ethernet port view interface interface type interface number Enter QoS view qos Use the ACL rules in traffic identifying and perform traffic statistics on the packets m...

Страница 678: ...ion can be properly applied to the hardware Configuration Example Ethernet 2 0 1 of the switch is accessed into the network segment 10 1 1 1 24 Enable the function of assured bandwidth for traffic fro...

Страница 679: ...th for all the traffic matching the CAR rule on these ports to share Suppose you want to allocate 2 Mbps of CAR bandwidth for the incoming traffic matching ACL rule 0 and enable CAR on two ports with...

Страница 680: ...with Voice VLAN That is you cannot configure both features on the same port The port on which the traffic based selective QinQ function is configured and the specified uplink port cannot be in the sa...

Страница 681: ...net2 0 1 port hybrid vlan 25 untagged SW7750 GigabitEthernet2 0 1 vlan vpn enable SW7750 GigabitEthernet2 0 1 qos SW7750 qosb GigabitEthernet2 0 1 traffic remark inbound ip group 2 000 remark vlan 25...

Страница 682: ...traffic within 640 kbps and set the precedence of packets exceeding the specification to 4 SW7750 interface Ethernet 2 0 1 SW7750 Ethernet2 0 1 qos SW7750 qosb Ethernet2 0 1 traffic limit inbound ip...

Страница 683: ...dentification based basic ACL view identified SW7750 acl number 2000 SW7750 acl basic 2000 rule 0 permit source 1 0 0 1 0 time range test SW7750 acl basic 2000 quit 3 Remark ef precedence on the packe...

Страница 684: ...684 CHAPTER 61 QOS CONFIGURATION...

Страница 685: ...irroring Local Port Mirroring Port mirroring refers to the process of copying the packets received or sent by the specified port to the specified local port Remote Port Mirroring Remote port mirroring...

Страница 686: ...itoring device through the destination port Table 552 describes how the ports on various switches are involved in the mirroring operation Table 552 Ports involved in the mirroring operation Switch Por...

Страница 687: ...LAN such as voice VLAN or protocol VLAN Configuring other VLAN related functions Local Traffic Mirroring Traffic mirroring maps traffic flows that match specific ACLs to the specified local port for p...

Страница 688: ...ng group mirroring group mirroring port mirroring group monitor port mirroring group reflector port mirroring group remote probe vlan remote probe vlan enable Configuring Remote Port Mirroring on page...

Страница 689: ...ber Configure the source port and specify the direction of the packets to be mirrored mirroring group group id mirroring port both inbound outbound Required Display parameter settings of the local por...

Страница 690: ...on the source switch Table 556 Configure remote port mirroring on the source switch Operation Command Description Enter system view system view Create a VLAN and enter its VLAN view vlan vlan id vlan...

Страница 691: ...rt The reflector port cannot forward traffics as a normal port Therefore it is recommended that you use an idle and in down state port as the reflector port and be careful to not add other settings on...

Страница 692: ...irroring on the intermediate switch Operation Command Description Enter system view system view Create a remote probe VLAN and enter VLAN view vlan vlan id vlan id is the ID of the remote probe VLAN D...

Страница 693: ...pe interface number Configure the current port as a trunk port port link type trunk Required By default the type of the port is access Configure the relay port to permit packets from the remote probe...

Страница 694: ...analyze the packets sent and received by PC1 via the data detect device To meet the requirement above by using the remote port mirroring function perform the following configuration Define VLAN10 as...

Страница 695: ...k permit vlan 10 SW7750 GigabitEthernet2 0 1 quit SW7750 interface GigabitEthernet 2 0 2 SW7750 GigabitEthernet2 0 2 port link type trunk SW7750 GigabitEthernet2 0 2 port trunk permit vlan 10 SW7750 G...

Страница 696: ...d Define the destination port mirroring group group id monitor port monitor port Required LACP must be disabled on the mirroring destination port and you are recommended to disable STP on the mirrorin...

Страница 697: ...GigabitEthernet 2 0 4 Configuring Remote Traffic Mirroring Configuration prerequisites ACLs for identifying traffics have been defined For defining ACLs refer to ACL Configuration on page 637 The sour...

Страница 698: ...with the intermediate switch and the destination switch must be configured so Quit from the current view quit Configure the remote source mirroring group mirroring group group id remote source Requir...

Страница 699: ...itch is the same as configuring remote port mirroring on the intermediate switch Refer to Configuring remote port mirroring on the intermediate switch on page 692 for details Configuring the destinati...

Страница 700: ...e the traffic mirroring function on GigabitEthernet 2 0 2 2 Network diagram Figure 181 Network diagram for remote traffic mirroring 3 Configuration procedure Configure Switch A SW7750 system view SW77...

Страница 701: ...Ethernet 2 0 3 SW7750 mirroring group 1 remote probe vlan 10 SW7750 interface GigabitEthernet 2 0 2 SW7750 GigabitEthernet2 0 2 qos SW7750 qosb GigabitEthernet2 0 2 mirrored to inbound ip group 2000 i...

Страница 702: ...oring port mirroring port list both inbound outbound You must perform one of the two operations The mirroring source I O Module can be a distributed or centralized I O Module however the mirroring sou...

Страница 703: ...devices forms a cluster Normally a cluster member device is not assigned a public IP address Management and maintenance operations intended for the member devices in a cluster are redirected by the m...

Страница 704: ...ing each member and then distributes the configuration and management commands to members Member management means to manage the following events through the management device including adding a member...

Страница 705: ...candidate device enable NTDP both globally and for specific ports As member devices and candidate devices adopt the NTDP settings configured for the management device NTDP setting configurations are...

Страница 706: ...the data to the external server When the management program running on the external server manages the member device the external server transmits the protocol packets to the management device first...

Страница 707: ...directing commands that is forward the commands to the intended member devices for processing Provide the following functions including neighbor discovery topology information collection cluster manag...

Страница 708: ...gure cluster parameters Required Configuring Cluster Parameters on page 709 Configure interaction for the cluster Required Configuring Interaction for the Cluster on page 711 Table 565 Enable NDP glob...

Страница 709: ...w Configure the range topology information within which is to be collected ntdp hop hop value Optional By default the hop range for topology collection is 3 hops Configure the hop delay to forward top...

Страница 710: ...rface vlan id Required The Switch 7750 requires you to configure the IP address of the Layer 3 virtual interface of VLAN1 before you set up a cluster Otherwise the cluster cannot be set up Configure t...

Страница 711: ...ip address mask mask length Required Enter cluster view cluster Configure the rang e of the IP addresses of the cluster ip pool administrator ip address ip mas k ip mask length Required Build a cluste...

Страница 712: ...lt the NDP is enabled for the port You can choose to enable NDP in system view or in Ethernet port view In Ethernet port view Enter Ethernet port view interface interface type interface number Enable...

Страница 713: ...dress H H H eraseflash Optional Return to system view quit Return to user view quit Switch between the management device view and a member device view cluster switch to member number mac address H H H...

Страница 714: ...of the management device belongs to VLAN1 whose interface IP address is 163 172 55 1 All the devices in the cluster use the same FTP server and TFTP server The FTP server and TFTP server share one IP...

Страница 715: ...AN SW7750 system view SW7750 interface Vlan interface 1 SW7750 Vlan interface1 ip address 163 172 55 1 SW7750 Vlan interface1 quit Enable NDP globally and on Ethernet1 0 2 and Ethernet1 0 3 SW7750 ndp...

Страница 716: ...tarts from 172 16 0 1 The mask is 255 255 255 248 SW7750 cluster ip pool 172 16 0 1 255 255 255 248 Specify a name for the cluster and create the cluster SW7750 cluster build aaa aaa_0 3Com cluster Ad...

Страница 717: ...luster put bbb txt n Upon the completion of the above configurations you can execute the cluster switch to member num mac address H H H command on the management device to switch to member device view...

Страница 718: ...718 CHAPTER 63 CLUSTER...

Страница 719: ...D detection PD power information collection PoE power supply monitoring and power off for devices PD PDs receive power from the PSE PDs include standard PDs and nonstandard PDs Standard PDs conform to...

Страница 720: ...they work together to supply 2 400 W of power 2 Input voltage 200 VAC to 240 VAC One PSU of the PSE2500 A1 power system can supply 2 500 W of power If the PSUs of PSE2500 A1 power system need to work...

Страница 721: ...e of a PoE enabled board Required Configuring the PoE Feature of a PoE enabled Board on page 721 Configure the PoE feature of a PoE port Required Setting the PoE Feature of a PoE Port on page 722 Upgr...

Страница 722: ...t enable PoE on this module with the poe enable slot slot num command When PoE compatibility detection is performed on non standard devices the system performance will be affected When standard 802 3a...

Страница 723: ...is to upgrade the valid software in the PSE through refreshing the software while the full update mode is to delete the invalid software in PSE completely and then reload the software Generally the r...

Страница 724: ...high priority Set the PoE management mode of slot 3 to auto Slot 3 is supplied with 400 W of power and slot 5 is supplied with full power namely 806 W Enable PoE compatibility detection on the PoE mod...

Страница 725: ...n the modules in slot 3 and slot 5 SW7750 poe enable slot 3 SW7750 poe enable slot 5 Set the PoE management mode on slot 3 to auto SW7750 poe power management auto slot 3 Set the maximum power supplie...

Страница 726: ...critical so that the devices connected to Ethernet3 0 48 can be provided with power preferentially without interrupting power supply to the current ports SW7750 interface Ethernet 3 0 48 SW7750 Ethern...

Страница 727: ...ou are recommended to set the upper threshold to 132 0 V and the lower threshold to 90 0 V AC Input Alarm Threshold Configuration Example Network requirements Set the overvoltage alarm threshold of AC...

Страница 728: ...old of DC output for the PoE PSUs to 55 0 V Set the undervoltage alarm threshold of DC output for the PoE PSUs to 47 0 V Configuration procedure Enter the system view SW7750 system view Set the overvo...

Страница 729: ...onnect IP phones to Ethernet3 0 1 through Ethernet3 0 48 Set the AC input and DC output alarm thresholds to appropriate values Table 588 Display PoE supervision information Operation Command Descripti...

Страница 730: ...t for the PoE PSUs to 264 0 V SW7750 poe power input thresh upper 264 0 Set the undervoltage alarm threshold of AC input for the PoE PSUs to 181 0 V SW7750 poe power input thresh lower 181 0 Set the o...

Страница 731: ...be enabled on the port PoE Profile Configuration Tasks Table 589 Configure PoE profile Operation Command Description Enter system view system view Create a PoE profile poe profile profile name Require...

Страница 732: ...play command in any view to see the running status of the PoE profile You can verify the configurations by viewing the information PoE Profile Configuration Example Network requirements Ethernet2 0 1...

Страница 733: ...thernet 1 0 10 Figure 187 PoE profile application Configuration procedure Create Profile1 and enter PoE profile view SW7750 system view SW7750 poe profile Profile1 In Profile1 add the PoE policy confi...

Страница 734: ...e profile Profile2 poe priority high SW7750 poe profile Profile2 poe max power 15400 SW7750 poe profile Profile2 quit Display detailed configuration information for Profile2 SW7750 display poe profile...

Страница 735: ...addresses of the packets and then sends the packet to the specified destination server n The DHCP Relay module uses UDP port 67 and 68 to relay BOOTP DHCP broadcast packets so do not use port 67 and 6...

Страница 736: ...rming the above configurations you can use the display command in any view to display the information about the destination servers and the number of the packets forwarded to each destination server V...

Страница 737: ...network segment 202 38 1 0 24 is reachable Enable UDP Helper SW7750 system view SW7750 udp helper enable Configure port 55 as a UDP Helper destination port SW7750 udp helper port 55 Configure the serv...

Страница 738: ...738 CHAPTER 67 UDP HELPER CONFIGURATION...

Страница 739: ...or running the client program At present the commonly used NM platforms include 3Com s Network Management Products Sun NetManager and IBM NetView Agent is the server software operated on network devic...

Страница 740: ...epresents a managed object as shown in Figure 189 Thus the object can be identified with the unique path starting from the root Figure 189 Architecture of the MIB tree The management information base...

Страница 741: ...MIB Device management Interface management Table 594 Common MIBs MIB attribute MIB content References Table 595 Configure SNMP basic functions for SNMP V1 and SNMP V2C Operation Command Description E...

Страница 742: ...d switch fabricid Optional By default the device switch fabric ID is Enterprise Number device information Create or update the view information snmp agent mib view included excluded view name oid tree...

Страница 743: ...he device switch fabric ID is Enterprise Number device information Create or update the view information snmp agent mib view included excluded view name oid tree Optional By default the view name is V...

Страница 744: ...yname security string v1 v2c v3 authentication privacy Required Set the source address to send Trap packets snmp agent trap source interface type interface number Optional Set the information queue le...

Страница 745: ...Description Display system information of the current SNMP device display snmp agent sys info contact location version The display command can be executed in any view Display SNMP packet statistics in...

Страница 746: ...P community is public SW7750 snmp agent trap enable standard authentication SW7750 snmp agent trap enable standard coldstart SW7750 snmp agent trap enable standard linkup SW7750 snmp agent trap enable...

Страница 747: ...is reduced thus facilitating the management of large scale internetworks Working Mechanism of RMON RMON allows multiple monitors It collects data in one of the following two ways Using the dedicated...

Страница 748: ...riod sampling time Comparing the sampled value with the set threshold and triggering the corresponding events if the sampled value exceeds the threshold Extended alarm group With extended alarm entry...

Страница 749: ...ing SNMP Basic Functions on page 741 Configuring RMON Table 599 Configure RMON Operation Command Description Enter system view system view Add an event entry rmon event event entry description string...

Страница 750: ...connected to a remote NMS through Internet Create an entry in the Ethernet statistics table to make statistics on the Ethernet port performance for network management Network diagram Figure 191 Networ...

Страница 751: ...try 1 owned by user1 rmon is VALID Interface Ethernet2 0 1 ifIndex 4227626 etherStatsOctets 0 etherStatsPkts 0 etherStatsBroadcastPkts 0 etherStatsMulticastPkts 0 etherStatsUndersizePkts 0 etherStatsO...

Страница 752: ...752 CHAPTER 69 RMON CONFIGURATION...

Страница 753: ...e same time The accounting system requires that the clocks of all the network devices be consistent Some functions such as restarting all the network devices in a network simultaneously require that t...

Страница 754: ...serves as the NTP server that is the clock of Device A will be synchronized to that of Device B It takes one second to transfer an NTP message from Device A to Device B or from Device B to Device A Fi...

Страница 755: ...ation Mode To accommodate networks of different structures and switches in different network positions NTP can operate in multiple modes as described in the following Client Server mode Figure 193 NTP...

Страница 756: ...ote server operates as the peer of the Switch 7750 and the Switch 7750 operates as the active peer Client Broadcast clock synchronizati on packets periodically Network Server Initiates a client server...

Страница 757: ...VLAN interface configured on the switch Multicast mode Configure the Switch 7750 to operate in NTP multicast server mode In this case the Switch 7750 sends multicast NTP packets through the VLAN inte...

Страница 758: ...clock synchronization packet periodically The devices which are configured to be in the NTP broadcast client mode will respond this packet and start the clock synchronization procedure NTP multicast...

Страница 759: ...on For the networks with higher security requirements you can specify to perform authentications when enabling NTP With the authentications performed on both the client side and the server side the cl...

Страница 760: ...ntication model md5 value Required By default the NTP authentication key is not configured Configure the specified key to be a trusted key ntp service reliable authentication keyid key id Required By...

Страница 761: ...erver authentication keyid key id In NTP broadcast server mode and NTP multicast server mode you need to associate the specified key with the corresponding NTP server on the server You can associate a...

Страница 762: ...ments Configure the local clock of S7750 1 to be the NTP master clock with the stratum being 2 S7750 2 operates in client mode with S7750 1 as the time server S7750 1 operates in server mode automatic...

Страница 763: ...nce 99 8562 Hz Clock precision 2 7 Clock offset 0 0000 ms Root delay 0 00 ms Root dispersion 0 00 ms Peer dispersion 0 00 ms Reference time 00 00 00 000 UTC Jan 1 1900 00000000 00000000 Configure S775...

Страница 764: ...master clock with the clock stratum being 2 Configure a Switch 7750 to operate as a client with 3Com2 as the time server 3Com2 will then operate in the server mode automatically Meanwhile 3Com3 sets...

Страница 765: ...ersion 208 39 ms Peer dispersion 9 63 ms Reference time 17 03 32 022 UTC Thu Sep 6 2001 BF422AE4 05AEA86C The output information indicates that the Switch 7750 is synchronized to 3Com3 and the stratum...

Страница 766: ...server and send broadcast packets through VLAN interface 2 SW77503 Vlan Interface2 ntp service broadcast server 2 Configure Switch 7750 1 Enter system view SW7750 1 system view SW7750 1 Enter VLAN int...

Страница 767: ...al frequency 249 9992 Hz Clock precision 2 19 Clock offset 198 7425 ms Root delay 27 47 ms Root dispersion 208 39 ms Peer dispersion 9 63 ms Reference time 17 03 32 022 UTC Thu Sep 6 2001 BF422AE4 05A...

Страница 768: ...a multicast server SW77503 Vlan Interface2 ntp service multicast server 2 Configure Switch 7750 1 Enter system view SW7750 1 system view SW7750 1 Enter VLAN interface 2 view SW7750 1 interface vlan in...

Страница 769: ...uency 249 9992 Hz Clock precision 2 19 Clock offset 198 7425 ms Root delay 27 47 ms Root dispersion 208 39 ms Peer dispersion 9 63 ms Reference time 17 03 32 022 UTC Thu Sep 6 2001 BF422AE4 05AEA86C T...

Страница 770: ...SW7750 2 ntp service unicast server 1 0 1 11 authentication keyid 42 The above configuration synchronizes Switch 7750 2 to Switch 7750 1 As NTP authentication is not enabled on Switch 7750 1 Switch 77...

Страница 771: ...UTC Thu Sep 6 2001 BF422AE4 05AEA86C The output information indicates that Switch 7750 2 is synchronized to Switch 7750 1 with the clock stratum being 3 one stratum higher than Switch 7750 1 View the...

Страница 772: ...772 CHAPTER 70 NTP CONFIGURATION...

Страница 773: ...herwise the server clears the TCP connection 2 Key algorithm negotiation stage These operations are completed at this stage The server and the client send key algorithm negotiation packets to each oth...

Страница 774: ...s SSH server configuration tasks Configuring supported protocols Table 608 Configure SSH2 0 server Configuration Keyword Description Configure supported protocols protocol inbound Refer to Configuring...

Страница 775: ...mpts you the host RSA key pair 3Com_Host is generated and does not inform you the information about the server RSA key pair even if the server RSA key pair is generated in the background for the purpo...

Страница 776: ...ntication type for a user When the two commands are configured simultaneously and the authentication types configured for the user specified by username are different with each other comply with the c...

Страница 777: ...tion type On the other hand you can import the RSA public key of an SSH user from the public key file When the rsa peer public key keyname import sshkey filename command is executed the system will tr...

Страница 778: ...lient you need to configure the host public key of the server to be accessed on the local device and specify the name of the host public key file of the server to be accessed Thus the SSH client can a...

Страница 779: ...is the same as that of configuring a client public key on the server Specify the name of the host public key of the SSH server to be accessed on the SSH client ssh client server ip assign rsa key keyn...

Страница 780: ...SSH SW7750 ui vty0 4 protocol inbound ssh Configure the login protocol for user clinet001 as SSH and authentication type as password SW7750 local user client001 SW7750 luser client001 password simple...

Страница 781: ...25 SW7750 rsa key code public key code end SW7750 rsa public key peer public key end SW7750 ssh user client002 assign rsa key 3Com002 Start the SSH client software on the host which stores the RSA pri...

Страница 782: ...uration on page 778 Configure the client public key on the server and name the public key Switch001 SW7750 rsa peer public key Switch001 RSA public key view return to System View with peer public key...

Страница 783: ...a VLAN interface on the switch and assign it an IP address which the SSH server will use as the destination for SSH connection SW7750 system view SW7750 interface vlan interface 1 SW7750 Vlan interfac...

Страница 784: ...A A94A207E 1E25F3F9 SW7750 rsa key code E0EA01A2 4E0F2FF7 B1D31505 39F02333 E443EE74 SW7750 rsa key code 5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B1420 SW7750 rsa key code 024ECF2C 28A6A454 C27449E0 46E...

Страница 785: ...ion Enter system view system view Configure service type for an SSH user ssh user username service type stelnet sftp all Required By default the available service type is stelnet Table 619 Enable the...

Страница 786: ...lp information about SFTP client commands help SFTP client view Optional Table 621 Enable the SFTP client Operation Command Description Enter system view system view Enable the SFTP client sftp host i...

Страница 787: ...directory dir a l remote path Optional The dir and ls commands have the same function ls a l remote path Create a directory on the SFTP server mkdir remote path Optional Delete a directory from the SF...

Страница 788: ...he remote SFTP server and enter SFTP client view SW7750 sftp 10 111 27 91 Display the current directory on the SFTP server delete file z and verify the operation sftp client dir rwxrwxrwx 1 noone nogr...

Страница 789: ...noone nogroup 0 Sep 01 06 22 new rwxrwxrwx 1 noone nogroup 225 Sep 01 06 55 pub drwxrwxrwx 1 noone nogroup 0 Sep 02 06 30 new1 Received status End of file Received status Success Rename directory new1...

Страница 790: ...ogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06 22 new drwxrwxrwx 1 noo...

Страница 791: ...efore executing the commands which have potential risks for example deleting and overwriting files n Switch 7750s support Fabric switchover Both the primary and the secondary Fabric have file system b...

Страница 792: ...le Configuration Operation Command Description Enter the root directory of a CF card cd cf Required Disable a CF card umount cf Required Table 627 File system configuration tasks Task Remark Related s...

Страница 793: ...vable For memory spaces that are unavailable due to unexpected errors you can use the fixdisk command to restore them Table 629 File related operations Operation Command Description Delete a file dele...

Страница 794: ...3 rw 3980 Apr 21 2006 15 08 29 config cfg 4 drw Apr 16 2006 11 18 17 hj 5 drw Apr 10 2005 19 07 59 dd 6 rw 11779 Apr 05 2006 10 23 03 test bak 7 rw 19307 Apr 16 2006 11 15 55 1 txt 8 rw 66 Apr 05 2006...

Страница 795: ...B free SW7750 dir flash test Directory of flash test 0 rw 3980 Apr 25 2006 16 33 21 1 cfg 31877 KB total 15869 KB free Enter directory test SW7750 cd test Rename 1 cfg as c cfg SW7750 rename 1 cfg c c...

Страница 796: ...796 CHAPTER 72 FILE SYSTEM MANAGEMENT...

Страница 797: ...ated in the software system of the router By accessing the BIMS center the router updates its configuration file and application automatically BIMS allows the device to access the BIMS center immediat...

Страница 798: ...st software or configuration file is deleted and the new file is not saved yet In this case the upgrade will fail the configuration on the device will be lost and eventually the BIMS cannot manage the...

Страница 799: ...he BIMS Center at a Specified Time You can configure the BIMS device to access the BIMS center at a specified time and if desired at regular intervals from then on during a specified period Table 633...

Страница 800: ...Automatically add the device function and set the shared key between the BIMS center and BIMS device After that when the device accesses the BIMS center it can be automatically added to the BIMS cente...

Страница 801: ...21 97 and 80 respectively Configuration procedure 1 Configure the BIMS center Refer to Configuring the BIMS Device to Access the BIMS Center Periodically at Startup on page 800 2 Configure the BIMS d...

Страница 802: ...802 CHAPTER 73 BIMS CONFIGURATION...

Страница 803: ...FTP client or an FTP server in an FTP implementation FTP server An Ethernet switch can operate as an FTP server to provide file transmission services for FTP clients You can log into a switch operati...

Страница 804: ...TP Server Prerequisites A switch operates as an FTP server A remote PC operates as an FTP client The network operates properly as shown in Figure 205 Figure 205 Network diagram for FTP configuration P...

Страница 805: ...ating the FTP client a work directory An FTP server provides services to the FTP clients that are both authenticated and authorized The configurations such as configuring user name password the way to...

Страница 806: ...igurations Configuration procedure 1 Configure the switch Log into the switch You can log into a switch through the Console port or by Telneting to the switch See Logging into an Ethernet Switch on pa...

Страница 807: ...hold the file to be uploaded you need to move the files that are not in use from the flash to other place to make room for the file 3Com series switch is not shipped with FTP client applications You...

Страница 808: ...d Optional Create a directory on the remote FTP server mkdir pathname Optional Remove a directory on the remote FTP server rmdir pathname Optional Delete a specified file delete remotefile Optional Qu...

Страница 809: ...ocedure 1 Perform FTP server related configurations on the PC that is create a user account on the FTP server with user name switch and password hello For detailed configuration refer to the configura...

Страница 810: ...and then restart the switch Thus the switch application is upgraded SW7750 boot boot loader switch app SW7750 reboot n For information about the boot boot loader command and how to specify the startup...

Страница 811: ...switch operates as a TFTP client Device Configuration Default Description Switch Configure an IP address for the VLAN interface of the switch so that it is reachable for TFTP server TFTP applies to n...

Страница 812: ...a switch through the Console port or by Telneting to the switch See Logging into an Ethernet Switch on page 33 for detailed information SW7750 c CAUTION If the available space of the flash of the swit...

Страница 813: ...813 SW7750 boot boot loader switch app SW7750 reboot n For information about the boot boot loader command and how to specify the startup file for a switch refer to Specifying the APP to be Adopted at...

Страница 814: ...814 CHAPTER 74 FTP AND TFTP CONFIGURATION...

Страница 815: ...log host 188 Apr 9 17 28 50 524 2004 3Com IFNET 5 UPDOWN Line protocol on t he interface M Ethernet0 0 0 is UP SIP 10 5 1 5 SP 1080 The following describes the fields of an information item 1 Priority...

Страница 816: ...formation Table 644 Modules generating information Module name Description ACCOUNT L3 real time accounting module ACL Access control list module ADBM Address base module AM_USERB Access management mod...

Страница 817: ...DEM module MPM Multicast port management module MSDP Multicast source discovery protocol module MSTP Multiple spanning tree protocol module NAT Network address translation module NDP Neighbor discover...

Страница 818: ...st 6 Digest It is a phrase within 32 characters abstracting the information contents A colon separates the digest and information contents SYSM System management module SYSMIB System MIB module TAC Te...

Страница 819: ...n center of the Ethernet switch features Supporting six information output directions namely console console monitor terminal monitor log host loghost trap buffer trapbuffer log buffer logbuffer and S...

Страница 820: ...face through which log information is sent to the log host info center loghost source interface type interface number Optional Define an information source info center source modu name default channel...

Страница 821: ...t this function is enabled for console user Enable debugging information terminal display function terminal debugging Optional By default the debugging information terminal display is disabled for ter...

Страница 822: ...function with the terminal logging command Perform the following configuration in user view Define an information source info center source modu name default channel channel number channel name log tr...

Страница 823: ...view Enable the information center info center enable Optional By default the information center is enabled Enable information output to the log buffer info center logbuffer channel channel number ch...

Страница 824: ...debugging boot date none Optional This is to set the time stamp format for log debugging trap information output This determines how the time stamp is presented to users Table 653 Enable information...

Страница 825: ...lowing log information in English to the Unix log host whose IP address is 202 38 1 10 the log information of the two modules ARP and IP with severity higher than informational Table 655 Display and d...

Страница 826: ...ap state off SW7750 info center source ip channel loghost log level informational debug stat e off trap state off 2 Configure the log host The operations here are performed on SunOS 4 0 The operations...

Страница 827: ...x Log Host Network requirements The switch sends the following log information in English to the Linux log host whose IP address is 202 38 1 10 All modules log information with severity higher than er...

Страница 828: ...conf is modified run the following commands to view the process ID of the system daemon syslogd stop the process and then restart the daemon syslogd in the background with the r option ps ae grep sysl...

Страница 829: ...information output to the console Permit ARP and IP modules to output information with severity level higher than informational to the console SW7750 info center console channel console SW7750 info c...

Страница 830: ...830 CHAPTER 75 INFORMATION CENTER...

Страница 831: ...S Resolution With static DNS resolution you can manually configure some name to address mappings in the static DNS list and the system will search the static list for corresponding IP addresses when u...

Страница 832: ...n use the list to supply the missing part For example you can configure a suffix com in the list and users only need to input aabbcc to get the IP address of aabbcc com for the resolver will automatic...

Страница 833: ...o visit Host with IP address 3 1 1 1 16 The DNS server IP address is 2 1 1 2 16 The DNS suffixes com and net are configured Table 656 Configure static DNS resolution Operation Command Description Ente...

Страница 834: ...rver IP address 2 1 1 2 SW7750 dns server 2 1 1 2 Configure net as a DNS suffix SW7750 dns domain net Configure com as a DNS suffix SW7750 dns domain com Ping Host on Switch to verify the configuratio...

Страница 835: ...s the correct IP address of the DNS Server If the specified domain name is not in the cache ensure that dynamic DNS resolution is enabled the DNS Client can normally communicate with the DNS Server an...

Страница 836: ...836 CHAPTER 76 DNS CONFIGURATION...

Страница 837: ...through Ethernet port You can load software remotely by using FTP TFTP n The BootROM software version should be compatible with the host software version when you load the BootROM and host software L...

Страница 838: ...ot Menu appears Otherwise the system starts to decompress the program and if you want to enter the Boot Menu at this time you will have to restart the switch Input the correct BootROM password no pass...

Страница 839: ...enu shown below SRPG bootrom update menu 1 Set TFTP protocol parameter 2 Set FTP protocol parameter 3 Set XMODEM protocol parameter 0 Return to boot menu Enter your choice 0 3 Then you can choose diff...

Страница 840: ...are configurations on PC Take the Hyperterminal using Windows operating system as example Step 4 Choose File Properties in HyperTerminal click Configure in the pop up dialog box and then select the b...

Страница 841: ...ns n The new baud rate takes effect only after you disconnect and reconnect the HyperTerminal program Step 6 Press Enter to start downloading the program The system displays the following information...

Страница 842: ...rate to 9600 bps refer to Step 4 and 5 Then press any key as prompted The system will display the following information when it completes the loading Bootrom updating done n If the HyperTerminal s bau...

Страница 843: ...lient and server It uses UDP to provide unreliable data stream transfer service Loading BootROM software Figure 220 Local loading using TFTP Step 1 As shown in Figure 220 connect the switch through an...

Страница 844: ...st software Step 1 Select 1 in Boot Menu and press Enter The system displays the following information 1 Set TFTP protocol parameter 2 Set FTP protocol parameter 3 Set XMODEM protocol parameter 0 Retu...

Страница 845: ...otROM update menu shown below SRPG bootrom update menu 1 Set TFTP protocol parameter 2 Set FTP protocol parameter 3 Set XMODEM protocol parameter 0 Return to boot menu Enter your choice 0 3 Step 4 Ent...

Страница 846: ...emote Software Loading If your terminal is not directly connected to the switch you can telnet to the switch and use FTP or TFTP to load BootROM and host software remotely Remote Loading Using FTP Loa...

Страница 847: ...e and that you need to use the boot boot loader command to select the host software at reboot of the switch After the above operations the BootROM and host software loading is completed Pay attention...

Страница 848: ...terface1 ip address 192 168 0 65 255 255 255 0 Step 3 Enable FTP service on the switch configure the FTP user name to test password to pass and directory to FLASH root directory SW7750 Vlan interface1...

Страница 849: ...tROM Step 6 Enter ftp 192 168 0 65 and enter the user name test password pass as shown in Figure 226 to log on the FTP server Figure 226 Log on the FTP server Step 7 Use the put command to upload the...

Страница 850: ...or that the file to be downloaded is the host software file and that you need to use the boot boot loader command to select the host software at reboot of the switch n The steps listed above are perfo...

Страница 851: ...e Fabrics and active standby switchover function If a switch possesses two Fabrics with the active standby switchover function enabled you can in turn upgrade and restart the two Fabrics with one Fabr...

Страница 852: ...852 CHAPTER 77 BOOTROM AND HOST SOFTWARE LOADING...

Страница 853: ...54 Set the local time zone Optional Setting the Local Time Zone on page 854 Set the summer time Optional Setting the Summer Time on page 854 Set the CLI language mode Optional Setting the CLI Language...

Страница 854: ...m time Perform the following configuration in user view Setting the CLI Language Mode Table 662 Set the date and time of the system Operation Command Description Set the current date and time of the s...

Страница 855: ...s whether the debugging information of a protocol is output Terminal display which controls whether the debugging information is output to a user screen The relation between the two switches is as fol...

Страница 856: ...mation will affect the efficiency of the system disable your debugging after you finish it Enable terminal display for debugging terminal debugging By default terminal display for debugging is disable...

Страница 857: ...nt operating information about the modules settled when this command is designed in the system for troubleshooting your system Perform the following operation in any view Table 671 Display the current...

Страница 858: ...858 CHAPTER 78 BASIC SYSTEM CONFIGURATION DEBUGGING...

Страница 859: ...check the network connectivity It can help you locate the trouble spot of the network The executing procedure of the tracert command is as follows First the source host sends a data packet with the TT...

Страница 860: ...Y TEST Table 673 The tracert command Operation Command Support IP protocol tracert a source ip f first TTL m max TTL p port q num packet w timeout host Support CLNS protocol tracert clns m max TTL n n...

Страница 861: ...e secondary module is inserted configurations on the last two SFP interfaces of the primary module will not be sent to the first two SFP interfaces of the secondary module automatically and you need t...

Страница 862: ...time Update the BootROM Optional Updating the BootROM on page 863 Upgrade BootROM along with the upgrade of ARP Optional Upgrading BootROM along with the Upgrade of ARP on page 863 Set module temperat...

Страница 863: ...to update the running BootROM application With this command a remote user can conveniently update the BootRom by uploading the BootROM to the switch through FTP and running this command The BootROM c...

Страница 864: ...ss card forwarded load sharing is performed between the active Fabric and the standby Fabric n Only unicast traffic supports load sharing The 96Gbps Switch Fabric and GEbus I O Modules do not support...

Страница 865: ...sceiver Electrical label information is also called permanent configuration data or archive information which is written to the storage device of a module during device debugging or test The informati...

Страница 866: ...commands A type modules include 3C16860 3C16861 LS81FS24A 3C16858 and 3C16859 Pause Frame Protection Mechanism Configuration Task The following describes the configuration tasks of Pause Frame protec...

Страница 867: ...ect IP addresses Layer 3 Connectivity Detection Configuration Example Network requirements The physical link between the local peer and the remote peer is correct The local peer port that is used to c...

Страница 868: ...nable queue traffic monitoring SW7750 qe monitor enable Set the overall traffic threshold used in queue traffic monitoring to 90 Mbps SW7750 qe monitor overflow threshold 90000000 Configuring Error Pa...

Страница 869: ...Device Management Configuration After the above configurations you can execute the display command in any view to display the operating status of the device management to verify the configuration eff...

Страница 870: ...are stored into the directory of the switch Use FTP to download the switch app and boot btm files from the FTP server to the switch Network diagram Figure 229 Network diagram of FTP configuration Con...

Страница 871: ...mand in user view Input the correct user name and password to log into the FTP server SW7750 ftp 2 2 2 2 Trying Press CTRL K to abort Connected 220 FTP service ready User none switch 331 Password requ...

Страница 872: ...ified file will be booted next time on unit 1 SW7750 display boot loader The primary app to boot of board 0 at the next time is flash switch app The backup app to boot of board 0 at the next time is f...

Страница 873: ...ing client and you can view the test results on remote ping client only When performing a remote ping test you need to configure a remote ping test group on the remote ping client A remote ping test g...

Страница 874: ...number greater than 50000 Otherwise your remote ping test may fail or the service corresponding to the well known port may become unavailable TCP test Tcppublic test Tcpprivate test UDP test Udppubli...

Страница 875: ...ize For ICMP UDP jitter test you can configure the size of test packets For ICMP test the ICMP packet size refers to the length of ECHO REQUEST packets excluding IP and ICMP headers Maximum number of...

Страница 876: ...e sent per probe jitter packetnum Jitter test is used to collect statistics about delay jitter in UDP packet transmission In a jitter probe the remote ping client sends a series of packets to the remo...

Страница 877: ...ic is enabled all other test types cannot be performed when IRF fabric is enabled With IRF fabric enabled you are allowed to configure remote ping tests and use the display commands to check your conf...

Страница 878: ...configured Configure the source IP address source ip ip address Optional By default no source IP address is configured Configure the test type test type icmp Optional By default the test type is ICMP...

Страница 879: ...ch test makes one probe Configure the maximum number of history records that can be saved history records number Figure 231 Optional By default the maximum number is 50 Configure the probe timeout tim...

Страница 880: ...By default a probe times out in three seconds Configure the type of service tos value Optional By default the service type is zero Configure the type of FTP operation ftp operation get put Optional B...

Страница 881: ...o IP address of the DNS server is configured Configure the source IP address source ip ip address Optional By default no source IP address is configured Configure the source port source port port numb...

Страница 882: ...w Enable the remote ping client function remote ping agent enable Required By default the remote ping client function is disabled Create a remote ping test group and enter its view remote ping adminis...

Страница 883: ...packets that will be sent in each jitter probe jitter packetnum number Optional By default each jitter probe will send 10 packets Configure the interval to send test packets in the jitter test jitter...

Страница 884: ...ptional By default the automatic test interval is zero seconds indicating no automatic test will be made Configure the probe timeout time timeout time Optional By default a probe times out in three se...

Страница 885: ...s Optional By default the source IP address is not specified Configure the test type test type tcpprivate tcppublic Required By default the test type is ICMP Configure the source port source port port...

Страница 886: ...lic Required By default the test type is ICMP Configure the destination address destination ip ip address Required This IP address and the one configured on the remote ping server for listening servic...

Страница 887: ...he service type is zero Start the test test enable Required Display test results display remote ping results admin name operation tag Required The display command can be executed in any view Table 701...

Страница 888: ...t specified Configure the IP address of the DNS server dns server ip address Required By default no DNS server address is configured Start the test test enable Required Display test results display re...

Страница 889: ...e remote ping client 7750 system view 7750 remote ping agent enable Create a remote ping test group setting the administrator name to administrator and test tag to ICMP 7750 remote ping administrator...

Страница 890: ...ed test time 2000 4 2 20 55 12 3 Extend result SD Maximal delay 0 DS Maximal delay 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Conne...

Страница 891: ...ping administrator dhcp test enable Display test results 7750 remote ping administrator dhcp display remote ping results administra tor dhcp Remote ping entry admin administrator tag dhcp test result...

Страница 892: ...ork diagram for the FTP test Configuration procedure Configure FTP Server Switch B Configure FTP server on Switch B For specific configuration of FTP server refer to FTP and TFTP Configuration on page...

Страница 893: ...ail number 0 Operation sequence errors 0 Drop operation number 0 Other operation errors 0 7750 remote ping administrator ftp display remote ping history administrat or ftp Remote ping entry admin admi...

Страница 894: ...7750 remote ping administrator http timeout 30 Start the test 7750 remote ping administrator http test enable Display test results 7750 remote ping administrator http display remote ping results admi...

Страница 895: ...name you must configure the IP address of the DNS server to resolve the host name into an IP address which is the destination IP address of this HTTP test Jitter Test Network requirements Both the re...

Страница 896: ...t operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors 0 Drop operation number 0 Other operation errors 0 Jitter result RTT N...

Страница 897: ...t community write private n The SNMP network management function must be enabled on SNMP agent before it can receive response packets The SNMPv2c version is used as reference in this example This conf...

Страница 898: ...n administrator tag snmp history record Index Response Status LastRC Time 1 10 1 0 2000 04 03 08 57 20 0 2 10 1 0 2000 04 03 08 57 20 0 3 10 1 0 2000 04 03 08 57 20 0 4 10 1 0 2000 04 03 08 57 19 9 5...

Страница 899: ...rator tcpprivate test enable Display test results 7750 remote ping administrator tcpprivate display remote ping results administr ator tcpprivate Remote ping entry admin administrator tag tcpprivate t...

Страница 900: ...000 Configure remote ping Client Switch A Enable the remote ping client 7750 system view 7750 remote ping agent enable Create a remote ping test group setting the administrator name to administrator a...

Страница 901: ...11 1 0 2000 04 02 08 29 45 5 2 12 1 0 2000 04 02 08 29 45 4 3 11 1 0 2000 04 02 08 29 45 4 4 11 1 0 2000 04 02 08 29 45 4 5 11 1 0 2000 04 02 08 29 45 4 6 11 1 0 2000 04 02 08 29 45 4 7 10 1 0 2000 04...

Страница 902: ...eive response times 10 Min Max Average Round Trip Time 6 10 8 Square Sum of Round Trip Time 756 Last complete test time 2006 11 28 11 50 40 9 Extend result SD Maximal delay 0 DS Maximal delay 0 Packet...

Страница 903: ...ncepts of RRPP Figure 250 RRPP networking Domain A domain consists of switches with the same domain ID and control VLAN A domain can consist of multiple Ethernet rings only one of which is the primary...

Страница 904: ...sed to transfer data packets A data VLAN contains the ports connecting the switch with the Ethernet ring network and other ports Node Every switch on an Ethernet ring network is a node Node roles are...

Страница 905: ...fter the ports are unblocked these packets or messages can pass through the ports Common port and edge port Of the two ports connecting an edge node or assistant edge node to a subring one is the comm...

Страница 906: ...he secondary port and sends the Common Flush packet to tell all transit nodes to refresh their respective MAC address FDB and ARP table Ring recovery The master node may detect that the ring has recov...

Страница 907: ...atus and the master node sends the Complete Flush message through the primary port to request the transit node to update the FDB and unblock the temporarily blocked port After the transit node receive...

Страница 908: ...exist between each pair of rings In this case only one RRPP domain is to be defined in which one ring must be defined as the primary ring and the rest as subrings RRPP on 3Com Switch 7750 Family To em...

Страница 909: ...s have been configured as trunk ports All ports allow data VLAN packets to pass And STP has been disenabled on all the ports connecting the Ethernet rings Master Node Configuration Tasks The following...

Страница 910: ...ter Node Configuration Example Network requirements Define the switch as a node in RRPP domain 1 Define VLAN 4092 as the control VLAN Define the switch as the master node on primary ring 1 in RRPP dom...

Страница 911: ...te an RRPP domain and enter RRPP domain view rrpp domain domain id Required The command prompt of RRPP domain view depends on the domain id you input Specify a control VLAN for the RRPP domain control...

Страница 912: ...unique in the same RRPP domain Transit Node Configuration Example Network requirements Define the switch as a node in RRPP domain 1 Define VLAN 4092 as the control VLAN Define the switch as a transit...

Страница 913: ...depends on the domain id you input Specify a control VLAN for the RRPP domain control vlan vlan id Required Specify the current switch as a transit node of the primary ring and specify the primary por...

Страница 914: ...CAUTION Make sure that the switch ports connecting the Ethernet rings have been configured as trunk ports All ports allow data VLAN packets to pass And STP has been disenabled on all the ports connec...

Страница 915: ...ntrol VLAN for the RRPP domain control vlan vlan id Required Specify the current switch as a transit node of the primary ring and specify the primary port and the secondary port ring ring id node mode...

Страница 916: ...CAUTION Make sure that the switch ports connecting the Ethernet rings have been configured as trunk ports All ports allow data VLAN packets to pass And STP has been disenabled on all the ports connect...

Страница 917: ...control vlan 4092 SW7750 rrpp domain 1 ring 1 node mode master primary port GigabitE thernet2 0 1 secondary port GigabitEthernet2 0 2 level 0 SW7750 rrpp domain 1 ring 1 enable SW7750 rrpp domain 1 q...

Страница 918: ...Switch B Switch C and Switch D constitute primary ring 1 Switch B Switch C and Switch E form the subring 2 Switch A serves as the master node of the primary ring GigabitEthernet2 0 1 as the primary po...

Страница 919: ...SW7750 rrpp domain 1 control vlan 4092 SW7750 rrpp domain 1 ring 1 node mode transit primary port Gigabit Ethernet2 0 1 secondary port GigabitEthernet2 0 2 level 0 SW7750 rrpp domain 1 ring 2 node mod...

Страница 920: ...Gigabit Ethernet2 0 1 secondary port GigabitEthernet2 0 2 level 0 SW7750 rrpp domain 1 ring 1 enable SW7750 rrpp domain 1 quit SW7750 rrpp enable Configure Switch E SW7750 system view SW7750 rrpp doma...

Страница 921: ...gment where the next hop of the default route resides through enabling default route Telnet protection By default default route Telnet protection is disabled Before configuring Telnet protection you n...

Страница 922: ...ction or special ARP Telnet protection attack protection ip address Required If you use this command with the ip address parameter you can protect the specified Layer 3 interfaces Table 712 Configure...

Страница 923: ...sists of two member ports one master port and one slave port Normally only one port master or slave is active and the other port is blocked that is in the standby state When link failure occurs on the...

Страница 924: ...he device Switch A in Figure 256 broadcasts flush messages in this control VLAN Control VLAN for receiving flush messages This control VLAN is used for receiving and processing flush messages When lin...

Страница 925: ...port does not come into the forwarding state until the next link switching Configuring Smart Link n Before configuring a member port of a Smart Link group you must Disable the port to avoid loops thu...

Страница 926: ...Configure Smart Link with ports as the members of the Smart Link group Operation Command Remarks Enter system view system view Create a Smart Link group and enter Smart Link group view smart link gro...

Страница 927: ...an associated device is different than the one for sending flush messages configured on the corresponding Smart Link device the device will forward received flush messages without processing them 9 I...

Страница 928: ...itch Switch C Switch D and Switch E support Smart Link Configure Smart Link feature to provide remote PCs with reliable access to the server Network diagram Figure 258 Network diagram for Smart Link c...

Страница 929: ...Ethernet2 0 1 as the master port and Ethernet2 0 2 as the slave port for Smart Link group 1 SwitchA smlk group1 port Ethernet 2 0 1 master SwitchA smlk group1 port Ethernet 2 0 2 slave Configure to s...

Страница 930: ...lush messages received from VLAN 1 on Switch E Enter system view SwitchE system view Enable the function of processing flush messages received from VLAN 1 on Ethernet 2 0 2 and Ethernet 2 0 3 SwitchE...

Страница 931: ...tor Link group are forced down When the link for the uplink port recovers all the downlink ports in the group are re enabled Figure 259 Network diagram for a Monitor Link group implementation As shown...

Страница 932: ...or Link group and Monitor Link group detects that the link for the uplink port Ethernet2 0 1 fails all the downlink ports in the group are shut down therefore Ethernet2 0 3 on Switch C is blocked Now...

Страница 933: ...oup group id Required Table 721 Configure the uplink port Operation Command Remarks Enter system view system view Enter the specified Monitor Link group view monitor link group group id Configure the...

Страница 934: ...onitor Link Configuration Example Implementing Collaboration Between Smart Link and Monitor Link Network requirements As shown in Figure 261 the PCs access the server and Internet through the switch C...

Страница 935: ...nter Ethernet port view Disable STP on Ethernet2 0 1 and Ethernet2 0 2 SwitchA interface Ethernet 2 0 1 SwitchA Ethernet2 0 1 stp disable SwitchA Ethernet2 0 1 quit SwitchA interface Ethernet 2 0 2 Sw...

Страница 936: ...nitor link group 1 Configure Ethernet2 0 1 as the uplink port of the Monitor Link group and Ethernet2 0 2 and Ethernet2 0 3 as the downlink ports SwitchC mtlk group1 port Ethernet 2 0 1 uplink SwitchC...

Страница 937: ...t ROM You need also to confirm the upgrade operation in the upgrade process Boot ROM Upgrade Configuration Example Network requirements Use the current startup file to upgrade the Boot ROMs of all nor...

Страница 938: ...hrough negotiation to improve the adaptability and stability This mode is based on the corresponding Ethernet standards By default the Fabric and the service modules in a Switch 7750 Ethernet switch n...

Страница 939: ...number of times the Fabric fails to receive handshake packets exceeds the upper limit Monitoring Internal Channel Configuration Configuring Switch Chip Auto reset Introduction In actual application a...

Страница 940: ...ied module When the CPU usage of the module in the specified slot exceeds the configured threshold the switch sends trap messages and log messages to the network administrator If you set CPU threshold...

Отзывы:

Нет отзывов

Похожие инструкции для Switch 7757

Бренд: Gefen Страницы: 11

xStack DES-3500 Series

Бренд: D-Link Страницы: 260

DXS-3600 Series

Бренд: D-Link Страницы: 48

DXS-3400 SERIES

Бренд: D-Link Страницы: 3

Web Smart Switch DGS-1210-16

Бренд: D-Link Страницы: 71

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 56

xStack DES-3800 Series

Бренд: D-Link Страницы: 326

xStack DES-3526

Бренд: D-Link Страницы: 222

Бренд: D-Link Страницы: 2

DXS-1210 Series

Бренд: D-Link Страницы: 20

Бренд: Radial Engineering Страницы: 12

Бренд: Gavita Страницы: 12

Бренд: OEM Страницы: 1

Бренд: TRENDnet Страницы: 12

Бренд: Lantech Страницы: 24

Бренд: Hama Страницы: 56

Бренд: ATEN Страницы: 26

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды