background image

Preface 

The H3C firewall devices configuration guides (Comware V7) describe the software features and 

configuration procedures for the Comware V7-based firewall devices in "

Applicable devices

." These 

guides also provide configuration examples to help you apply software features to different network 
scenarios.  
The 

Interface Configuration Guide 

describes interface configuration. It covers the configuration for bulk 

interfaces, Ethernet interfaces, loopback interfaces, null interfaces, inloopback interfaces, and Blade 

interfaces. 
This preface includes: 

 

Applicable devices 

 

Audience 

 

Conventions 

 

About the H3C firewall documentation set 

 

Obtaining documentation 

 

Technical support 

 

Documentation feedback 

Applicable devices 

This document applies to the following firewall devices: 

 

Product series 

Model 

Device type 

H3C SecPath F5000 firewalls 

F5020/F5040 

Centralized IRF devices. These 
devices support IRF. 

H3C SecPath M9000 multiservice 
security gateways 

M9006/M9010/M9014 

Distributed devices. These devices 
support IRF. They can operate in 

one of the following modes: 

 

Standalone mode

—The device 

cannot form an IRF fabric with 

other devices. 

 

IRF mode

—The device can form 

an IRF fabric with other devices. 

H3C SecPath virtual multiservice 
security gateways 

VFW1000 

Centralized devices. These devices 
do not support IRF. 

 

Audience 

This document is intended for: 

 

Network planners. 

 

Field technical support and servicing engineers. 

Содержание SecPath F5020

Страница 1: ...figuration Guide Comware V7 Hangzhou H3C Technologies Co Ltd http www h3c com Software version F5020 F5040 firewalls ESS9304 M9006 M9010 M9014 security gateways ESS9114 VFW1000 virtual firewalls ESS92...

Страница 2: ...ne SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective...

Страница 3: ...rewall documentation set Obtaining documentation Technical support Documentation feedback Applicable devices This document applies to the following firewall devices Product series Model Device type H3...

Страница 4: ...ional syntax choices separated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered...

Страница 5: ...udes Category Documents Purposes Product description and specifications Marketing brochures Describe product specifications and benefits Hardware specifications and installation Compliance and safety...

Страница 6: ...tallation software upgrading and software feature configuration and maintenance documentation Products Solutions Provides information about products and technologies as well as solutions Software Down...

Страница 7: ...Ethernet interface 12 Forcibly bringing up a fiber port 13 Configuring a Layer 2 Ethernet interface 15 Setting speed options for autonegotiation on an Ethernet interface 15 Configuring storm suppressi...

Страница 8: ...interface range The more interfaces in an interface range the longer the command execution time The maximum number of interface range names is limited only by the system resources To guarantee bulk in...

Страница 9: ...s name rather than the interface range to enter the interface range view 3 Optional Display commands available for the first interface in the interface range Enter a question mark at the interface ran...

Страница 10: ...faces see Configuring a Layer 2 Ethernet interface For more information about the settings specific to Layer 3 Ethernet interfaces or subinterfaces see Configuring a Layer 3 Ethernet interface or subi...

Страница 11: ...Mbps Layer 2 Ethernet interface you can also set speed options for autonegotiation The two ends can select a speed only from the available options For more information see Setting speed options for a...

Страница 12: ...e interface type interface number subnumber N A 3 Set the description for the Ethernet subinterface description text The default setting is interface name Interface For example GigabitEthernet1 0 1 1...

Страница 13: ...e Configuring jumbo frame support The following matrix shows the feature and hardware compatibility Hardware Jumbo frame support compatibility F5020 F5040 No M9006 M9010 M9014 Yes VFW1000 No An Ethern...

Страница 14: ...f the change for guiding packet forwarding Automatically generates traps and logs to inform users to take the correct actions To prevent frequent physical link flapping from affecting system performan...

Страница 15: ...the interface flaps the penalty increases by 1000 for each down event It does not increase for up events Ceiling The penalty stops increasing when it reaches the ceiling Suppress limit The accumulated...

Страница 16: ...per layer protocols Do not enable the dampening function on an interface with MSTP enabled Configuration procedure To configure dampening on an Ethernet interface Step Command Remarks 1 Enter system v...

Страница 17: ...opback tests follow these restrictions and guidelines On an administratively shut down Ethernet interface displayed as in ADM or Administratively DOWN state you cannot perform an internal or external...

Страница 18: ...its peer When the interface receives a flow control frame from its peer it suspends sending packets to its peer To handle unidirectional traffic congestion on a link configure the flow control receive...

Страница 19: ...rate statistics collection on an Ethernet interface CAUTION Use this feature with caution because it might consume a large amount of system resources The following matrix shows the feature and hardwar...

Страница 20: ...ports compatibility F5020 F5040 No M9006 M9010 M9014 Yes VFW1000 No As shown in Figure 2 a fiber port uses separate fibers for transmitting and receiving packets The physical state of the fiber port...

Страница 21: ...installed with a fiber to copper converter 100 1000 Mbps transceiver module or 100 Mbps transceiver module To solve the problem use the undo port up mode command on the fiber port Configuration proced...

Страница 22: ...9010 M9014 Yes VFW1000 No By default speed autonegotiation enables an Ethernet interface to negotiate with its peer for the highest speed that both ends support You can narrow down the speed option li...

Страница 23: ...below this threshold Any of the storm constrain broadcast suppression multicast suppression and unicast suppression commands can suppress storm on an interface The broadcast suppression multicast sup...

Страница 24: ...s not automatically come up To bring up the interface use the undo shutdown command or disable the storm control function You can configure an Ethernet interface to output threshold event traps and lo...

Страница 25: ...thernet interface sends traps when monitored traffic exceeds the upper threshold or drops below the lower threshold from the upper threshold Setting the MDIX mode of an Ethernet interface IMPORTANT Fi...

Страница 26: ...nection of an Ethernet interface and displays cable test result within 5 seconds The test result includes the cable s status and some physical parameters If any fault is detected the test result shows...

Страница 27: ...s Additionally when a Layer 3 Ethernet subinterface is created it uses the MAC address of its main interface by default As a result all Layer 3 Ethernet subinterfaces of a Layer 3 Ethernet interface s...

Страница 28: ...trol on the specified interfaces display storm constrain broadcast multicast unicast interface interface type interface number Display the Ethernet module statistics display ethernet statistics Displa...

Страница 29: ...te from the loopback interface to the peer is reachable by performing routing configuration All data packets sent to the loopback interface are considered packets sent to the device itself so the devi...

Страница 30: ...setting is NULL0 Interface 4 Restore the default settings for the null interface default N A Configuring an inloopback interface An inloopback interface is a virtual interface created by the system wh...

Страница 31: ...nterfaces together to form a Blade aggregation group The corresponding logical interface of a Blade aggregation group is called a Blade aggregate interface For more information see Layer 2 LAN Switchi...

Страница 32: ...e 22 Configuring a null interface 23 Configuring an inloopback interface 23 Configuring common Ethernet interface settings 3 D Displaying and maintaining a Blade interface 24 Displaying and maintainin...

Отзывы: