H3C SR6600 Series Скачать руководство пользователя страница 14

Страница: 14 / 22

Why doesn't the running configuration on a reunified IRF fabric include the configuration that I made
on one chassis after an IRF split?

When an IRF fabric merges, the chassis in the Recovery-state IRF fabric reboots with the running
configuration on the active IRF fabric. The configuration you made on the recovery IRF fabric will not
take effect.

Network security and attack prevention

This section contains the most frequently asked questions about network security and attack
prevention.

What attack prevention types does the router support?

The router supports protection against ARP, network layer, and transport layer attacks, as shown
in

Table 2

Table 2 Attack prevention types

Attack prevention types

Description

ARP attack

ARP source suppression

Prevents IP attack packets from fixed sources.

ARP black hole routing

Prevents IP attack packets from sources that are not fixed.

ARP active
acknowledgement

Prevents user spoofing.

Source MAC-based ARP
attack detection

Prevents ARP packet attacks from the same source MAC.

ARP packet source MAC
consistency check

Prevents attacks from ARP packets whose source MAC
address in the Ethernet header is different from the sender
MAC address in the message body.

Network layer

uRPF check

Protects a network against source spoofing attacks.

TTL attack prevention

Prevents an attack by disabling sending ICMP time
exceeded messages.

Transport layer

SYN flood attack
prevention

Enables the server to directly return a SYN ACK message
upon receiving a TCP connection request, without
establishing a half-open TCP connection.

Does the router support local authentication before RADIUS authentication?

No. Local authentication can be performed only when no response is received from the RADIUS
server.

Why cannot a user log in to an ACS authentication server through a console port when the router
uses RADIUS authentication?

The user can log in to an ACS server through a console port only when you clear the

Login-Service

option for the ACS server configuration.

Why can the level for the RADIUS server (the router) only be 1 when it connects to an ACS server?

The symptom might occur when one of the following conditions exists:

•

The 2011/002 private attributes for the ACS server are not complete.

•

The

Login-Service

attribute for the ACS server is not configured.

Содержание SR6600 Series

Страница 1: ...chnologies Co Ltd All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co Ltd The informat...

Страница 2: ...yed on the console terminal is incorrect sometimes Why 5 Q Data loss occurred after I logged in to the router through the console port What should I do 6 Q How can I clear a Telnet connection 6 Q Can...

Страница 3: ...port 12 Q What protocols and features does BFD support on the router 12 Q What interfaces can be used for link aggregation 12 Q Does the router support cross card link aggregation 13 IP routing 13 Q D...

Страница 4: ...n does the router support 17 Q Does OpenFlow support controlling Layer 2 forwarded packets 17 Q Does OpenFlow support controlling MPLS forwarded packets 17 Q Does the OpenFlow forwarding process depen...

Страница 5: ...X 2 4 1 2 SR6616 X 2 8 1 4 Q What MPUs are available for the router A The RT RPE X3 MPU is available for the SR6600 routers A BKEC carrier is required to install an MPU on the router The RT RSE X3 MP...

Страница 6: ...dules on the same router Q Are the power modules on the router hot swappable A Yes Make sure the maximum output power of the power modules available on the router is larger than the total power consum...

Страница 7: ...the lower threshold or reaches the warning threshold the router displays a log message and a trap When the temperature reaches the alarm threshold the router repeatedly displays log and trap messages...

Страница 8: ...mware software You do not need to upgrade the BootWare separately For an SR6602 X1 or SR6602 X2 router or an RSE X2 MPU to migrate from Comware 5 to Comware 7 you must follow the BootWare upgrade step...

Страница 9: ...uration file NULL Slot 1 Current saved configuration file NULL Next main startup saved configuration file flash startup cfg Next backup startup saved configuration file NULL System management and main...

Страница 10: ...ed the packet statistics on an interface by using the reset counters interface command Why does the MIB browser show that the error packet count is still the same A The MIB browser shows the values of...

Страница 11: ...before I save the running configuration A The configuration is saved on the Flash or CF card During startup the router configures LPUs by loading the configuration to memory If you execute the save co...

Страница 12: ...or remove it from an IRF port in IRF mode A In IRF mode you must shut down a physical interface before you bind it to or remove it from an IRF port After the physical interface is bound to or removed...

Страница 13: ...e chassis A No Each subordinate chassis must have an MPU to communicate with the global active MPU and manage forwarding on the local chassis If you remove both the MPUs on a subordinate chassis its i...

Страница 14: ...sistency check Prevents attacks from ARP packets whose source MAC address in the Ethernet header is different from the sender MAC address in the message body Network layer uRPF check Protects a networ...

Страница 15: ...ine class view to assign a user role to a user line Users who log in through the user line will get the user role Execute the authorization attribute user role command in local user view to specify a...

Страница 16: ...g technologies does the router support A The router supports the following tunneling technologies IPv6 over IPv4 tunneling Enables IPv6 packets to traverse IPv4 networks and enables isolated IPv6 netw...

Страница 17: ...t interface automatically computes its OSPF cost according to the interface rate with the following formula Interface OSPF cost Bandwidth reference value 100 Mbps Interface rate Mbps If the calculated...

Страница 18: ...c route N A N A Yes Yes IPv6 static route N A N A N A Yes RIP Yes Yes Yes Yes RIPng Yes Yes Yes No OSPF Yes Yes Yes Yes OSPFv3 Yes Yes Yes Yes IS IS Yes Yes Yes Yes IPv6 IS IS Yes Yes Yes Yes BGP Yes...

Страница 19: ...it only packets from the source 99 100 100 4 to the group 225 1 1 1 follow these steps 1 Configure an ACL Sysname acl number 3000 Sysname acl adv 3000 rule 0 permit ip source 99 100 100 4 0 destinatio...

Страница 20: ...the router A Yes Q Is IP multicast unavailable if I configure both of VPLS and IP multicast on the same interface of the router A Yes Do not configure both of VPLS and IP multicast on the same interfa...

Страница 21: ...y A Yes Q Can I use VXLAN for Layer 2 forwarding on the router A No OpenFlow This section contains the most frequently asked questions about OpenFlow Q Which cards do not support OpenFlow A The FIP 60...

Страница 22: ...18 Q Does OpenFlow support VLAN interfaces A The VLAN interfaces support only MAC IP flow tables and do not support extensibility flow tables...

Результаты поиска

Содержание SR6600 Series

Отзывы:

Похожие инструкции для SR6600 Series

Бренды по названию

Популярные бренды

H3C SR6600 Series, Часто задаваемые вопросы

Результаты поиска

Содержание SR6600 Series

Отзывы:

Похожие инструкции для SR6600 Series

Бренды по названию

Популярные бренды