H3C WA Series Скачать руководство пользователя страница 72 | Manualshive

Страница: 72 / 76

background image

8-9

MAC-based VLAN implementation

With MAC-based VLAN configured, the AP processes received packets as follows:

z

When receiving an untagged frame, the AP looks up the list of MAC-to-VLAN mappings based on
the source MAC address of the frame for a match. Two matching modes are available: exact
matching and fuzzy matching. In exact matching mode, the AP searches the MAC-to-VLAN
mappings whose masks are all-Fs. If the MAC address in a MAC-to-VLAN mapping matches the
source MAC address of the untagged frame exactly, the AP ends the search and adds a VLAN tag
containing the corresponding VLAN ID to the packet. In fuzzy matching mode, the AP searches the
MAC-to-VLAN mappings whose masks are not all-Fs and performs a logical AND operation on the
keyword and each mask. If the result of an AND operation matches the corresponding MAC
address exactly, the AP ends the search the adds a VLAN tag containing the corresponding VLAN
ID to the packet. If no match is found, the system looks up other types of VLANs to make the
forwarding decision.

z

When receiving a tagged frame, the receiving port forwards the frame if it is assigned to the
corresponding VLAN or drops the frame if it is not. In this case, port-based VLAN applied.

Approaches to creating MAC address-to-VLAN mappings

In addition to creating MAC address-to-VLAN mappings at the CLI, you can use an authentication
server to automatically issue MAC address-to-VLAN mappings.

z

Manually Static configuration (through CLI)

You can associate MAC addresses with VLANs by using related commands.

z

Automatic configuration through the authentication server (that is, VLAN issuing)

The AP associates MAC addresses with VLANs dynamically based on the information provided by the
authentication server. If a user goes offline, the corresponding MAC address-to-VLAN association is
removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be
configured on the authentication server. For more information, see

802.1X

in the

Security Configuration

Guide

.

The two configuration approaches can be used at the same time, that is, you can configure a MAC
address-to-VLAN entry on both the local AP and the authentication server at the same time. Note that
the MAC address-to-VLAN entry configuration takes effect only when the configuration on the local AP
is consistent with that on the authentication server. Otherwise, the previous configuration takes effect.

Configuring a MAC Address-Based VLAN

MAC-based VLANs are available only on hybrid ports.

Follow these steps to configure a MAC-based VLAN:

To do...

Use the command...

Remarks

Enter system view

system-view

—

«
...
70
71
72
73
74
...
»

Содержание WA Series

Страница 1: ...H3C WA Series WLAN Access Points Layer 2 LAN Switching Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 6W100 20100910...

Страница 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Страница 3: ...A series Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter...

Страница 4: ...uments Purposes Marketing brochures Describe product specifications and benefits Product description and specifications Technology white papers Provide an in depth description of software features and...

Страница 5: ...tation on the World Wide Web at http www h3c com Click the links on the top navigation bar to obtain different categories of product documentation Technical Support Documents Technical Documents Provi...

Страница 6: ...nd Null Interface Configuration 5 1 Loopback Interface 5 1 Introduction to Loopback Interface 5 1 Configuring a Loopback Interface 5 1 Null Interface 5 2 Introduction to Null Interface 5 2 Configuring...

Страница 7: ...nfiguring the Mode a Port Uses to Recognize Send MSTP Packets 7 25 Enabling MSTP 7 26 Performing mCheck 7 27 Configuring Digest Snooping 7 28 Configuring No Agreement Check 7 30 Configuring Protection...

Страница 8: ...ess points include the WA2200 series and WA2600 series Table 1 1 shows the applicable models and software versions Table 1 1 Applicable models and software versions Series Model Software version WA221...

Страница 9: ...Not supported Supported 802 11n radio mode Not supported Supported 802 11n bandwidth mode Not supported Supported WLAN Configuration Guide 802 11n rate configuration Not supported Supported Optical E...

Страница 10: ...that support the 802 11b g radio mode support this command Only APs that support the 802 11b g radio mode support this command radio type Keywords dot11an and dot11gn not supported Supported WLAN serv...

Страница 11: ...hing Command Reference The maximum number of unknown unicast packets allowed on an Ethernet interface per second unicast suppression ratio pps max pps pps max pps ranges from 1 to 148810 pps max pps r...

Страница 12: ...enting Layer 2 fast forwarding This document describes Layer 2 Ethernet interface attributes and configuration on the AP Configuring Basic Settings of an Ethernet Interface You can set an Ethernet int...

Страница 13: ...d sending packets In this way flow control helps avoid packet drops Follow these steps to enable flow control on an Ethernet interface To do Use the command Remarks Enter system view system view Enter...

Страница 14: ...ace Task Remarks Configuring Storm Suppression Optional Applicable to Layer 2 Ethernet interfaces Setting the Interface Statistics Polling Interval Optional Applicable to Layer 2 Ethernet interfaces E...

Страница 15: ...terfaces Enabling Loopback Detection on an Ethernet Interface If an interface receives a packet that it sent out a loop has occurred Loops may cause broadcast storms which degrade network performance...

Страница 16: ...oopback detection control on a trunk or hybrid port loopback detection control enable Optional Disabled by default z To use loopback detection on an Ethernet interface you must enable the function bot...

Страница 17: ...4 6 To do Use the command Remarks Display the information about the loopback function display loopback detection Available in any view...

Страница 18: ...an AP you can streamline the rule by configuring it to permit or deny packets carrying the loopback interface address identifying the AP Note that when a loopback interface is used for source address...

Страница 19: ...of a static route to a specific network segment any packets routed to the network segment are dropped The null interface provides you a simpler way to filter packets than ACL In other words you can fi...

Страница 20: ...s display interface loopback interface number Available in any view Display information about the null interface display interface null 0 Available in any view Clear the statistics on a loopback inter...

Страница 21: ...s document covers only the configuration of static dynamic and blackhole unicast MAC address table entries Overview An AP maintains a MAC address table for frame forwarding Each entry in this table in...

Страница 22: ...port different from the one where the real MAC address is connected to the AP will create an entry for the forged MAC address and forward frames destined for the legal user to the hacker instead To en...

Страница 23: ...be performed in any order Configuring MAC Address Entries Usually an AP can populate its MAC address table automatically by learning the source MAC addresses of incoming frames To improve port securi...

Страница 24: ...rce MAC addresses Disabling MAC address learning globally Disabling MAC address learning globally disables the learning function on all ports Follow these steps to disable MAC address learning globall...

Страница 25: ...ivity for a long time all the dynamic entries in the MAC address table maintained by the AP will be deleted When it happens the AP broadcasts a large amount of data packets which may be listened to by...

Страница 26: ...ciously on the network you can add a destination blackhole MAC address entry for the MAC address to drop all packets destined for the host for security sake z Set the aging timer for dynamic MAC addre...

Страница 27: ...agement protocol the Spanning Tree Protocol STP eliminates Layer 2 loops by selectively blocking redundant links in a network and in the mean time allows for link redundancy Like many other protocols...

Страница 28: ...e root bridge after network convergence only the root bridge generates and sends out configuration BPDUs at a certain interval and the other bridges just forward the BPDUs 2 Root port On a non root br...

Страница 29: ...anning tree calculation Important fields in a configuration BPDU include z Root bridge ID consisting of the priority and MAC address of the root bridge z Root path cost the cost of the path to the roo...

Страница 30: ...nfiguration BPDU of this port z If the received configuration BPDU has a higher priority than that of the configuration BPDU generated by the port the bridge replaces the content of the configuration...

Страница 31: ...h the port role is to be defined and acts depending on the comparison result z If the calculated configuration BPDU is superior the bridge considers this port as the designated port and replaces the c...

Страница 32: ...y change to the configuration BPDU of each port and starts sending out configuration BPDUs periodically AP1 0 0 0 AP1 AP2 0 0 0 AP2 z Port BP1 receives the configuration BPDU of Device A 0 0 0 AP1 Dev...

Страница 33: ...z Then port CP2 receives the updated configuration BPDU of Device B 0 5 1 BP2 Because the received configuration BPDU is superior to its own configuration BPDU Device C launches a BPDU update process...

Страница 34: ...mes faulty the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout In this case the bridge will generate a configurat...

Страница 35: ...port or a port connected with a point to point link If the designated port is an edge port it can enter the forwarding state directly if the designated port is connected with a point to point link it...

Страница 36: ...to instance 1 VLAN2 mapped to instance 2 Other VLANs mapped to CIST Region B0 VLAN1 mapped to instance 1 VLAN2 mapped to instance 2 Other VLANs mapped to CIST Region C0 VLAN1 mapped to instance 1 VLA...

Страница 37: ...ction is the IST in the respective MST region 4 CST The CST is a single spanning tree that connects all MST regions in a switched network If you regard each MST region as a bridge the CST is a spannin...

Страница 38: ...ata to the root bridge z Designated port a port responsible for forwarding data to the downstream network segment or bridge z Master port A port on the shortest path from the current region to the com...

Страница 39: ...rt roles Port role right Port state below Root port master port Designated port Alternate port Backup port Forwarding Learning Discarding How MSTP works MSTP divides an entire Layer 2 network into mul...

Страница 40: ...z Loop guard z TC BPDU guard z Support for hot swapping of interface cards and active standby changeover Protocols and Standards MSTP is documented in z IEEE 802 1d Spanning Tree Protocol z IEEE 802 1...

Страница 41: ...ts Optional Configuring the leaf nodes Enabling MSTP Required Performing mCheck Optional Configuring Digest Snooping Optional Configuring No Agreement Check Optional Configuring Protection Functions O...

Страница 42: ...nning tree calculation process which may result in network topology instability To reduce the possibility of topology instability caused by configuration MSTP will not immediately launch a new spannin...

Страница 43: ...instance id root secondary Required By default the AP does not function as a secondary root bridge z After specifying the AP as the root bridge or a secondary root bridge you cannot change the priori...

Страница 44: ...uring the AP as the root bridge or a secondary root bridge you cannot change the priority of the AP z During root bridge selection if all bridges in a spanning tree have the same priority the one with...

Страница 45: ...network diameter you configured MSTP automatically sets an optimal hello time forward delay and max age for the bridge z The configured network diameter is effective for the CIST only and not for MST...

Страница 46: ...cally the larger the network diameter is the longer the forward delay time should be Note that if the forward delay setting is too small temporary redundant paths may be introduced if the forward dela...

Страница 47: ...idge is busy A spanning tree calculation that occurs in this case not only is unnecessary but also wastes the network resources In a very stable network you can avoid such unwanted spanning tree calcu...

Страница 48: ...mmand Remarks Enter system view system view Enter Ethernet interface view or WLAN Mesh interface view interface interface type interface number Enter interface view or port group view Enter port group...

Страница 49: ...state 802 1d 1998 802 1t Private standard 0 65535 200 000 000 200 000 10 Mbps Single Port Aggregate Link 2 Ports Aggregate Link 3 Ports Aggregate Link 4 Ports 100 100 100 100 2 000 000 1 000 000 666...

Страница 50: ...the root port of a bridge If all other conditions are the same the port with the highest priority will be elected as the root port On an MSTP enabled bridge a port can have different priorities in dif...

Страница 51: ...ystem view system view Enter Ethernet interface view or WLAN Mesh interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manu...

Страница 52: ...the MSTP packet format incompatibility guard function In MSTP mode if a port is configured to recognize send MSTP packets in a mode other than auto and receives a packet in a format different from th...

Страница 53: ...TP or RSTP mode but will remain in the STP compatible mode under the following circumstances z The bridge running STP is shut down or removed z The bridge running STP migrates to the MSTP or RSTP mode...

Страница 54: ...ling the Digest Snooping feature on the port connecting the local bridge to a third party device in the same MST region can make the two devices communicate with each other Before enabling digest snoo...

Страница 55: ...lly to disable it on all associated ports z To avoid loops do not enable Digest Snooping on MST region edge ports z It is recommended that you enable Digest Snooping first and then MSTP To avoid traff...

Страница 56: ...P the down stream bridge sends an agreement packet regardless of whether an agreement packet from the upstream bridge is received Figure 7 7 shows the rapid state transition mechanism on MSTP designat...

Страница 57: ...on name revision level and VLAN to instance mappings on the two bridges thus assigning them to the same region Configuring No Agreement To make the No Agreement Check feature take effect enable it on...

Страница 58: ...Under normal conditions these ports should not receive configuration BPDUs However if someone forges configuration BPDUs maliciously to attack the devices the network will become instable MSTP provid...

Страница 59: ...e forwarding delay it will revert to its original state Make this configuration on a designated port Follow these steps to enable root guard To do Use the command Remarks Enter system view system view...

Страница 60: ...immediate forwarding address entry flushes that the AP can perform within a certain period of time after receiving the first TC BPDU For TC BPDUs received in excess of the limit the AP performs forwar...

Страница 61: ...of all MSTIs display stp root Available in any view Clear the statistics information of MSTP reset stp interface interface list Available in user view MSTP Configuration Example Network requirements C...

Страница 62: ...P B Enter MST region view AP B system view AP B stp region configuration Configure the region name VLAN to instance mappings and revision level of the MST region AP B mst region region name example AP...

Страница 63: ...ion revision level 0 Activate MST region configuration manually AP C mst region active region configuration AP C mst region quit Enable MSTP globally AP C stp enable View the MST region configuration...

Страница 64: ...ettings z Configuring Basic Settings of a VLAN Interface z Port Based VLAN Configuration z MAC Based VLAN Configuration z VLAN Configuration Example Introduction to VLAN VLAN Overview Ethernet is a ne...

Страница 65: ...3 Flexible virtual workgroup creation As users from the same workgroup can be assigned to the same VLAN regardless of their physical locations network construction and maintenance is much easier and m...

Страница 66: ...the frame belongs to The VLAN ID range is 0 to 4095 As 0 and 4095 are reserved by the protocol a VLAN ID actually ranges from 1 to 4094 When receiving a frame a network device looks at its VLAN tag t...

Страница 67: ...interfaces are virtual interfaces used for Layer 3 communication between different VLANs They do not exist as physical entities on network devices For each VLAN you can create one VLAN interface After...

Страница 68: ...the default VLAN traffic passing through a trunk port will be VLAN tagged Usually ports connecting network devices are configured as trunk ports to allow members of the same VLAN to communicate with...

Страница 69: ...e frame Trunk z Remove the tag and send the frame if the frame carries the default VLAN tag and the port belongs to the default VLAN z Send the frame without removing the tag if its VLAN is carried on...

Страница 70: ...lan vlan id Optional By default all access ports belong to VLAN 1 Before assigning an access port to a VLAN create the VLAN first Assigning a Trunk Port to a VLAN A trunk port can carry multiple VLANs...

Страница 71: ...quired Assign the hybrid port to the specified VLAN s port hybrid vlan vlan id list tagged untagged Required By default a hybrid port allows packets from only VLAN 1 to pass through untagged Configure...

Страница 72: ...d VLAN applied Approaches to creating MAC address to VLAN mappings In addition to creating MAC address to VLAN mappings at the CLI you can use an authentication server to automatically issue MAC addre...

Страница 73: ...display interface vlan interface vlan interface id Available in any view Display MAC address to VLAN entries display mac vlan all dynamic mac address mac address mask mac mask static vlan vlan id Ava...

Страница 74: ...om VLAN 2 VLAN 6 through VLAN 50 and VLAN 100 to pass through AP Ethernet1 0 1 port trunk permit vlan 2 6 to 50 100 Please wait Done AP Ethernet1 0 1 quit AP quit 2 Configure Device B as you configure...

Страница 75: ...throttles 0 CRC 0 frame 0 overruns 0 aborts 0 ignored 0 parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pau...

Страница 76: ...nd Maintaining Loopback and Null Interfaces 5 3 Displaying and Maintaining MAC Address Tables 6 6 Displaying and Maintaining MSTP 7 34 Displaying and Maintaining VLAN 8 10 G General Ethernet Interface...

Отзывы:

Нет отзывов

Похожие инструкции для WA Series

Бренд: Paradyne Страницы: 86

Бренд: ZyXEL Communications Страницы: 2

TL-WR541G - Wireless Router

Бренд: TP-Link Страницы: 91

Бренд: Malmbergs Страницы: 6

Бренд: Caimore Страницы: 83

Бренд: Xunison Страницы: 12

Бренд: Loopcomm Страницы: 68

Бренд: Trango Broadband Wireless Страницы: 52

Instant Wireless WAP54G

Бренд: Linksys Страницы: 67

Бренд: AirLive Страницы: 50

Бренд: Nimbus Water Systems Страницы: 10

Бренд: Lafalink Страницы: 2

Бренд: Watchguard Страницы: 24

Бренд: Watchguard Страницы: 26

Бренд: Watchguard Страницы: 34

Бренд: Link Play Страницы: 24

Skyr@cer WBR 254G

Бренд: Topcom Страницы: 104

Бренд: Solwise Страницы: 10

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды