HP Enterprise HP 3100-16 v2 Скачать руководство пользователя страница 97

Страница: 97 / 110

[SwitchB] user-profile profile2 enable

# Create a RADIUS scheme

scheme2

; set the service type for the RADIUS server to

extended

;

specify the IP addresses of the primary authentication/authorization server and accounting server

as 3::1; set the shared keys to 321123; specify that a username sent to the RADIUS server carry
no domain name.

[SwitchB] radius scheme scheme2

[SwitchB-radius-scheme2] server-type extended

[SwitchB-radius-scheme2] primary authentication 3::1

[SwitchB-radius-scheme2] key authentication 321123

[SwitchB-radius-scheme2] primary accounting 3::1

[SwitchB-radius-scheme2] key accounting 321123

[SwitchB-radius-scheme2] user-name-format without-domain

[SwitchB-radius-scheme2] quit

# Create an ISP domain

domain2

; reference

scheme2

for the authentication, authorization, and

accounting for LAN users; specify

domain2

as the default ISP domain.

[SwitchB] domain domain2

[SwitchB-isp-domian2] authentication lan-access radius-scheme scheme2

[SwitchB-isp-domian2] authorization lan-access radius-scheme scheme2

[SwitchB-isp-domian2] accounting lan-access radius-scheme scheme2

[SwitchB-isp-domian2] quit

[SwitchB] domain default enable domain2

# Globally enable 802.1X and then enable it on Ethernet 1/0/2 and Ethernet 1/0/3.

[SwitchB] dot1x

[SwitchB] interface ethernet 1/0/2

[SwitchB-Ethernet1/0/2] dot1x

[SwitchB-Ethernet1/0/2] quit

[SwitchB] interface ethernet 1/0/3

[SwitchB-Ethernet1/0/3] dot1x

[SwitchB-Ethernet1/0/3] quit

Configure RADIUS server:
On the RADIUS server, configure the parameters related to Switch A and Switch B. For more
information, see the configuration guide of the RADIUS server.

Verifying the configuration

After the configurations, the two multicast sources and hosts initiate 802.1X authentication. After passing

the authentication, Source 1 sends multicast flows to FF1E::101 and Source 2 sends multicast flows to

FF1E::102; Host A sends report messages to join IPv6 multicast groups FF1E::101 and FF1E::102. Use the

display mld-snooping group

command to display information about MLD snooping groups. For

example:
# Display information about MLD snooping groups in VLAN 104 on Switch B.

[SwitchB] display mld-snooping group vlan 104 verbose

Total 1 IP Group(s).

Total 1 IP Source(s).

Total 1 MAC Group(s).

Port flags: D-Dynamic port, S-Static port, C-Copy port

Vlan(id):104.

Total 1 IP Group(s).

Содержание HP 3100-16 v2

Страница 1: ...22A HP 3100 24 v2 SI Switch JG223A HP 3100 8 v2 EI Switch JD318B HP 3100 16 v2 EI Switch JD319B HP 3100 24 v2 EI Switch JD320B HP 3100 8 PoE v2 EI Switch JD311B HP 3100 16 PoE v2 EI Switch JD312B HP 3100 24 PoE v2 EI Switch JD313B Part number 5998 5994 Software version Release 5203P05 Document version 6W100 20140603 ...

Страница 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Страница 3: ...MP snooping fast leave processing 22 Disabling a port from becoming a dynamic router port 23 Configuring IGMP snooping querier 24 Enabling IGMP snooping querier 24 Configuring parameters for IGMP queries and responses 24 Configuring the source IP addresses for IGMP queries 25 Configuring IGMP snooping proxying 26 Enabling IGMP snooping proxying 26 Configuring a source IP address for the IGMP messa...

Страница 4: ...pecifying the version of MLD snooping 64 Configuring IPv6 static multicast MAC address entries 65 Configuring MLD snooping port functions 65 Configuring aging timers for dynamic ports 66 Configuring static ports 66 Configuring a port as a simulated member host 67 Enabling fast leave processing 68 Disabling a port from becoming a dynamic router port 68 Configuring MLD snooping querier 69 Enabling M...

Страница 5: ...st group policy fails to take effect 94 Configuring IPv6 multicast VLANs available only on the HP 3100 v2 EI 95 Overview 95 IPv6 multicast VLAN configuration task list 96 Configuring a port based IPv6 multicast VLAN 96 Configuration prerequisites 96 Configuring user port attributes 97 Configuring IPv6 multicast VLAN ports 97 Displaying and maintaining IPv6 multicast VLAN 98 IPv6 multicast VLAN con...

Страница 6: ...critical information services The term router in this document refers to both routers and Layer 3 switches Unless otherwise stated the term multicast in this document refers to IP multicast Information transmission techniques The information transmission techniques include unicast broadcast and multicast Unicast In unicast transmission the information source must send a separate copy of informatio...

Страница 7: ... D and Host E need the information If the information is broadcast to the subnet Host A and Host C also receive it In addition to information security issues broadcasting to hosts that do not need the information also causes traffic flooding on the same subnet Broadcast is disadvantageous in transmitting data to specific hosts Moreover broadcast transmission is a significant waste of network resou...

Страница 8: ... subnet but multicast is not Multicast features A multicast group is a multicast receiver set identified by an IP multicast address Hosts join a multicast group to become members of the multicast group before they can receive the multicast data addressed to that multicast group Typically a multicast source does not need to join a multicast group An information sender is called a multicast source A...

Страница 9: ...ource sends to multicast group G Here the asterisk represents any multicast source and G represents a specific multicast group S G Indicates a shortest path tree SPT or a multicast packet that multicast source S sends to multicast group G Here S represents a specific multicast source and G represents a specific multicast group Multicast advantages and applications Multicast advantages Advantages o...

Страница 10: ...ence between the SSM model and the ASM model is that in the SSM model receivers have already determined the locations of the multicast sources by some other means In addition the SSM model uses a multicast address range that is different from that of the ASM SFM model and dedicated multicast forwarding paths are established between receivers and the specified multicast sources Multicast architectu...

Страница 11: ...resses This block includes the following types of designated group addresses 232 0 0 0 8 SSM group addresses 233 0 0 0 8 Glop group addresses 239 0 0 0 to 239 255 255 255 Administratively scoped multicast addresses These addresses are considered locally unique rather than globally unique and can be reused in domains administered by different organizations without causing conflicts For more informa...

Страница 12: ... The Flags field contains four bits Figure 5 Flags field format Table 4 Flags field description Bit Description 0 Reserved set to 0 R When set to 0 it indicates that this address is an IPv6 multicast address without an embedded RP address When set to 1 it indicates that this address is an IPv6 multicast address with an embedded RP address The P and T bits must also be set to 1 P When set to 0 it i...

Страница 13: ...ant 24 bits of an IPv4 multicast MAC address are 0x01005E Bit 25 is 0 and the other 23 bits are the least significant 23 bits of a multicast IPv4 address Figure 6 IPv4 to MAC address mapping The most significant four bits of a multicast IPv4 address are 1110 which indicates that this address is a multicast address Only 23 bits of the remaining 28 bits are mapped to a MAC address so five bits of th...

Страница 14: ...ulticast VLAN IGMP PIM MSDP and MBGP are for IPv4 and MLD snooping IPv6 PIM snooping IPv6 multicast VLAN MLD IPv6 PIM and IPv6 MBGP are for IPv6 This section provides only general descriptions about applications and functions of the Layer 2 and Layer 3 multicast protocols in a network For more information about these protocols see the related chapters Layer 3 multicast protocols Layer 3 multicast ...

Страница 15: ... is used for delivery of multicast information between two ASs So far mature solutions include Multicast Source Discovery Protocol MSDP and Multicast Border Gateway Protocol MBGP MSDP propagates multicast source information among different ASs MBGP is an extension of the Multiprotocol Border Gateway Protocol MP BGP for exchanging multicast routing information among different ASs For the SSM model ...

Страница 16: ...arding mechanism In a multicast model a multicast source sends information to the host group identified by the multicast group address in the destination address field of IP multicast packets To deliver multicast packets to receivers located at different positions of the network multicast routers on the forwarding paths usually need to forward multicast packets that an incoming interface receives ...

Страница 17: ...ch floods multicast packets to all devices at Layer 2 With IGMP snooping enabled the Layer 2 switch forwards multicast packets for known multicast groups to only the receivers that require the multicast data at Layer 2 This feature improves bandwidth efficiency enhances multicast security and helps per host accounting for multicast users Figure 10 Before and after IGMP snooping is enabled on the L...

Страница 18: ... Switch B are member ports The switch registers all its member ports in its IGMP snooping forwarding table Unless otherwise specified router ports and member ports in this document include both static and dynamic router ports and member ports NOTE An IGMP snooping enabled switch deems that all its ports on which IGMP general queries with the source IP address other than 0 0 0 0 or that receive PIM...

Страница 19: ...the aging timer for the port If the receiving port is not in its router port list adds it into its router port list as a dynamic router port and starts an aging timer for the port When receiving a membership report A host sends an IGMP report to the IGMP querier for the following purposes If the host has been a member of a multicast group responds to the query with an IGMP report Applies for joini...

Страница 20: ...emove the port from the forwarding entry for that group Instead it restarts the aging timer for the port After receiving the IGMP leave message the IGMP querier resolves the multicast group address in the message and sends an IGMP group specific query to the multicast group through the port that received the leave message After receiving the IGMP group specific query the switch forwards it through...

Страница 21: ...or the forwarding entry for the multicast group If a forwarding entry matches the multicast group and contains the receiving port as a dynamic member port the proxy restarts the aging timer for the port If a forwarding entry matches the multicast group but does not contain the receiving port the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the ...

Страница 22: ...g Enabling IGMP snooping proxying Optional Configuring a source IP address for the IGMP messages sent by the proxy Optional Configuring an IGMP snooping policy Configuring a multicast group filter Optional Configuring multicast source port filtering Optional Enabling dropping unknown multicast data Optional Configuring IGMP report suppression Optional Setting the maximum number of multicast groups...

Страница 23: ...complete the following tasks Configure the corresponding VLANs Determine the version of IGMP snooping Enabling IGMP snooping When you enable IGMP snooping follow these guidelines You must enable IGMP snooping globally before you enable it in a VLAN When you enable IGMP snooping in a specified VLAN IGMP snooping works only on the ports in this VLAN To enable IGMP snooping Step Command Remarks 1 Ent...

Страница 24: ...cept 0100 5Exx xxxx where x represents a hexadecimal number from 0 to F can be manually added to the multicast MAC address table Multicast MAC addresses are the MAC addresses whose the least significant bit of the most significant octet is 1 Configuration procedure To configure a static multicast MAC address entry in system view Step Command Remarks 1 Enter system view system view N A 2 Configure ...

Страница 25: ...ry for that multicast group If the memberships of multicast groups change frequently you can set a relatively small value for the aging timer of the dynamic member ports If the memberships of multicast groups change rarely you can set a relatively large value Configuring aging timers for dynamic ports globally Step Command Remarks 1 Enter system view system view N A 2 Enter IGMP snooping view igmp...

Страница 26: ...yer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use either command 3 Configure the port as a static member port igmp snooping static group group address source ip source address vlan vlan id No static member ports exist by default 4 Configure the port as a static router port igmp snooping static router port vlan vlan ...

Страница 27: ...ocessing enabled when the switch receives an IGMP leave message on a port it immediately removes that port from the forwarding entry for the multicast group specified in the message Then when the switch receives IGMP group specific queries for that multicast group it does not forward them to that port On a port that has only one host attached you can enable IGMP snooping fast leave processing to s...

Страница 28: ...dition the IGMP general query or PIM hello message that the host sends affects the multicast routing protocol state on Layer 3 devices such as the IGMP querier or DR election and might further cause network interruption To solve these problems disable that router port from becoming a dynamic router port after the port receives an IGMP general query or a PIM hello message so as to improve network s...

Страница 29: ...switch sends IGMP queries so that multicast forwarding entries can be established and maintained at the data link layer To enable IGMP snooping querier Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Enable IGMP snooping querier igmp snooping querier Disabled by default IMPORTANT In a multicast network that runs IGMP you do not need to configure an IGM...

Страница 30: ...id N A 3 Set the interval for sending IGMP general queries igmp snooping query interval interval 60 seconds by default 4 Set the maximum response delay for IGMP general queries igmp snooping max response time interval 10 seconds by default 5 Set the IGMP last member query interval igmp snooping last member query interval interval 1 second by default Configuring the source IP addresses for IGMP que...

Страница 31: ...nable the function in a VLAN the device works as the IGMP snooping proxy for the downstream hosts and upstream router in the VLAN To enable IGMP snooping proxying in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Enable IGMP snooping proxying in the VLAN igmp snooping proxying enable Disabled by default Configuring a source IP address for the I...

Страница 32: ...oks up the ACL If a match is found to permit the port that received the report to join the multicast group the switch creates an IGMP snooping forwarding entry for the multicast group and adds the port to the forwarding entry Otherwise the switch drops this report message in which case the multicast data for the multicast group is not sent to this port and the user cannot retrieve the program Conf...

Страница 33: ...than to multicast sources because the port blocks all multicast data packets but it permits multicast protocol packets to pass If this feature is disabled on a port the port can connect to both multicast sources and multicast receivers Configuring multicast source port filtering globally Step Command Remarks 1 Enter system view system view N A 2 Enter IGMP snooping view igmp snooping N A 3 Enable ...

Страница 34: ...ault Configuring IGMP report suppression When a Layer 2 switch receives an IGMP report from a multicast group member the switch forwards the message to the Layer 3 device that directly connects to the Layer 2 switch When multiple members of a multicast group are attached to the Layer 2 switch the Layer 3 device might receive duplicate IGMP reports for the multicast group from these members With th...

Страница 35: ...ort group manual port group name Use either command 3 Set the maximum number of multicast groups that a port can join igmp snooping group limit limit vlan vlan list 512 by default Enabling multicast group replacement For various reasons the number of multicast groups that the switch or a port joins might exceed the upper limit In addition in some specific applications a multicast group that the sw...

Страница 36: ...anual port group name Use either command 3 Enable multicast group replacement igmp snooping overflow replace vlan vlan list Disabled by default Setting the 802 1p precedence for IGMP messages You can change the 802 1p precedence for IGMP messages so that they can be assigned higher forwarding priority when congestion occurs on their outgoing ports Setting the 802 1p precedence for IGMP messages gl...

Страница 37: ... found the host is allowed to leave the group Otherwise the leave message is dropped by the access switch A multicast user control policy is functionally similar to a multicast group filter A difference is that a control policy can control both multicast joining and leaving of users based on authentication and authorization but a multicast group filter is configured on a port to control only multi...

Страница 38: ... service for IP packets As defined in RFC 24724 the first six bits contains the DSCP priority for prioritizing traffic in the network and the last two bits are reserved This configuration applies to only the IGMP messages that the local switch generates when the switch or its port acts as a member host rather than those forwarded ones To set the DSCP value for IGMP messages Step Command Remarks 1 ...

Страница 39: ... view This command works only on an IGMP snooping enabled VLAN but not in a VLAN with IGMP enabled on its VLAN interface This command cannot remove the static group entries of IGMP snooping groups Clear statistics for the IGMP messages learned by IGMP snooping reset igmp snooping statistics Available in user view IGMP snooping configuration examples Group policy and simulated joining configuration...

Страница 40: ...rnet1 0 2 pim dm RouterA Ethernet1 0 2 quit 3 Configure Switch A Enable IGMP snooping and the function of dropping unknown multicast traffic globally SwitchA system view SwitchA igmp snooping SwitchA igmp snooping drop unknown SwitchA igmp snooping quit Create VLAN 100 assign Ethernet 1 0 1 through Ethernet 1 0 4 to this VLAN and enable IGMP snooping in the VLAN SwitchA vlan 100 SwitchA vlan100 po...

Страница 41: ...rbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 30 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 2 port Eth1 ...

Страница 42: ...e Protocol STP see Layer 2 LAN Switching Configuration Guide NOTE If no static router port is configured when the path of Switch A Switch B Switch C gets blocked at least one IGMP query response cycle must be completed before the multicast data can flow to the receivers along the new path of Switch A Switch C Namely multicast delivery will be interrupted during this process Figure 14 Network diagr...

Страница 43: ...g globally SwitchB system view SwitchB igmp snooping SwitchB igmp snooping quit Create VLAN 100 assign Ethernet 1 0 1 and Ethernet 1 0 2 to this VLAN and enable IGMP snooping in the VLAN SwitchB vlan 100 SwitchB vlan100 port ethernet 1 0 1 ethernet 1 0 2 SwitchB vlan100 igmp snooping enable SwitchB vlan100 quit 5 Configure Switch C Enable IGMP snooping globally SwitchC system view SwitchC igmp sno...

Страница 44: ...group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 1 port Eth1 0 2 D 00 03 23 MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port Eth1 0 2 The output shows that Ethernet 1 0 3 of Switch A has become a static router port Display detailed IGMP snooping group information in VLAN 100 on Switch C SwitchC display igmp snooping group vlan 100 verbos...

Страница 45: ... of multicast group 225 1 1 1 All the receivers run IGMPv2 and all the switches run IGMPv2 snooping Switch A which is close to the multicast sources is chosen as the IGMP snooping querier To prevent flooding of unknown multicast traffic within the VLAN be sure to configure all the switches to drop unknown multicast data packets Because a switch does not enlist a port that has heard an IGMP query w...

Страница 46: ...mp snooping quit Create VLAN 100 and assign Ethernet 1 0 1 through Ethernet 1 0 4 to the VLAN SwitchB vlan 100 SwitchB vlan100 port ethernet 1 0 1 to ethernet 1 0 4 Enable IGMP snooping in VLAN 100 SwitchB vlan100 igmp snooping enable SwitchB vlan100 quit Configurations on Switch C and Switch D are similar to the configuration on Switch B Verifying the configuration After the IGMP snooping querier...

Страница 47: ...es to the hosts on behalf of Router A Figure 16 Network diagram Configuration procedure 1 Configure an IP address and subnet mask for each interface as per Figure 16 Details not shown 2 On Router A enable IP multicast routing enable IGMP on Ethernet 1 0 1 and enable PIM DM on each interface RouterA system view RouterA multicast routing enable RouterA interface ethernet 1 0 1 RouterA Ethernet1 0 1 ...

Страница 48: ...IGMP snooping groups and IGMP multicast groups For example Display information about IGMP snooping groups on Switch A SwitchA display igmp snooping group Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 23 IP gro...

Страница 49: ...rt Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 23 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Host port s total 1 port Eth1 0 3 D MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port Eth1 0 3 Multicast source and user control policy configuration examp...

Страница 50: ...n102 quit SwitchA vlan 103 SwitchA vlan103 port ethernet 1 0 3 SwitchA vlan103 quit SwitchA vlan 104 SwitchA vlan104 port ethernet 1 0 4 SwitchA vlan104 quit Enable IP multicast routing Enable PIM DM on VLAN interface 101 VLAN interface 102 and VLAN interface 104 and enable IGMP on VLAN interface 104 SwitchA multicast routing enable SwitchA interface vlan interface 101 SwitchA Vlan interface101 pi...

Страница 51: ...horization server and accounting server as 3 1 1 1 set the shared keys to 123321 specify that no domain name is carried in a username sent to the RADIUS server SwitchA radius scheme scheme1 SwitchA radius scheme1 server type extended SwitchA radius scheme1 primary authentication 3 1 1 1 SwitchA radius scheme1 key authentication 123321 SwitchA radius scheme1 primary accounting 3 1 1 1 SwitchA radiu...

Страница 52: ... server as 3 1 1 1 set the shared keys to 321123 specify that a username sent to the RADIUS server carry no domain name SwitchB radius scheme scheme2 SwitchB radius scheme2 server type extended SwitchB radius scheme2 primary authentication 3 1 1 1 SwitchB radius scheme2 key authentication 321123 SwitchB radius scheme2 primary accounting 3 1 1 1 SwitchB radius scheme2 key accounting 321123 SwitchB ...

Страница 53: ...s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port P PIM port Vlan id 104 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port Eth1 0 1 D 00 01 30 IP group s the following ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Attribute Host Port Host port s total 1 port Eth1 0 3 D 00 04 10 MAC grou...

Страница 54: ...GMP snooping in VLAN view 3 If IGMP snooping is disabled only for the corresponding VLAN use the igmp snooping enable command in VLAN view to enable IGMP snooping in the corresponding VLAN Configured multicast group policy fails to take effect Symptom Although a multicast group policy has been configured to allow hosts to join specific multicast groups the hosts can still receive multicast data ad...

Страница 55: ... the display current configuration command to verify that the function of dropping unknown multicast data is enabled If not use the drop unknown command to enable the function of dropping unknown multicast data ...

Страница 56: ...yer 2 device is the solution to this issue With the multicast VLAN feature the Layer 3 device replicates the multicast traffic only in the multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN This saves network bandwidth and lessens the burden on the Layer 3 device As shown in Figure 19 Host A Host B and Host C are in different user VLANs All the user ports p...

Страница 57: ... Task Remarks Configuring user port attributes Required Configuring multicast VLAN ports Required Configuring a port based multicast VLAN When you configure a port based multicast VLAN you must configure the attributes of each user port and then assign the ports to the multicast VLAN A user port can be configured as a multicast VLAN port only if it is an Ethernet port or Layer 2 aggregate interfac...

Страница 58: ...interface number Enter port group view port group manual port group name Use either command 3 Configure the user port link type as hybrid port link type hybrid Access by default 4 Specify the user VLAN that comprises the current user ports as the default VLAN port hybrid pvid vlan vlan id VLAN 1 by default 5 Configure the current user ports to permit packets of the specified multicast VLANs to pas...

Страница 59: ... group view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter port group view port group manual port group name Use either command 5 Configure the current port as a member port of the multicast VLAN port multicast vlan vlan id By default a user port does not belong to any multicast VLAN Displaying and maintaining multicast VLA...

Страница 60: ...ost side interface Ethernet 1 0 2 RouterA system view RouterA multicast routing enable RouterA interface ethernet 1 0 1 RouterA Ethernet1 0 1 pim dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 pim dm RouterA Ethernet1 0 2 igmp enable 3 Configure Switch A Enable IGMP snooping globally SwitchA system view SwitchA igmp snooping SwitchA igmp snooping quit Create V...

Страница 61: ...rnet 1 0 2 and Ethernet 1 0 3 to VLAN 10 SwitchA mvlan 10 port ethernet 1 0 2 to ethernet 1 0 3 SwitchA mvlan 10 quit Assign Ethernet 1 0 4 to VLAN 10 SwitchA interface ethernet 1 0 4 SwitchA Ethernet1 0 4 port multicast vlan 10 SwitchA Ethernet1 0 4 quit Verifying the configuration Display the multicast VLAN information on Switch A SwitchA display multicast vlan Total 1 multicast vlan s Multicast...

Страница 62: ...Eth1 0 3 D Eth1 0 4 D MAC group s MAC group address 0100 5e01 0101 Host port s total 3 port s Eth1 0 2 Eth1 0 3 Eth1 0 4 The output shows that IGMP snooping is maintaining the router ports and member ports in VLAN 10 ...

Страница 63: ...r 2 switch floods IPv6 multicast packets to all devices at Layer 2 With MLD snooping enabled the Layer 2 switch forwards IPv6 multicast packets destined for known IPv6 multicast groups to only the receivers that require the multicast data at Layer 2 This feature improves bandwidth efficiency enhances multicast security and helps per host accounting for multicast users Figure 21 Before and after ML...

Страница 64: ...specified router ports and member ports in this document include both static and dynamic router ports and member ports NOTE An MLD snooping enabled switch deems that the all its ports that receive MLD general queries with the source address other than 0 0 or that receive IPv6 PIM hello messages are dynamic router ports Aging timers for dynamic ports in MLD snooping and related messages and actions...

Страница 65: ...witch forwards it through all the router ports in the VLAN resolves the address of the reported IPv6 multicast group and performs one of the following actions If no forwarding entry matches the group address creates a forwarding entry for the group adds the receiving port as a dynamic member port to the forwarding entry for the group and starts an aging timer for the port If a forwarding entry mat...

Страница 66: ...dgment for the port that received the MLD done message If the port assuming that it is a dynamic member port receives an MLD report in response to the MLD multicast address specific query before its aging timer expires it indicates that some host attached to the port is receiving or expecting to receive IPv6 multicast data for that IPv6 multicast group The switch restarts the aging timer for the p...

Страница 67: ... the IPv6 multicast group but does not contain the receiving port the proxy adds the port to the forwarding entry as a dynamic member port and starts an aging timer for the port If no forwarding entry matches the IPv6 multicast group the proxy creates a forwarding entry for the group adds the receiving port to the forwarding entry as a dynamic member port and starts an aging timer for the port The...

Страница 68: ...onfigurations that you make are effective only on the ports that belong to the current VLAN For a given VLAN a configuration that you make in MLD snooping view is effective only if you do not make the same configuration in VLAN view In MLD snooping view the configurations that you make are effective on all ports In Layer 2 Ethernet interface view or Layer 2 aggregate interface view the configurati...

Страница 69: ...D snooping Different versions of MLD snooping can process different versions of MLD messages MLDv1 snooping can process MLDv1 messages but flood MLDv2 messages in the VLAN instead of processing them MLDv2 snooping can process MLDv1 and MLDv2 messages If you change MLDv2 snooping to MLDv1 snooping the system Clears all MLD snooping forwarding entries that are dynamically created Keeps static MLDv2 ...

Страница 70: ...mac address interface interface list vlan vlan id No static multicast MAC address entries exist by default To configure an IPv6 static multicast MAC address entry in interface view Step Command Remarks 1 Enter system view system view N A 2 Enter Layer 2 Ethernet interface view Layer 2 aggregate interface view or port group view Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface v...

Страница 71: ...mer for dynamic member ports host aging time interval 260 seconds by default Setting the aging timers for the dynamic ports in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Set the aging timer for the dynamic router ports mld snooping router aging time interval 260 seconds by default 4 Set the aging timer for the dynamic member ports mld snoop...

Страница 72: ... as a simulated member host for an IPv6 multicast group A simulated host is equivalent to an independent host For example when a simulated member host receives an MLD query it gives a response separately Therefore the switch can continue receiving IPv6 multicast data A simulated host acts like a real host in the following ways When a port is configured as a simulated member host the switch sends a...

Страница 73: ...ulticast group the other hosts attached to the port in the same IPv6 multicast group cannot receive the IPv6 multicast data for the group Enabling fast leave processing globally Step Command Remarks 1 Enter system view system view N A 2 Enter MLD snooping view mld snooping N A 3 Enable fast leave processing fast leave vlan vlan list Disabled by default Enabling fast leave processing on a port Step...

Страница 74: ...port mld snooping router port deny vlan vlan list By default a port can become a dynamic router port NOTE This configuration does not affect the static router port configuration Configuring MLD snooping querier Before you configure MLD snooping querier complete the following tasks Enable MLD snooping in the VLAN Determine the MLD general query interval Determine the MLD last member query interval ...

Страница 75: ...l condition of the network A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query general query or multicast address specific query This timer is initialized to a random value in the range of 0 to the maximum response delay advertised in the MLD query message When the timer value decreases to 0 the host sends an MLD report to the IP...

Страница 76: ...pv6 address current interface FE80 02FF FFFF FE00 0001 by default 4 Configure the source IPv6 address of MLD multicast address specific queries mld snooping special query source ip ipv6 address current interface FE80 02FF FFFF FE00 0001 by default IMPORTANT The source IPv6 address of MLD query messages might affect MLD querier election within the subnet Configuring MLD snooping proxying Before you...

Страница 77: ...2FF FFFF FE00 0001 Configuring an MLD snooping policy Before you configure an MLD snooping policy complete the following tasks Enable MLD snooping in the VLAN Determine the IPv6 ACL rule for IPv6 multicast group filtering Determine the maximum number of IPv6 multicast groups that a port can join Determine the 802 1p precedence for MLD messages Configuring an IPv6 multicast group filter On an MLD s...

Страница 78: ...port group name Use either command 3 Configure an IPv6 multicast group filter mld snooping group policy acl6 number vlan vlan list By default no IPv6 group filter is configured on an interface That is the hosts on the interface can join any valid multicast group Enabling dropping unknown IPv6 multicast data Unknown IPv6 multicast data refers to IPv6 multicast data for which no entries exist in the...

Страница 79: ...function is enabled or not To configure MLD report suppression Step Command Remarks 1 Enter system view system view N A 2 Enter MLD snooping view mld snooping N A 3 Enable MLD report suppression report aggregation Enabled by default Setting the maximum number of multicast groups that a port can join You can set the maximum number of IPv6 multicast groups that a port can join to regulate the traffi...

Страница 80: ...p replacement function on the switch or on a certain port When the number of IPv6 multicast groups that the switch or the port has joined reaches the limit one of the following occurs If the IPv6 multicast group replacement feature is disabled new MLD reports are automatically discarded If the IPv6 multicast group replacement feature is enabled the IPv6 multicast group that the switch or the port ...

Страница 81: ... 1p precedence for MLD messages is 0 Setting the 802 1p precedence for MLD messages in a VLAN Step Command Remarks 1 Enter system view system view N A 2 Enter VLAN view vlan vlan id N A 3 Set the 802 1p precedence for MLD messages mld snooping dot1p priority priority number The default 802 1p precedence for MLD messages is 0 Configuring an IPv6 multicast user control policy IPv6 multicast user con...

Страница 82: ...s policy acl6 number No policy is configured by default That is a host can join or leave a valid multicast group at any time 4 Return to system view quit N A 5 Enable the created user profile user profile profile name enable Not enabled by default For more information about the user profile and user profile enable commands see Security Command Reference Enabling the MLD snooping host tracking func...

Страница 83: ...n id slot slot number verbose begin exclude include regular expression Available in any view Display information about the hosts tracked by MLD snooping display mld snooping host vlan vlan id group ipv6 group address source ipv6 source address slot slot number begin exclude include regular expression Available in any view Display IPv6 static multicast MAC address entries display mac address mac ad...

Страница 84: ...cast data for group FF1E 101 can be forwarded through Ethernet 1 0 3 and Ethernet 1 0 4 of Switch A even if Host A and Host B accidentally temporarily stop receiving IPv6 multicast data and that Switch A drops unknown IPv6 multicast data and does not broadcast the data to the VLAN where Switch A resides Figure 24 Network diagram Configuration procedure 1 Enable IPv6 forwarding and configure an IPv...

Страница 85: ...tchA acl ipv6 number 2001 SwitchA acl6 basic 2001 rule permit source ff1e 101 128 SwitchA acl6 basic 2001 quit SwitchA mld snooping SwitchA mld snooping group policy 2001 vlan 100 SwitchA mld snooping quit Configure Ethernet 1 0 3 and Ethernet 1 0 4 as simulated hosts for IPv6 multicast group FF1E 101 SwitchA interface ethernet 1 0 3 SwitchA Ethernet1 0 3 mld snooping host join ff1e 101 vlan 100 S...

Страница 86: ...ce the reliability of multicast traffic transmission Suppose STP runs on the network To avoid data loops the forwarding path from Switch A to Switch C is blocked under normal conditions and IPv6 multicast traffic flows to the receivers attached to Switch C only along the path of Switch A Switch B Switch C Configure Ethernet 1 0 3 on Switch C as a static router port so that IPv6 multicast traffic c...

Страница 87: ...ble RouterA Ethernet1 0 1 pim ipv6 dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 pim ipv6 dm RouterA Ethernet1 0 2 quit 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 100 assign Ethernet 1 0 1 through Ethernet 1 0 3 to this VLAN and enable MLD snooping in the VLAN SwitchA vlan 1...

Страница 88: ...AN SwitchC vlan 100 SwitchC vlan100 port ethernet 1 0 1 to ethernet 1 0 5 SwitchC vlan100 mld snooping enable SwitchC vlan100 quit Configure Ethernet 1 0 3 and Ethernet 1 0 5 as static member ports for IPv6 multicast group FF1E 101 SwitchC interface Ethernet 1 0 3 SwitchC Ethernet1 0 3 mld snooping static group ff1e 101 vlan 100 SwitchC Ethernet1 0 3 quit SwitchC interface Ethernet 1 0 5 SwitchC E...

Страница 89: ...otal 1 MAC Group s Router port s total 1 port s Eth1 0 2 D 00 01 23 IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Attribute Host Port Host port s total 2 port s Eth1 0 3 S Eth1 0 5 S MAC group s MAC group address 3333 0000 0101 Host port s total 2 port s Eth1 0 3 Eth1 0 5 The output shows that Ethernet 1 0 3 and Ethernet 1 0 5 on Switch C have become...

Страница 90: ...s globally SwitchA system view SwitchA ipv6 SwitchA mld snooping SwitchA mld snooping drop unknown SwitchA mld snooping quit Create VLAN 100 and assign Ethernet 1 0 1 through Ethernet 1 0 3 to VLAN 100 SwitchA vlan 100 SwitchA vlan100 port ethernet 1 0 1 to ethernet 1 0 3 Enable MLD snooping in VLAN 100 SwitchA vlan100 mld snooping enable Configure MLD snooping querier feature in VLAN 100 SwitchA ...

Страница 91: ...display mld snooping statistics Received MLD general queries 3 Received MLDv1 specific queries 0 Received MLDv1 reports 12 Received MLD dones 0 Sent MLDv1 specific queries 0 Received MLDv2 reports 0 Received MLDv2 reports with right and wrong records 0 Received MLDv2 specific queries 0 Received MLDv2 specific sg queries 0 Sent MLDv2 specific queries 0 Sent MLDv2 specific sg queries 0 Received erro...

Страница 92: ...quit 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 100 assign ports Ethernet 1 0 1 through Ethernet 1 0 4 to this VLAN and enable MLD snooping and MLD snooping proxying in the VLAN SwitchA vlan 100 SwitchA vlan100 port ethernet 1 0 1 to ethernet 1 0 4 SwitchA vlan100 mld snooping enable SwitchA vlan100 mld snooping ...

Страница 93: ...bout MLD multicast groups on Router A RouterA display mld group Total 1 MLD Group s Interface group report information Ethernet1 0 1 2001 1 Total 1 MLD Group reported Group Address FF1E 1 Last Reporter FE80 2FF FFFF FE00 1 Uptime 00 00 03 Expires 00 04 17 When Host A leaves the IPv6 multicast group it sends an MLD done message to Switch A Receiving the message Switch A removes port Ethernet 1 0 4 ...

Страница 94: ...quirements As shown in Figure 28 Switch A is a Layer 3 switch MLDv1 runs on Switch A and MLDv1 snooping runs on Switch B Multicast sources and hosts run 802 1X client An IPv6 multicast source control policy is configured on Switch A to block multicast flows from Source 2 to FF1E 101 An IPv6 multicast user control policy is configured on Switch B so that Host A can join or leave only multicast grou...

Страница 95: ...tchA interface vlan interface 104 SwitchA Vlan interface104 pim ipv6 dm SwitchA Vlan interface104 mld enable SwitchA Vlan interface104 quit Create a multicast source control policy policy1 so that multicast flows from Source 2 to FF1E 101 will be blocked SwitchA acl ipv6 number 3001 SwitchA acl6 adv 3001 rule permit udp source 2 1 128 destination ff1e 101 128 SwitchA acl6 adv 3001 quit SwitchA tra...

Страница 96: ...me1 SwitchA isp domian1 accounting lan access radius scheme scheme1 SwitchA isp domian1 quit SwitchA domain default enable domain1 Globally enable 802 1X and then enable it on Ethernet 1 0 1 and Ethernet 1 0 2 SwitchA dot1x SwitchA interface ethernet 1 0 1 SwitchA Ethernet1 0 1 dot1x SwitchA Ethernet1 0 1 quit SwitchA interface ethernet 1 0 2 SwitchA Ethernet1 0 2 dot1x SwitchA Ethernet1 0 2 quit ...

Страница 97: ... access radius scheme scheme2 SwitchB isp domian2 quit SwitchB domain default enable domain2 Globally enable 802 1X and then enable it on Ethernet 1 0 2 and Ethernet 1 0 3 SwitchB dot1x SwitchB interface ethernet 1 0 2 SwitchB Ethernet1 0 2 dot1x SwitchB Ethernet1 0 2 quit SwitchB interface ethernet 1 0 3 SwitchB Ethernet1 0 3 dot1x SwitchB Ethernet1 0 3 quit 4 Configure RADIUS server On the RADIU...

Страница 98: ...IPv6 multicast forwarding table on Switch A SwitchA display multicast ipv6 forwarding table ff1e 101 IPv6 Multicast Forwarding Table Total 1 entry Total 1 entry matched 00001 1 1 FF1E 101 MID 0 Flags 0x0 0 Uptime 00 08 32 Timeout in 00 03 26 Incoming interface Vlan interface101 List of 1 outgoing interfaces 1 Vlan interface104 Matched 19648 packets 20512512 bytes Wrong If 0 packets Forwarded 19648...

Страница 99: ...nalysis The IPv6 ACL rule is incorrectly configured The IPv6 multicast group policy is not correctly applied The function of dropping unknown IPv6 multicast data is not enabled so unknown IPv6 multicast data is flooded Solution 1 Use the display acl ipv6 command to check the configured IPv6 ACL rule Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented 2 Us...

Страница 100: ...t VLAN feature configured on the Layer 2 device is the solution to this issue With the IPv6 multicast VLAN feature the Layer 3 device needs to replicate the multicast traffic only in the IPv6 multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN This saves the network bandwidth and lessens the burden of the Layer 3 device As shown in Figure 30 Host A Host B an...

Страница 101: ...onfiguring user port attributes Required Configuring IPv6 multicast VLAN ports Required Configuring a port based IPv6 multicast VLAN When you configure a port based IPv6 multicast VLAN you need to configure the attributes of each user port and then assign the ports to the IPv6 multicast VLAN A user port can be configured as a multicast VLAN port only if it is an Ethernet port or Layer 2 aggregate ...

Страница 102: ...roup name Use either command 3 Configure the user port link type as hybrid port link type hybrid Access by default 4 Specify the user VLAN that comprises the current user ports as the default VLAN port hybrid pvid vlan vlan id VLAN 1 by default 5 Configure the current user ports to permit packets of the specified IPv6 multicast VLAN to pass and untag the packets port hybrid vlan vlan id list tagge...

Страница 103: ...ew port group manual port group name Use either command 5 Configure the ports as member ports of the IPv6 multicast VLAN port multicast vlan ipv6 vlan id By default a user port does not belong to any IPv6 multicast VLAN Displaying and maintaining IPv6 multicast VLAN Task Command Remarks Display information about an IPv6 multicast VLAN display multicast vlan ipv6 vlan id begin exclude include regul...

Страница 104: ...et1 0 1 ipv6 pim dm RouterA Ethernet1 0 1 quit RouterA interface ethernet 1 0 2 RouterA Ethernet1 0 2 ipv6 pim dm RouterA Ethernet1 0 2 mld enable 3 Configure Switch A Enable MLD snooping globally SwitchA system view SwitchA mld snooping SwitchA mld snooping quit Create VLAN 10 assign Ethernet 1 0 1 to VLAN 10 and enable MLD snooping in this VLAN SwitchA vlan 10 SwitchA vlan10 port ethernet 1 0 1 ...

Страница 105: ... ethernet 1 0 2 to ethernet 1 0 3 SwitchA ipv6 mvlan 10 quit Assign Ethernet 1 0 4 to IPv6 multicast VLAN 10 SwitchA interface ethernet 1 0 4 SwitchA Ethernet1 0 4 port multicast vlan ipv6 10 SwitchA Ethernet1 0 4 quit Verifying the configuration Display the IPv6 multicast VLAN information on Switch A SwitchA display multicast vlan ipv6 Total 1 IPv6 multicast vlan s IPv6 Multicast vlan 10 port lis...

Страница 106: ...01 Eth1 0 4 D MAC group s MAC group address 3333 0000 0101 Host port s total 3 port s Eth1 0 2 Eth1 0 3 Eth1 0 4 The output shows that MLD snooping is maintaining router ports and member ports in VLAN 10 ...

Страница 107: ...ing you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete list ...

Страница 108: ...eparated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cl...

Страница 109: ...r a unified wired WLAN module or the switching engine on a unified wired WLAN switch Represents an access point Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gateway or load balancing device Represents a security card such as a firewall load balancing NetStream SSL VPN IPS ...

Страница 110: ...and maintaining IGMP snooping 33 Displaying and maintaining IPv6 multicast VLAN 98 Displaying and maintaining MLD snooping 78 Displaying and maintaining multicast VLAN 54 I IGMP snooping configuration examples 34 IGMP snooping configuration task list 17 Introduction to multicast 1 IPv6 multicast VLAN configuration examples 98 IPv6 multicast VLAN configuration task list 96 M MLD snooping configurat...

Результаты поиска

Содержание HP 3100-16 v2

Отзывы:

Похожие инструкции для HP 3100-16 v2

Бренды по названию

Популярные бренды

HP Enterprise HP 3100-16 v2, Руководство по настройке

Результаты поиска

Содержание HP 3100-16 v2

Отзывы:

Похожие инструкции для HP 3100-16 v2

Бренды по названию

Популярные бренды