SMC Networks Edge-core ES4704BD Скачать руководство пользователя страница 110

Страница: 110 / 859

110

Usage Guide:

To use this function you have to enable “dosattack-check icmp-attacking

enable” first

Example:

Set the max net length of the ICMPv6 data packet permitted by the switch to

100

Switch(Config)# dosattack-check icmp-attacking enable

Switch(Config)# dosattack-check icmpv6-size 100

2.6.4 Security Feature Example

Scenario:

The User has follows configuration requirements: the switch do not forward data

packet whose source IP address is equal to the destination address, and those whose

source port is equal to the destination port. Only the ping command with defaulted

options is allowed within the IPv4 network, namely the ICMP request packet can not be

fragmented and its net length is normally smaller than 100

Configuration procedure:

Switch(Config)#

dosattack-check srcip-equal-dstip enable

Switch(Config)# dosattack-check srcport-equal-dstport enable

Switch(Config)# dosattack-check ipv4-first-fragment enable

Switch(Config)# dosattack-check icmp-attacking enable

Switch(Config)# dosattack-check icmpv4-size 100

2.7 Jumbo Configuration

2.7.1 Jumbo Introduction

So far the Jumbo (Jumbo Frame) has not reach a determined standard in the

industry (including the format and length of the frame). Normally frames sized within

1519-8996 should be considered jumbo frame. Networks with jumbo frames will increase

the speed of the whole network by 2% to 5%. Technically the Jumbo is just a lengthened

frame sent and received by the switch. However considering the length of Jumbo frames,

they will not be sent to CPU. We discarded the Jumbo frames sent to CPU in the packet

receiving process.

2.7.2 Jumbo Configuration Task Sequence

Содержание Edge-core ES4704BD

Страница 1: ...1 www smc com ES4700 Series Chassis Core Routing Switch...

Страница 2: ...es 4 and 10 slots with support for various types of line cards and can seamlessly support a variety of network interfaces from 100Mb 1000Mb to 10 GB Ethernet We are providing this manual for your bett...

Страница 3: ...WEB MANAGEMENT 33 1 3 1 Main Page 33 1 3 2 Module Front Panel 33 CHAPTER 2 BASIC SWITCH CONFIGURATION 35 2 1 COMMANDS FOR BASIC SWITCH CONFIGURATION 35 2 1 1 Command For Basic Configuration 35 2 2 CO...

Страница 4: ...bo Introduction 110 2 7 2 Jumbo Configuration Task Sequence 110 2 7 3 Jumbo Command 111 2 8 SFLOW CONFIGURATION 111 2 8 1 sFlow introduction 111 2 8 2 sFlow Configuration Task 112 2 8 3 Commands For s...

Страница 5: ...sync 137 3 7 3 force switchover 137 3 7 4 reset slot 137 3 7 5 runcfg sync 138 3 7 6 show fan 138 3 7 7 show power 139 3 7 8 show slot 139 CHAPTER 4 PORT CONFIGURATION 140 4 1 INTRODUCTION TO PORT 140...

Страница 6: ...LACP port group configuration 174 5 5 2 LACP port configuration 175 CHAPTER 6 VLAN CONFIGURATION 176 6 1 VLAN CONFIGURATION 176 6 1 1 Introduction to VLAN 176 6 1 2 VLAN Configuration Task List 177 6...

Страница 7: ...6 4 Voice VLAN Troubleshooting 215 CHAPTER 7 MAC TABLE CONFIGURATION 216 7 1 INTRODUCTION TO MAC TABLE 216 7 1 1 Obtaining MAC Table 216 7 1 2 Forward or Filter 218 7 2 MAC ADDRESS TABLE CONFIGURATION...

Страница 8: ...ing 245 8 3 21 spanning tree tcflush global mode 246 8 3 22 spanning tree tcflush port mode 246 8 4 MSTP EXAMPLE 247 8 5 MSTP TROUBLESHOOTING HELP 252 8 5 1 Monitor And Debug Command 252 8 6 WEB MANAG...

Страница 9: ...URPF Configuration Task Sequence 325 10 4 4 Commands For URPF 326 10 4 5 URPF Troubleshooting 327 10 5 ARP 327 10 5 1 Introduction to ARP 327 10 5 2 ARP Configuration Task List 328 10 5 3 Command for...

Страница 10: ...366 13 2 PREVENT ARP ND SPOOFING CONFIGURATION 366 13 2 1 Prevent ARP ND Spoofing Configuration Task List 366 13 3 COMMANDS FOR PREVENTING ARP ND SPOOFING 367 13 3 1 ip arp security updateprotect 367...

Страница 11: ...iguration Task List 437 14 5 3 Commands For RIPng 440 14 5 4 RIPng Configuration Examples 445 14 5 5 RIPng Troubleshooting Help 447 14 6 OSPF 451 14 6 1 Introduction to OSPF 451 14 6 2 OSPF Configurat...

Страница 12: ...ry mrsp 606 15 3 9 ip igmp snooping vlan query robustness 606 15 3 10 ip igmp snooping vlan suppression query time 606 15 4 IGMP SNOOPING EXAMPLE 607 15 5 IGMP SNOOPING TROUBLESHOOTING HELP 609 15 5 1...

Страница 13: ...CSCM Configuration Task List 664 17 5 3 Command For ECSCM 667 17 5 4 ECSCM Configuration Examples 672 17 5 5 ECSCM Troubleshooting 673 17 6 IGMP 675 17 6 1 Introduction to IGMP 675 17 6 2 Configuratio...

Страница 14: ...3 Access list Action and Global Default Action 747 19 2 ACL CONFIGURATION 747 19 2 1 ACL Configuration Task Sequence 747 19 2 2 Commands for ACL 760 19 3 ACL EXAMPLE 779 19 4 ACL TROUBLESHOOTING 780 1...

Страница 15: ...vrrp 823 21 3 11 virtual ip 823 21 4 EXAMPLE OF VRRP 824 21 5 VRRP TROUBLESHOOTING 825 21 6 WEB MANAGEMENT 825 21 6 1 Create VRRP Number 825 21 6 2 configure VRRP Dummy IP 826 21 6 3 configure VRRP Po...

Страница 16: ...ER 23 CLUSTER CONFIGURATION 848 23 1 INTRODUCTION TO CLUSTER 848 23 2 CLUSTER MANAGEMENT CONFIGURATION SEQUENCE 848 23 3 COMMANDS FOR CLUSTER 851 23 3 1 cluster run 851 23 3 2 cluster register timer 8...

Страница 17: ...17 23 5 2 Cluster Administration Troubleshooting 859...

Страница 18: ...address to the switch via the Console interface to be able to access the switch through Telnet The procedures for managing the switch via Console interface are listed below Step 1 setting up the envi...

Страница 19: ...The example below is based on the HyperTerminal included in Windows XP 1 Click Start menu All Programs Accessories Communication HyperTerminal Fig 1 2 Opening HyperTerminal 2 Type a name for opening H...

Страница 20: ...m 1 for stop bit and none for traffic control or you can also click Revert to default and click OK Fig 1 5 Opening HyperTerminal Step 3 Entering switch CLI interface Power on the switch The following...

Страница 21: ...d management refers to the management by login to the switch using Telnet In band management enables management of the switch for some devices attached to the switch In the case when in band managemen...

Страница 22: ...m the host and verify the result check for reasons if ping failed The IP address configuration commands for VLAN1 interface are listed below Before in band management the switch must be configured wit...

Страница 23: ...ord for authorized Telnet users must be configured with the following command username user password 0 7 password Assume an authorized user in the switch has a username of test and password of test th...

Страница 24: ...s such as a router Similar to management via Telnet as soon as the host succeeds to ping an IP address of the switch and to type the right login password it can access the switch via HTTP The configur...

Страница 25: ...uld be in the square brackets Step 3 Logon to the switch To logon to the HTTP configuration interface valid login user name and password are required otherwise the switch will reject HTTP access This...

Страница 26: ...26 Fig 1 10 Web Login Interface Input the right username and password and then the main Web configuration interface is shown as below Fig 1 11 Main Web Configuration Interface...

Страница 27: ...nds are categorized according to their functions in switch configuration and management Each category represents a different configuration mode The Shell for the switch is described below z Configurat...

Страница 28: ...return to User Mode When exit command is run it will exit the entry and enter user entry system direct Next users can reenter the system on entering corresponding user name and password Under Admin Mo...

Страница 29: ...igure port channel related settings such as duplex mode speed etc Use the exit command to return to Global Mode 1 2 2 5 VLAN Mode Using the vlan vlan id command under Global Mode can enter the corresp...

Страница 30: ...p command under Global Mode Switch Config Ext Nacl b Configure parameters for Extended IP ACL Mode Use the exit command to return to Global Mode 1 2 3 Configuration Syntax ES4700 series provides vario...

Страница 31: ...ft right and Blank Space If the terminal does not recognize Up and Down keys ctrl p and ctrl n can be used instead Key s Function Back Space Delete a character before the cursor and the cursor moves b...

Страница 32: ...eturned if the position should be a keyword then a set of keywords with brief description will be returned if the output is cr then the command is complete press Enter to run the command 3 A immediate...

Страница 33: ...g config the system will report a Ambiguous command error if only show r is entered as Shell is unable to tell whether it is show rom or show running config Therefore Shell will only recognize the com...

Страница 34: ...on the right of the page system information and command parameter are displayed Click the main menu link to browse other management links and to display configuration and statistic information Fig 1...

Страница 35: ...is for exiting admin mode Admin Mode config terminal Enter global mode from admin mode Various Modes exit Exit current mode and enter previous mode such as using this command in global mode to go bac...

Страница 36: ...g authentication login radius 2 1 1 2 calendar set Command calendar set HH MM SS DD MON YYYY MON DD YYYY Function Set system date and time Parameter HH MM SS is the current time and the valid scope fo...

Страница 37: ...Mode from User Mode Command mode User Mode Usage Guide To prevent unauthorized access of non admin user user authentication is required i e Admin user password is required when entering Admin Mode fro...

Страница 38: ...nges between 0 2147483 Command mode Global mode Default Default timeout is 10 minutes Usage guide To secure the switch as well to prevent malicious actions from unauthorized user the time will be coun...

Страница 39: ...tch according to their own requirements Example Set the prompt to Test Switch Config hostname Test 2 1 1 12 ip host Command ip host hostname ip_addr no ip host hostname Function Set the mapping relati...

Страница 40: ...nfiguation is for supplying a interface configured with HTTP for the user which is straight and visual esay to understand This command functions equal to selection 2 of the main menu in Setup mode to...

Страница 41: ...cuting the command it insures that priority of one user is 15 if it uses username command configuration to login Only this can ensure that the user accesses from common mode to admin mode and modify s...

Страница 42: ...parameter for ping Switch ping 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echos to 10 1 128 160 timeout is 2 seconds Success rate is 40 percent 2 5 round trip min avg max 0 0 0 ms As shown i...

Страница 43: ...g packets on users demands When the ipv6 address is the local link address a vlan interface name is needed to be specified When specifying source IPv6 address the sent icmp query packets will use spec...

Страница 44: ...s n Use source IPv6 address not used by default Source IPv6 address Source IPv6 IP address Repeat count 5 Number of ping packets to be sent 5 by default Datagram size in byte 56 Size of Ping packet 56...

Страница 45: ...characters displayed in each screen on terminal vty The no service terminal length command cancels the screen shifting operation Parameter Columns of characters displayed on each screen of vty rangin...

Страница 46: ...efers to non stop display Command mode Admin mode Default Default columns is 25 Usage guide Set columns of characters displayed in each screen on terminal so that the More message will be shown when d...

Страница 47: ...mmand traceroute6 ipv6 addr host hostname hops hops timeout timeout Function This command is for testing the gateways passed by the data packets from the source device to the destination device so to...

Страница 48: ...r can log in use name and priority after the command configures before login local command is executed Enable username and password it insures that priority of one user is maximum 15 so that users cou...

Страница 49: ...ommand write Function Save the currently configured parameters to the Flash memory Command mode Admin Mode Usage Guide After a set of configuration with desired functions the setting should be saved t...

Страница 50: ...ugh TCP connection This is a transparent service as to the user the keyboard and monitor seems to be connected to the remote host directly Telnet employs the Client Server mode the local system is the...

Страница 51: ...t shown in dotted decimal notation ipv6 addr is the IPv6 address of the remote host hostname is the name of the remote host containing max 30 characters port is the port number ranging between 0 65535...

Страница 52: ...or disable the Telnet client to login to the switch Example Disable the Telnet server function in the switch Switch Config no ip telnet server 2 2 3 3 3 telnet server securityip Command telnet server...

Страница 53: ...n Task List 1 SSH Server Configuration Command Explanation Global Mode ssh server enable no ssh server enable Enable SSH function on the switch the no ssh server enable command disables SSH function s...

Страница 54: ...ample Set the number of times for retrying SSH authentication to 5 Switch Config ssh server authentication retries 5 2 2 4 3 2 ssh server enable Command ssh server enable no ssh server enable Function...

Страница 55: ...l Mode Default SSH authentication timeout is 180 seconds by default Example Set SSH authentication timeout to 240 seconds Switch Config ssh server timeout 240 2 2 4 3 5 ssh user Command ssh user usern...

Страница 56: ...ress if the first hop returns an ICMP error message to inform this packet can not be sent due to TTL timeout a data packet with TTL at 2 will be sent Also the send hop may be a TTL timeout return but...

Страница 57: ...e show calendar Display current system clock show debugging Display the debugging state dir Display the files and the sizes saved in the flash show history Display the recent user input history comman...

Страница 58: ...e and time so that the system clock can be adjusted in time if inaccuracy occurs Example Switch show calendar Current time is TUE AUG 22 11 00 01 2002 2 2 7 1 2 show debugging Command show debugging F...

Страница 59: ...of words 64 002100 0000 0000 0000 0000 0000 0000 0000 0000 002110 0000 0000 0000 0000 0000 0000 0000 0000 002120 0000 0000 0000 0000 0000 0000 0000 0000 002130 0000 0000 0000 0000 0000 0000 0000 0000...

Страница 60: ...e next power up Default If the configuration parameters read from the Flash are the same as the default operating parameter nothing will be displayed Command mode Admin Mode Usage Guide The show runni...

Страница 61: ...on Display all user information that can login the switch Usage Guide This command can be used to check for all user information that can login the switch Example Switch show users User level havePasw...

Страница 62: ...rameter where the range of unit is 1 Function Display the switch version Default The default value for unit is 1 Command mode Admin Mode Usage Guide Use this command to view the version information fo...

Страница 63: ...maintenance z Assign a proper log buffer zone inside the switch for record the log information permanently or temporarily z Configure the log host the log system will directly send the log informatio...

Страница 64: ...log information by severity level is that only the log information with level equal to or higher than the threshold will be outputted So when the severity threshold is set to debugging all information...

Страница 65: ...n NVRAM and SDRAM log buffer zone we can use the clear logging command 2 2 9 2 System Log Configuration 2 2 9 2 1 System Log Configuration Task Sequence 1 Display and clear log buffer zone 2 Configure...

Страница 66: ...nnel and related to the main control chip M1 with index ID between 940 and 946 Switch show logging buffered slot M1 level critical range 940 946 Log information on Active Master Current messages in NV...

Страница 67: ...everity is the severity threshold of the log information severity level The rule of the log information output is explained as follows only those with a level equal to or higher than the threshold wil...

Страница 68: ...d save the log in the record equipment local7 Configuration procedure Switch Config interface Ethernet 0 Switch Config Ethernet0 ipv6 address 3ffe 506 1 64 Switch Config Ethernet0 exit Switch Config l...

Страница 69: ...face IP address the no ip address ip_address mask secondary command deletes VLAN interface IP address 2 BootP configuration Command Explanation ip address bootp no ip address bootp Enable the switch t...

Страница 70: ...128 1 255 255 255 0 Switch Config If Vlan1 exit 2 3 2 2 ip address bootp client Command ip address bootp client no ip address bootp client Function Enable the switch to be a BootP client and obtain I...

Страница 71: ...by vast numbers of manufacturers for its simplicity and easy implementation SNMP v2c is an enhanced version of SNMP v1 which supports layered network management SNMP v3 strengthens the security by add...

Страница 72: ...the messages can t be viewed on transmission And USM authentication ensures that the messages can t be changed on transmission USM employs DES CBC cryptography And HMAC MD5 and HMAC SHA are used for a...

Страница 73: ...ontains sub trees which are called groups Objects in those groups cover all the functional domains in network management NMS obtains the network management information by visiting the MIB of SNMP Agen...

Страница 74: ...user 6 Configure group 7 Configure view 8 Configuring TRAP 9 Enable Disable RMON 1 Enable or disable SNMP Agent server function Command Explanation snmp server no snmp server Enable the SNMP Agent fu...

Страница 75: ...group string NoauthNopriv AuthNopriv AuthPriv read read string write write string notify notify string no snmp server group group string NoauthNopriv AuthNopriv AuthPriv Set the group information on...

Страница 76: ...RMON the no rmon enable command disables RMON Command mode Global Mode Default RMON is disabled by default Example 1 Enable RMON Switch config rmon enable Example 2 Disable RMON Switch config no rmon...

Страница 77: ...of encoding error packets number of requested variablest Number of variables requested by NMS number of altered variables Number of variables set by NMS get request PDUs Number of packets received by...

Страница 78: ...IP address of the NMS which is allowed to access Agent 2 4 3 4 snmp server community Command snmp server community string ro rw snmp server community string Function Configure the community string for...

Страница 79: ...s Command snmp server enable traps no snmp server enable traps Function Enable the switch to send Trap message the no snmp server enable traps command disables the switch to send Trap message Command...

Страница 80: ...e RMON event group has no community character string configured the community character string configured in this command will be applied when sending the Trap of RMON and if the community character s...

Страница 81: ...mple Switch show snmp engineid SNMP engineID 3138633303f1276c Engine Boots is 1 Displayed Information Explanation SNMP engineID Engine number Engine Boots Engine boot counts 2 4 3 11 show snmp group C...

Страница 82: ...Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 2 4 3 14 show snmp vi...

Страница 83: ...ion This command is used to configure a new group the no form of this command deletes this group Command Mode Global Mode Parameter group string group name which includes 1 32 characters NoauthNopriv...

Страница 84: ...de Global Mode Parameter view string view name containing 1 32 characters oid string is OID number or corresponding node name containing 1 255 characters include exclude include exclude this OID Usage...

Страница 85: ...d5 hello deletes an User Switch Config no snmp server user tester UserGroup 2 4 3 20 snmp server securityip Command snmp server securityip ipv4 address ipv6 address no snmp server securityip ipv4 addr...

Страница 86: ...to access the switch with read only permission Scenario 2 NMS will receive Trap messages from the switch Note NMS may have community string verification for the Trap messages In this scenario the NMS...

Страница 87: ...server securityip command and community string use snmp server community command are correctly configured as any of them fails SNMP will not be able to communicate with NMS properly If Trap function i...

Страница 88: ...stem image file and the boot file is the same The switch supplies the user with two modes of updating 1 BootROM mode 2 TFTP and FTP update at Shell mode This two update method will be explained in det...

Страница 89: ...8 1 2 24 and PC address is 192 168 1 66 24 and select TFTP upgrade the configuration should like Boot setconfig Host IP Address 10 1 1 1 192 168 1 2 Server IP Address 10 1 1 2 192 168 1 66 FTP 1 or TF...

Страница 90: ...01 01 00 00 00 SH boot conf 83 1900 01 01 00 00 00 SH nos img 2 431 631 1980 01 01 00 21 34 startup config 2 922 1980 01 01 00 09 14 temp img 2 431 631 1980 01 01 00 00 32 2 CONFIG RUN command Used to...

Страница 91: ...anagement connection notify the server to establish a passive connection The server then create its own data listening port and inform the client about the port and the client establishes data connect...

Страница 92: ...tion file stores in FLASH only corresponding to the so called configuration save To prevent illicit file upload and easier configuration ES4700 series mandates the name of start up configuration file...

Страница 93: ...rl destination url ascii binary FTP TFTP client upload download file 2 For FTP client server file list can be checked Global Mode dir ftpServerUrl For FTP client server file list can be checked FtpSer...

Страница 94: ...es or directories to be copied destination url is the destination address to which the files or directories to be copied forms of source url and destination url vary depending on different locations o...

Страница 95: ...3 2 2 2 copy TFTP Command copy source url destination url ascii binary Function Download files to the TFTP client Parameter source url is the location of the source files or directories to be cop ied...

Страница 96: ...h copy running config startup config 2 5 3 2 2 3 dir Command dir ftp server url Function Browse the file list on the FTP server Parameter The form of ftp server url is ftp username password ipv4a ddre...

Страница 97: ...ds this limit the FTP management connection will be disconnected Example Modify the idle threshold to 100 seconds Switch config Switch Config ftp server timeout 100 2 5 3 2 2 6 show ftp Command show f...

Страница 98: ...on number Command tftp server retransmission number number Function Set the retransmission time for TFTP server Parameter number is the time to re transfer the valid range is 1 to 20 Default The defau...

Страница 99: ...he computer The configuration procedures of the switch is listed below Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config...

Страница 100: ...e computer Scenario 3 The switch is used as TFTP server The switch operates as the TFTP server and connects from one of its ports to a computer which is a TFTP client Transfer the nos img file in the...

Страница 101: ...uter downloaded to the FLASH TFTP Configuration Computer side configuration Start TFTP server software on the computer and place nos img boot rom and startup config to the appropriate TFTP server dire...

Страница 102: ...shell maintenance statistics xls some display omitted here show txt snmp TXT 226 Transfer complete 2 5 5 FTP TFTP Troubleshooting Help 2 5 5 1 FTP Troubleshooting Help When upload download system fil...

Страница 103: ...s successful otherwise the switch may be rendered unable to start If the system file and system start up file upgrade through FTP fails please try to upgrade again or use the BootROM mode to upgrade 2...

Страница 104: ...ice which is a simple but effective destructive attack on the internet The server under DoS attack will drop normal user data packet due to non stop processing the attacker s data packet leading to th...

Страница 105: ...ent This command has no effect when used separately but if this function is not enabled the switch will not drop the IPv4 fragment packet containing unauthorized TCP labels 2 6 2 3 Anti Port Cheat Fun...

Страница 106: ...igure the max permitted ICMPv4 net length This command has not effect when used separately the user have to enable the dosattack check icmp attacking enable dosattack check icmpv6 size size dosattack...

Страница 107: ...s destination port Switch Config dosattack check ipv4 first fragment enable Switch Config dosattack check srcport equal dstport enable 2 6 3 3 dosattack check tcp flags enable Command no dosattack che...

Страница 108: ...Enable the function by which the switch detects TCP fragment attacks the no form of this command disables this function Parameter None Default This function is not enabled on the switch by default Com...

Страница 109: ...ttack check icmpv4 size Command dosattack check icmpv4 size size Function Configure the max net length of the ICMPv4 data packet permitted by the switch Parameter size is the max net length of the ICM...

Страница 110: ...r than 100 Configuration procedure Switch Config dosattack check srcip equal dstip enable Switch Config dosattack check srcport equal dstport enable Switch Config dosattack check ipv4 first fragment e...

Страница 111: ...sFlow introduction The sFlow RFC 3176 is a protocol based on standard network export and used on monitoring the network traffic information developed by the InMon Company The monitored switch or route...

Страница 112: ...Configuration Task 1 Configure sFlow Collector address Command Explanation Global mode and interface mode sflow destionation collector address collector port no sflow destionation Configure the IP add...

Страница 113: ...n sFlow the no form of this command restores to the default 6 Configure the sampling rate value Command Explanation Interface Mode sflow rate input input rate output output rate no sflow rate input ou...

Страница 114: ...ould be configured to let the sFlow sample proxy work properly Example Configure the analyzer address and port at global mode switch config sflow destionation 192 168 1 200 1025 2 8 3 2 sflow agent ad...

Страница 115: ...be identified whether it is IPv4 or IPv6 when sent to the CPU certain length of the head of the group has to be copied to the sFlow packet and sent out The length of the copied content is configured...

Страница 116: ...of the sFlow hardware sampling The no form of this command deletes the sampling rate value Parameter input rate is the rate of ingress group sampling the valid range is 1000 16383500 output rate is t...

Страница 117: ...is 2 The priority of sFlow when receiving packets from the hardware is 2 Sflow DataSource type 2 index 194 Ethernet3 2 One sample proxy data source of the sFlow is the interface e3 1 and its type is...

Страница 118: ...s 10 1 144 2 Switch config sflow destionation 192 168 1 200 Switch config sflow priority 1 Switch config config in e3 1 Switch Config If Ethernet3 1 sflow rate input 10000 Switch Config If Ethernet3 1...

Страница 119: ...of TACACS protocol is adopted with TCP protocol further with the packet head except for standard packet head encryption this protocol is of a more reliable transmission and encryption characteristics...

Страница 120: ...and deletes TACACS authentication server Parameter ip address is the IPof the server port number is the listening port number of the server the valid range is 0 65535 amongst 0 indicates it will not b...

Страница 121: ...cacs server timeout seconds no tacacs server timeout Function Configure a TACACS server authentication timeout timer the no tacacs server timeout command restores the default configuration Parameter s...

Страница 122: ...Switch Config interface vlan 1 Switch Config if vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config if vlan1 exit Switch Config tacacs server authentication host 10 1 1 3 Switch Config tacacs serve...

Страница 123: ...mpts of command line interface and the mapping address relationship with the host Basic clock configuration configure date and clock of the system Users should configure HH MM SS as 23 0 0 and YY MM D...

Страница 124: ...priority as Read only mode and choose State as Valid or configure Community string as private choose Access priority as Read and write mode and choose State as Valid The command will be applied to th...

Страница 125: ...s which will be allowed to access to the NMS management station of the switch 5 4 4 2 6 z Security ip address Security IP address of NMS z State Valid to configure Invalid to remove Example configure...

Страница 126: ...ate allows device to send Trap messages Example choose Snmp Agent state as Open choose RMON state as Open and choose Trap state as Open Then click on the Apply button 2 10 3 Switch upgrade Users shoul...

Страница 127: ...t files by using ASCII standard binary means the files are transmitted in the binary standard Example the Figure below shows how to get the system file from TFTP Server 10 1 1 1 which has server file...

Страница 128: ...ocal file name nos img The ftp username is switch and password is switch Click Apply 2 10 3 4 FTP server configuration Users should click Switch basic configuration and FTP server service to enter int...

Страница 129: ...telnet login to display the Telnet client messages connected through Telnet with the switch z Show telnet user to display all Telnet client messages with authenticated switch access through Telnet z S...

Страница 130: ...asier to configure Users just click a configuration node and the relating messages will appear Example to display the clock to display FLASH files 2 10 5 Basic introduction to switch Users should clic...

Страница 131: ...unning config Users should save the current running config by clicking Switch maintenance Save current running config and Apply 2 10 6 3 Reboot Users should reboot the switch by clicking Switch mainte...

Страница 132: ...ther the password is encrypted when displaying configuration information Operation includes Remove user and Add user Example set the Telnet user name as switch and password as switch and then click on...

Страница 133: ...ter control board in the smaller slot number becomes the Active Master and the other board becomes the Standby Master 3 2 Device Management Configuration 3 2 1 Switch Basic Configuration Command reset...

Страница 134: ...ion is RW 1 3 2 hardware version is 1 1 bootrom version is 1 3 1 serialNo is N043900039 manufactureDate is 2004 09 10 temperature is 33 4375 3 3 1 2 show fan Command show fan Function to display wheth...

Страница 135: ...ment packets receive displays incoming device management packets state displays card status change information Default Debugging information is disabled by default Command mode Admin Mode 3 4 Card Hot...

Страница 136: ...ll be lost upon system restart When the system is operating normally and the user hot inserts a card into a slot with a different card inserted previously the system will not reload configuration if t...

Страница 137: ...rce runcfg sync Function Enforce the synchronizing running config from active master to standby master Command Mode Admin mode Usage Guide When the running config varies from the startup configure thi...

Страница 138: ...s Command Mode Global mode Default Auto synchronization function disabled by default Usage Guide This command is for configuring the interval between which the active master synchronizes the running c...

Страница 139: ...ction Show basic informations of each chips Parameter slotno is the number of the slot the chip resides ranging between 1 4 for 4 slots device or 1 8 for 8 slots device Default All chip information wi...

Страница 140: ...l characters such as or can be used to separate ports is used for discrete port numbers and is used for consecutive port numbers Suppose an operation should be performed on ports 2 3 4 5 of the card i...

Страница 141: ...le types 5 Configure port speed and duplex mode 6 Configure bandwidth control 7 Configure traffic control 8 Enable Disable port loopback function 9 Configure broadcast storm control function for the s...

Страница 142: ...dwidth used for incoming outgoing traffic for specified ports flow control no flow control Enables Disables traffic control function for specified ports loopback no loopback Enables Disables loopback...

Страница 143: ...P preferred Fiber connected copper not connected Copper cable port Fiber cable port Fiber cable port Fiber cable port Copper connected fiber not connected Copper cable port Copper cable port Fiber cab...

Страница 144: ...h should not exceeds 32 characters Command Mode Port Mode Default No port name by default Usage Guide This command is for helping the use manage switches such as the user assign names according to the...

Страница 145: ...interface Ethernet Command interface ethernet interface list Function Enters Ethernet Interface Mode from Global Mode Parameters interface list stands for port number Command mode Global Mode Usage Gu...

Страница 146: ...mmand negotiation on off Function Enables Disables the auto negotiation function of a 1000Base T port Parameters on to enable auto negotiation off to disable auto negotiation Command mode Port configu...

Страница 147: ...he no rate suppression command disables this traffic throttle function on all ports in the switch i e enables broadcasts multicasts and unknown destination unicasts to pass through the switch at line...

Страница 148: ...data packets while for vlan interfaces the port MAC address IP address and the statistic state of the data packet will be shown for aggregated port port speed rate duplex mode flow control switch stat...

Страница 149: ...de Port configuration Mode Default Auto negotiation for speed and duplex mode is set by default Usage Guide This command applies to 1000Base TX or 100Base TX ports only speed duplex command is not ava...

Страница 150: ...nterface 4 2 2 2 Command For Vlan Interface 4 2 2 2 1 interface vlan Command interface vlan vlan id no interface vlan vlan id Function Enters Interface Mode the no interface vlan vlan id command delet...

Страница 151: ...rimary IP address but multiple secondary IP addresses Both primary IP address and secondary IP addresses can be used for SNMP Web Telnet management In addition ES4700 series allows IP addresses to be...

Страница 152: ...loopback Enables Disables loopback test function for network management port ip address ip address mask no ip address ip address mask Configures or cancels the IP address for network management port 4...

Страница 153: ...t configuration mode from Global Mode Parameters interface name stands for port number the default value is 0 Command mode Global Mode Usage Guide Run the exit command to exit the network management I...

Страница 154: ...work management port is shut down no data frames are sent in the port and the port status displayed when the user typed show interface command is down Example Enable the network management interface S...

Страница 155: ...nitor and manage the network and diagnostic ES4700 series support one mirror destination port only The number of mirror source ports are not limited one or more may be used Multiple source ports can b...

Страница 156: ...everal ports their direction can vary but have to be configured by several times The speed rate of the mirror source port and the destination port should be the same or else the packet may be lost Exa...

Страница 157: ...ll mirror destination port SwitchC 1 10 100Mbps full The configurations are listed below SwitchA SwitchA Config interface ethernet 1 7 SwitchA Config If Ethernet1 7 rate limit 150 input SwitchB Switch...

Страница 158: ...ent setup port speed duplexes and so on 4 6 1 Ethernet port configuration Click Port configuration Ethernet port configuration to open the Ethernet port configuration management table to configure Eth...

Страница 159: ...iguration Ethernet port configuration Bandwidth control and proceed to do port bandwidth control 1 z Port Specifies configuration port z Bandwidth control level port bandwidth control The unit is Mbps...

Страница 160: ...on type add delete address Example Assign Port as Vlan10 port IP address as 192 168 1 180 Port network mask as 255 255 255 0 Port status as no shutdown Operation type selection as Add address then cli...

Страница 161: ...up source interface list as Ethernet ports 1 1 4 and the mirroring direction as rx Click Apply button and this port will be added into the monitor session Click the Default button to delete this port...

Страница 162: ...162 Click Port configuration Port debug and maintenance Show port information to check the statistic information of the receiving sending data packet information of the port...

Страница 163: ...t by the user and can not only add network s bandwidth but also provide link backup Port aggregation is usually used when the switch is connected to routers PCs or other switches Fig 5 1 Port aggregat...

Страница 164: ...ith switch hardware ES4700 series allow physical port aggregation of any two switches maximum 8 port groups and 8 ports in each port group are supported Once ports are aggregated they can be used as a...

Страница 165: ...be displayed Example Enable LACP debug Switch debug lacp 5 2 2 2 port group Command port group port group number load balance src mac dst mac dst src mac src ip dst ip dst src ip no port group port g...

Страница 166: ...ode active passive on no port group port group number Function Adds a physical port to port channel the no port group port group number removes specified port from the port channel Parameters port gro...

Страница 167: ...then the configuration to current port will apply to all member ports in the corresponding port group Example Entering configuration mode for port channel 1 Switch Config interface port channel 1 Swi...

Страница 168: ...e as follows mac_type ETH_TYPE speed_type ETH_SPEED_100M duplex_type FULL port_type ACCESS the machine state and port state of the port are as the follow mux_state DETCH rcvm_state P_DIS prm_state NO_...

Страница 169: ...uplex mode full duplex and half duplex port_type Port VLAN property access port or trunk port mux_state Status of port binding status machine rcvm_state Status of port receiving status machine prm_sta...

Страница 170: ...y LACP activety Whether port is added to the group in active mode 1 for yes LACP timeout Port timeout mode 1 for short timeout Aggregation Whether aggregation is possible for the port 0 for independen...

Страница 171: ...rt Port that is in standby status which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit thus the port status is standby instead of selected 5...

Страница 172: ...rface port channel 2 SwitchB Config If Port Channel2 Configuration result Shell prompts ports aggregated successfully after a while now ports 1 2 3 4of Switch 1 form an aggregated port named Port Chan...

Страница 173: ...joined forcedly switch in other ends won t exchange LACP BPDU to complete aggregation Aggregation finishes immediately when the command to add port 2 to port group 1 is entered port 1 and port 2 aggre...

Страница 174: ...her thing to be noted is that if both ends are configured with LACP then at least one of them should be in ACTIVE mode otherwise LACP packet won t be initiated LACP cannot be used on ports with Securi...

Страница 175: ...enter configuration page Click Apply button to add port into the group Display port member Select a group num in port configuration and the information of port member will be shown under the configur...

Страница 176: ...eries is implemented following IEEE 802 1Q The key idea of VLAN technology is that a large LAN can be partitioned into many separate broadcast domains dynamically to meet the demands Fig 6 1 A VLAN ne...

Страница 177: ...et Access port 6 Enable Disable VLAN ingress rules on ports 7 Configure Private VLAN 8 Set Private VLAN association 1 Creating or deleting VLAN 2 Assigning Switch ports for VLAN 3 Set The Switch Port...

Страница 178: ...nk native vlan Set delete PVID for Trunk port Command Explanation Interface Mode switchport access vlan vlan id no switchport access vlan Add the current port to specified VLAN the specified VLANs The...

Страница 179: ...N configuration Parameter primary set current VLAN to Primary VLAN isolated set current VLAN to Isolated VLAN community set current VLAN to Community VLAN Command Mode VLAN mode Default There are thre...

Страница 180: ...ommand can only used for Private VLAN The ports in Secondary VLANs which are associated to Primary VLAN can communicate to the ports in Primary VLAN Before setting Private VLAN association three types...

Страница 181: ...s 2 Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN type statically configured or dynamically learned Media VLAN interface type Ethernet Ports Access port within a VLAN Uni...

Страница 182: ...are normal ports and can join a VLAN but a port can only join one VLAN for a time Example Assign Ethernet port 1 3 4 7 8 of slot 1 to VLAN100 Switch Config Vlan100 switchport interface ethernet 1 1 3...

Страница 183: ...rnet 1 5 Switch Config ethernet1 5 switchport mode trunk Switch Config ethernet1 5 switchport trunk allowed vlan 1 3 5 20 Switch Config ethernet1 5 exit 6 1 3 9 switchport trunk native vlan Command sw...

Страница 184: ...ds the data to the destination port if it is a VLAN member port Example Disable VLAN ingress rules on the port Switch Config Ethernet1 1 no switchport ingress filtering 6 1 4 Typical VLAN Application...

Страница 185: ...2 switchport interface ethernet 1 2 4 Switch Config Vlan2 exit Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 1 5 7 Switch Config Vlan100 exit Switch Config vlan 200 Switch...

Страница 186: ...plication based on GARP working mechanism It is responsible for the maintenance of dynamic VLAN register information and population of such register information to the other switches Switches support...

Страница 187: ...P function globally and for Trunk port 1 10 Switch Config bridge ext gvrp Switch Config interface ethernet 1 10 Switch Config Ethernet1 10 bridge ext gvrp Command Explanation Interface Mode bridge ext...

Страница 188: ...to 327650 ms Command mode Interface Mode Default The default value for hold timer is 100 ms Usage Guide When GARP application entities receive a join message join message will not be sent immediately...

Страница 189: ...Besides the value of leave timer must be twice larger than the join timer Otherwise an error message will be displayed Example Set the GARP leave timer value of port 1 10 to 3000 ms Switch Config Eth...

Страница 190: ...tch show garp timer 6 2 3 8 show gvrp configuration Command show gvrp configuration interface name Function Display the global and port information for GVRP Parameter interface nam stands for the name...

Страница 191: ...00 entries Configuration Item Configuration description VLAN100 Port 2 6 of Switch A and C Trunk port Port 11 of Switch A and C Port 10 11 of Switch B Global GVRP Switch A B C Port GVRP Port 11 of Swi...

Страница 192: ...tchport mode trunk Switch Config Ethernet1 11 bridge ext gvrp Switch Config Ethernet1 11 exit Switch C Switch Config bridge ext gvrp Switch Config vlan 100 Switch Config Vlan100 switchport interface e...

Страница 193: ...t reaches PE1 from CE1 it carries the VLAN tag 200 300 of the user internal network Since the dot1q tunnel function is enabled the user port on PE1 will add on the packet another VLAN tag of which the...

Страница 194: ...ption on the application and configuration of dot1q tunnel of Switchwill be provided in this section 6 3 2 Dot1q tunnel Configuration 6 3 2 1 Configuration Task Sequence Of Dot1q tunnel 1 Configure th...

Страница 195: ...s and also on trunk ports however only when associating the VLAN translation function Example Join port1 into VLAN3 enable dot1q tunnel function Switch Config vlan 3 Switch Config Vlan3 switchport int...

Страница 196: ...1 dot1q tunnel is enable Interface Ethernet1 3 dot1q tunnel is enable 6 3 4 Typical Applications Of The Dot1q tunnel Scenario Edge switch PE1 and PE2 of the ISP internet forward the VLAN200 300 data b...

Страница 197: ...n 3 Switch Config Vlan3 switchport interface ethernet 1 1 Switch Config Vlan3 exit Switch Config interface ethernet 1 1 Switch Config Ethernet1 1 dot1q tunnel enable Switch Config Ethernet1 1 dot1q tu...

Страница 198: ...s section 6 4 2 Configuration Task Sequence Of VLAN translation 1 Configure the VLAN translation function on the port 2 Configure the VLAN translation relations on the port 3 Configure the VLAN transl...

Страница 199: ...lan id to new vlan id in out no vlan translation old vlan id in out Function Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID the no form of this command deletes...

Страница 200: ...switch the no vlan translation enable command restores to the default value Parameter None Command Mode Port Mode Default VLAN translation has not been enabled on the port by default Usage Guide To a...

Страница 201: ...lic network port1 of PE2 is connected to CE2 port10 is connected to public network as shown in Fig 6 4 Configuration Item Configuration Explanation VLAN translation Port1 of PE1 and PE2 Trunk port Por...

Страница 202: ...t the VLAN does not have to be re configured when the user physic location change namely shift from one switch to another which is because it is user based not switch port based The IP subnet based VL...

Страница 203: ...subnet and the VLAN Command Explanation Port Mode switchport mac vlan enable no switchport mac vlan enable Enable disable the MAC based VLAN function on the port Command Explanation Global Mode mac v...

Страница 204: ...and the user wish to restore to preferring the MAC based VLAN please use this command Example Set the MAC based VLAN preferred Switch config dynamic vlan mac vlan prefer 6 5 2 2 2 dynamic vlan subnet...

Страница 205: ...Default No MAC address joins the VLAN by default Usage Guide With this command user can add specified MAC address to specified VLAN If there is a non VLAN label data packet enters from the switch por...

Страница 206: ...eled data packets It is recommended to configure ARP protocol together with the IP protocol or else some application may be affected Example Assign the IP protocol data packet encapsulated by the Ethe...

Страница 207: ...tch Parameter None Command Mode Admin Mode Usage Guide Display the configuration of Protocol based VLAN on the switch Example Display the configuration of the current Protocol based VLAN Switch show p...

Страница 208: ...s the IPv4 address shown in dotted decimal notation the valid range of each section is 0 255 subnet mask is the subnet mask code shown in dotted decimal notation the valid range of each section is 0 2...

Страница 209: ...subnet vlan enable no switchport subnet vlan enable Function Enable the IP subnet based VLAN on the port the no form of this command disables the IP subnet based VLAN function on the port Parameter No...

Страница 210: ...h B Switch C Switch Config mac vlan mac 00 03 0f 11 22 33 vlan 100 priority 0 Switch Config exit 6 5 4 Dynamic VLAN Troubleshooting On the switch configured with dynamic VLAN if the two connected equi...

Страница 211: ...MAC address acquiring a mechanism in which every voice equipment transmitting information through the network has got its unique MAC address VLAN will trace the address belongs to specified MAC By Th...

Страница 212: ...net4 1 ethernet4 3 Voice name MAC Address Mask Priority financePhone 00 e0 4c 77 ab 9d 0xff 5 manager 00 0a eb 26 8d f3 0xfe 6 Mr_Lee 00 03 0f 11 22 33 0x80 5 NULL 00 03 0f 11 22 33 0x0 5 6 6 2 2 2 sw...

Страница 213: ...oice VLAN Parameter Mac address is the voice equipment MAC address shown in xx xx xx xx xx xx format mac mask is the last eight digit of the mask code of the MAC address the valid values are 0xff 0xfe...

Страница 214: ...one Voice VLAN at the same time The voice VLAN can not be applied concurrently with MAC based VLAN Example Set VLAN100 to Voice VLAN Switch config Switch config voice vlan vlan 100 6 6 3 Typical Appl...

Страница 215: ...thernet 1 10 Switch Config If Ethernet1 10 switchport mode trunk Switch Config If Ethernet1 10 exit 6 6 4 Voice VLAN Troubleshooting Voice VLAN can not be applied concurrently with MAC base VLAN The V...

Страница 216: ...mapping to the destination port Then the MAC table is queried for the destination MAC address if hit the data frame is forwarded in the associated port otherwise the switch forwards the data frame to...

Страница 217: ...01 11 11 11 11 and port 1 5 and no port mapping for 00 01 33 33 33 33 present the switch broadcast this message to all the ports in the switch assuming all ports belong to the default VLAN1 3 PC3 and...

Страница 218: ...ree types of frames can be forwarded by the switch Broadcast frame Multicast frame Unicast frame The following describes how the switch deals with all the three types of frames 1 Broadcast frame The s...

Страница 219: ...ter entry 1 Configure the MAC aging time Command Explanation Global Mode mac address table aging time 0 aging time no mac address table aging time Configure the MAC address aging time 2 Configure stat...

Страница 220: ...dress users can use this command to manually establish mapping relation between the MAC address and port and VLAN no mac address table command is for deleting all dynamic static filter MAC address ent...

Страница 221: ...11 11 11 11 of PC1 as a filter address Switch Config mac address table static 00 01 11 11 11 11 discard vlan 1 2 Set the static mapping relationship for PC2 and PC3 to port 7 and port 9 respectively...

Страница 222: ...a port will be used for forwarding in that port if the connection is changed to another port the switch will learn the MAC address again to forward data in the new port However in some cases security...

Страница 223: ...secure MAC addresses learned by the port to static secure MAC addresses port security timeout value no port security timeout Enable port locking timer function the no port security timeout restores t...

Страница 224: ...dynamic interface Ethernet 1 1 7 6 1 3 2 port security Command port security no port security Function Enable MAC address binding function for the port and lock the port When a port is locked the MAC...

Страница 225: ...r the MAC address to be added deleted Usage Guide The MAC address binding function must be enabled before static secure MAC address can be added Example Adding MAC 00 03 0F FE 2E D3 to port1 Switch Co...

Страница 226: ...1 1 Switch Config Ethernet1 1 port security timeout 30 7 6 1 3 7 port security violation Command port security violation protect shutdown no port security violation Function Configure the port violat...

Страница 227: ...ress Type Secure MAC address type Ports The port that the secure MAC address belongs to Total Addresses Current secure MAC address number in the system 7 6 1 3 9 show port security address Command sho...

Страница 228: ...ault Usage Guide This command displays the detailed configuration information for the secure port Example Switch show port security interface ethernet 1 1 Ethernet1 1 Port Security Enabled Port status...

Страница 229: ...MAC address binding cannot be enabled for a port make sure the port is not enabling Spanning tree or port aggregation and is not configured as a Trunk port MAC address binding is exclusive to such co...

Страница 230: ...he number of spanning tree instances which consumes less CPU resources and reduces the bandwidth consumption 8 1 1 MSTP Region Because multiple VLANs can be mapped to a single spanning tree instance I...

Страница 231: ...t of the CST and the IST master with both of the path costs to the CST root and to the IST master set to zero The bridge also initializes all of its MST instances and claims to be the root for all of...

Страница 232: ...TP Load Balance In a MSTP region VLANs can by mapped to various instances That can form various topologies Each instance is independent from the others and each distance can has its own attributes suc...

Страница 233: ...mst instance id priority bridge priority no spanning tree mst instance id priority Set bridge priority for specified instance Interface Mode spanning tree mst instance id cost cost no spanning tree ms...

Страница 234: ...level no revision level Set MSTP region revision level Abort Quit MSTP region mode and return to Global mode without saving MSTP region configuration Exit Quit MSTP region mode and return to Global mo...

Страница 235: ...Command Explanation Interface Mode spanning tree format standard spanning tree format privacy spanning tree format auto no spanning tree format Configure the format of port spanning tree packet stand...

Страница 236: ...region configuration quit MSTP region mode and return to global mode Command Explanation Global Mode spanning tree tcflush enable spanning tree tcflush disable spanning tree tcflush protect no spannin...

Страница 237: ...non consecutive VLAN numbers refers to consecutive numbers and refers to non consecutive numbers Command mode MSTP Region Mode Default Before creating any Instances there is only the instance 0 and V...

Страница 238: ...MSTP Region Mode Default The default revision level is 0 Usage Guide This command is to set revision level for MSTP configuration The bridges with same MSTP revision level and same other attributes ar...

Страница 239: ...e AUTO configuration will be preferred so to identify the format by the packets they sent The privacy packet format is set by default in the concern of better compatibility with previous products and...

Страница 240: ...seconds Switch Config spanning tree forward time 20 8 3 9 spanning tree hello time Command spanning tree hello time time no spanning tree hello time Function Set switch Hello time The command no span...

Страница 241: ...es the default setting Parameter time is max aging time in seconds The valid range is from 6 to 40 Command mode Global Mode Default The max age is 20 seconds by default Usage Guide The lifetime of BPD...

Страница 242: ...the MSTP mode But once the port receives STP messages it changes to work in the STP mode again This command can only be used when the switch is running in IEEE802 1s MSTP mode If the switch is runnin...

Страница 243: ...ation identifier according to the MSTP configuration Only if the switches with the same MST configuration identifier are considered as in the same MSTP region Example Enter MSTP region mode Switch Con...

Страница 244: ...to 48 port priority sets port priority The valid range is from 0 to 240 The value should be the multiples of 16 such as 0 16 32 240 Command mode Interface Mode Default The default port priority is 12...

Страница 245: ...tus from discarding to forwarding without bearing forward delay Once the boundary port receives the BPDU the port becomes a non boundary port Example Set port 1 5 6 as boundary ports Switch Config int...

Страница 246: ...ges no spanning tree tcflush restores to default setting Parameter Enable the spanning tree flush once the topology changes Disable the spanning tree don t flush when the topology changes Protect the...

Страница 247: ...SH with every topology change At the same time as a method to avoid network assault we allow the network administrator to configure FLUSH mode by the command Note For the complicated network especiall...

Страница 248: ...itchA The ports marked with x are in the discarding status and the other ports are in the forwarding status Configurations Steps Step 1 Configure port to VLAN mapping z Create VLAN 20 30 40 50 in Swit...

Страница 249: ...tchport mode trunk SwitchB Config Port Range exit SwitchB Config spanning tree SwitchC SwitchC Config vlan 20 SwitchC Config Vlan20 exit SwitchC Config vlan 30 SwitchC Config Vlan30 exit SwitchC Confi...

Страница 250: ...he entire network In the MSTP region which SwitchB SwitchC and SwitchD belong to SwitchB is the region root of the instance 0 SwitchC is the region root of the instance 3 and SwitchD is the region roo...

Страница 251: ...the Instance 3 after the MSTP Calculation Fig 8 5 The Topology Of the Instance 4 after the MSTP Calculation SwitchB SwitchC SwitchD 2 3 5 4 2 3 6 7 5 4 6 7 x x x x SwitchB SwitchC SwitchD 2 3 5 4 2 3...

Страница 252: ...nding and IEEE 802 1x on the switch port If MAC binding or IEEE 802 1x is enabled on the port the MSTP can t apply to this port 8 5 1 Monitor And Debug Command 8 5 1 1 show spanning tree Command show...

Страница 253: ...Ethernet1 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort Ethernet1 1 128 001 0 FWD MSTR 0 00030f010e30 128 001 Ethernet1 2 128 002 0 BLK ALTR 0 00030f010e30 128 002 Instance 4 Self Bridge I...

Страница 254: ...root of the entire network IntRPC Cost from the current port to the region root of the current instance State Port status of the current instance Role Port role of the current instance DsgBridge Upwar...

Страница 255: ...guration Switch Config Mstp Region show mst pending Name switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4093 03 30 04 40 05 4094 Switch Config Mstp Region 8 5 1 4 debug spanning tree Command...

Страница 256: ...able entry mapping to specified Instance Configure mapping between VLAN1 10 100 110 and Instance 1 Equivalent command 1 2 1 3 Set Instance name to 1 VLAN name to VLAN1 10 100 110 Click Apply to commit...

Страница 257: ...ty for the current port on specified instance Set the priority for port 1 2 of instance1 to 32 8 6 2 3 Port route cost setting Click MSTP control to enter MSTP port operation then Port Cost Config Set...

Страница 258: ...e MSTP for port 1 2 8 6 3 MSTP global control 8 6 3 1 MSTP global protocol port configuration Click MSTP control to enter MSTP Global control then MSTP Global Agreement Port Config Run MSTP enable com...

Страница 259: ...n set the BPDU Max Hop Time Config to support transmission in MSTP field Set the max hop count support for BPDU transmitting in MSTP field Set the max hop count to 32 8 6 3 6 Set bridge priority of th...

Страница 260: ...260 Display Instance0 MSTP information 8 6 4 2 MSTP field information Click MSTP control show MSTP setting enter MSTP Field Information Display effective MSTP field parameter configurations...

Страница 261: ...ements QoS cannot generate extra bandwidth but provides more effective bandwidth management according to the application requirement and network management policy 9 1 1 1 QoS Terms QoS Class of Servic...

Страница 262: ...oS a general mature reference model should be given QoS can not create new bandwidth but can maximize the adjustment and configuration for the current bandwidth resource Fully implemented QoS can achi...

Страница 263: ...3 Basic QoS Model Classification Classify traffic according to packet classification information and generate internal DSCP value based on the classification information For different packet types an...

Страница 264: ...different policies that allocate bandwidth to classified traffic If the traffic exceeds the bandwidth set in the policy out of profile the out of profile traffic can be allowed discarded or remarked R...

Страница 265: ...ernal DSCP value to CoS value the queuing operation assigns packets to appropriate queues of priority according to the CoS value while the scheduling operation performs packet forwarding according to...

Страница 266: ...abled or disabled in Global Mode QoS must be enabled first in Global Mode to configure the other QoS commands 2 Configure class map Set up a classification rule according to ACL VLAN ID IP Precedence...

Страница 267: ...from internal priority to egress queue 6 Configure QoS mapping Configure the mapping from CoS to DSCP DSCP to CoS DSCP to DSCP mutation IP precedence to DSCP and policed DSCP 1 Enable QoS Command Exp...

Страница 268: ...yte exceed action drop policed dscp transmit no police rate kbps burst kbyte exceed action drop policed dscp transmit Configure a policy to classify traffic data stream exceeding the limit will be dro...

Страница 269: ...e output policy map name Apply a policy map to the specified port the no service policy input policy map name output policy map name command deletes the specified policy map applied to the port Egress...

Страница 270: ...cp cos dscp list to cos dscp mutation dscp mutation name in dscp to out dscp ip prec dscp dscp1 dscp8 policed dscp dscp list to mark down dscp no mls qos map cos dscp dscp cos dscp mutation dscp mutat...

Страница 271: ...specified match standard Parameter access group acl index or name match specified ACL the parameters are the number or name of the ACL ip dscp dscp list and ipv6 dscp dscp list match specified DSCP va...

Страница 272: ...e Usage Guide Only the classified traffic which matches the matching standard will be assigned with the new values Example Set the IP Precedence of the packets matching the c1 class rule to 3 Switch c...

Страница 273: ...le Setting the default CoS value of Ethernet port 1 1 to 5 i e packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present Switch Config interface ethernet 1...

Страница 274: ...es the current trust status of the port Parameters cos configures the port to trust CoS value cos pass through dscp configures the port to trust CoS value but does not change packet DSCP value dscp co...

Страница 275: ...rough cos Switch Config Ethernet1 1 mls qos dscp mutation mu1 9 1 3 10 mls qos map Command mls qos map cos dscp dscp1 dscp8 dscp cos dscp list to cos dscp mutation dscp mutation name in dscp to out ds...

Страница 276: ...6 Default DSCP to CoS Map DSCP Value 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 CoS Value 0 1 2 3 4 5 6 7 Default IP Precedence to DSCP Map IP Precedence Value 0 1 2 3 4 5 6 7 DSCP Value 0 8 16 24 3...

Страница 277: ...1 Switch Config Policy Class police 20000 2000 exceed action drop Switch Config Policy Class exit Switch Config PolicyMap exit 9 1 3 12 police aggregate Command police aggregate aggregate policer name...

Страница 278: ...algorithm but send packets queue after queue Example Set the queue out mode to strict priority queue Switch Config Ethernet queue mode strict 9 1 3 15 service policy Command service policy input polic...

Страница 279: ...ht is 0 then the queue has the highest priority when the weights of multiple queues are set to 0 then the queue of higher order has the higher priority Example Setting the bandwidth weight proportion...

Страница 280: ...et 1 1 is 1 1 2 2 4 4 8 8 When packets have CoS value coming in through port ethernet 1 1 it will be map to the queue out according to the CoS value CoS value 0 to 7 correspond to queue out 1 2 3 4 5...

Страница 281: ...t appropriate policies to limit bandwidth and burst value Apply this policy map on port ethernet 1 2 After the above settings done bandwidth for packets from segment 192 168 1 0 through port ethernet...

Страница 282: ...ion in SwitchB SWITCH CONFIG Switch Config mls qos Switch Config interface ethernet 1 1 Switch Config Ethernet1 1 mls qos trust ip precedence pass through cos 9 1 5 QoS Troubleshooting Help QoS is dis...

Страница 283: ...isplayed information Explanation Class map name c1 Name of the Class map Match acl name 1 Classifying rule for the class map 9 1 5 1 2 show policy map Command show policy map policy map name Function...

Страница 284: ...os interface Command show mls qos interface interface id buffers policers queueing statistics Function Displays QoS configuration information on a port Parameters interface id is the port ID buffers i...

Страница 285: ...queueing ethernet 1 2 Switch show mls qos int queue e 1 2 Cos queue map Cos 0 1 2 3 4 5 6 7 Queue 1 2 3 4 5 6 7 8 Queue and weight type Port q1 q2 q3 q4 q5 q6 q7 q8 QType Ethernet1 2 1 2 3 4 5 6 7 8...

Страница 286: ...for QoS Parameters cos dscp CoS for CoS DSCP dscp cos DSCP for DSCP CoS dscp mutation dscp mutation name for DSCP DSCP mutation dscp mutation name is the name of mutation ip prec dscp IP for IP prece...

Страница 287: ...hether QoS is enabled or not Example Switch show mls qos Qos is enabled Displayed information Explanation Qos is enabled QoS is enabled 9 2 PBR Configuration 9 2 1 Introduction to PBR PBR Policy Based...

Страница 288: ...twork ranges within 192 168 0 0 16 To assure normal communication in local network messages from 192 168 1 0 24 to local IP 192 168 0 0 16 are not applied with policy routing Configuration procedure i...

Страница 289: ...on QoS function in global mode and create a class map c1 in which matches ACL a1 and create a policy map in which quote c1 Set the next hop IP as 218 31 1 119 and apply the policy map at port ethernet...

Страница 290: ...ware not like router forwarding by CPU As a result forwarding efficiency can be greatly improved even to wire speed 10 1 Layer 3 Interface 10 1 1 Introduction to Layer 3 Interface Layer 3 interface ca...

Страница 291: ...the VLAN chapters When VLAN interface Layer 3 interface is created with this command the VLAN interface Layer 3 interface configuration mode will be entered After the creation of the VLAN interface La...

Страница 292: ...original intention of IP design by making it necessary for router devices that serve as network intermediate nodes to maintain every connection status which increases network delay greatly and decreas...

Страница 293: ...eed Foreign Agent Furthermore this kind of binding process enables Correspondent Node communicate with Mobile Node directly thereby avoids the extra system cost caused by triangle routing choice requi...

Страница 294: ...ess is slave IP address Command Mode Interface Mode Default The system default is no IP address configuration Usage Guide This command configures IP address on VLAN interface manually If optional para...

Страница 295: ...e entries 9 Clear neighbor table entries 3 IPv6 Tunnel configuration 1 Create Delete Tunnel 2 Configure Tunnel Source 3 Configure Tunnel Destination 4 Configure Tunnel Next Hop 5 Configure 6to4 Tunnel...

Страница 296: ...hop Ipv6 address interface type interface number nexthop Ipv6 address interface type interface number distance Configure IPv6 static routing The NO command cancels IPv6 static routing z IPv6 Neighbor...

Страница 297: ...guration Mode no ipv6 nd ra lifetime seconds Configure Router Announce Lifespan The NO command resumes default value 1800 seconds 5 Configure Router Announce Minimum Interval Command Description Inter...

Страница 298: ...n Mode ipv6 neighbor ipv6 address hardware address interface interface type interface number Set static neighbor table entries including neighbor IPv6 address MAC address and two layer port no ipv6 ne...

Страница 299: ...cription Tunnel Configuration Mode no tunnel nexthop ipv4 daddress Configure tunnel next hop IPv4 address The NO command deletes the IPv4 address of tunnel next hop end 5 Configure Tunnel 6to4 Relay C...

Страница 300: ...global unicast address local site address and local link address for the interface Parameter Parameter ipv6 address is the prefix of IPv6 address parameter prefix length is the distance of the prefix...

Страница 301: ...ddress of the next hop and the address of some interface of the switch must be in the same network segment Interface name can be specified directly for tunnel router Example Configure static router 1...

Страница 302: ...terface to send out Neighbor Request Message time interval to be 8 seconds Switch Config if Vlan1 ipv6 nd ns interval 8 10 2 3 2 6 ipv6 nd suppress ra Command no ipv6 nd suppress ra Function Prohibit...

Страница 303: ...ceed 3 4 of the maximum time interval Example Set the minimum time interval of sending routing announcement is 10 seconds Switch Config if Vlan1 ipv6 nd min ra interval 10 10 2 3 2 9 ipv6 nd max ra in...

Страница 304: ...Example Configure IPv6 announcement prefix as 2001 410 0 1 64 on Vlan1 the valid lifetime of this prefix is 8640 seconds and its preferred lifetime is 4320 seconds Switch Config if Vlan1 ipv6 nd prefi...

Страница 305: ...ce name Command Mode Interface Configuration Mode Default Situation There is not static neighbor table entry Usage Guide IPv6 address and multicast address for specific purpose and local address can n...

Страница 306: ...0 0203 0fff fe01 2786 timeout is 2 seconds Success rate is 100 percent 1 1 round trip min avg max 1 1 1 ms Displayed information Explanation ping6 Execute ping6 function Target IPv6 address Destinatio...

Страница 307: ...nd is for ISATAP tunnel other tunnels won t check the configuration of nexhop Example Configure tunnel next hop 178 99 156 8 Switch Config if Tunnel1 tunnel nexthop 178 99 156 8 10 2 3 2 18 tunnel 6to...

Страница 308: ...Command clear ipv6 neighbors Function Clear the neighbor cache of IPv6 Parameter None Command Mode Admin Mode Default None Usage Guide This command can not clear static neighbor Example Clear neighbo...

Страница 309: ...sure PC A and Switch can access each other by ping and PC B and SwitchB can access each other by ping The configuration procedure is as follows SwitchA Config interface vlan 1 SwitchA Config if Vlan1...

Страница 310: ...Configure static routing 2003 33 64 on SwitchA and configure static routing 2001 11 64 on SwitchB 7 ping6 2003 33 Note First make sure PC A and Switch can access each other by ping and PC B and Switc...

Страница 311: ...pv6 address 2002 2 64 interface Loopback mtu 3924 ipv6 route 2003 64 2002 2 no login end SwitchB show run interface Vlan2 ipv6 address 2002 2 64 interface Vlan3 ipv6 address 2003 1 64 interface Loopba...

Страница 312: ...v4 domain 4 Configure IPv6 address 2002 cbcb cb01 2 1 64 in vlan4 of SwitchB and turn on RA function configure IPv4 address 203 203 203 1 on vlan3 5 Configure tunnel on SwitchA the source IPv4 address...

Страница 313: ...ipv4 address 203 203 203 1 255 255 255 0 SwitchB Config if Vlan1 exit SwitchB Config interface tunnel 1 SwitchB Config if Tunnel1 tunnel source 203 203 203 1 SwitchB Config if Tunnel1 tunnel destinati...

Страница 314: ...nt 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP statistics TcpActiveOpens 0...

Страница 315: ...mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies Statistics of total ICMP packets received and classified information Sent 0 total 0 errors 0 time exceeded 0 redirects...

Страница 316: ...yed information Explanation IPv6 PACKET rcvd Receive IPv6 data report src fe80 203 fff fe01 2786 Source IPv6 address dst fe80 1 Destination IPv6 address size 64 Size of data report proto 58 Protocol f...

Страница 317: ...0 203 fff fe01 2786 Source IPv6 address dst fe80 203 fff fe01 59ba Destination IPv6 address 10 2 5 1 6 debug ipv6 tunnel packet Command no debug ipv6 tunnel packet Function tunnel data packets receive...

Страница 318: ...6 interface Vlan1 Vlan1 is up line protocol is up dev index is 2004 Device flag 0x1203 UP BROADCAST ALLMULTI MULTICAST IPv6 is enabled Link local address es fe80 203 fff fe00 10 PERMANENT Global unica...

Страница 319: ...ress plus prefix length connected is directly connected router static is static router rip is RIP router ospf is OSPF router bgp is BGP router isis is ISIS router kernel is kernel router statistics sh...

Страница 320: ...s Codes K kernel route C connected S static R RIP O OSPF I IS IS B BGP selected route FIB route p stale info Abbreviation display sign of every entry S 2009 1 64 via fe80 250 baff fef2 a4f4 Vlan1 1024...

Страница 321: ...01 27 86 Vlan1 reachable fe80 203 fff fefe 3045 00 03 0f fe 30 45 Vlan2 reachable fe80 20c ceff fe13 eac1 00 0c ce 13 ea c1 Vlan12 reachable fe80 250 baff fef2 a4f4 00 50 ba f2 a4 f4 Vlan1 reachable...

Страница 322: ...ata report statistics Rcvd 90 total 17 local destination0 header errors 0 address errors0 unknown protocol 13 discards IPv6 received packets statistics Frags 0 reassembled 0 timeouts 0 fragment rcvd 0...

Страница 323: ...Mode Tunnel type Source Tunnel source ipv4 address Destination Tunnel destination ipv4 address Nexthop Tunnel next hop only applies to ISATAP tunnel 10 3 IP Forwarding 10 3 1 Introduction to IP Forwa...

Страница 324: ...on algorithm if the route table contains no default route the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result This method has...

Страница 325: ...y route in the hardware forwarding table in the switch which goes out from a port under this layer 3 interface then apply ACL rule on this port in which permitting address of the packets is the destin...

Страница 326: ...is command disables the URPF enabled on this interface Command Mode Interface Mode Default URPF protocol not enabled by system default Usage Guide None Example Enable urpf on interface vlan2 Switch Co...

Страница 327: ...iguration is done and the function does not meet the expectation Check if the switch has been configured with the rules conflicting with URPF URPF priority is lower than ACL the ACL rules will validat...

Страница 328: ...the same IP segment ignores the physical separation and communicate via proxy ARP interface as if in the same physical network 10 5 2 ARP Configuration Task List 1 Configure static ARP 2 Configure pr...

Страница 329: ...arp no ip proxy arp Function Enables proxy ARP for VLAN interface the no ip proxy arp command disables proxy ARP Default Proxy ARP is disabled by default Command mode Interface Mode Usage Guide When...

Страница 330: ...eived sent including type source and destination address etc Example Enable ARP debugging Switch debug arp ip arp debug is on Switch Apr 19 15 59 42 2005 IP ARP rcvd type 1 src 192 168 2 100 000A EB5B...

Страница 331: ...Explanation Total arp items Total number of Arp entries the matched ARP entry number matching the filter conditions InCompleted ARP entries have ARP request sent without ARP reply Address IP address o...

Страница 332: ...and configuration parameters for the clients if DHCP server and clients are located in different subnets DHCP relay is required for DHCP packets to be transferred between the DHCP client and DHCP ser...

Страница 333: ...The lease period of IP address obtained dynamically is the same as the lease period of the address pool and is limited the lease of manually bound IP address is theoretically endless 3 Dynamically al...

Страница 334: ...in name command deletes the domain name netbios name server address1 address2 address8 no netbios name server Configures the address for WINS server netbios node type b node h node m node p node typ e...

Страница 335: ...ue identifier no client identifier Specifies the unique ID of the user when binding address manually client name name no client name Configures a client name when binding address manually 3 Enable log...

Страница 336: ...entifier matches the specified identifier DHCP server assigns the IP address defined in host command to the client Example Specifying the IP address 10 1 128 160 to be bound to user with the unique id...

Страница 337: ...dns server command deletes the default gateway Parameters address1 address8 are IP addresses in decimal format Default No DNS server is configured for DHCP clients by default Command Mode DHCP Address...

Страница 338: ...mask prefix length no host Function Specifies the IP address to be assigned to the user when binding addresses manually the no host command deletes the IP address Parameters address is the IP address...

Страница 339: ...excluded address low address high address command cancels the setting Parameters low address is the starting IP address high address is the ending IP address Default Only individual address is exclude...

Страница 340: ...23 hours 0 59 minutes no lease Function Sets the lease time for addresses in the address pool the no lease command restores the default setting Parameters days is number of days from 0 to 365 hours is...

Страница 341: ...ient node type is specified by default Command Mode DHCP Address Pool Mode Usage Guide If client node type is to be specified it is recommended to set the client node type to h node that broadcasts af...

Страница 342: ...together with bootfile Example Setting the hosting server address as 10 1 128 4 Switch dhcp 1 config next server 10 1 128 4 11 2 2 18 option Command option code ascii string hex hex ipaddress ipaddres...

Страница 343: ...also management effective DHCP Server DHCP Client DHCPDiscover Broadcast DHCPOFFER Unicast DHCPREQUEST Broadcast DHCPACK Unicast DHCPDiscover DHCP Relay DHCPOFFER DHCPREQUEST DHCPACK Fig 11 2 DHCP re...

Страница 344: ...protocol udp port The UDP port 67 is used for DHCP broadcast packet forwarding Interface Mode ip helper address ipaddress no ip helper address ipaddress Set the destination IP address for DHCP relay f...

Страница 345: ...sing the assigned IP address for some reason before the lease period expires the DHCP server would not remove the binding information automatically The system administrator can use this command to del...

Страница 346: ...bug ip dhcp server Command debug ip dhcp server events linkage packets no debug ip dhcp server events linkage packets Function Enables DHCP server debug information the no debug ip dhcp server events...

Страница 347: ...p port command and this command should be used for configuration 11 3 2 7 ip dhcp relay information policy drop Command ip dhcp relay information policy drop no ip dhcp relay information policy drop F...

Страница 348: ...onfig network 10 16 1 0 24 Switch dhcp A config lease 3 Switch dhcp A config default route 10 16 1 200 10 16 1 201 Switch dhcp A config dns server 10 16 1 202 Switch dhcp A config netbios name server...

Страница 349: ...ch Config Erthernet1 2 switchport access vlan 2 Switch Config Erthernet1 2 exit Switch Config interface vlan 2 Switch Config if Vlan2 ip address 10 1 1 1 255 255 255 0 Switch Config if Vlan2 exit Swit...

Страница 350: ...g procedures can be followed when DHCP client hardware and cables have been verified ok Verify the DHCP server is running start the related DHCP server if not running If the DHCP clients and servers a...

Страница 351: ...tic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP addre...

Страница 352: ...QUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST 6 DHCPDECLINE 0 DHCPRELEASE 1 DHCPINFORM 1 Message Send BOOTREPLY 1911 DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch Displayed informatio...

Страница 353: ...Number of DHCPRELAY packets DHCPFORWARD Number of DHCPFORWARD packets 11 6 Web Management Click DHCP configuration Users can configure DHCP on the switch 11 6 1 DHCP server configuration Click DHCP c...

Страница 354: ...onfigure DHCP client s default gateway The default gateway IP address should be in the same subnet as DHCP clients Users can configure maximum eight gateway addresses Gateway 1 has the highest priorit...

Страница 355: ...ns server Users can configure maximum eight WINS server WINS server 1 has the highest priority and WINS server 8 has the lowest priority For example Select DHCP pool name to 1 set WINS server 1 to 10...

Страница 356: ...k parameters 1 128 240 set Operation type to Set network parameter and then click Apply The configuration is applied on the switch 11 6 1 8 Manual address pool configuration Click DHCP configuration D...

Страница 357: ...iguration DHCP packet statistics Users can display DHCP packet statistics Users can configure DHCP relay 11 6 1 11 DHCP relay configuration Click DHCP configuration DHCP relay configuration DHCP relay...

Страница 358: ...deleted 11 6 2 2 Delete conflict log Click DHCP configuration DHCP debugging Delete conflict log Users can delete conflict log For example Delete all conflict address to Yes and then click Apply All...

Страница 359: ...359 11 6 2 5 Show conflict logging Click DHCP configuration DHCP debugging Show conflict logging Users can display conflict logging...

Страница 360: ...e simplified version of NTP removing the complex algorithm of NTP SNTP is used for hosts who do not require full NTP functions it is a subset of NTP It is common practice to synchronize the clocks of...

Страница 361: ...Command Mode Global Mode Example set the customer timezone 10 hours before utc Switch Config clock timezone customer10 before utc 12 2 2 sntp server Command sntp server server_address server_ipv6_addr...

Страница 362: ...ery 128 seconds Switch config Switch Config sntp poll 128 12 2 4 debug sntp Command debug sntp adjust packets select no debug sntp adjust packets select Function Displays or disables SNTP debug inform...

Страница 363: ...ectively and SNTP NTP server function such as NTP master is enabled then configurations for any ES4700 series should like the following Switch config Switch Config sntp server 10 1 1 1 Switch Config s...

Страница 364: ...e configuration in the switch 12 4 3 Time difference Click SNTP configuration Time difference to configure the SNTP client time zone and UTC time difference z Time zone configures time zone z Time dif...

Страница 365: ...networks even though a host computer receives an ARP reply which is not requested by itself it will also insert an entry to its ARP cache table so it creates a possibility of ARP spoofing If the hacke...

Страница 366: ...tack other switches host computers or network equipment What the essential method on preventing attack and spoofing switches based on ARP in networks is to disable switch automatic update function the...

Страница 367: ...static ARP ND Command Explanation Admin Mode and Interface Mode ip arp security convert ipv6 nd security convert Change dynamic ARP ND to static ARP ND 4 Clear dynamic ARP ND Command Explanation Admi...

Страница 368: ...p security learnprotect Command ip arp security learnprotect no ip arp security learnprotect Function Forbid ARP automatic learning function of IPv4 Version the no ip arp security learning command re...

Страница 369: ...y convert Function Change all of dynamic nd to static nd Parameter None Command Mode Global Mode Interface Configuration Example Switch Config if Vlan1 ipv6 nd security convert Switch Config ipv6 nd s...

Страница 370: ...MAC address to C s IP so the switch changes IP address when it updates ARP list then data packet of 192 168 2 3 is transferred to 01 01 01 01 01 01 address A MAC address In further A transfers its rec...

Страница 371: ...ronment changing it enable to forbid ARP refresh once it learns ARP property it wont be refreshed by new ARP reply package and protect use data from sniffing Switch config Switch config ip arp securit...

Страница 372: ...t route static route and dynamic route Direct route refer to the path directly connects to the layer3 switch and can be obtained with no calculation Static route is the manually specified path to a ne...

Страница 373: ...ination address with network mask we can get the network address for the destination host or the network the layer3 switch resides For example the network address of a host or the segment the layer3 s...

Страница 374: ...s The matching rules can be previously configured to be applied in the routing publishing receiving and distributing policies Five filters are provided in ES4700 series route map acl as path community...

Страница 375: ...refix list acts similarly to acl while more flexible and more understandable The match object of ip prefix is the destination address messages field of routing messages when applied in routing message...

Страница 376: ...uence_num command deletes the route map 2 Define the match clause in route map Command Explanation Route map configuration mode match as path list name no match as path list name Match the autonomous...

Страница 377: ...o match metric metric val Match the routing metric value The no match metric metric val command deletes match condition match origin egp igp incomplete no match origin egp igp incomplete Match the rou...

Страница 378: ...P atomic aggregate property The no set atomic aggregate command deletes the configuration set comm list community list name community list num delete no set comm list community list name community lis...

Страница 379: ...set metric metric_val metric_val Set routing metric value The no set metric metric_val metric_val command deletes the configuration set metric type type 1 type 2 no set metric type type 1 type 2 Set...

Страница 380: ...e seq sequence_number deny permit any ip_addr mask_length ge min_prefix_len le max_prefix_len no ip prefix list list_name seq sequence_number deny permit any ip_addr mask_length ge min_prefix_len le m...

Страница 381: ...dress dotted decimal notation and the length of mask ge means greater than or equal to min_prefix_len is the minimum length of prefix to be matched ranging between 0 32 le means less than or equal to...

Страница 382: ...te map match as path 60 14 2 3 4 match community Command match community community list name community list num exact match no match community community list name community list num exact match Functi...

Страница 383: ...ch ip address next hop ip ACL name ip ACL num prefix list list name Function Configure the routing prefix or next hop The no match ip address next hop ip ACL name ip ACL num prefix list list name dele...

Страница 384: ...ncomplete deletes the configuration Parameter egp means the route is learnt from the external gateway protocols IGP means the route is learnt from the internal gateway protocols incomplete means the r...

Страница 385: ...action in the route map is performed Example Switch config terminal Switch config route map r1 permit 5 Switch config route map match tag 60 14 2 3 11 route map Command route map map_name deny permit...

Страница 386: ...h 60 Switch config route map set weight 30 14 2 3 12 set aggregator Command set aggregator as as number ip_addr no set aggregator as as number ip_addr Function Assign an AS number for BGP aggregator T...

Страница 387: ...command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set atomic aggregate 14 2 3 15 set comm list Command set...

Страница 388: ...itive means add following existing community attributes Command Mode route map mode Usage Guide To use this command one match clause should at first be defined Example Switch config terminal Switch co...

Страница 389: ...ocal priority level when compared with other route of the same destination will be more preferred than other route The local priority validates only within this AS and will not be transported to EBGP...

Страница 390: ...Mode route map mode Usage Guide To use this command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set metric t...

Страница 391: ...command deletes this configuration Parameter tag val is the tag value ranging between 0 4294967295 Command Mode route map mode Usage Guide There is a route tag domain at the AS external LSA type LSA...

Страница 392: ...nd one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set weight 60 14 2 4 Configuration Examples The figure below s...

Страница 393: ...Troubleshooting Help Faq The routing protocol could not achieve the routing messages study under normal protocol running state Troubleshooting check following errors Each node of route map should at...

Страница 394: ...nd the length of mask first match stands for the first route table matched with specified ip address longer means longer prefix is required seq means show by sequence number sequence number is the seq...

Страница 395: ...equences 5 10 Displayed information Explanation ip prefix list mylist Show the prefix list named mylist count 2 range entries 0 sequences 5 10 count 2 means two prefix list entries sequences 5 10 show...

Страница 396: ...ailure and manual configuration is required on such occasions therefore it is not suitable for mid and large scale networks Static route is mainly used in the following two conditions 1 in stable netw...

Страница 397: ...ateway interface distance no ip route ip prefix mask ip prefix prefix length gateway address gateway interface distance Set static routing the no ip route ip prefix mask ip prefix prefix length gatewa...

Страница 398: ...face is the next hop interface distance is the manage distance of route management ranging between 1 255 Default The management distance of static routing is defaulted at 1 Command Mode Global Mode Us...

Страница 399: ...ample Switch show ip route fib Codes C connected S static R RIP derived O OSPF derived A OSPF ASE B BGP derived Destination Mask Nexthop Interface Preference C 2 2 2 0 255 255 255 0 0 0 0 0 vlan2 0 C...

Страница 400: ...ress as 6 6 6 0 network mask as 255 255 255 0 next hop address as 2 2 2 9 and Ethernet port vlan1 as its forwarding interface of which the priority is 1 14 3 4 4 show ip route vrf Command show ip rout...

Страница 401: ...distance value ranging between 1 255 Default Default static route managing value is 1 Command Mode Global mode Usage Guide VPN route forwarding instances have to be successfully configured before usin...

Страница 402: ...boring devices regularly Number of hops to reach the destination network or metrics to use or number of networks to pass What is the next hop or the director vector to use to reach the destination net...

Страница 403: ...f those routes to infinite Triggering update mechanism defines whenever route metric changed by the gateway the gateway advertise the update packets immediately regardless of the 30 second update time...

Страница 404: ...local route table to their neighbor devices every 30 seconds On receiving the packets neighbor devices maintain their local route table select the best route and advertise the updated information to t...

Страница 405: ...configure the segments running RIP namely send and receive the RIP data packet by default RIP configuration The version of data packet sending and receiving is variable when needed allow deny sending...

Страница 406: ...ols into the RIP data packet the no redistribute kernel connected static ospf isis bgp metric value route map word command cancels the distributed route of corresponding protocols default information...

Страница 407: ...as an authorized time the no accept lifetime command delete it send lifetime start time end time duration seconds infinite no send lifetime Configure the transmitting period of a key on the key chain...

Страница 408: ...cancels the split horizon 3 Configure other RIP protocol parameters 1 Configure RIP routing priority 2 Configure the RIP route capacity limit in route table 3 Configure timer for RIP update timeout a...

Страница 409: ...ion Interface configuration mode ip rip send version 1 1 compatible 2 no ip rip send version Sets the version of RIP packets to send on all interfaces the no ip rip send version command set the versio...

Страница 410: ...ept lifetime start time end time duration seconds infinite no accept lifetime Function Use this command to specify a key accept on the key chain as a valid time period The no accept lifetime command d...

Страница 411: ...1 Switch config keychain key accept lifetime 03 03 01 Dec 3 2004 04 04 02 Oct 6 2006 14 4 3 2 address family ipv4 Command address family ipv4 vrf vrf name no address family ipv4 vrf vrf name Function...

Страница 412: ...be immediately recovered except for rip route The dynamic learnt RIP route can only be recovered by studying one more time Example Switch clear ip rip route 10 0 0 0 8 Switch clear ip rip route ospf...

Страница 413: ...Mode Router mode and address family mode Usage Guide default metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP...

Страница 414: ...This command uses access list or prefix list to filter the route update packets sent and received The no distribute list access list number access list name prefix prefix list name in out ifname comma...

Страница 415: ...cation key command will cancel the authentication which only cancels the authentication process when sending or receiving data packet other than set non authentication mode Example Switch config termi...

Страница 416: ...ancels the authentication process when sending or receiving data packet other than set non authentication mode Input ip rip authentication string aaa aaa to set the password as aaa aaa which is 7 char...

Страница 417: ...default version is 2 the no ip rip receive version command restores the value set by using the version command Parameter 1 and 2 respectively stands for RIP version 1 and RIP version 2 1 2 stands for...

Страница 418: ...horizon Parameter poisoned means configure the split horizon with poison reverse Default Split Horizon with poison reverse by default Command Mode Interface Mode Usage Guide The split horizon is for p...

Страница 419: ...nd delete the corresponding password Parameter text is a character string without length limit However when referred by RIP authentication only the first 16 characters will be used Command Mode Keycha...

Страница 420: ...specified destination address for the sending shown in dotted decimal notation Default Not sending to any targeted peer destination address Command Mode Router mode Usage Guide When used accompany wit...

Страница 421: ...Router mode and address family mode Example Switch config terminal Switch config router rip Switch config router offset list 1 in 5 vlan 1 14 4 3 26 passive interface Command passive interface ifname...

Страница 422: ...value is the metric value assigned to the introduced route ranging between 0 16 word is the probe pointing to the route map for introducing routes Command Mode Router mode and address family mode Usa...

Страница 423: ...lifetime Function Use this command to specify a key on the keychain as the time period of sending keys The no send lifetime cancels this configuration Parameter start time parameter specifies the star...

Страница 424: ...timer update timeout and garbage collecting time The no timers basic command restores each parameters to their default values Parameter update time interval of sending update packet shown in seconds a...

Страница 425: ...on of all RIP data packets sent received by router interfaces to version 2 Switch config router version 2 14 4 4 RIP Examples 14 4 4 1 Typical RIP Examples Fig 14 3 RIP example In the figure shown abo...

Страница 426: ...that the interface vlan 2 do not transmit RIP messages to SwitchC SwitchA config router rip SwitchA config router passive interface vlan 2 SwitchA config router exit SwitchA config b Layer 3 switch S...

Страница 427: ...tchA config vrf SwitchA config vrf exit SwitchA config SwitchA config ip vrf vpnc SwitchA config vrf SwitchA config vrf exit associate the vlan 1and vlan 2 respectively with vpnb and vpnc while config...

Страница 428: ...RIP protocol and configure the RIP segments SwitchB config router rip SwitchB config router rip network Vlan1 SwitchB config router rip exit c CE2 Layer 3 switch SwitchC Configure the IP address of Et...

Страница 429: ...messages with CE using RIP protocol on the PE router we should first create corresponding VPN routing transmitting examples to associate with corresponding interfaces Then enter the RIP address family...

Страница 430: ...seconds Sending update every 30 secs Timeout after 180 seconds garbage collect after 120 seconds The route time out event period is 180 secs the garbage collect time is 120 seconds Outgoing update fi...

Страница 431: ...etric From If Time R 12 1 1 0 24 20 1 1 1 2 20 1 1 1 Vlan1 02 51 R 20 1 1 0 24 1 Vlan1 Amongst R stands for RIP route namely a RIP route with the destination network address 12 1 1 0 the network prefi...

Страница 432: ...ages Command Mode Any mode Example Switch show ip rip interface vlan 1 Vlan1 is up line protocol is up Routing Protocol RIP Receive RIP packets Send RIP packets Passive interface Disabled Split horizo...

Страница 433: ...ed Reversed Configure a split horizon with poison reversed IP interface address 11 1 1 1 24 The IP address of the interface 14 4 5 1 8 show ip vrf Command show ip vrf vrf name Function This command sh...

Страница 434: ...434 Name Default RD Interfaces IPI Vlan1...

Страница 435: ...ayer3 switches running RIPng send their route table to all neighbor layer3 switches every 30 seconds for update If no information from the partner is received in 180 seconds then the device is deemed...

Страница 436: ...ocol is shown below Enable RIPng The switch sends request packets to the neighbor layer3 switches by broadcasting on receiving the request the neighbor devices reply with the packets containing their...

Страница 437: ...Configure timer for RIPng update timeout and hold down 4 Delete the specified route in RIPng route table 1 Enable RIPng protocol Applying RIPng route protocol with basic configuration in ES4700 serie...

Страница 438: ...uced in RIPng Command Explanation Router configuration mode default metric value no default metric Configure the default metric of distributed route the default metric value no default metric command...

Страница 439: ...ber access list name prefix prefix list name in out ifname command means do not set the route filter no aggregate address IPv6 address Configure route aggregation the no aggregate address IPv6 address...

Страница 440: ...6 rip Switch config router aggregate address 3ffe 8088 32 14 5 3 2 clear ipv6 route Command clear ipv6 rip route ipv6 address kernel static connected rip ospf isis bgp all Function Clear specific rout...

Страница 441: ...ric value no default metric Function Set the default metric route value of the introduced route the no default metric restores the default value Parameter value is the route metric value to be set ran...

Страница 442: ...st name in out ifname Function This command uses access list or prefix list to filter the route renews messages sent and received The no distribute list access list name prefix prefix list name in out...

Страница 443: ...mode Usage Guide When used associating passive interface command it would be able to send routing messages to specified neighbor only Example Switch config terminal Switch config router ipv6 rip Swit...

Страница 444: ...Function Introduce the routes learnt from other routing protocols into RIP Parameter kernel introduce from kernel routes connected introduce from direct routes static introduce from static routes osp...

Страница 445: ...5678 1 64 14 5 3 13 router ipv6 rip Command router ipv6 rip no router ipv6 rip Function Enable RIPng routing process and entering RIPng mode the no router ipv6 rip of this command disables the RIPng r...

Страница 446: ...6 address 2000 1 1 1 64 SwitchA config if Vlan1 IPv6 router rip SwitchA config if Vlan1 exit Configure the IPv6 address and interfaces of Ethernet port vlan2 to run RIPng SwitchA config interface Vlan...

Страница 447: ...ing interfaces After that a RIPng protocol feature should be noticed the Layer 3 switch running RIPng transmits the route updating messages every 30 seconds A Layer 3 switch is considered inaccessible...

Страница 448: ...5 09 IMI RECV Ethernet1 10 3ffe 1 1 64 is filtered by access list dclist 1970 01 01 21 15 15 IMI RECV Ethernet1 2 Receive from fe80 203 fff fe01 257c 521 14 5 5 1 2 show debugging ipv6 rip Command sho...

Страница 449: ...ages Command Mode Any mode Example Routing Protocol is RIPng Sending updates every 30 seconds with 50 next due in 1 second Timeout after 180 seconds garbage collect after 120 seconds Outgoing update f...

Страница 450: ...Hop If Met Tag Time R 2000 1 1 64 Vlan2 1 0 R 2001 1 1 64 fe80 203 fff fe01 257c Vlan2 2 0 02 40 R 3000 1 1 64 Vlan10 1 0 R 3010 1 1 64 1 0 Amongst R stands for RIPng route namely a RIPng route with...

Страница 451: ...the other host on the Internet are not managed by those AS and they don t share interior routing information with the layer3 switches on the Internet Each link state Layer3 switch can provide informa...

Страница 452: ...cted network is very fast once the routing topology changes updates will be flooded throughout the network very soon Those advantages release some layer3 switch resources as the process ability and ba...

Страница 453: ...ute corresponds to the information introduced by OSPF from the other interior routing protocols the costs of those routes are comparable with the costs of OSPF routes the second type of external route...

Страница 454: ...ink state advertisement according to its surrounding network topology structure router LSA and sends the LSA to other layer3 switches through link state update LSU packages Thus each layer3 switches r...

Страница 455: ...package to poll timer of neighboring layer3 switch invalid timeout timer of LSA transmission delay and timer of LSA retransmission 2 Configure OSPF route introduction parameters 1 Configure default p...

Страница 456: ...on 2 Configure OSPF protocol parameters 1 Configure OSPF package sending mechanism parameters 1 Configure OSPF package verification 2 Set the OSPF interface to receive only 3 Configure the cost for se...

Страница 457: ...time no ip ospf retransmit Sets the interval for retransmission of link state advertisement among neighbor layer3 switches the no ip ospf retransmit command restores the default setting 2 Configure O...

Страница 458: ...t access prefix WORD in out nssa default information originate no redistribution no summary translator role range range shortcut disable enable stub no summary virtual link neighbor Configure the para...

Страница 459: ...e configured at the interface and the area is plaintext authentication and use ip sopf message digest key command to configure MD5 key if is MD5 authentication The are authentication mode could not af...

Страница 460: ...ospf 100 Switch config router area 1 filter list access 1 in 14 6 3 4 area nssa Command area id nssa TRANSLATOR no redistribution DEFAULT ORIGINATE no summary no area id nssa Function Set the area to...

Страница 461: ...ea which is the default not advertise Not advertise this area substitute substitute A B C D M advertise this area as another prefix A B C D M Replace the network prefix to be advertised in this area D...

Страница 462: ...ction Define a area to a stub area The no area id stub no summary command cancels this function Parameter id is the area number which could be digits ranging between 0 4294967295 and also as an IP add...

Страница 463: ...neighbor is considered offline for certain dead interval without its group messages which the default is 40 seconds hello interval The time interval before the router sends a hello group message defa...

Страница 464: ...itch config router ospf 100 Switch config router auto cost reference bandwidth 50 14 6 3 10 capability opaque Command no capability opaque Function This command enables opaque LSA The no capability op...

Страница 465: ...re the distance learnt from other routing area external distance distance value ranging between 1 255 ROUTE2 inter area inter distance configure the distance value from one area to another area inter...

Страница 466: ...itch config access list l1 permit 172 10 0 0 0 0 255 255 Switch config router ospf 100 Switch config router distribute list 1 out bgp Switch config router redistribute bgp 14 6 3 15 host area Command...

Страница 467: ...Default Authentication not required in receiving OSPF packets on the interface Command Mode Interface Mode Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf...

Страница 468: ...ion The command opens LSA database filter switch on specific interface the no ip ospf ip address database filter command closes the filter switch Parameter ip address is the interface IP address shown...

Страница 469: ...ode Interface Mode Usage Guide This command resets the network area command and stops group process on specific interface Example Switch config terminal Switch config interface vlan 1 Switch Config if...

Страница 470: ...e Mode Usage Guide MD5 key encrypted authentication is used for ensure the safety between the OSPF routers on the network Same key id and key should be configured between neighbors when using this com...

Страница 471: ...ignore 14 6 3 26 ip ospf network Command ip ospf network broadcast non broadcast point to point point to multipoint no ip ospf network Function This command configure the OSPF network type of the int...

Страница 472: ...g terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf priority 0 14 6 3 28 ip ospf retransmit interval Command ip ospf ip address retransmit interval time no ip ospf ip address retr...

Страница 473: ...y prior to sending the LSA the LSA will be sent before aged Example Set the LSA transmit delay of interface vlan1 to 3 seconds Switch config terminal Switch config interface vlan 1 Switch Config if Vl...

Страница 474: ...Switch config router ospf 100 Switch config router neighbor 1 2 3 4 priority 1 poll interval 90 Switch config router neighbor 1 2 3 4 cost 15 14 6 3 32 network area Command network NETWORKADDRESS are...

Страница 475: ...vironment Example Configure abr as standard Switch config terminal Switch config router ospf 100 Switch config router ospf abr type standard 14 6 3 34 ospf router id Command ospf router id address no...

Страница 476: ...Parameter maxdbsize size of external link database ranging between 0 4294967294 defaulted at 4294967294 maxtime the seconds the router has to wait before exiting the database overflow ranging between...

Страница 477: ...rnal_LSAs Example Switch config terminal Switch config router ospf Switch config router redistribute bgp metric 12 14 6 3 39 router ospf Command no router ospf process_id vrf name Function This comman...

Страница 478: ...OSPF protocol mode Usage Guide When introducing route into OSPF route area with this command the system will behaves like an ASBR Example Switch config terminal Switch config router ospf 100 Switch c...

Страница 479: ...command is for advertise one summary route for those introduced routes contained in specific network address and masks which could greatly reduces the size of the link state database Example Switch co...

Страница 480: ...he IP address for interface vlan1 SwitchA config SwitchA config interface vlan 1 SwitchA config if vlan1 ip address 10 1 1 1 255 255 255 0 SwitchA config if vlan1 exit Configuration of the IP address...

Страница 481: ...tchC config interface vlan 3 SwitchC config if vlan1 ip address 20 1 1 2 255 255 255 0 SwitchC config if vlan3 exit Enable OSPF protocol configure the OSPF area interfaces vlan3 resides in Initiate th...

Страница 482: ...fig router network 100 1 1 0 24 area 0 SwitchE config router exit SwitchE config exit Scenario 2 Typical OSPF protocol complex topology Fig 14 7 Typical complex OSPF autonomous system This scenario is...

Страница 483: ...tual link can not only maintain the connectivity of the backbone area but also strengthen the backbone area For example if the connection between backbone layer3 switch SwitchG and SwitchJ is cut down...

Страница 484: ...authentication key DCS SwitchA config If Vlan2 exit Configure IP address and area number for interface vlan1 SwitchA config interface vlan 1 SwitchA config If Vlan1 ip address 20 1 1 1 255 255 255 0 S...

Страница 485: ...rea number for interface vlan2 SwitchC config router ospf SwitchC config router network 10 1 1 0 24 area 1 SwitchC config router exit Configure simple key authentication SwitchC config interface vlan...

Страница 486: ...ork 10 1 1 0 24 area 1 SwitchD config router exit Configure simple key authentication SwitchD config interface vlan 2 SwitchD config If Vlan2 ip ospf authentication SwitchD config If Vlan2 ip ospf aut...

Страница 487: ...exit Associate the vlan 1 and vlan 2 respectively with vpnb and vpnc while configuring IP address SwitchA config in vlan1 SwitchA config if Vlan1 ip vrf forwarding vpnb SwitchA config if Vlan1 ip addr...

Страница 488: ...PF segments SwitchC config router ospf SwitchC config router network 20 1 1 0 24 area 0 SwitchC config router exit 14 6 5 OSPF Troubleshooting Help The OSPF protocol may not be working properly due to...

Страница 489: ...6 5 1 2 debug ospf ifsm Command no debug ospf ifsm status events timers Function Open debugging switches showing the OSPF interface states the no debug ospf ifsm status events timers command closes t...

Страница 490: ...il command closes this debugging switch Default Closed Command Mode Admin mode and global mode Example Switch debug ospf packet hello 14 6 5 1 7 debug ospf route Command no debug ospf route ase ia ins...

Страница 491: ...Checksum Sum 0x000000 Routing Process ospf 10 with ID 0 0 0 0 Process bound to VRF DC1 Process uptime is 4 days 23 hours 51 minutes Conforms to RFC2328 and RFC1583Compatibility flag is disabled Suppor...

Страница 492: ...dvertiser_router linkstate_id opaque area self originate adv router advertiser_router linkstate_id opaque as self originate adv router advertiser_router linkstate_id opaque link self originate adv rou...

Страница 493: ...ameter interface is the name of interface Default Not displayed Command Mode All modes Example Switch show ip ospf interface Loopback is up line protocol is up OSPF not enabled on this interface Vlan1...

Страница 494: ...how ip ospf route Command show ip ospf process id route Function Display the OSPF routing table messages Parameter process id is the process ID ranging between 0 65535 Default Not displayed Command Mo...

Страница 495: ...tual Link VLINK1 to router 10 10 0 123 is down Transit area 0 0 0 1 via interface Vlan1 Transmit Delay is 1 sec State Down Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in...

Страница 496: ...algorithm to generate a route table basing on that database Autonomous system AS is a self managed interconnected network In large networks such as the Internet a giant interconnected network is broke...

Страница 497: ...ghbor i e flooding 6 Since routing database is not recalculated before layer3 switch forwards LSA flooding the converging time is greatly reduced One major advantage of link state routing protocols is...

Страница 498: ...area route between areas first category external route and second category external route in the order of highest priority to lowest The route inside an area and between areas describe the internal n...

Страница 499: ...ide of STUB area Each STUB area has a corresponding default route the route from STUB area to AS external destination depends only on default route of this area The following simply outlines the route...

Страница 500: ...e 3 Configure OSPF package sending timer parameter timer of broadcast interface sending HELLO package to poll timer of neighboring layer3 switch invalid timeout timer of LSA transmission delay and tim...

Страница 501: ...nstance id Implement ospfv3 routing on the interface The no IPv6 router ospf area area id instance id instance id tag tag instance id instance id tag tag area area id instance id instance id command c...

Страница 502: ...es the default setting IPv6 ospf retransmit time instance id id no IPv6 ospf retransmit instance id id Sets the interval for retransmission of link state advertisement among neighbor layer3 switches t...

Страница 503: ...ayer3 switch DR Commands Explanation Interface Configuration Mode IPv6 ospf priority priority instance id id no IPv6 ospf priority instance id id Sets the priority of the interface in designated layer...

Страница 504: ...tise this area not advertise Not advertise this area If both are not set this area is defaulted for advertising Default Function not configured Command Mode OSPFv3 protocol mode Usage Guide Use this c...

Страница 505: ...l link Parameter id is the area number which could be digits ranging between 0 4294967295 and also as an IP address instance id is the interface instance ID ranging between 0 255 and defaulted at 0 IN...

Страница 506: ...command is good for interactive operation among different OSPF realizing method and is especially useful in the multiple host environment Example Configure abr as standard Switch config terminal Swit...

Страница 507: ...id id no ipv6 ospf dead interval instance id id Function Specify the dead interval for neighboring layer 3 switch the no ipv6 ospf dead interval instance id id command restores the default value Para...

Страница 508: ...e hello interval on the interface the no ipv6 ospf hello interval instance id id restores the default value Parameter id is the interface instance ID ranging between 0 255 defaulted at 0 time is the l...

Страница 509: ...ected as Defined layer 3 switch or Backup Defined layer 3 switch The command can configure on IPv6 tunnel interface but it is successful configuration to only configure tunnel carefully Example Config...

Страница 510: ...ending LSA on the interface which is shown in seconds and ranged between 1 65535 Default The default delay time of send LSA on the interface is 1 second by default Command Mode Interface Mode Usage Gu...

Страница 511: ...pv6 router ospf area 1 tag IPI instance id 1 14 7 3 15 max concurrent dd Command max concurrent dd value no max concurrent dd Function Configure with this command the current dd max concurrent number...

Страница 512: ...be 1 or 2 and it is 2 by default route map word targets to the probe of the route map for introducing route Command Mode OSPFv3 protocol mode Usage Guide Learn and introduce other routing protocol int...

Страница 513: ...IPI 14 7 3 20 timers spf Command timers spf spf delay spf holdtime no timers spf Function Adjust route calculation timer value The no timers spf restores the relevant value to default Parameter spf d...

Страница 514: ...vlan1 exit Configure interface vlan2 IP address and affiliated OSPFv3 area SwitchA config interface vlan 2 SwitchA config if vlan2 IPv6 address 2100 1 1 1 64 SwitchA config if vlan2 IPv6 router ospf a...

Страница 515: ...lan3 IPv6 router ospf area 1 SwitchC config if vlan3 exit SwitchC config exit SwitchC Layer 3 switch SwitchD Enable OSPFv3 protocol configure router ID SwitchD config router IPv6 ospf SwitchD config r...

Страница 516: ...configure affiliated OSPFv3 area on relative interface And then consider OSPFv3 protocol characteristic OSPFv3 backbone area area 0 must be continuous If it doesn t ensure that virtual link is impleme...

Страница 517: ...ed Command Mode Admin mode and global mod Switch debug ipv6 ospf nfsm 1970 01 01 01 14 07 IMI NFSM 192 168 2 3 000007d4 LS update timer expire 1970 01 01 01 14 07 IMI NFSM 192 168 2 1 000007d3 LS upda...

Страница 518: ...xample Routing Process OSPFv3 null with ID 192 168 2 2 SPF schedule delay 5 secs Hold time between SPFs 10 secs Minimum LSA interval 5 secs Minimum LSA arrival 1 secs Number of external LSA 0 Checksum...

Страница 519: ...Vlan2 Link State ID ADV Router Age Seq CkSum Prefix 0 0 7 211 192 168 2 1 1450 0x80000001 0xa565 1 0 0 7 212 192 168 2 2 1399 0x80000001 0x4305 1 Router LSA Area 0 0 0 0 Link State ID ADV Router Age S...

Страница 520: ...is 1 sec State DR Priority 1 Designated Router ID 192 168 2 2 Interface Address fe80 203 fff fe01 257c Backup Designated Router ID 192 168 2 3 Interface Address fe80 203 fff fe01 d28 Timer interval c...

Страница 521: ...d Router ID 192 168 2 2 Interface Address fe80 203 fff fe01 257c Specifying layer 3 switch Backup Designated Router ID 192 168 2 3 Interface Address fe80 203 fff fe01 d28 Back up designated layer 3 sw...

Страница 522: ...nship state Pri Priority 14 7 5 1 11 show ipv6 ospf route Command show ipv6 ospf tag route Function Show the OSPF route table messages Parameter tag is the processes tag which is a character string De...

Страница 523: ...ow ipv6 ospf virtual links Command show ipv6 ospf tag virtual links Function Show OSPF virtual link messages Parameter tag is the processes tag which is a character string Default Not displayed Comman...

Страница 524: ...routing protocol unlike interior routing protocol such as OSPF and RIPng BGP can t discovery and calculate routes but it can control the transmission of routes and select the best route By carrying A...

Страница 525: ...BGP speaker receives this message it shutdowns the BGP connections with its neighbors BGP 4 is connection oriented BGP acts as higher protocol and runs on the particular equipments When detecting a ne...

Страница 526: ...d physical connection and share the same medium Because EBGP need physical connection the boundary equipments between two AS are usually running EBGP When a BGP speaker receives routing information fr...

Страница 527: ...onfederation is preferable to IBGP 8 If it s still the same by now BGP router ID router ID is used to break the balance The best route is the one from the least router ID 14 8 2 BGP Configuration Task...

Страница 528: ...BGP process Router configuration mode network ip address M no network ip address M Set the network that BGP will announce the no network ip address M command cancels the network that will be announced...

Страница 529: ...neighbors and peers the no neighbor ip address TAG soft reconfiguration inbound command cancels the storage of routing information Admin Mode Clear ip bgp as id external peer group NAME ip address so...

Страница 530: ...eighbor ip address TAG next hop self command cancels the setting 2 Cancel default Next Hop through route map Command Explanation Route mapped configuration command set ip next hop ip address no set ip...

Страница 531: ...ion 4th Advanced BGP configuration tasks 1 Use Route Maps to Modify Route Command Explanation BGP configuration mode neighbor ip address TAG route map map name in out no neighbor ip address TAG route...

Страница 532: ...iguration mode bgp confederation identifier as id no bgp confederation identifier as id Configure a BGP AS confederation identifier the no bgp confederation identifier as id command deletes the BGP AS...

Страница 533: ...er id command cancels the cluster id configuration 3 If the route reflector from clients to clients is needed the following commands can be used Command Explanation BGP configuration mode bgp client t...

Страница 534: ...iption neighbor ip address TAG default originate route map NAME no neighbor ip address TAG default originate route map NAME Permit to send the default route 0 0 0 0 the no neighbor ip address TAG defa...

Страница 535: ...list number name in out command cancels route filtering neighbor ip address TAG route reflector client no neighbor ip address TAG route reflector client Configure the current switch as route reflecto...

Страница 536: ...d activates the closed BGP neighbor or peers 8 Adjust BGP Timers 1 Configure the BGP timer of all the neighbors Command Explanation BGP configuration mode timers bgp keepalive holdtime no timers bgp C...

Страница 537: ...ute Command Explanation BGP configuration mode neighbor ip address TAG default originate no neighbor ip address TAG default originate Permit sending default route 0 0 0 0 the no neighbor ip address TA...

Страница 538: ...lector the no redistribute connected static rip ospf command cancels the redistribution 14 Configure Route Dampening Command Explanation BGP configuration mode bgp dampening 1 45 1 20000 1 20000 1 255...

Страница 539: ...lities include route update dynamic capability outgoing route filtering capability and the address family s capability of supporting the negotiation Use these command to enable these capabilities its...

Страница 540: ...Command address family AFI SAFI Function Enter address family mode Parameter AFI address family such as IPv4 IPv6 VPNv4 etc SAFI sub address family such as unicast multicast Default None Command Mode...

Страница 541: ...nv4 Function Enter the BGP VPNv4 address family mode Parameter None Command Mode BGP routing mode Usage Guide To support VPN VRF has to be enabled on the border routers to realize VPN create neighbors...

Страница 542: ...ate nexthop check command cancels this configuration namely not check the next hop accordance of aggregate route Parameter None Default No nexthop checked during aggregating Command Mode Global mode U...

Страница 543: ...ignore 14 8 3 8 bgp bestpath compare confed aspath Command bgp bestpath compare confed aspath no bgp bestpath compare confed aspath Function Set to concern the confederation AS PATH length The no bgp...

Страница 544: ...st Consider as max MED value when missing Default Not configured Command Mode BGP routing mode Usage Guide Choose whether MED is compared among confederations by this command If MED is missing It is c...

Страница 545: ...d no bgp confederation identifier as id Function Create delete a confederation configuration The no bgp confederation identifier as id command deletes a confederation Parameter ID number of the confed...

Страница 546: ...der this route will no longer be advertised The penalty value will be reduced by time by the half life index regulation if the route keeps stable and finally be advertised again when the penalty falls...

Страница 547: ...bgp enforce first as Command bgp enforce first as no bgp enforce first as Function Enforces the first AS position of the route AS PATH contain the neighbor AS number or else disconnect this peer when...

Страница 548: ...the routing message with no regard to the matched information Example Switch config router bgp 100 Switch config router no bgp inbound route filter 14 8 3 21 bgp log neighbor changes Command bgp log...

Страница 549: ...h config router bgp network import check 14 8 3 24 bgp rfc1771 path select Command bgp rfc1771 path select no bgp rfc1771 path select Parameter None Default Not following Command Mode Global mode Usag...

Страница 550: ...60 no bgp scan time 0 60 Function Set the time interval of the periodical next hop validation the no bgp scan time 0 60 command restores to the default value Parameter 0 60 Validation time interval De...

Страница 551: ...ILY address family such as ipv4 unicast ip address IP address ip address M IP address and mask Default None Command Mode Admin mode Usage Guide It is possible to clear BGP routing dampening messages a...

Страница 552: ...55 1 255 command restores the manage distance to default value Parameter Respectively the EBGP IBGP and LOCAL manage distance of the BGP Default Default EBGP is 20 others are 200 Command Mode BGP rout...

Страница 553: ...ch config af rd 100 10 Switch config af route target both 100 10 Switch config af import map map1 Switch show ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher 100 10 Defau...

Страница 554: ...ity number COMMUNITY Members of the community list which may be the combination of aa nn or internet local AS no advertise and no export It can be shown in regular expressions under extended condition...

Страница 555: ...icast address family and disable other address families Command Mode BGP routing mode and address family mode Usage Guide IP unicast is configured under BGP routing mode Configure whether specific add...

Страница 556: ...In default conditions AS is not allowed repeating in the same route and when set the repeat count it is defaulted at 3 when 1 10 parameters not set Command Mode BGP routing mode and address family mo...

Страница 557: ...e AS path whether its AS number exists if yes the route will be considered as circuit and cleared However in VPN environment there may be two or more CE with the same AS number on the PE link As the E...

Страница 558: ...ault Not configure the dynamic update capability but the route refresh capability Command Mode BGP routing mode and address family mode Usage Guide This is an extended BGP capability With this configu...

Страница 559: ...e as its own out rules so to avoid sending route which will be denied by the partner Example Switch config router neighbor 10 1 1 66 capability orf prefix list both 14 8 3 45 neighbor collide establis...

Страница 560: ...selecting principles According to route mirror it can be chosen when to send the default route Example Switch config router neighbor 10 1 1 64 default originate Switch config router Now the route tabl...

Страница 561: ...55 any Switch config access list 101 permit ip any any Switch config router bgp 100 Switch config router neighbor 10 1 1 66 distribute list 101 out 14 8 3 49 neighbor dont capability negotiate Command...

Страница 562: ...are ensured through static configuration The neighbor relationship is established only after both side are configured as follows on 10 1 1 64 Switch config router neighbor 11 1 1 120 ebgp multihop on...

Страница 563: ...t while sending and receiving are configured by this command Example Configure the AS PATH access control list ASPF is the name of the access list The route with AS number of 100 will not be able to u...

Страница 564: ...ly option is set then there will be warning only if not the connection to the neighbor will be cut till clear the records with clear ip bgp command Example Switch config router neighbor 10 1 1 64 maxi...

Страница 565: ...ip address TAG passive no neighbor ip address TAG passive Function Configure whether the connecting request is positively sent in the connection with specified neighbor the no neighbor ip address TAG...

Страница 566: ...group TAG no neighbor ip address peer group TAG Function Assign delete peers in the group The no neighbor ip address peer group TAG command deletes the peers from the peer group Parameter ip address...

Страница 567: ...prefix list in out Direction on which the restrictions applied Default No prefix restrictions applied Command Mode BGP routing mode and address family mode Usage Guide Specify the prefix and its scop...

Страница 568: ...ss Neighbor IP address TAG Name of peer group Default Not configured Command Mode BGP routing mode and address family mode Usage Guide Configure this attribute to avoid assigning the internal AS numbe...

Страница 569: ...P address TAG Name of peer group Default Not configured Command Mode BGP routing mode and address family mode Usage Guide The route reflection is used for reducing the peers when the internal IBGP rou...

Страница 570: ...or 10 1 1 68 route server client 14 8 3 67 neighbor send community Command neighbor ip address TAG send community both extended standard no neighbor ip address TAG send community both extended standar...

Страница 571: ...ip address TAG soft reconfiguration inbound command set to not perform the inbound soft reconfiguration Parameter ip address Neighbor IP address TAG Name of peer group Default Not perform inbound soft...

Страница 572: ...lity match Command neighbor ip address TAG strict capability match no neighbor ip address TAG strict capability match Function Configure whether strict capability match is required when establishing c...

Страница 573: ...val Default 120s Command Mode BGP routing mode and address family mode Usage Guide Configure the connecting time interval when connecting a peer The NO form restores the default value Example Switch c...

Страница 574: ...he loop back interface The NO forms restores to the nearest interface update source Improper update source use may lead to neighbor connection unavailable while the invalid interface causes problem wh...

Страница 575: ...no network ip address M route map WORD backdoor Function Configure the BGP managed network the route map specified in network application or set the back door for the network the no network ip address...

Страница 576: ...er or IP address digits such as 100 10 Command Mode vrf mode Usage Guide Under VRF mode the configured RD is for identifying different VRF each of which shall have a unique RD The BGP distinct routes...

Страница 577: ...ort both rt val Function Configure the route extended community attributes so to determine whether the route be spreaded to specific VRF Parameter rt val is the same as RD form standing for the extend...

Страница 578: ...655 Switch config map set vpnv4 next hop 10 1 1 250 Switch config map exit Switch config router bgp 100 Switch config router neighbor 10 1 1 68 remote as 100 Switch config router neighbor 10 1 1 68 r...

Страница 579: ...Configuration Examples of BGP 14 8 4 1 Examples 1 configure BGP neighbor SwitchB SwitchC and SwitchD are in AS200 SwitchA is in AS100 SwitchA and SwitchB share the same network segment SwitchB and Sw...

Страница 580: ...B and SwitchA is EBGP and other connections with SwitchC and SwitchD are IBGP SwitchB and SwitchD may have BGP connection without physical connection But there is a precondition that these two switche...

Страница 581: ...s list 1 permit 11 1 0 0 0 0 255 255 Switch config access list 2 permit 0 0 0 0 255 255 255 255 Switch config exit Switch clear ip bgp 16 1 1 6 soft out In the following sample configure the MED local...

Страница 582: ...s 4 configure BGP confederation The following is the configuration of an AS As the picture illustrated SwitchB and SwitchC establish IBGP connection SwitchD is affiliated to AS 20 SwitchB and SwitchC...

Страница 583: ...n identifier 200 SwitchC config router bgp bgp confederation peers 20 SwitchC config router bgp neighbor 12 1 1 2 remote as 10 SwitchD SwitchD config router bgp 20 SwitchD config router bgp bgp confed...

Страница 584: ...100 SwitchC config router bgp neighbor 2 2 2 2 route reflector client SwitchC config router bgp neighbor 7 7 7 7 remote as 100 SwitchC config router bgp neighbor 3 3 3 4 remote as 100 SwitchC config r...

Страница 585: ...e as 100 SwitchA config router bgp neighbor 9 9 9 9 remote as 300 The SwitchA at this time needn t to create IBGP connection with all the switches in the AS100 and could receive BGP route from other s...

Страница 586: ...or 1 1 1 1 remote as 300 SwitchD config router bgp exit SwitchD config route map set metric permit 10 SwitchD Config Router RouteMap set metric 200 The configurations of SwitchB SwitchB config router...

Страница 587: ...Notice BGP protocol itself can t detect route needs to import other routes to create BGP route Only it enables these routes to announce IBGP and EBGP neighbors by importing routes Direct link routes s...

Страница 588: ...p Metric LocPrf Weight Path 12 0 0 0 10 1 1 121 0 32768 100 1 1 0 24 10 1 1 200 0 32768 100 1 2 0 24 10 1 1 200 0 32768 172 0 0 0 8 0 0 0 0 32768 i Total number of prefixes 4 14 8 5 1 2 show ip bgp at...

Страница 589: ...172 0 0 0 8 0 0 0 0 32768 700 800 i Total number of prefixes 2 14 8 5 1 4 show ip bgp community info Command show ip bgp community info Function For displaying the community messages permitted by BGP...

Страница 590: ...e Command Mode All mode Usage Guide Only the surged routes will be displayed The Parameters shows the display configuration other than specific routes The other two options will respectively show the...

Страница 591: ...SH IP BGP filter list FL BGP table version is 2 local router ID is 11 1 1 100 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Ne...

Страница 592: ...tes parameters will respectively displays the routes broadcast on local side the received prefix filter received routes soft reconfiguration enabled and the routing message from specific neighbor Exam...

Страница 593: ...ific prefix list in BGP Parameter ADDRESS FAMILY Address family such as ipv4 unicast NAME Name of prefix list Default None Command Mode All mode Usage Guide We can select the required BGP route by reg...

Страница 594: ...best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 64 0 0 500 100 600 Total number of prefixes 1 14 8 5 1 13 show ip bgp regexp...

Страница 595: ...uppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 64 0 0 500 100 600 10 1 1 68 0 0 300 Total...

Страница 596: ...BGP instance Parameter NAME Name of BGP instance ip address IP address ip address M IP address and mask ADDRESS FAMILY Address family such as ipv4 unicast Default None Command Mode All modes Usage Gui...

Страница 597: ...E all command closes the BGP debugging messages Parameter MODULE BGP module names including dampening events filters fsm keepalives nsm updates etc Default None Command Mode Admin mode and global mode...

Страница 598: ...v6 unicast Enter IPv6 unicast address family BGP protocol address family comfiguration mode no neighbor X X X X activate Configure IPv6 neighbor to activate inactivate the address family exit address...

Страница 599: ...ress family SwitchB config router bgp exit SwitchB config SwitchC configuration as follows SwitchC config router bgp 200 SwitchC config router bgp neighbor 2002 2 remote as 200 SwitchC config router b...

Страница 600: ...D is IBGP The BGP connection can be processed between SwitchB and SwitchD without physical link but the premise is a route which reaches from one switch to the other switch The route can be obtained b...

Страница 601: ...rts a message IGMP Snooping is also referred to as IGMP listening The switch prevents multicast traffic from flooding through IGMP Snooping multicast traffic is forwarded to ports associated to multic...

Страница 602: ...atic multicast address and port member to join 3 Configure IGMP to send Query Command Explanation Global Mode ip igmp snooping vlan vlan id query no ip igmp snooping vlan vlan id query Enables IGMP Sn...

Страница 603: ...gmp snooping vlan 100 15 3 2 ip igmp snooping vlan immediate leave Command ip igmp snooping vlan vlan id immediate leave no ip igmp snooping vlan vlan id immediate leave Function Enable the IGMP fast...

Страница 604: ...oping vlan vlan id Function Enable the IGMP Snooping function for the specified VLAN the no ip igmp snooping vlan vlan id command disables the IGMP Snooping function for the specified VLAN Parameter v...

Страница 605: ...port Parameter vlan id vlan id ranging between 1 4094 value mrouter port survive period ranging between 1 65535 seconds Command Mode Global mode Default 255s Usage Guide This command validates on dyna...

Страница 606: ...n id query robustness Function Configure the query robustness The no ip igmp snooping vlan vlan id query robustness command restores to the default value Parameter vlan id vlan id ranging between 1 40...

Страница 607: ...s are connected to port 2 6 10 12 respectively and the multicast router is connected to port 1 As IGMP Snooping is disabled by default either in the switch or in the VLANs If IGMP Snooping should be e...

Страница 608: ...am 2 and port 12 will not receive the traffic of program 1 Scenario 2 IGMP Query Multicast Router Mrouter Port IGMP Snooping Group 1 Group 1 Group 1 Group 2 Switch2 Group 1 Group 2 IGMP Snooping Query...

Страница 609: ...run properly because of physical connection or configuration mistakes So the users should noted that z Make sure correct physical connection z Activate IGMP Snooping on whole config mode use ip igmp...

Страница 610: ...is disabled on the switch by default Usage Guide The command is used for enable the IGMP Snooping debugging switch of the switch switch IGMP data packet message can be shown with packet parameter eve...

Страница 611: ...2 Igmp snooping mrouter port keep alive time 255 s Igmp snooping query suppression time 255 s IGMP Snooping Connect Group Membership Note All Source S Include Source S Exclude Source Groups Sources Po...

Страница 612: ...ress table multicast Command show mac address table multicast vlan vlan id Function Show the multicast MAC address table messages Parameter vlan id VLAN ID included in the entries to be shown Command...

Страница 613: ...multicast VLAN is configured the multicast traffic will be continuously sent to the users 16 2 Multicast VLAN Configuration Task 1 Enable the multicast VLAN function 2 Configure the IGMP Snooping 1 E...

Страница 614: ...tion of the VLAN configuration of VLANs associated with the multicast VLAN should be deleted Note that the default vlan can not be configured with this command and only one multicast vlan is allowed o...

Страница 615: ...multicast server is connected to the layer 3 switch switchA through port 1 1 which belongs to the vlan10 of the switch The layer 3 switch switchA is connected with layer 2 switches through the port 1...

Страница 616: ...erface ethernet1 10 SwitchA Config Ethernet1 10 switchport mode trunk SwitchB config SwitchB config vlan 100 SwitchB config vlan100 Switchport access ethernet 1 15 SwitchB config vlan100 exit SwitchB...

Страница 617: ...al of valuable bandwidth resource and furthermore Broadcast mode goes against the security and secrecy The emergence of IP Multicast technology solved this problem in time The Multicast source only se...

Страница 618: ...ast group can be permanent or temporary Some of the Multicast group addresses are assigned officially they are called Permanent Multicast Group Permanent Multicast Group keeps its IP address fixed but...

Страница 619: ...ode the source host sends packets to the host group indicated by the Multicast group address in the destination address field of IP data packet Unlike Unicast mode Multicast data packet must be forwar...

Страница 620: ...sitory finance application stock etc 3 Any data distribution application of one point to multiple points In the situation of more and more multimedia operations in IP network Multicast has tremendous...

Страница 621: ...ing Unicast routing table to establish a Multicast transmission tree initiating from data source When a Multicast packet arrives the router will determine whether the coming path is correct first If t...

Страница 622: ...ip pim multicast routing Make PIM DM Protocol on each interface to Enable status but the commands below are required to really enable PIM DM protocol on the interface And then turn on PIM SM switch on...

Страница 623: ...e mode command disenables PIM DM protocol on interface Parameter None Default Disable PIM DM protocol Command Mode Interface Configure Mode Usage Guide The command will be taken effect executing ip mu...

Страница 624: ...val interval no ip pim state refresh origination interval Function Configure transmission interval of state refresh message on interface The no ip pim state refresh origination interval command restor...

Страница 625: ...witch Config if Vlan1 ip address 12 1 1 2 255 255 255 0 Switch Config if Vlan1 ip pim dense mode Switch Config if Vlan1 exit Switch Config interface vlan 2 Switch Config if Vlan2 ip address 20 1 1 1 2...

Страница 626: ...switch of PIM DM source activity timer information in detail the no debug pim timer sat command disenables the debug switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide Enable t...

Страница 627: ...warding items namely forwarding items of forward multicast packet in system FIB table Example Display all of PIM DM message forwarding items Switch config show ip pim mroute dense mode IP Multicast Ro...

Страница 628: ...y used in big scale network with group members distributed relatively sparse and wide spread Unlike the Flooding Prune of Dense Mode PIM SM Protocol assumes no host needs receiving Multicast data pack...

Страница 629: ...y will take charge of encapsulating the Multicast packet into registered message and unicast it to corresponding RP If there are more than one PIM SM Multicast routers on a network segment then DR Des...

Страница 630: ...rotocol 1 Enable PIM SM Protocol The basic configuration to function PIM SM Routing Protocol on EDGECORE series Layer 3 switch is very simple It is only required to turn on PIM Multicast switch in Glo...

Страница 631: ...ccess list If a neighbor is filtered by the list and a connection has been set up with this neighbor then this connection is cut off immediately and if no connection is set up yet then this connection...

Страница 632: ...configure the information of PIM SM candidate RP so that it can compete for RP router with other candidate RPs The no ip pim rp address A B C D all A B C D M command cancels the configuration of RP 3...

Страница 633: ...r to compete the BSR router with other candidate BSRs The command no ip pim bsr candidate disables the candidate BSR Parameter Ifname is the specified interface s name hash mask length is the specifie...

Страница 634: ...ets The no ip pim dr priority command restores the default value Parameter priority is priority Default 1 Command Mode Interface Configuration Mode Usage Guide Range from 0 to 4294967294 the higher va...

Страница 635: ...onfigured but less than current hello_interval hello_holdtime is modified to 3 5 hello_interval otherwise the configured value is maintained Example Configure vlan1 s Hello Holdtime Switch Config inte...

Страница 636: ...net this command is not recommended Example Switch config ip pim ignore rp set priority 17 3 3 9 ip pim jp timer Command ip pim jp timer value no ip pim jp timer Function Configure to add JP timer the...

Страница 637: ...deny In the following example if permit any source is not configured deny 10 1 4 10 0 0 0 255 is the same as deny any source Example Configure vlan s filtering rules of pim neighbors Switch show ip pi...

Страница 638: ...ter source Command ip pim register source A B C D ifname ethernet vlan vlan id no ip pim register source Function This command is to configure the source address of register packets sent by DR to over...

Страница 639: ...ss A B C D A B C D M no ip pim rp address A B C D A B C D M all Function This command is to configure static RP globally or in a multicast address range The no ipv6 pim rp address A B C D A B C D M al...

Страница 640: ...m rp candidate vlan1 100 17 3 3 18 ip pim rp register kat Command ip pim rp register kat vaule no ip pim rp register kat Function This command is to congifure the KAT KeepAlive Timer value of the RP S...

Страница 641: ...Global Mode Usage Guide 1 Only this command is configured pim ssm can be available 2 Before configuring this command make sure ip pim multicasting succeed This command can t work with DVMRP 3 Access l...

Страница 642: ...witch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ip address 13 1 1 1 255 255 255 0 Switch Config If Vlan2 ip pim sparse mode 2 Configure SwitchB Switch Config ip pim mu...

Страница 643: ...e SwitchD Switch Config ip pim multicast routing Switch Config interface vlan 1 Switch Config If Vlan1 ip address 34 1 1 4 255 255 255 0 Switch Config If Vlan1 ip pim sparse mode Switch Config If Vlan...

Страница 644: ...information is correct if there is not rp information you still need to check unicast routing If all attempts including Check are made but the problems on PIM SM can t be solved yet then use debug com...

Страница 645: ...tch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guide Inspect PIM NEXTHOP changing information by the pim nexthop switch Example Switch debug ip pim nexthop 17 3 5 1...

Страница 646: ...mand Mode Admin Mode and Global Mode Usage Guide Inspect the changing information about pim state by this switch Example Switch debug ip pim state 17 3 5 1 8 debug pim timer Command debug pim timer de...

Страница 647: ...ppt no debug pim timer joinprune pt no debug pim timer joinprune no debug pim timer register rst no debug pim timer register Function Enable or Disable each pim timer Parameter None Default Disabled C...

Страница 648: ...fault None Command Mode Admin Mode and Global Mode Usage Guide Display PIM interface information Example testS2 config show ip pim interface Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 1...

Страница 649: ...RPF nbr 10 1 4 10 RPF idx Vlan1 Upstream State JOINED Local Joined Asserted Outgoing Displayed Information Explanations Entries The counts of each item RP Share tree s RP address RPF nbr RP direction...

Страница 650: ...6 1 Vlan1 00 00 10 00 01 35 v2 1 10 1 6 2 Vlan1 00 00 13 00 01 32 v2 1 10 1 4 2 Vlan3 00 00 18 00 01 30 v2 1 10 1 4 3 Vlan3 00 00 17 00 01 29 v2 1 Displayed Information Explanations Neighbor Address N...

Страница 651: ...nexthop Pref Preference Route preference Refcnt Reference count 17 3 5 1 14 show ip pim rp hash Command show ip pim rp hash A B C D Function Display the RP address of A B C D s merge point Parameter...

Страница 652: ...ath checking information is based on distance vector in a manner similar to RIP 2 Routing exchange update occurs periodically the default is 60 seconds 3 TTL upper limit 32 hops and that RIP is 16 4 R...

Страница 653: ...the capabilities of each other If no Probe message from the neighbor is received until the neighbor is timed out then this neighbor is considered missing In DVMRP source network routing selection mess...

Страница 654: ...e DVMRP tunnel 1 Globally enable DVMRP Protocol The basic configuration to function DVMRP routing protocol on EDGECORE series Layer 3 switch is very simple Firstly it is required to turn on DVMRP swit...

Страница 655: ...the no ip dvmrp metric command restores default value ip dvmrp reject non pruners no ip dvmrp reject non pruners Configure the interface rejects to set up neighbor relationship with non pruning graft...

Страница 656: ...d interface metric value as new metric value of the routing The metric value applies to calculate posion reverse namely ensuring up downstream relations If the metric value of some route on the switch...

Страница 657: ...h Config If vlan1 ip dvmrp output report delay 1 1024 17 4 3 5 ip dvmrp reject non pruners Command ip dvmrp reject non pruners no ip dvmrp reject non pruners Function Configure to reject neighborship...

Страница 658: ...l configurations are deleted Example Switch Config ip dvmrp tunnel 1 12 1 1 1 24 1 1 1 17 4 4 DVMRP Configuration Examples As shown in the following figure add the Ethernet interfaces of Switch A and...

Страница 659: ...ip address command Afterwards enable DVMRP Protocol on the interface use ip dvmrp command and ip dv multicast routing command Multicast Protocol requires RPF Check using unicast routing therefore the...

Страница 660: ...in out raft in out graft ack in out in out all command disenables this debugging switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide Enable this switch and display DVMRP protoc...

Страница 661: ...Interface corresponding physical interface name Vif Index Virtual interface index Ver Interface supporting version Nbr Cnt Neighbor count Type Interface type Remote Address Remote address 17 4 5 1 4 s...

Страница 662: ...itch show ip dv prune Flags P Pruned H Host D Holddown N NegMFC I Init Source Mask Group State FCR Exptime Prune Graft Address Len Address Cnt ReXmit Time 13 1 1 0 24 239 0 0 1 1 01 59 56 Off Displaye...

Страница 663: ...Multicast Packet Source Controllable Multicast User Controllable and Service Oriented Priority Strategy Multicast The Multicast Packet Source Controllable technology of Security Controllable Multicast...

Страница 664: ...ulticast Strategy Configuration 1 Source Control Configuration Source Controll Configuration has three parts of which the first is to enable source control The command of source control is as follows...

Страница 665: ...Mode no ip multicast source control access group 5000 5099 Used to configure the rules source control uses to port the NO form cancels the configuration Destination Control Configuration Like source c...

Страница 666: ...follows Command Explanation Port Configuration Mode no ip multicast destination control access group 6000 7999 Used to configure the rules destination control uses to port the NO form cancels the con...

Страница 667: ...estination wildcard host destination destination host ip any destination command deletes the access list Parameter 5000 5099 source control access list number deny permit deny or permit source multica...

Страница 668: ...source address source wildcard multicast source address wildcard character source host ip multicast source host address destination multicast destination address destination wildcard multicast destin...

Страница 669: ...7999 Function Configure multicast destination control access list used on specified vlan mac the no ip multicast destination control 1 4094 macaddr access group 6000 7999 command deletes this configu...

Страница 670: ...excuting the command it needs to excute clear ip igmp groups command to clear relevant groups in Admin mode Example Switch Config ip multicast destination control 10 1 1 0 24 access group 6000 17 5 3...

Страница 671: ...ion Configure to globally enable multicast source control the no ip multicast source control command restores global multicast source control disabled Parameter None Default Disabled Command Mode Glob...

Страница 672: ...mit multicast data without any limit and we can make the following configuration Switch config access list 5000 permit ip any host 225 1 2 3 Switch config access list 5001 permit ip any any Switch con...

Страница 673: ...tions above carefully If you still can determine the cause of the problem please send your configurations and the effects you expect to the after sale service staff of our company 17 5 5 1 Monitor And...

Страница 674: ...host source 2 1 1 1 any destination access list 6001 deny ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 permit ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6003 permit...

Страница 675: ...itch sh ip multicast source control access list access list 5000 permit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 access list 5000 deny ip 10 1 1 0 0 0 0 255 233 0 0 0 0 255 255 255 17 6 IGMP 17 6 1 I...

Страница 676: ...IGMP version1 the selection of query machine is determined by Multicast Routing Protocol IGMP version2 made an improvement for it it prescribed that when there are more than one multicast switches on...

Страница 677: ...tion with these variables of non queries 5 Max Response Time in Query Message has an exponential range with maximum value from 25 5 secs of v2 to 53 mins which can be used in links of great capacity 6...

Страница 678: ...p dvmrp no ip pim dense mode no ip pim sparse mode disable IGMP Protocol Required 2 Configure IGMP Sub parameters 1 Configure IGMP group parameters 1 Configure IGMP group filtering conditions 2 Config...

Страница 679: ...f the interface for IGMP query the no ip igmp query max response time command restores default value ip igmrp query timeout time_val no ip igmp query timeout Configure the time out of the interface fo...

Страница 680: ...ing in immediate leave mode that is when the host transmits member identity report of equaivalent to leave a group router does not transmit query it directly confirms there is no member of this group...

Страница 681: ...tion Mode Usage Guide After configuring mamimum state state count interface only saves states which are not more than state count groups and sources If it reaches upper limit of state count it does no...

Страница 682: ...uery information on interface when some interface enables some group multicast protocol The command applies to configure this query period time Example Configure interval of periodly transmitted IGMP...

Страница 683: ...her switch as new query processor Example Configure timeout of IGMP query message on interface to 100s Switch Config interface vlan 1 Switch Config If Vlan1 ip igmp query timeout 100 17 6 3 9 ip igmp...

Страница 684: ...and version 2 therefore it must configure to the same version IGMP in the same network When other routers which are not upgraded to IGMPv3 on interface connected subnet need to join member identity c...

Страница 685: ...e user should pay attention to the following issues Firstly to assure that physical connection is correct Next to assure the Protocol of Interface and Link protocol is UP use show interface command Af...

Страница 686: ...igmp packet debug is on Switch 02 17 38 58 IGMP Send membership query on dvmrp2 for 0 0 0 0 02 17 38 58 IGMP Received membership query on dvmrp2 from 192 168 1 11 for 0 0 0 0 02 17 39 26 IGMP Send mem...

Страница 687: ...t Pres ent V2 V2 Host Present Interface Vlan1 Group 234 1 1 1 Flags Uptime 00 00 19 Group Mode INCLUDE Last Reporter 10 1 1 1 Exptime stopped Source list 2 members S Static Source Address Uptime v3 Ex...

Страница 688: ...MP information of specified interface Default Do not display Command Mode Admin Mode Example Display interface valn1 IGMP message on Ethernet Switch config show ip igmp interface Vlan1 Interface Vlan1...

Страница 689: ...ulation The working process of PIM DM can be summarized as Neighbor Discovery Flooding Prune and Graft 1 Neigh hour Discovery When PIM DM router is started at beginning Hello message is required to di...

Страница 690: ...any specific unicast routing protocol 4 Assert Mechanism If two multicast router A and B in the same LAN segment have their own receiving paths to multicast source S they will respectively forward mu...

Страница 691: ...de ipv6 pim hello interval interval no ipv6 pim hello interval Configure PIM DM hello message interval time the NO operation of this command restores the default value Configure PIM DM state refresh m...

Страница 692: ...rface vlan 1 Switch Config if Vlan1 ipv6 pim dense mode 18 1 3 2 ipv6 pim dr priority Command ipv6 pim dr priority priority no ipv6 pim dr priority Function Configure cancel and change priority value...

Страница 693: ...alue of hello_holdtime is 105s Command Mode Interface Configuration Mode Usage Guide If no setting hellotime will default current 3 5 times of Hello_interval If setting hellotime is less than current...

Страница 694: ...pim multicast routing command disenables PIM DM protocol Parameter None Default Disable PIM DM protocol Command Mode Global Mode Usage Guide Ipv6 pim can enable only after executing this command Exam...

Страница 695: ...l the downstream routers The command can modify origination interval of state refresh messages Usually do not modify relevant timer interval The command can configure on IPv6 tunnel interface but it i...

Страница 696: ...work normally due to physical connections incorrect configuration and so on So users shall note the following points Assure the physical connection is correct Assure the Protocol of Interface and Lin...

Страница 697: ...ch and display PIM DM state refresh timer information in detail Example Switch debug ipv6 pim timer srt Remark Other debug switches in PIM DM are common in PIM SM show ipv6 pim mroute dense mode Comma...

Страница 698: ...n including FORWARDING forwarding upstream data PRUNED Upstream stops forwarding data ACKPENDING waiting for upstream response forwarding upstream data Origin State The two states ORIGINATOR on transm...

Страница 699: ...along the shared tree flow When the data traffic reaches a certain amount multicast data stream can be switched to source based SPT Shortest Path Tree to shorten network delay PIM SM doesn t rely on a...

Страница 700: ...icast group based on the same algorithm after receiving the candidate RP message announced by BSR Note that one RP can serve more than one multicast groups even all multicast groups But each multicast...

Страница 701: ...protocol on the interface and the NO operation of this command shuts PIM SM Protocol on all interfaces Required And then turn on PIM SM switch on the interface Command Explanation Port Configuration M...

Страница 702: ...ure switch to be candidate BSR Command Explanation Global Mode Ipv6 pim bsr candidate ifname hash mask length priority no ipv6 pim bsr candidate This command is the global candidate BSR configuration...

Страница 703: ...pv6 pim accept register Function Filter the specified multicast group Parameter acess list name is the applying access list name Default Permit the multicast registers from any sources to any groups C...

Страница 704: ...the BSR router with other candidate BSRs Only this command is configured this switch is the BSR candidate router Example Globally configure the interface vlan1 as the candidate BSR message transmitti...

Страница 705: ...d restores the default value Parameter None Default The Hello packets include GenId option Command Mode Interface Configuration Mode Usage Guide This command is used to interact with older Cisco IOS v...

Страница 706: ...rval of periodically transmitted pim hello packets ranges from 1 to 18724s Default The default periodically transmitted pim hello packets hello_interval is30s Command Mode Interface Configuration Mode...

Страница 707: ...3 10 ipv6 pim multicast routing Command ipv6 pim multicast routing no ipv6 pim multicast routing Function Enable PIM SM globally The no ipv6 pim multicast routing command disables PIM SM globally Par...

Страница 708: ...ipv6 pim Register rate limit command restores the default value This configured speedrate is each S G state s not the whole systems Parameter limit ranges from 1 to 65535 Default No limit for sending...

Страница 709: ...nfig ipv6 pim register source Vlan1 18 2 3 15 ipv6 pim register suppression Command ipv6 pim register suppression value no ipv6 pim register suppression Function This command is to configure the value...

Страница 710: ...the candidate RP the format is X X X X M ipv6 address and prefix length priority is the RP selection priority ranges from 0 to 255 the default value is 192 the lower value has more priority Default T...

Страница 711: ...ed PIM SM Command Mode Interface Configuration Mode Usage Guide Enable PIM SM on the interface The command can configure on IPv6 tunnel interface but it is successful configuration to only configure t...

Страница 712: ...pim sparse mode Switch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ipv6 address2000 24 1 1 2 64 Switch Config If Vlan2 ipv6 pim sparse mode Switch Config If Vlan2 exit S...

Страница 713: ...ssure the Protocol of Interface and Link is UP use show interface command Unicast route shall be used to carry out RPF examination for multicast protocol So the correctness of unicast route shall be g...

Страница 714: ...3 debug ipv6 pim mib Command debug ipv6 pim mib no ipv6 debug pim mib Function Enable or Disable PIM MIB debug switch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guid...

Страница 715: ...mand Mode Admin Mode and Global Mode Usage Guide Inspect the received and transmitted pim packets by this switch Example Switch debug ipv6 pim packet in 18 2 5 1 7 debug ipv6 pim state Command debug i...

Страница 716: ...bug ipv6 pim timer bsr crp no debug ipv6 pim timer bsr no debug ipv6 pim timer hello ht no debug ipv6 pim timer hello nlt no debug ipv6 pim timer hello tht no debug ipv6 pim timer hello no debug ipv6...

Страница 717: ...126 Next bootstrap message in 00 00 10 Role Candidate BSR State Elected BSR Next Cand_RP_advertisement in 00 00 10 RP 2000 1 111 100 Vlan2 Displayed Information Explanations BSR address Bsr router Add...

Страница 718: ...count DR Prior Dr priority DR The interface s DR address 18 2 5 1 11 show ipv6 pim mroute sparse mode Command show ipv6 pim mroute sparse mode Function Display the multicast route table of PIM SM Par...

Страница 719: ...P direction or upneighbor of source direction RPF idx RPF nbr interface Upstream State Upstream State there are two state of Joined join the tree expect to receive data from upstream and Not Joined qu...

Страница 720: ...s Neighbor Address Neighbor address Interface Neighbor interface Uptime Expires Running time overtime Ver Pim version v2 usually DR Priority Mode DR priority in the hello messages from the neighbor an...

Страница 721: ...rence count 18 2 5 1 14 show ipv6 pim rp hash Command show ipv6 pim rp hash X X X X Function Display the RP address of group X X X X s merge point Parameter Group address Default None Command Mode Any...

Страница 722: ...icast application Correspondingly MLD Protocol version1 is similar to IGMP Protocol version2 and MLD Protocol version2 is similar to IGMP Protocol version3 Current firmware only supports MLDv1 The IPv...

Страница 723: ...ve Other logic is basically same as IGMPv2 18 3 2 MLD Configuration Task List 1 Start MLD Required 2 Configure MLD auxiliary parameters Required 1 Configure MLD group parameters 1 Configure MLD group...

Страница 724: ...e the overtime of MLD query Command Explanation Port Configuration Mode ipv6 mld query interval time_val no ipv6 mld query interval Configure the interval of MLD query messages sent periodically the N...

Страница 725: ...ve Command ipv6 mld immediate leave group list acl name no ipv6 mld immediate leave Function Configure MLD to work in the immediate leave mode that s when the host sends a membership qualification rep...

Страница 726: ...MLD host query messages it ranges from 0 to 65535s Default Intrerval of perriodly transmitted MLD query message is 125s Command Mode Interface Configuration Mode Usage Guide When a interface enables...

Страница 727: ...t run MLD one switch will be selected as the querying host and others set a timer to inspect the querying host s state If no querying packet is received when the timeout is over a switch wiil be resel...

Страница 728: ...X X no ipv6 mld join group X X X X source X X X X Function Configure the sources of certain multicast group which the interface join in Note because of the client group has got only INLCUDE and EXCLU...

Страница 729: ...xample Set the MLD state count limit of the interface vlan2 to 4000 Switch Config interface vlan2 Switch Config if Vlan2 ipv6 mld limit 4000 18 3 3 11 ipv6 mld static group Command ipv6 mld static gro...

Страница 730: ...efault one Parameter version_no is the version number of the MLD protocol with a valid range of 1 2 Default 2 by default Command Mode Interface Mode Usage Guide While there is routers still not upgrad...

Страница 731: ...work normally due to physical connections incorrect configuration and so on So users shall note the following points Assure the physical connection is correct Assure the protocol of interface and lin...

Страница 732: ...diaplays MLD packets The no debug ipv6 mld events command disables the debug switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide This switch can be enabled to get MLD packets in...

Страница 733: ...icast group Expires The left time to overtime 18 3 5 1 4 show ipv6 mld interface Command show ipv6 mld interface ifname Function Display the relavent MLD information of an interface Parameter ifname i...

Страница 734: ...ress MLD Snooping is namely the MLD listening The switch restricts the multicast traffic from flooding through MLD Snooping and forward the multicast traffic to ports associated to multicast devices o...

Страница 735: ...n specific vlan The no form of this command cancels the mrouter port configuration ipv6 mld snooping vlan vlan id mrpt value no ipv6 mld snooping vlan vlan id mrpt Configure the keep alive time of the...

Страница 736: ...s the MLD data packet message processed by the switch packet event messages event timer messages timer messages of down streamed hardware entry mfc all debug messages all 18 4 3 2 ipv6 mld snooping Co...

Страница 737: ...rotocol will hasten the process the port leaves one multicast group in which the specified group query of the group will not be sent and the port will be directly deleted Example Enable the MLD immedi...

Страница 738: ...ches the limit new group requesting for joining in will be rejected for preventing hostile attacks To use this command MLD snooping must be enabled on vlan The no form of this command restores the def...

Страница 739: ...ample Switch config ipv6 mld snooping vlan 2 mrpt 100 18 4 3 9 ipv6 mld snooping vlan query interval Command ipv6 mld snooping vlan vlan id query interval value no ipv6 mld snooping vlan vlan id query...

Страница 740: ...D configuration as possible Example Switch config ipv6 mld snooping vlan 2 query robustness 3 18 4 3 12 ipv6 mld snooping vlan suppression query time Command ipv6 mld snooping vlan vlan id suppression...

Страница 741: ...ed Information Explanation Global mld snooping status Whether or not the global mld snooping is enabled on the switch L3 multicasting Whether or not the layer 3 multicast protocol is running on the sw...

Страница 742: ...oup Membership Group membership of the vlan namely the correspondence between the port and S G Mld snooping vlan 1 mrouter port Mrouter port of the vlan including both static and dynamic 18 4 3 14 sho...

Страница 743: ...the port 1 of vlan 100 as a mrouter port Configuration procedure is as follows Switch config Switch config ipv6 mld snooping Switch config ipv6 mld snooping vlan 100 Switch config ipv6 mld snooping v...

Страница 744: ...ives no traffic from program2 and 3 port10 receives no traffic from program 1 and 3 and port12 receives no traffic from program1 and 2 MLD L2 general querier Fig 18 5 Switches as MLD Querier Function...

Страница 745: ...he MLD Snooping server may fail to run properly due to physical connection failure wrong configuration etc The user should ensure the following 3 Ensure the physical connection is correct 4 Ensure the...

Страница 746: ...ctive combination of conditions such as source IP destination IP IP protocol number and TCP port Access lists can be categorized by the following criteria z Filter information based criterion IP acces...

Страница 747: ...o that port or no binding ACL matches z When an access list is bound to the outgoing direction of a port the action in the rule can only be deny 19 2 ACL Configuration 19 2 1 ACL Configuration Task Se...

Страница 748: ...nfiguring time range function 1 Create the name of the time range 2 Configure periodic time range 3 Configure absolute time range 4 Bind access list to a specific direction of the specified port 5 Cle...

Страница 749: ...ck fin psh rst syn urg precedence prec tos tos Creates a numbered TCP extended IP access rule if the numbered extended access list of specified number does not exist then an access list will be create...

Страница 750: ...sIpAddr sMask any host sIpAddr Creates a standard name based IP access rule the no form command deletes the name based standard IP access rule c Exit name based standard IP ACL configuration mode Com...

Страница 751: ...pAddr dMask any destination host destination dIpAddr d port dPort ack fin psh rst syn urg precedence prec tos tos Creates an extended name based TCP IP access rule the no form command deletes this nam...

Страница 752: ...and Explanation Global Mode access list num deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination m ac host_dmac dmac dmac mask untag ged eth2 tagged...

Страница 753: ...c host source mac host_smac smac smac mask any d estination mac host destination mac host_dmac dmac dmac mask untagged eth2 ethertype protocol protocol mask Creates an extended name based MAC access r...

Страница 754: ...ure mode 8 Configuring a numbered extended MAC IP access list Command Explanation Global mode access list num deny permit any source mac host source mac host_smac smac smac mask any destination mac ho...

Страница 755: ...ource host ip s port port1 destination destination wildcard any desti nation host destination destination host ip d port port3 ack fin psh rst urg syn precedence precedence tos tos time range time ran...

Страница 756: ...ocol or all mac ip protocols if the numbered extended access list of specified number does not exist then an access list will be created using this number no access list num deletes this nunbered exte...

Страница 757: ...ce wildcard any source host source source host ip destination destination wildcard any desti nation host destination destination host ip igmp type precedence precedence tos tos time range time range n...

Страница 758: ...destination mac host_dmac dmac dmac mask eigrp gre igrp ip ipinip ospf protocol num source source wildcard any source host source source host ip destination destination wildcard any desti nation host...

Страница 759: ...esday Wednesday T hursday Friday Saturday Sunday start_time to Monday Tuesday Wednesday Thursday Friday Sa turday Sunday end_time periodic Monday Tuesday Wednesday Thursda y Friday Saturday Sunday dai...

Страница 760: ...d direction on the port the no ip ipv6 mac mac ip access group name in out command deletes the access list bound to the port 5 Clear the filting information of the specificed port Command Explanation...

Страница 761: ...definition of period is specific time period of Monday to Saturday and Sunday every week day1 hh mm ss To day2 hh mm ss or day1 day2 day3 day4 day5 day6 day7 weekend weekdays daily hh mm ss To hh mm s...

Страница 762: ...05 1 26 19 2 2 3 access list ip extended Command access list num deny permit icmp sIpAddr sMask any host sIpAddr dIpAddr dMask any destination host destination dIpAddr icmp type icmp code precedence p...

Страница 763: ...Guide When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL igmp type represent the type of IGMP packet and usual values pleas...

Страница 764: ...ed Command access list num deny permit any source mac host source mac host _smac smac smac mask any destination mac host destinatio n mac host_dmac dmac dmac mask untagged eth2 tagged eth 2 untagged 8...

Страница 765: ...o this ACL Examples Permit tagged eth2 with any source MAC addresses and any destination MAC addresses and the packets whose 15th and 16th byte is 0x08 0x0 to pass and Switch Config access list 1100 p...

Страница 766: ...ge name Functions Define a extended numeric MAC IP ACL rule No command deletes a extended numeric MAC IP ACL access list rule Parameters num access list serial No this is a decimal s No from 3100 3199...

Страница 767: ...h is a number from 0 255 igmp type optional ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0 255 time range name name of time range Command Mode Global mode Def...

Страница 768: ...wall Command firewall enable disable Functions Enable or disable firewall Parameters enable means to enable of firewall disable means to disable firewall Default It is no use if default is firewall Co...

Страница 769: ...ip standard name no access list ip standard name Functions Create a name standard IP access list no access list ip standard name action of this command deletes this name standard IP access list includ...

Страница 770: ...Function Create a name based standard IPv6 access list the no ipv6 access list standard name command deletes the name based standard IPv6 access list including all entries Parameter name is the name f...

Страница 771: ...ry not exit The standard extended and nomenclature of access list can be bound to physical port of layer 3 switch not binding ACL to layer interface or influx interface There are four kinds of package...

Страница 772: ...t Configuration No access lists configured Usage Guide After assigning this commands for the first time only an empty name access list is created and no list item included Examples Create an MAC ACL n...

Страница 773: ...host destination dIpAddr precedence prec tos tos time range time range name Functions Create a name extended IP access rule to match specific IP protocol or all IP protocol Parameters sIpAddr is the s...

Страница 774: ...Nacl ipFlow deny 10 1 1 0 0 0 255 255 19 2 2 21 permit deny mac extended Command no deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dm...

Страница 775: ...the left no ineffective bit can be added through For example the reverse mask format of one byte is 00001111b mask format is 11110000 and this is not permitted 00010011 Command Mode Name extended MAC...

Страница 776: ...to access any source mac any source MAC address any destination mac any destination MAC address host_smac smac source MAC address smac mask mask reverse mask of source MAC address host_dmac dmas dest...

Страница 777: ...the passage of UDP packets with any source MAC address and destination MAC address any source IP address and destination IP address and source port 100 and destination port 40000 Switch Config access...

Страница 778: ...001 1 2 3 1 dPort 32 19 2 2 24 permit deny ipv6 standard Command no deny permit sIPv6Prefix sPrefixlen any host sIPv6Addr Function Create a standard nomenclature IPv6 access control rule the no form o...

Страница 779: ...configuration steps are listed below Switch Config access list 110 deny tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch Config firewall enable Switch Config firewall default permit Switch Conf...

Страница 780: ...information but conflicting action rules binding to the port will fail with an error message For instance configuring permit tcp any any destination and deny tcp any any destination at the same time...

Страница 781: ...of any source IP address and destination address to pass access list 1100 permit any source mac any destination mac tagged eth2 14 2 0800 Permit tagged eth2 with any source MAC addresses and any desti...

Страница 782: ...use in firewall is 10 No 10 standard extended ACL tied to entrance of port Ethernet1 2 packet s number is 10 Number of packets matching this ACL rule 19 4 1 3 show firewall Command show firewall Func...

Страница 783: ...st lengthening within 1 16 Default None Command Mode Admin Mode Usage Guide When no access control list is specified all the access control lists will be displayed in used x time s is shown the times...

Страница 784: ...number section and the relative values in the other 4 sections then click Add the users can then add the new Numeric Standard IP ACL 19 5 2 Delete numeric IP ACL Click Numeric ACL Configuration and t...

Страница 785: ...e z TOS Regarding ICMP numeric extended ACL there are two sub categories z ICMP type z ICMP code Regarding IGMP numeric extended ACL there is one sub category z IGMP type Regarding TCP numeric extende...

Страница 786: ...ame configuration is the same with Numeric ACL Configuration The only difference users should change the ACL number to the ACL name This should be entered in ACL name not ACL number CLI command 1 2 2...

Страница 787: ...e configuration web page the configuration is the same with it is with numeric extended ACL The only difference is the ACL number needs to be changed to ACL name and entered into the ACL name rather t...

Страница 788: ...ion page There are five items in this section z Port the target port to bind to ACL z ACL name the target ACL name to bind z Ingress Egress the target direction to bind z Operation type Add or Remove...

Страница 789: ...ical port or a physical port Typically one physical port of the switch connects with one terminal device physical port based only The architecture of IEEE 802 1x is shown below Fig 20 1 802 1x archite...

Страница 790: ...ation is implemented in ES4700 series for better security and management Only authenticated user access devices connecting to the same physical port can access the network the unauthorized devices wil...

Страница 791: ...enable Enables the 802 1x function in the switch and ports the no dot1x enable command disables the 802 1x function Command Explanation Port Mode dot1x port control auto force authorized forc e unauth...

Страница 792: ...re authentication interval the no dot1x timeout re authperiod command restores the default setting dot1x timeout tx period seconds no dot1x timeout tx period Sets the interval for the supplicant to r...

Страница 793: ...adius server authentication host IPaddress Specifies the IP address or IPv6 address and listening port number for RADIUS authentication server the no radius server authentication host IPaddress comman...

Страница 794: ...AAA function for the switch Switch Config aaa enable 20 2 2 2 aaa accounting enable Command aaa accounting enable no aaa accounting enable Function Enables the AAA accounting function in the switch t...

Страница 795: ...ntry applies to all ports in the switch When dot1x address filter function is enabled the switch will filter the authentication user by the MAC address Only the authentication request initialed by the...

Страница 796: ...1x function of the switch and enable 802 1x for port 1 12 Switch Config dot1x enable Switch Config interface ethernet 1 12 Switch Config Ethernet0 0 12 dot1x enable 20 2 2 6 dot1x macfilter enable Co...

Страница 797: ...lable for ports using MAC based access management if MAC address authenticated exceeds the number of allowed user additional users will not be able to access the network Example Setting port 1 3 to al...

Страница 798: ...ment port based access management is suggested only for special usages Example Setting port based access management for port 1 4 Switch Config Ethernet1 4 dot1x port method portbased 20 2 2 11 dot1x r...

Страница 799: ...ode Global Mode Default The default value is 10 seconds Usage Guide Default value is recommended Example Setting the silent time to 120 seconds Switch Config dot1x timeout quiet period 120 20 2 2 14 d...

Страница 800: ...0 to 65535 primary for primary server Multiple RADIUS sever can be configured and would be available RADIUS server will be searched by the configured order if primary is not configured otherwise the s...

Страница 801: ...e same as the specified authentication port in the RADIUS server the default port number is 1812 If this port number is set to 0 the specified server is regard as non authenticating This command can b...

Страница 802: ...radius server retransmit Command radius server retransmit retries no radius server retransmit Function Configures the re transmission times for RADIUS authentication packets the no radius server retra...

Страница 803: ...er as invalid according to the current conditions Example Setting the RADIUS authentication timeout timer value to 30 seconds Switch Config radius server timeout 30 20 3 802 1x Application Example 1 0...

Страница 804: ...disabled If the switch is configured properly but still cannot pass through authentication connectivity between the switch and RADIUS server the switch and 802 1x client should be verified and the por...

Страница 805: ...Command mode Admin Mode Parameters N A Usage Guide Enable dot1x debug information allows the check of dot1x protocol negotiation process and is helpful in troubleshooting Example Enable dot1x debuggi...

Страница 806: ...nds for the switch as a RADIUS client Command mode Admin Mode Usage Guide Displays whether AAA authentication accounting are enabled and information for key authentication and accounting server specif...

Страница 807: ...authentication server X Host IP Udp Port Is Primary Is Server Dead Socket No Displays the authentication server number and corresponding IP address UDP port number Primary server or not down or not a...

Страница 808: ...bal parameter for the switch Switch show dot1x Global 802 1x Parameters reauth enabled no reauth period 3600 quiet period 10 tx period 30 max req 2 authenticator mode passive Mac Filter Disable MacAcc...

Страница 809: ...State Machine Re authentication state machine status 20 3 1 2 show radius Command show radius authencated user authencating user count Function Displays the statistics for users of RADIUS authenticat...

Страница 810: ...hentication function z Accounting Status Enables disables switch AAA accounting function Disable Accounting disable accounting function Enable Accounting enable accounting function z RADIUS key Config...

Страница 811: ...Non Primary Authentication server is the non primary server z Operation type Add authentication server adds an authentication server Remove authentication server remove an authentication server Examp...

Страница 812: ...x function configuration management list and configure the switch 802 1x function 20 4 2 1 802 1X configuration Click Authentication configuration 802 1X configuration 802 1X configuration to configur...

Страница 813: ...authentication mode as forbid choose MAC filtering as forbid and then click Apply button to set the configurations 20 4 2 2 802 1x port authentication configuration Click Authentication configuration...

Страница 814: ...itch 20 4 2 3 802 1x port mac configuration Click Authentication configuration 802 1X configuration 802 1x port mac configuration to Add a MAC address table to dot1x address filter z Port If specify p...

Страница 815: ...thentication type Authentication type z Authentication status Authentication status z Authentication mode Authentication mode Example Choose Ethernet port 1 1 then Click Reauthenticate button the user...

Страница 816: ...router while the Backup routers serve as backups for the active router The virtual router has its own virtual IP address can be identical with the IP address of some router in the Standby cluster and...

Страница 817: ...mer intervals 9 Configure VRRP interface monitor 1 Create Remove the Virtual Router Command Explanation Global Mode no router vrrp vrid Creates Removes the Virtual Router 2 Configure VRRP Dummy IP Add...

Страница 818: ...tring 5 Configure VRRP Sub parameters 1 Configure the preemptive mode for VRRP Command Explanation VRRP protocol configuration mode preempt mode true false Configures the preemptive mode for VRRP 2 Co...

Страница 819: ...ting properly therefore turns its status to Master The user can use this command to adjust the VRRP packet sending interval of the Master For members in the same Standby cluster this property should b...

Страница 820: ...t of priority to 10 Switch Config Router Vrrp circuit failover vlan 2 10 21 3 3 debug vrrp Commands debug vrrp all event packet recv send no debug vrrp all event packet recv send Function Displays inf...

Страница 821: ...of number 10 Switch config router vrrp 10 Switch Config Router Vrrp enable 21 3 6 interface Commands interface IFNAME Vlan ID no interface Function Configures the VRRP interface Parameters interface I...

Страница 822: ...ermines the ranking of a router or L3 Ethernet switch in a Standby cluster the higher priority the more likely to become the Master When a router or L3 Ethernet switch is configured as Master dummy IP...

Страница 823: ...nt interval is 1 sec Preempt mode is TRUE VrId 10 State is Initialize Virtual IP is 10 1 10 1 IP owner Interface is Vlan1 Configured priority is 255 Current priority is 255 Advertisement interval is 1...

Страница 824: ...uter Vrrp virtual ip 10 1 1 1 21 4 Example Of VRRP As shown in the figure below SwitchA and SwitchB are Layer 3 Ethernet Switches in the same group and provide redundancy for each other SWITCHA SWITCH...

Страница 825: ...switches in the same standby cluster are the same Verify the timer time of different routers or L3 Ethernet switches in the same standby cluster are the same Verify the dummy IP address is in the same...

Страница 826: ...umber 1 and VLAN port IP 23 Click Apply to add port 23 to Virtual Router number 1 Click Remove to remove port 23 from Virtual Router number 1 21 6 4 Activate Virtual Router Click VRRP control to confi...

Страница 827: ...l Example Enter created Virtual Router number 1 and interval 3 Click Enable to set the interval of virtual router number 1 to 3 Click Disable to disable the interval of Virtual Router number 1 21 6 8...

Страница 828: ...ck VRRP control to enter VRRP AuthenMode and configure VRRP authentication mode Example Choose created Vlan1 for Port and yes for AuthenMode Click Apply to finish Port Vlan1 authentication mode config...

Страница 829: ...MRPP has below characters compare to STP protocol 1 MRPP specifically uses to Ethernet ring topology 2 fast convergence less than 1 s ideally it can reach 100 50 ms 22 1 1 Conception Introduction SWIT...

Страница 830: ...ry node The primary port of primary node is used to send ring health examine packet hello the secondary port is used to receive Hello packet sending from primary node When the Ethernet is in health st...

Страница 831: ...block state and sends LINK DOWN FLUSH_FDB packet to inform all of transfer nodes to refresh own MAC address forward list 3 Ring Restore After the primary node occur ring fail if the secondary port rec...

Страница 832: ...Task Sequence 1 Globally enable MRPP 2 Configure MRPP ring 3 Display and debug MRPP relevant information 1 Globally enable MRPP Command Explanation Global Mode MRPP enable no MRPP enable Globally ena...

Страница 833: ...on Show MRPP statistics INT Display receiving data package statistic information of MRPP ring clear MRPP statistics INT Clear receiving data package statistic information of MRPP ring 22 3 Commands Fo...

Страница 834: ...le MRPP loop may can t work normally or form broadcast Example Configure control VLAN of mrpp ring 4000 is 4000 Switch Config mrpp ring 4000 Switch mrpp ring 4000 control vlan 4000 22 3 3 debug mrpp C...

Страница 835: ...INT valid range is from 1 to 3000s Command Mode MRPP ring mode Default Default configure timer interval 3s Usage Guide If primary node of MRPP ring doesn t receives Hello packet from primary port of...

Страница 836: ...no mrpp enable command disables MRPP protocol Parameter Command Mode Global Mode Default The system doesn t enable MRPP protocol module Usage Guide If it needs to configure MRPP ring it enables MRPP...

Страница 837: ...uses primary port to send Hello packet secondary port is used to receive Hello packet from primary node There are no difference on function between primary port and secondary of secondary node Exampl...

Страница 838: ...figuration of MRPP ring 4000 of switch Switch show mrpp 4000 22 3 13 show mrpp statistics Command show mrpp statistics INT Function Display statistic information of data package of MRPP ring receiving...

Страница 839: ...port separately To avoid ring it should temporarily disable one of the ports of primary node when it enables each MRPP ring in the whole MRPP ring and after all of the nodes are configured open the po...

Страница 840: ...ch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 primary port Ethernet 1 1 Switch MRPP ring 4000 secondary port Ethernet 1 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Con...

Страница 841: ...MRPP Ring 4000 configuration Task Sequence SWITCH A configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000 Switch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 pri...

Страница 842: ...witch MRPP ring 4000 secondary port Ethernet 1 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Config SWITCH E configuration Task Sequence Switch Config MRPP enable Switch Config MRPP...

Страница 843: ...onfig MRPP enable Switch Config MRPP ring 100 Switch MRPP ring 100 control vlan 100 Switch MRPP ring 100 primary port Ethernet 1 1 Switch MRPP ring 100 secondary port Ethernet 1 2 Switch MRPP ring 100...

Страница 844: ...has some port belonging to more than two rings The special port changing takes a effect on more than two rings sometimes one ring changing can affect another one so that makes confusion Thus you d be...

Страница 845: ...TCH H configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000 Switch MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 primary port Ethernet 1 1 Switch MRPP ring 4000 s...

Страница 846: ...rt Ethernet 1 3 Switch MRPP ring 100 enable Switch MRPP ring 100 exit Switch Config SWITCH E configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 100 Switch MRPP ring 100 cont...

Страница 847: ...better disconnected the ring and wait for each switch configuration then open the ring When the MRPP ring of enabled switch is disabled on MRPP ring it ensures the ring of the MRPP ring has been disc...

Страница 848: ...mically add the candidate switches to the cluster which is already established Accordingly they can configure and manage the member switches through the commander switch When the member switches are d...

Страница 849: ...ster register packet 5 Remote cluster network management 1 Remote configuration management 2 Reboot member switch 3 Remotely upgrade member switch 1 Enable or disable cluster 2 Create a cluster 3 Conf...

Страница 850: ...le Clear the list of candidate switches discovered by the commander switch Command Explanation Global Mode cluster register timer timer value no cluster register timer Set interval of sending cluster...

Страница 851: ...value no cluster register timer Function Sets interval of sending cluster register packet the no cluster register timer command restores the default setting Parameter timer value is interval of sendin...

Страница 852: ...witch create a cluster or modify a cluster s name the no cluster commander command deletes the cluster Parameter cluster name is the cluster s name vlan id is the VLAN of the Layer 3 device which the...

Страница 853: ...idate switch which has the sequence number as 17 and password as mypassword to the cluster Switch config cluster member candidate sn 17 password mypassword 23 3 6 cluster auto add enable Command clust...

Страница 854: ...This command is used to configure the commander switch remotely Users have to telnet the commander switch by passing the authentication The command exit is used to quit the configuration interface of...

Страница 855: ...ination address startup config Startup configuration file nos img System file boot rom System startup file Command mode Admin Mode Instructions The commander switch sends the remote upgrade command to...

Страница 856: ...o 65535 Command mode The interval of heartbeat is 8 seconds by default Default Global Mode Instructions In the commander switch this command is used to set the interval of heartbeat And this informati...

Страница 857: ...mand switch Configuration of SwitchA Switch Config cluster run Switch Config cluster ip pool 1 2 3 4 Switch Config cluster commander 4700 Switch Config cluster auto add enable 2 Configure the member s...

Страница 858: ...and Mode Admin Mode Usage Guide Executing this command on the switch will display the information of the candidate member switches such as member ID MAC address IP address equipment name and type 23 5...

Страница 859: ...ter the no form of this command disables the enabled debugging messages Command Mode Admin Mode 23 5 2 Cluster Administration Troubleshooting When encountering problems in applying the cluster admin p...

Результаты поиска

Содержание Edge-core ES4704BD

Отзывы:

Похожие инструкции для Edge-core ES4704BD

Бренды по названию

Популярные бренды

SMC Networks Edge-core ES4704BD, Руководство пользователя

Результаты поиска

Содержание Edge-core ES4704BD

Отзывы:

Похожие инструкции для Edge-core ES4704BD

Бренды по названию

Популярные бренды