3Com 4500 9

9-1

9 User Control

Go to these sections for information you are interested in:

z Introduction

z Controlling Telnet Users

z Controlling Network Management Users by Source IP Addresses

z Controlling Web Users by Source IP Address

Refer to the ACL part for information about ACL.

Introduction

You can control users logging in through Telnet, SNMP and WEB by defining Access Control List (ACL),

as listed in Table 9-1.

Table 9-1 Ways to control different types of login users

By source IP address Through basic ACL

By source and

destination IP address

Through advanced

ACL

Telnet

By source MAC

address Through Layer 2 ACL

Controlling Telnet Users

SNMP By source IP

addresses Through basic ACL

Controlling Network

Management Users by

Source IP Addresses

By source IP

addresses Through basic ACL Controlling Web Users by

Source IP Address

WEB

Disconnect Web

users by force

By executing

commands in CLI Logging Out a Web User

Controlling Telnet Users

Introduction

The controlling policy against Telnet users’ access to VTY user interfaces is determined by referencing

ACL. For the introduction to ACL, refer to the ACL part of this manual.

Contents

Main ENVIRONMENTAL STATEMENT End of Life Statement Regulated Materials Statement Environmental Statement about the Documentation About This Manual Organization Conventions Command conventions GUI conventions Symbols Related Documentation Obtaining Documentation Page Page 1 Logging In to an Ethernet Switch Introduction to the User Interface Supported User Interfaces Relationship Between a User and a User Interface User Interface Index Common User Interface Configuration 2 Introduction Setting Up a Login Environment for Login Through the Console Port Page Console Port Login Configuration Common Configuration Page Console Port Login Configurations for Different Authentication Modes Console Port Login Configuration with Authentication Mode Being None Console Port Login Configuration with Authentication Mode Being Password Page Console Port Login Configuration with Authentication Mode Being Scheme Page Page Page 3 Introduction Common Configuration to Control Telnet Access Page Telnet Configurations for Different Authentication Modes Telnet Configuration with Authentication Mode Being None Telnet Configuration with Authentication Mode Being Password Page Telnet Configuration with Authentication Mode Being Scheme Page Telnetting to a Switch Telnetting to a Switch from a Terminal Page Telnetting to another Switch from the Current Switch 4 Introduction Configuration on the Switch Side Modem Configuration Switch Configuration Modem Connection Establishment Page Page 5 Introduction to the CLI Command Hierarchy Command Level and User Privilege Level Command level Modifying the Command Level Modifying the command level Configuration example Switching User Level Overview Adopting super password authentication for user level switching Switching to a specific user level Configuration examples CLI Views Page Page CLI Features Online Help Complete online help Partial online help Terminal Display Command History Error Prompts Command Edit 6 Management Interface Introduction Establishing an HTTP Connection Configuring the Login Banner Enabling/Disabling the WEB Server Page 7 Introduction Connection Establishment Using NMS 8 Packets Overview Configuring Source IP Address for Telnet Service Packets Configuration in user view Displaying Source IP Address Configuration 9 Introduction Controlling Telnet Users Controlling Telnet Users by ACL Controlling Network Management Users by Source IP Addresses Prerequisites Controlling Network Management Users by Source IP Addresses Configuration Example Controlling Web Users by Source IP Address Prerequisites Controlling Web Users by Source IP Addresses Logging Out a Web User Configuration Example Page Page 1 Introduction to Configuration File Types of configuration Format of configuration file Main/backup attribute of the configuration file Configuration Task List Saving the Current Configuration Modes in saving the configuration Three attributes of the configuration file Erasing the Startup Configuration File Specifying a Configuration File for Next Startup Assigning main attribute to the startup configuration file Assigning backup attribute to the startup configuration file Displaying Switch Configuration Page 1 VLAN Overview Introduction to VLAN Advantages of VLANs VLAN Principles VLAN tag MAC address learning mechanism of VLANs VLAN Interface VLAN Classification Port-Based VLAN Link Types of Ethernet Ports Assigning an Ethernet Port to Specified VLANs Configuring the Default VLAN ID for a Port Page 2 VLAN Configuration VLAN Configuration Task List Basic VLAN Configuration Basic VLAN Interface Configuration Displaying VLAN Configuration Configuring a Port-Based VLAN Port-Based VLAN Configuration Task List Configuring the Link Type of an Ethernet Port Assigning an Ethernet Port to a VLAN Configuring the Default VLAN for a Port Displaying and Maintaining Port-Based VLAN Port-Based VLAN Configuration Example Page Page Page 1 IP Addressing Overview IP Address Classes Special IP Addresses Subnetting and Masking Configuring IP Addresses Configuring IP Addresses Configuring Static Domain Name Resolution Displaying IP Addressing Configuration IP Address Configuration Examples IP Address Configuration Example Static Domain Name Resolution Configuration Example Page 2 IP Performance Overview Introduction to IP Performance Configuration Introduction to FIB Protocols and Standards Disabling Sending of ICMP Error Packets Advantages of sending ICMP error packets Disadvantages of sending ICMP error packets Displaying and Maintaining IP Performance Optimization Configuration Page Page 1 Voice VLAN Overview How an IP Phone Works Page How Switch 4500 Series Switches Identify Voice Traffic Setting the Voice Traffic Transmission Priority Configuring Voice VLAN Assignment Mode of a Port Processing mode of untagged packets sent by IP voice devices Processing mode of tagged packets sent by IP voice devices Support for Voice VLAN on Various Ports Page Security Mode of Voice VLAN Voice VLAN Configuration Configuration Prerequisites Configuring the Voice VLAN to Operate in Automatic Voice VLAN Assignment Mode Configuring the Voice VLAN to Operate in Manual Voice VLAN Assignment Mode Page Displaying and Maintaining Voice VLAN Voice VLAN Configuration Example Voice VLAN Configuration Example (Automatic Voice VLAN Assignment Mode) Page Voice VLAN Configuration Example (Manual Voice VLAN Assignment Mode) Page Page 1 Ethernet Port Configuration Combo Port Configuration Introduction to Combo port Configuring Combo port state Configuring Port Auto-Negotiation Speed Limiting Traffic on individual Ports Enabling Flow Control on a Port Duplicating the Configuration of a Port to Other Ports Configuring Loopback Detection for an Ethernet Port Enabling Loopback Test Enabling the System to Test Connected Cable Configuring the Interval to Perform Statistical Analysis on Port Traffic Enabling Giant-Frame Statistics Function Setting the Port State Change Delay Displaying and Maintaining Basic Port Configuration Ethernet Port Configuration Example Troubleshooting Ethernet Port Configuration Page 1 Introduction to Link Aggregation Introduction to LACP Consistency Considerations for the Ports in Aggregation Link Aggregation Classification Manual Aggregation Group Introduction to manual aggregation group Port status in manual aggregation group Requirements on ports for manual aggregation Static LACP Aggregation Group Introduction to static LACP aggregation Port status of static aggregation group Dynamic LACP Aggregation Group Introduction to dynamic LACP aggregation group Port status of dynamic aggregation group Aggregation Group Categories Link Aggregation Configuration Configuring a Manual Aggregation Group Configuring a Static LACP Aggregation Group Configuring a Dynamic LACP Aggregation Group Configuring a Description for an Aggregation Group Displaying and Maintaining Link Aggregation Configuration Link Aggregation Configuration Example Ethernet Port Aggregation Configuration Example Page Page Page 1 Port Isolation Overview Port Isolation Configuration Displaying and Maintaining Port Isolation Configuration Port Isolation Configuration Example Network requirements Page Page 1 Port Security Overview Introduction Port Security Features Port Security Modes Page Page Port Security Configuration Task List Enabling Port Security Configuration Prerequisites Enabling Port Security Setting the Maximum Number of MAC Addresses Allowed on a Port Setting the Port Security Mode Configuring Port Security Features Configuring the NTK feature Configuring intrusion protection Configuring the Trap feature Ignoring the Authorization Information from the RADIUS Server Configuring Security MAC Addresses Configuration prerequisites Configuring a security MAC address Displaying and Maintaining Port Security Configuration Port Security Configuration Examples Port Security Configuration Example Page Page 1 DLDP Fundamentals DLDP packets Page DLDP Status DLDP Timers DLDP Operating Mode DLDP Implementation Page DLDP Neighbor State Link Auto-recovery Mechanism DLDP Configuration Performing Basic DLDP Configuration Resetting DLDP State Displaying and Maintaining DLDP DLDP Configuration Example Page Page 1 Introduction to the MAC Address Table Introduction to MAC Address Learning Page Managing MAC Address Table Aging of MAC address table Entries in a MAC address table MAC Address Table Management MAC Address Table Management Configuration Task List Configuring a MAC Address Entry Adding a MAC address entry in system view Adding a MAC address entry in Ethernet port view Setting the MAC Address Aging Timer Setting the Maximum Number of MAC Addresses a Port Can Learn Enabling Destination MAC Address Triggered Update Displaying MAC Address Table Information Configuration Examples Adding a Static MAC Address Entry Manually Page 1 Introduction to the Auto Detect Function Auto Detect Configuration Auto Detect Basic Configuration Auto Detect Implementation in Static Routing Auto Detect Implementation in VLAN Interface Backup Auto Detect Configuration Examples Configuration Example for Auto Detect Implementation with Static Routing Configuration Example for Auto Detect Implementation with VLAN Interface Backup Page Page Page 1 Spanning Tree Protocol Overview Why STP Protocol Packets of STP Basic concepts in STP Page How STP works Page Page Page Page Page Rapid Spanning Tree Protocol Overview Multiple Spanning Tree Protocol Overview Why MSTP Basic MSTP Terminology Page Page Principle of MSTP MSTP Implementation on Switches MSTP Configuration Task List Configuring Root Bridge Configuring an MST Region Page Configuration example Specifying the Current Switch as a Root Bridge/Secondary Root Bridge Specify the current switch as the root bridge of a spanning tree Specify the current switch as the secondary root bridge of a spanning tree Configuring the Bridge Priority of the Current Switch Configuring How a Port Recognizes and Sends MSTP Packets Configuring the MSTP Operation Mode Configuring the Maximum Hop Count of an MST Region Configuring the Network Diameter of the Switched Network Configuring the MSTP Time-related Parameters Configuring the Timeout Time Factor Configuration procedure Configuration example Configuring the Maximum Transmitting Rate on the Current Port Configure the maximum transmitting rate for specified ports in system view Configure the maximum transmitting rate in Ethernet port view Configuration example Configuring the Current Port as an Edge Port Configure a port as an edge port in system view Configure a port as an edge port in Ethernet port view Configuration example Setting the Link Type of a Port to P2P Setting the Link Type of a Port to P2P in system view Setting the Link Type of a Port to P2P in Ethernet port view Enabling MSTP Configuring Leaf Nodes Configuring the MST Region Configuring How a Port Recognizes and Sends MSTP Packets Configuring the Timeout Time Factor Configuring the Maximum Transmitting Rate on the Current Port Configuring the Path Cost for a Port Standards for calculating path costs of ports Configure the path cost for specific ports Configuration example (A) Configuration example (B) Configuring Port Priority Configure port priority in system view Configure port priority in Ethernet port view Configuration example Setting the Link Type of a Port to P2P Performing mCheck Operation Configuration Prerequisites Configuration Procedure Perform the mCheck operation in system view Perform the mCheck operation in Ethernet port view Configuring Guard Functions Configuring BPDU Guard Configuring Root Guard Configuring Loop Guard Configuring TC-BPDU Attack Guard Configuring Digest Snooping Configuring Digest Snooping Configuring Rapid Transition Page Configuring Rapid Transition MSTP Maintenance Configuration Introduction Enabling Log/Trap Output for Ports of MSTP Instance Configuration Example Enabling Trap Messages Conforming to 802.1d Standard Displaying and Maintaining MSTP MSTP Configuration Example Page Page Page Page 1 Introduction to IP Route and Routing Table IP Route Routing Table Function Page Routing Protocol Overview Static Routing and Dynamic Routing Classification of Dynamic Routing Protocols Operational scope Routing algorithm Load Sharing and Route Backup Load sharing Route backup Routing Information Sharing Displaying and Maintaining a Routing Table 2 Introduction to Static Route Static Route Default Route Static Route Configuration Configuration Prerequisites Configuring a Static Route Displaying and Maintaining Static Routes Static Route Configuration Example Troubleshooting a Static Route 3 RIP Overview Basic Concepts RIP RIP routing database RIP Configuration Task List Basic RIP Configuration Configuration Prerequisites Configuring Basic RIP Functions Enabling RIP on the interfaces attached to a specified network segment Setting the RIP operating status on an interface RIP Route Control Configuration Prerequisites Configuring RIP Route Control Setting the additional routing metrics of an interface Configuring RIP route summarization Disabling the router from receiving host routes Configuring RIP to filter incoming/outgoing routes Setting RIP preference Enabling load sharing among RIP interfaces Configuring RIP to redistribute routes from another protocol RIP Network Adjustment and Optimization Configuration Prerequisites Configuration Tasks Configuring RIP timers Configuring split horizon Configuring RIP-1 packet zero field check Setting RIP-2 packet authentication mode Configuring RIP to unicast RIP packets Displaying and Maintaining RIP Configuration RIP Configuration Example Network requirements Network diagram Troubleshooting RIP Configuration Failed to Receive RIP Updates 4 IP Route Policy Overview Introduction to IP Route Policy Filters ACL IP Route Policy Configuration Task List Route Policy Configuration Configuration Prerequisites Defining a Route Policy Defining if-match Clauses and apply Clauses Page IP-Prefix Configuration Configuration Prerequisites Configuring an ip-prefix list Displaying IP Route Policy IP Route Policy Configuration Example Controlling RIP Packet Cost to Implement Dynamic Route Backup Network requirements Network diagram Configuration considerations Page 4-8 # Create node 50 with the matching mode being permit, to allow all routing information to pass. # Configure RIP and apply the route policy in to the incoming routing information. Configuration verification Precautions Troubleshooting IP Route Policy Symptom Analysis Solution Page Page 1 Multicast Overview Information Transmission in the Unicast Mode Information Transmission in the Broadcast Mode Information Transmission in the Multicast Mode Roles in Multicast Common Notations in Multicast Advantages and Applications of Multicast Advantages of multicast Application of multicast Multicast Models ASM model SFM model SSM model Multicast Architecture Multicast Address IP multicast address Page Ethernet multicast MAC address Multicast Protocols Layer 3 multicast protocols Layer 2 multicast protocols Multicast Packet Forwarding Mechanism Implementation of the RPF Mechanism RPF Check Page 2 Common Multicast Configuration Configuring Suppression on the Multicast Source Port Configuring multicast source port suppression in system view Configuring multicast source port suppression in Ethernet port view Configuring a Multicast MAC Address Entry Configuring Dropping Unknown Multicast Packets Displaying and Maintaining Common Multicast Configuration 3 IGMP Snooping Overview Principle of IGMP Snooping Basic Concepts in IGMP Snooping IGMP Snooping related ports Port aging timers in IGMP Snooping and related messages and actions Work Mechanism of IGMP Snooping When receiving a general query When receiving a membership report When receiving a leave message Configuring IGMP Snooping Enabling IGMP Snooping Configuring the Version of IGMP Snooping Configuring Timers Configuring Fast Leave Processing Enabling fast leave processing in system view Enabling fast leave processing in Ethernet port view Configuring a Multicast Group Filter Configuring a multicast group filter in system view Configuring a multicast group filter in Ethernet port view Configuring the Maximum Number of Multicast Groups on a Port Configuring IGMP Snooping Querier Enabling IGMP Snooping querier Configuring IGMP query interval Configuring the source address to be carried in IGMP queries Suppressing Flooding of Unknown Multicast Traffic in a VLAN Configuring Static Member Port for a Multicast Group In Ethernet port view In VLAN interface view Configuring a Static Router Port In Ethernet port view In VLAN view Configuring a Port as a Simulated Group Member Configuring a VLAN Tag for Query Messages Configuring Multicast VLAN Displaying and Maintaining IGMP Snooping IGMP Snooping Configuration Examples Configuring IGMP Snooping Configuring Multicast VLAN Page Page Troubleshooting IGMP Snooping Page Page Page 1 Introduction to 802.1x Architecture of 802.1x Authentication I. PAE Controlled port and uncontrolled port The valid direction of a controlled port The way a port is controlled The Mechanism of an 802.1x Authentication System Encapsulation of EAPoL Messages The format of an EAPoL packet The format of an EAP packet Fields added for EAP authentication 802.1x Authentication Procedure EAP relay mode Page EAP terminating mode ...... Timers Used in 802.1x Additional 802.1x Features on Switch 4500 Checking the supplicant system Checking the client version The guest VLAN function Enabling 802.1x re-authentication Introduction to 802.1x Configuration Basic 802.1x Configuration Configuration Prerequisites Configuring Basic 802.1x Functions Timer and Maximum User Number Configuration Advanced 802.1x Configuration Configuring Proxy Checking Configuring Client Version Checking Enabling DHCP-triggered Authentication Configuring Guest VLAN Configuring 802.1x Re-Authentication Configuring the 802.1x Re-Authentication Timer Displaying and Maintaining 802.1x Configuration Configuration Example 802.1x Configuration Example Page Page 2 Introduction to Quick EAD Deployment Quick EAD Deployment Overview Operation of Quick EAD Deployment Restricted access Configuring Quick EAD Deployment Configuring a free IP range Setting the ACL timeout period Displaying and Maintaining Quick EAD Deployment Quick EAD Deployment Configuration Example Troubleshooting 3 Introduction to HABP HABP Server Configuration HABP Client Configuration Displaying and Maintaining HABP Configuration 4 System Guard Overview Guard Against IP Attacks Guard Against TCN Attacks Layer 3 Error Control Configuring System Guard Against TCN Attacks Enabling Layer 3 Error Control Displaying and Maintaining System Guard Configuration Page 1 Introduction to AAA Authentication Authorization Accounting Introduction to AAA Services Introduction to RADIUS What is RADIUS Basic message exchange procedure in RADIUS RADIUS message format Page Page 2 AAA Configuration Task List Creating an ISP Domain and Configuring Its Attributes Configuring an AAA Scheme for an ISP Domain Configuring a combined AAA scheme Configuring separate AAA schemes Configuration guidelines Configuring Dynamic VLAN Assignment Configuring the Attributes of a Local User Page Cutting Down User Connections Forcibly RADIUS Configuration Task List Page Creating a RADIUS Scheme Configuring RADIUS Authentication/Authorization Servers Configuring RADIUS Accounting Servers Configuring Shared Keys for RADIUS Messages Configuring the Maximum Number of RADIUS Request Transmission Attempts Configuring the Type of RADIUS Servers to be Supported Configuring the Status of RADIUS Servers Configuring the Attributes of Data to be Sent to RADIUS Servers Configuring the Local RADIUS Server Configuring Timers for RADIUS Servers Enabling Sending Trap Message when a RADIUS Server Goes Down Enabling the User Re-Authentication at Restart Function Page Displaying and Maintaining AAA Configuration Displaying and Maintaining AAA Configuration Displaying and Maintaining RADIUS Protocol Configuration AAA Configuration Examples Remote RADIUS Authentication of Telnet/SSH Users Page Local Authentication of FTP/Telnet Users Troubleshooting AAA Troubleshooting RADIUS Configuration 3 Introduction to EAD Typical Network Application of EAD EAD Configuration EAD Configuration Example Page Page Page 1 MAC Address Authentication Overview Performing MAC Address Authentication on a RADIUS Server Performing MAC Address Authentication Locally Related Concepts MAC Address Authentication Timers Quiet MAC Address Configuring Basic MAC Address Authentication Functions MAC Address Authentication Enhanced Function Configuration MAC Address Authentication Enhanced Function Configuration Task List Configuring a Guest VLAN Page Configuring the Maximum Number of MAC Address Authentication Users Allowed to Access a Port Displaying and Maintaining MAC Address Authentication Configuration MAC Address Authentication Configuration Examples Page Page 1 Introduction to ARP ARP Function ARP Message Format Page ARP Table ARP Process Introduction to Gratuitous ARP Periodical sending of gratuitous ARP packets Introduction to ARP Source MAC Address Consistency Check Configuring ARP Configuring Gratuitous ARP Configuring ARP Source MAC Address Consistency Check Displaying and Debugging ARP ARP Configuration Examples Page Page 1 Introduction to DHCP DHCP IP Address Assignment IP Address Assignment Policy Obtaining IP Addresses Dynamically Updating IP Address Lease DHCP Packet Format Protocol Specification 2 Introduction to DHCP Relay Agent Usage of DHCP Relay Agent DHCP Relay Agent Fundamentals Option 82 Support on DHCP Relay Agent Introduction to Option 82 Padding content of Option 82 Mechanism of Option 82 supported on DHCP relay agent Configuring the DHCP Relay Agent DHCP Relay Agent Configuration Task List Enabling DHCP Correlating a DHCP Server Group with a Relay Agent Interface Configuring DHCP Relay Agent Security Functions Configuring address checking Configuring the dynamic client address entry updating function Enabling unauthorized DHCP server detection Configuring the DHCP Relay Agent to Support Option 82 Prerequisites Enabling Option 82 support on a DHCP relay agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Example Network diagram Configuration procedure Troubleshooting DHCP Relay Agent Configuration Symptom Analysis Solution Page 3 DHCP Snooping Overview Introduction to DHCP Snooping Introduction to DHCP-Snooping Option 82 Introduction to Option 82 Padding content and frame format of Option 82 Mechanism of DHCP-snooping Option 82 Configuring DHCP Snooping Configuring DHCP Snooping Configuring DHCP Snooping to Support Option 82 Enabling DHCP-snooping Option 82 support Configuring a handling policy for DHCP packets with Option 82 Configuring the storage format of Option 82 Configuring the circuit ID sub-option Configuring the remote ID sub-option Configuring the padding format for Option 82 Displaying and Maintaining DHCP Snooping Configuration DHCP Snooping Configuration Examples DHCP-Snooping Option 82 Support Configuration Example Network requirements Page 4 Introduction to DHCP Client Introduction to BOOTP Client Configuring a DHCP/BOOTP Client DHCP Client Configuration Example BOOTP Client Configuration Example Displaying DHCP/BOOTP Client Configuration Page 1 ACL Overview ACL Matching Order Depth-first match order for rules of a basic ACL Depth-first match order for rules of an advanced ACL Ways to Apply an ACL on a Switch Being applied to the hardware directly Being referenced by upper-level software Types of ACLs Supported by Switch 4500 Series ACL Configuration Task List Configuring Time Range Page Configuring Basic ACL Configuring Advanced ACL Configuring Layer 2 ACL Configuring User-defined ACL Page Applying ACL Rules on Ports Applying ACL rules to Ports in a VLAN Displaying and Maintaining ACL Configuration Examples for Upper-layer Software Referencing ACLs Example for Controlling Telnet Login Users by Source IP Example for Controlling Web Login Users by Source IP Examples for Applying ACLs to Hardware Basic ACL Configuration Example Advanced ACL Configuration Example Layer 2 ACL Configuration Example User-defined ACL Configuration Example Example for Applying an ACL to a VLAN Page Page 1 Introduction to QoS Traditional Packet Forwarding Service New Applications and New Requirements Major Traffic Control Techniques QoS Supported By Switch 4500 Series Introduction to QoS Functions Traffic Classification Priority Trust Mode Introduction to precedence types Page Page Priority trust mode Protocol Priority Priority Marking Traffic Policing Token bucket Evaluating the traffic with the token bucket Traffic policing Line Rate VLAN Mapping Queue Scheduling Page Page Congestion Avoidance Traditional packet dropping policy WRED Traffic mirroring QoS Configuration Configuring Priority Trust Mode Configuring the Mapping between 802.1p Priority and Local Precedence Setting the Priority of Protocol Packets Marking Packet Priority Configuring Traffic Policing Configuring Line Rate Configuring VLAN Mapping Configuring Queue Scheduling Page Configuring WRED Configuring Traffic Mirroring Displaying and Maintaining QoS QoS Configuration Examples Configuration Example of Traffic policing and Line Rate Configuration Example of Priority Marking and Queue Scheduling VLAN Mapping Configuration Example Page Page Page 1 Mirroring Overview Local Port Mirroring Remote Port Mirroring Traffic Mirroring Mirroring Configuration Configuring Local Port Mirroring Configuring Remote Port Mirroring Configuration on a switch acting as a source switch Configuration on a switch acting as an intermediate switch Configuration on a switch acting as a destination switch Displaying and Maintaining Port Mirroring Mirroring Configuration Examples Local Port Mirroring Configuration Example Remote Port Mirroring Configuration Example Page Page Page 1 Introduction to XRN Establishment of an XRN Fabric Topology and connections of an XRN fabric Fabric ports FTM XRN fabric detection How XRN Works DDM DLA XRN Fabric Configuration XRN Fabric Configuration Task List Specifying the Fabric Port of a Switch Configurations in system view Configurations in Ethernet interface view Specifying the VLAN Used to Form an XRN Fabric Setting a Unit ID for a Switch Assigning a Unit Name to a Switch Assigning an XRN Fabric Name to a Switch Setting the XRN Fabric Authentication Mode Displaying and Maintaining XRN Fabric XRN Fabric Configuration Example Network Requirements Network Diagram Configuration Procedure Page Page 1 Cluster Overview Introduction to HGMP Roles in a Cluster Page How a Cluster Works Introduction to NDP Introduction to NTDP Introduction to Cluster Cluster maintenance Active Connect Disconnect Management VLAN Tracing a device in a cluster Cluster Configuration Task List Configuring the Management Device Management device configuration task list Enabling NDP globally and on specific ports Configuring NDP-related parameters Enabling NTDP globally and on a specific port Configuring NTDP-related parameters Enabling the cluster function Configuring cluster parameters Configuring inside-outside interaction for a cluster Configuring the network management interface for a cluster Enabling management VLAN synchronization Configuring Member Devices Member device configuration task list Enabling NDP globally and on specific ports Enabling NTDP globally and on a specific port Enabling the cluster function Accessing the shared FTP/TFTP server from a member device Managing a Cluster through the Management Device Configuring the Enhanced Cluster Features Enhanced cluster feature overview Configuring the enhanced cluster features Configuring cluster topology management function Configuring cluster device blacklist Configuring the Cluster Synchronization Function SNMP configuration synchronization Page Page Local user configuration synchronization Displaying and Maintaining Cluster Configuration Cluster Configuration Examples Basic Cluster Configuration Example Internet Page Page Network Management Interface Configuration Example Enhanced Cluster Feature Configuration Example Page Page 1 PoE Overview Introduction to PoE Advantages of PoE PoE components PoE Configuration PoE Configuration Task List Enabling the PoE Feature on a Port Setting the Maximum Output Power on a Port Setting PoE Management Mode and PoE Priority of a Port Setting the PoE Mode on a Port Configuring the PD Compatibility Detection Function Configuring a PD Disconnection Detection Mode Configuring PoE Over-Temperature Protection on the Switch Upgrading the PSE Processing Software Online Upgrading the PSE Processing Software of Fabric Switches Online Displaying PoE Configuration PoE Configuration Example PoE Configuration Example Page 2 Introduction to PoE Profile PoE Profile Configuration Configuring PoE Profile Page Displaying PoE Profile Configuration PoE Profile Configuration Example PoE Profile Application Example Page Page Page 1 Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Example Cross-Network Computer Search Through UDP Helper Page 1 SNMP Overview SNMP Operation Mechanism SNMP Versions Supported MIBs Configuring Basic SNMP Functions Page Configuring Trap-Related Functions Configuring Basic Trap Functions Configuring Extended Trap Function Enabling Logging for Network Management Displaying SNMP SNMP Configuration Example SNMP Configuration Example Network diagram Network procedure Configuring the NMS 2 Introduction to RMON Working Mechanism of RMON Commonly Used RMON Groups Event group Alarm group Extended alarm group History group RMON Configuration Displaying RMON RMON Configuration Example Network requirements Network diagram Configuration procedures Page Page 1 Introduction to NTP Applications of NTP Implementation Principle of NTP NTP Implementation Modes Server/client mode Symmetric peer mode Broadcast mode Multicast mode NTP Configuration Task List Configuring NTP Implementation Modes Configuring NTP Server/Client Mode Configuring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Configuring a switch to work in the NTP broadcast server mode Configuring a switch to work in the NTP broadcast client mode Configuring NTP Multicast Mode Configuring a switch to work in the multicast server mode Configuring a switch to work in the multicast client mode Configuring Access Control Right Configuring NTP Authentication Configuring NTP authentication on the client Configuring NTP authentication on the server Configuring Optional NTP Parameters Configuring an Interface on the Local Switch to Send NTP messages Configuring the Number of Dynamic Sessions Allowed on the Local Switch Disabling an Interface from Receiving NTP messages Displaying NTP Configuration Configuration Examples Configuring NTP Server/Client Mode Configuring NTP Symmetric Peer Mode Page Configuring NTP Broadcast Mode Configuring NTP Multicast Mode Page Configuring NTP Server/Client Mode with Authentication Page Page 1 SSH Overview Introduction to SSH Algorithm and Key SSH Operating Process Version negotiation Key negotiation Authentication negotiation Session request Data exchange SSH Server and Client Configuring the SSH Server Configuring the User Interfaces for SSH Clients Configuring the SSH Management Functions Configuring Key Pairs Generating key pairs Destroying key pairs Creating an SSH User and Specifying an Authentication Type Specifying a Service Type for an SSH User on the Server Configuring the Public Key of a Client on the Server Assigning a Public Key to an SSH User Exporting the Host Public Key to a File Configuring the SSH Client SSH Client Configuration Task List Configuring an SSH Client that Runs SSH Client Software Generating a client key Page Specifying the IP address of the Server Page Opening an SSH connection with password authentication Opening an SSH connection with publickey authentication Configuring an SSH Client Assumed by an SSH2-Capable Switch Configuring the SSH client for publickey authentication Configuring whether first-time authentication is supported Specifying a source IP address/interface for the SSH client Establishing the connection between the SSH client and server Displaying and Maintaining SSH Configuration Comparison of SSH Commands with the Same Functions SSH Configuration Examples When Switch Acts as Server for Local Password Authentication Page 1.1.1 When Switch Acts as Server for Password and RADIUS Authentication Page Page Page Page 1.1.2 When Switch Acts as Server for Password and HWTACACS Authentication Page When Switch Acts as Server for Publickey Authentication Page Page Page Page Page When Switch Acts as Client for Password Authentication When Switch Acts as Client for Publickey Authentication Page When Switch Acts as Client and First-Time Authentication is not Supported Page Page Page Page 1 File System Configuration Introduction to File System File System Configuration Task List Directory Operations File Operations Flash Memory Operations Prompt Mode Configuration File System Configuration Examples File Attribute Configuration Introduction to File Attributes Booting with the Startup File Configuring File Attributes Configuration File Backup and Restoration Introduction to Configuration File Backup and Restoration File Backup and Restoration Page 1 Introduction to FTP and SFTP Introduction to FTP Introduction to SFTP FTP Configuration FTP Configuration: A Switch Operating as an FTP Server Creating an FTP user Enabling an FTP server Configuring connection idle time Specifying the source interface and source IP address for an FTP server Disconnecting a specified user Configuring the banner for an FTP server Displaying FTP server information FTP Configuration: A Switch Operating as an FTP Client Basic configurations on an FTP client Page Specifying the source interface and source IP address for an FTP client Configuration Example: A Switch Operating as an FTP Server Page FTP Banner Display Configuration Example FTP Configuration: A Switch Operating as an FTP Client Page SFTP Configuration SFTP Configuration: A Switch Operating as an SFTP Server Enabling an SFTP server Configuring connection idle time Supported SFTP client software SFTP Configuration: A Switch Operating as an SFTP Client Basic configurations on an SFTP client Page Specifying the source interface or source IP address for an SFTP client SFTP Configuration Example Network requirements Network diagram Configuration procedure Page 1-19 # Display the current directory of the server. Delete the file z and verify the result. # Add a directory new1, and then check whether the new directory is successfully created. # Rename the directory new1 as new2, and then verify the result. 1-20 # Download the file pubkey2 from the server and rename it as public. # Upload file pu to the server and rename it as puk, and then verify the result. # Exit SFTP. 2 Introduction to TFTP TFTP Configuration TFTP Configuration: A Switch Operating as a TFTP Client Basic configurations on a TFTP client Specifying the source interface or source IP address for an FTP client TFTP Configuration Example Page Page Page 1 Information Center Overview Introduction to Information Center Classification of system information Eight levels of system information Ten channels and six output destinations of system information Outputting system information by source module System Information Format Int_16 (Priority) Timestamp Sysname %% nn Information Center Configuration Information Center Configuration Task List Configuring Synchronous Information Output Configuring to Display the Time Stamp with the UTC Time Zone Setting to Output System Information to the Console Setting to output system information to the console Enabling system information display on the console Setting to Output System Information to a Monitor Terminal Setting to output system information to a monitor terminal Enabling system information display on a monitor terminal Setting to Output System Information to a Log Host Setting to Output System Information to the Trap Buffer Setting to Output System Information to the Log Buffer Setting to Output System Information to the SNMP NMS Displaying and Maintaining Information Center Information Center Configuration Examples Log Output to a UNIX Log Host Page Log Output to a Linux Log Host Log Output to the Console Page Page 1 Introduction to Loading Approaches Local Boot ROM and Software Loading BOOT Menu Loading by XModem through Console Port Introduction to XModem Loading Boot ROM Page Page Page Loading host software Loading by TFTP through Ethernet Port Introduction to TFTP Loading the Boot ROM Loading host software Loading by FTP through Ethernet Port Introduction to FTP Loading Procedure Using FTP Client Page Remote Boot ROM and Software Loading Remote Loading Using FTP Loading Procedure Using FTP Client Loading Procedure Using FTP Server Page Page Remote Loading Using TFTP 2 Basic System Configuration Displaying the System Status Debugging the System Enabling/Disabling System Debugging Displaying Debugging Status Displaying Operating Information about Modules in System 3 Network Connectivity Test ping tracert 4 Introduction to Device Management Device Management Configuration Device Management Configuration Task list Rebooting the Ethernet Switch Scheduling a Reboot on the Switch Configuring Real-time Monitoring of the Running Status of the System Specifying the APP to be Used at Reboot Upgrading the Boot ROM Upgrading the Host Software in the Fabric Identifying and Diagnosing Pluggable Transceivers Introduction to pluggable transceivers Identifying pluggable transceivers Diagnosing pluggable transceivers Displaying the Device Management Configuration Remote Switch APP Upgrade Configuration Example Page Page Page 1 VLAN-VPN Overview Introduction to VLAN-VPN Implementation of VLAN-VPN Configuring the TPID for VLAN-VPN Packets Inner-to-Outer Tag Priority Replicating and Mapping Transparent IGMP Message Transmission on a VLAN-VPN Port VLAN-VPN Configuration VLAN-VPN Configuration Task List Enabling the VLAN-VPN Feature for a Port Configuring the TPID Value for VLAN-VPN Packets on a Port Configuring the Inner-to-Outer Tag Priority Replicating and Mapping Feature Displaying and Maintaining VLAN-VPN Configuration VLAN-VPN Configuration Example Transmitting User Packets through a Tunnel in the Public Network by Using VLAN-VPN Data transfer process Page 2 Selective QinQ Overview Selective QinQ Overview MAC Address Replicating Selective QinQ Configuration Selective QinQ Configuration Task List Enabling the Selective QinQ Feature for a Port Enabling the Inter-VLAN MAC Address Replicating Feature Selective QinQ Configuration Example Processing Private Network Packets by Their Types Page Page Page Page 1 Introduction to remote-ping remote-ping Configuration Introduction to remote-ping Configuration Configuring remote-ping Displaying remote-ping Configuration Page Refer to the remote-ping Command Manual for detailed description on displayed information. 1-4 Page 1 IPv6 Overview IPv6 Features Header format simplification Adequate address space Hierarchical address structure Automatic address configuration Built-in security Support for QoS Introduction to IPv6 Address IPv6 addresses IPv6 address classification Unicast address Multicast address Interface identifier in IEEE EUI-64 format Introduction to IPv6 Neighbor Discovery Protocol Address resolution Neighbor unreachability detection Duplicate address detection IPv6 Configuration Task List Configuring an IPv6 Unicast Address Configuring IPv6 NDP Configuring a static neighbor entry Configuring the maximum number of neighbors dynamically learned Configuring the attempts to send an ns message for duplicate address detection Configuring the NS Interval Configuring the neighbor reachable timeout time on an interface Configuring a Static IPv6 Route Configuring IPv6 TCP Properties Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time Configuring the Hop Limit of ICMPv6 Reply Packets Displaying and Maintaining IPv6 IPv6 Configuration Example IPv6 Unicast Address Configuration Page 1-17 Page 2 Introduction to IPv6 Application Configuring IPv6 Application IPv6 Ping IPv6 Traceroute IPv6 TFTP Configuration preparation IPv6 TFTP configuration IPv6 Telnet Displaying and maintaining IPv6 Telnet IPv6 Application Configuration Example IPv6 Applications Network requirements Network diagram Configuration procedure Troubleshooting IPv6 Application Unable to Ping a Remote Destination Unable to Run Traceroute Unable to Run TFTP Unable to Run Telnet Page 1 Access Management Overview Configuring Access Management Access Management Configuration Examples Access Management Configuration Example Combining Access Management with Port Isolation Page Page Appendix A Acronyms