Manuals / 3Com / Computer Equipment / Switch

3Com WX3000 operation manual Security mode Description Feature

Models: WX3000

1 715

Page 140

Security mode	Description	Feature
	In this mode, a port performs 802.1x authentication of users
userLoginSecure	and services only one user passing 802.1x authentication at
	a time.

userLoginSecure	In this mode, a port performs 802.1x authentication of users
Ext	and services users passing 802.1x authentication.

	Similar to the userLoginSecure mode, a port in this mode
	performs 802.1x authentication of users and services only
	one user passing 802.1x authentication. The differences
	include:
userLoginWithOU	Such a port also permits frames from a wired user whose
I	MAC address contains a specified OUI (organizationally
	unique identifier).
	For frames from a wireless user, such a port performs OUI
	check at first. If the OUI check fails, the port performs 802.1x
	authentication.

macAddressWith	In this mode, a port performs RADIUS MAC authentication of
Radius	users.

	This mode is the combination of the userLoginSecure and
	macAddressWithRadius modes, with 802.1x authentication
	having a higher priority than MAC authentication.
	For a user using a wired connection, the port performs MAC
macAddressOrUs	authentication upon receiving non-802.1x frames and	In any of these
macAddressOrUs	performs 802.1x authentication first upon receiving 802.1x	modes, the
erLoginSecure	performs 802.1x authentication first upon receiving 802.1x	modes, the
erLoginSecure	frames. If 802.1x authentication fails, the port performs MAC	device triggers
		device triggers
	authentication.	the NTK and
	For a wireless user, 802.1x authentication is performed first.	Intrusion
		Protection
	If 802.1x authentication fails, MAC authentication is	Protection
	If 802.1x authentication fails, MAC authentication is	features upon
	performed.	features upon
	performed.	detecting an


macAddressOrUs	This mode is similar to the macAddressOrUserLoginSecure	illegal packet
macAddressOrUs	mode, except that there can be more than one 802.1x	or illegal event.
erLoginSecureExt	mode, except that there can be more than one 802.1x	or illegal event.
erLoginSecureExt	authenticated user on the port.
	authenticated user on the port.

	This mode is the combination of the macAddressWithRadius
	and userLoginSecure modes, with MAC authentication
	having a higher priority than 802.1x authentication.
macAddressElse	Upon receiving a non-802.1x frame, a port in this mode
UserLoginSecure	performs only MAC authentication.
	Upon receiving an 802.1x frame, the port performs MAC
	authentication and then, if MAC authentication fails, 802.1x
	authentication.

macAddressElse	This mode is similar to the macAddressElseUserLoginSecure
UserLoginSecure	mode, except that there can be more than one 802.1x/MAC
Ext	authenticated user on the port.

	To perform 802.1x authentication on the access user, MAC
	authentication must be performed first. 802.1x authentication
macAddressAnd	can be performed on the access user only if MAC
UserLoginSecure	authentication succeeds.
	In this mode there can be only one authenticated user on the
	port.

macAddressAnd	This mode is similar to the macAddressAndUserLoginSecure
UserLoginSecure	mode, except that there can be more than one authenticated
Ext	user on the port.

1-3

Page 140

Image 140

3Com WX3000 operation manual Security mode Description Feature

Contents

3Com WX3000 Series Unified Switches Switching Engine Manual Version 6W100Environmental Statement Organization Part ContentsAbout This Manual Italic ConventionsConvention Description Boldface Related Documentation Convention DescriptionCreate Folder Manual DescriptionObtaining Documentation Table of Contents Introduction to the CLI CLI ConfigurationCommand Hierarchy Switching to a specific user level Switching User LevelsSetting a user level switching password Setting the level of a command in a specific view Setting the Level of a Command in a Specific ViewConfiguration example CLI Views Display Execute OperationQuit Quit or returnGigabitethernet command Vlan-interface commandRegion-configuration Peer-public-key commandPublic-key-c Ode endPublic-key-code begin Execute the radius schemeCLI Features Vlan-vpn enableExecute Command should be first Online HelpCommand History Terminal DisplayPartial online help Press Ctrl+CError Prompts Command EditPress… To… TabTable of Contents Page Logging In to the Switching Engine Logging In to the Switching EngineIntroduction to the User Interface Supported User InterfacesCommon User Interface Configuration User Interface IndexDisplay users all Display user-interfaceType number number Display web usersLogging In to the Switching Engine Through OAP Press Enter to enter user view of the switching engineLogging In Through OAP OAP OverviewConfigure the management IP Not configured by defaultOap management-ip Address of an OAP moduleOap reboot slot Resetting the OAP Software SystemReset the OAP software Common Configuration Configuration DescriptionLogging In Through Telnet IntroductionTelnet Configurations for Different Authentication Modes Authentication Telnet configuration Description ModeTelnet Configuration with Authentication Mode Being None Configuration ProcedureNetwork requirements Configuration ExampleConfiguration procedure Password Set authentication Password cipherAuto-execute command User privilege level levelSet the history command buffer Default history commandCommand buffer can store up to Commands by defaultTelnet Configuration with Authentication Mode Being Scheme Scheme command AuthorizationHistory-command max-size Protocol inbound all sshPrivilege Service-typeUser privilege level level command is Level level # Create a local user named guest and enter local user view Telnetting to the Switching Engine Telnetting to the Switching Engine from a TerminalDeviceoap connect slot Connected to OAP Page Device telnet Vlan interface of the switching engine is assigned an IP User name and password for logging in to the Web-basedNetwork management system are configured Logging In from the Web-Based Network Management SystemSetting Up a Web Configuration Environment Configuring the Login Banner 3The login page of the Web-based network management systemThrough Web Configured Header login textBy default, no login banner is Follow these steps to enable/disable the WEB server Enable the Web serverEnabling/Disabling the WEB Server Ip http shutdownRelated information Connection Establishment Using NMSLogging In from NMS Configuring Source IP Address for Telnet Service Packets Configuring Source IP Address for Telnet Service PacketsConfiguration in user view Configuration in system viewDisplaying Source IP Address Configuration Interface-numberLogin mode Control method Implementation Reference User ControlControlling Telnet Users PrerequisitesMatch-order config auto Acl number acl-numberRule rule-id deny permit Acl acl-number inboundPermit rule-string Controlling Telnet Users by Source MAC AddressesRule rule-id deny Controlling Network Management Users by Source IP Addresses Controlling Network Management Users by Source IP Addresses2Network diagram for controlling Snmp users using ACLs Controlling Web Users by Source IP AddressDisconnecting a Web User by Force Controlling Web Users by Source IP AddressesIp http acl acl-number Free web-users all user-idDevice ip http acl Table of Contents Configuration File Management Introduction to Configuration FileTypes of configuration Format of configuration fileManagement of Configuration File Saving the Current ConfigurationStartup with the configuration file Modes in saving the configurationErasing the Startup Configuration File Three attributes of the configuration fileSpecifying a Configuration File for Next Startup Assign main attribute to the startup configuration fileAssign backup attribute to the startup configuration file Startup saved-configurationDisplaying and Maintaining Device Configuration Table of Contents Introduction to Vlan Vlan OverviewVlan Overview Vlan tag Advantages of VLANsHow Vlan Works MAC address learning mechanism of VLANs 2Encapsulation format of traditional Ethernet framesVlan Classification Port-Based VlanVlan Interface Protocol-Based Vlan Introduction to Protocol-Based VlanEncapsulation Format of Ethernet Data Ethernet II and 802.2/802.3 encapsulationExtended encapsulation formats of 802.2/802.3 packets 6802.3 raw encapsulation formatProcedure for the Switch to Judge Packet Protocol Encapsulation FormatsImplementation of Protocol-Based Vlan Encapsulation Ethernet 802.3 raw 802.2 LLC Snap ProtocolPage Vlan Configuration Vlan ConfigurationConfiguration Task List Basic Vlan ConfigurationDisplaying and Maintaining Vlan Basic Vlan Interface ConfigurationConfiguration prerequisites Configuring a Port-Based Vlan Configuring a Port-Based VlanProtocol-Based Vlan Configuration Example Port interface-list# Create Vlan 201, and add GigabitEthernet 1/0/12 to Vlan # Configure GigabitEthernet 1/0/10 of Switch B# Create Vlan 201, and add GigabitEthernet 1/0/2 to Vlan Configuring a Protocol-Based Vlan Configuring a Protocol Template for a Protocol-Based VlanAssociating a Port with a Protocol-Based Vlan Interface interface-type Interface-numberPort hybrid protocol-vlan Vlan vlan-id protocol-indexDisplaying and Maintaining Protocol-Based Vlan Display vlan vlan-id to vlan-id allDynamic static Display protocol-vlan vlan vlan idVlan Protocol-Type Table of Contents Auto Detect Configuration Introduction to the Auto Detect FunctionAuto Detect Configuration Auto Detect Basic ConfigurationAuto Detect Implementation in Vlan Interface Backup Auto Detect Implementation in Static RoutingIp route-static ip-address mask Preference-value reject blackholeStandby detect-group Auto Detect Configuration ExamplesVlan -id # Create auto detected group # Configure a static route to Switch aIs reachable Table of Contents How an IP Phone Works Voice Vlan ConfigurationVoice Vlan Overview 1Network diagram for IP phones AgentNumber OUI address Vendor Configuring Operation Mode for Voice VlanHow the Device Identifies Voice Traffic Processing mode of tagged packets sent by IP voice devices Support for Voice Vlan on Various PortsPort voice Voice Security Mode of Voice VlanPort type Supported or not Traffic type Mode Configuring a Voice Vlan to Operate in Automatic Mode Voice Vlan ConfigurationConfiguration Prerequisites Configuring a Voice Vlan to Operate in Manual Mode EnableUndo voice vlan mode Voice vlan securityPort trunk permit vlan Port hybrid vlan vlan-idTagged untagged Port trunk pvid vlanDisplaying and Maintaining Voice Vlan Voice Vlan Configuration ExampleVoice Vlan Configuration Example Automatic Mode Voice Vlan Configuration Example Manual Mode # Enable the voice Vlan function globally# Configure GigabitEthernet 1/0/1 as a hybrid port # Enable the voice Vlan function on GigabitEthernet 1/0/1# Create Vlan 2 and configure it as a voice Vlan # Configure GigabitEthernet 1/0/1 to operate in manual modeVerification # Display the status of the current voice VlanTable of Contents Introduction to Gvrp Gvrp ConfigurationGarp messages and timers Garp packets are in the following format Operating mechanism of GarpGarp message format 1Format of Garp packets Field Description ValueGvrp Configuration Protocol SpecificationsConfiguration Prerequisite Enabling GvrpConfiguring Gvrp Timers Garp timer leaveallGarp timer hold join GvrpConfiguring Gvrp Port Registration Mode Displaying and Maintaining GvrpGvrp Configuration Example Gvrp Configuration ExampleConfigure Switch a # Enable Gvrp globally # Enable Gvrp on GigabitEthernet 1/0/1# Enable Gvrp on GigabitEthernet 1/0/3 SwitchE-GigabitEthernet1/0/1 gvrp registration fixed Table of Contents Basic Port Configuration Ethernet Port OverviewTypes and Numbers of Ethernet Ports Combo Ports Mapping RelationsConfiguring the Default Vlan ID for an Ethernet Port Link Types of Ethernet PortsConfiguring Ethernet Ports Making Basic Port ConfigurationAdding an Ethernet Port to Specified VLANs Vlan tagConfiguring Port Auto-Negotiation Speed Setting the Ethernet Port Broadcast Suppression Ratio Enabling Flow Control on a PortSpeed auto 10 100 Broadcast-suppressionConfiguring Trunk Port Attribute Configuring Access Port AttributeConfiguring Hybrid Port Attribute Configuration tasks Disabling Up/Down Log Output on a PortCopying Port Configuration to Other Ports Configuring a Port GroupSystem-view Copy configuration source interface-type Aggregation-group destination-agg-idSetting Loopback Detection for an Ethernet Port Configuring the Ethernet Port to Run Loopback Test Configure the Ethernet port to runLoopback-detection per-vlan Loopback detection only on VLANs for the trunk and hybridFlow-interval interval Enabling the System to Test Connected CableVirtual-cable-test Ethernet Port Configuration Example Displaying and Maintaining Ethernet PortsTroubleshooting Ethernet Port Configuration # Configure the default Vlan ID of GigabitEthernet 1/0/1 asTable of Contents Introduction to Lacp Link Aggregation ConfigurationIntroduction to Link Aggregation Operation Key Manual Aggregation GroupIntroduction to manual aggregation group Port status in manual aggregation groupPort status of static aggregation group Static Lacp Aggregation GroupIntroduction to static Lacp aggregation Configuring system priority Dynamic Lacp Aggregation GroupIntroduction to dynamic Lacp aggregation group Port status of dynamic aggregation groupConfiguring port priority Aggregation Group CategoriesLink Aggregation Configuration Configuring a Manual Aggregation GroupConfiguring a Static Lacp Aggregation Group Description agg-namePort link-aggregation group Agg-idSystem-priority Configuring a Dynamic Lacp Aggregation GroupLacp system -priority Link Aggregation Configuration Example Displaying and Maintaining Link AggregationSwitch a Link aggregation Switch B Page Table of Contents Port Isolation Configuration Port Isolation ConfigurationPort Isolation Overview Introduction to Port IsolationPort Isolation Configuration Example Displaying and Maintaining Port IsolationDevice-GigabitEthernet1/0/4 quit device Table of Contents Port Security Configuration Port Security FeaturesPort Security Overview IntroductionSecurity mode Description Feature This modePort Security Modes NeitherSecurity mode Description Feature Port Security Configuration Complete the following tasks to configure port securityFollow these steps to enable port security Enabling Port SecuritySetting the Port Security Mode Port-security oui OUI-value UserLoginWithOUI mode, aPort-security max-mac-count Count-valueConfiguring Port Security Features Configuring the NTK featureConfiguring intrusion protection Configuring the Trap featureConfiguring Security MAC Addresses Displaying and Maintaining Port Security Configuration Port Security Configuration ExampleHostSwitch # Enable port security# Set the port security mode to autolearn # Enter GigabitEthernet 1/0/1 port viewPort Binding Configuration Displaying and Maintaining Port Binding ConfigurationConfiguring Port Binding Port Binding OverviewPort Binding Configuration Example Configure switch a as follows # Enter system viewTable of Contents Dldp Configuration Dldp OverviewStatus Description Dldp FundamentalsDldp status Dldp timers Dldp works with the following timers 2DLDP timersTimer Description Interval of sending advertisement packets, which can beDldp operating mode Enhanced timer then sends one probe packets every oneMode During neighbor Entry aging Timer expirePacket type Processing procedure No Echo packet received from Processing procedure Neighbor4Types of packets sent by Dldp Dldp status Packet typesDldp Configuration Precautions During Dldp ConfigurationDldp Configuration Tasks Dldp neighbor stateResetting Dldp Status Dldp Network Example Reset the Dldp status of a port Dldp resetThis command only applies to the ports in Dldp down status # Enable Dldp globally # Configure Dldp to work in enhanced mode# Set the interval of sending Dldp packets to 15 seconds # Display the Dldp statusTable of Contents Introduction to MAC Address Learning MAC Address Table ManagementIntroduction to MAC Address Table 1MAC address learning diagram Managing MAC Address Table Aging of MAC address tableConfiguring MAC Address Table Management Entries in a MAC address tableConfiguring a MAC Address Entry Adding a MAC address entry in system viewAdding a MAC address entry in Ethernet port view System-view Mac-address static dynamicAge no-aging Setting the Aging Time of MAC Address EntriesMac-address timer aging Disabling MAC Address learning for a Vlan Mac-addressMax-mac-count count Max-mac-countConfiguration Example Displaying and Maintaining MAC Address TableAdding a Static MAC Address Entry Manually Display mac-addressTable of Contents Page STP Overview Mstp ConfigurationSTP Overview Classification Designated bridge Designated port All the ports on the root bridge are designated portsHow STP works Step DescriptionStep Description Device Port name Bpdu of port 5Comparison process and result on each device Device Comparison process Bpdu of port afterDevice Comparison process Bpdu of port after 3The final calculated spanning tree Features of Mstp Mstp OverviewBackground of Mstp Disadvantages of STP and RstpBasic Mstp Terminologies MST regionVlan mapping table Region rootCommon root bridge Port rolePort state MSTP, a port can be in one of the following three statesPrinciple of Mstp Calculate the CistCalculate an Msti Implement STP algorithmMstp Implementation on the Device Configuring Root Bridge Complete the following tasks to configure a root bridgeSTP-related Standards Bpdu guard Loop guard TC-BPDU attack guard Bpdu packet dropConfiguring an MST Region # Verify the above configuration Centi-seconds Stp instance instance-id root secondaryConfiguring the Bridge Priority of the Current Device Required Default bridge priority of a Current deviceSet the bridge priority for Stp instance instance-idAuto dot1s legacy Stp interface interface-typeInterface-number compliance Configuring the Mstp Operation Mode Stp mode stp rstp mstpStp compliance auto dot1s LegacyStp max-hops hops Configuring the Maximum Hop Count of an MST RegionConfiguring the Network Diameter of the Switched Network Configuring the Mstp Time-related Parameters Stp timer forward-delayStp timer hello Stp timer max-ageConfiguring the Timeout Time Factor Stp transmit-limit packetnum Stp interface interface-listTransmit-limit packetnum Configuring the Current Port as an Edge Port Configure a port as an edge port in system viewConfigure a port as an edge port in Ethernet port view Edged-port enablePoint-to-point force-true Force-false autoStp enable DisableEnabling Mstp Stp point-to-point force-trueTask Remarks Configuring Leaf NodesStp disable Configuring the MST Region Configuring a Port as an Edge PortConfiguring the Path Cost for a Port Standards for calculating path costs of portsStp pathcost-standard Dot1d-1998 dot1t legacyConfiguration example B Configure the path cost for specific portsConfiguration example a Configuring Port Priority Configure port priority in system viewConfigure port priority in Ethernet port view Instance instance-id portPerforming mCheck Operation Perform the mCheck operation in system viewPerform the mCheck operation in Ethernet port view Stp interface interface-list mcheckConfiguring Guard Functions Bpdu guardRoot guard Stp mcheckBpdu dropping Loop guardTC-BPDU attack guard Configuring Bpdu Guard Configuring Root GuardRoot-protection Stp root-protectionConfiguring Loop Guard Configuring TC-BPDU Attack GuardStp loop-protection Stp tc-protectionConfiguring Digest Snooping Configuring Bpdu DroppingInterface interface-name Bpdu-drop anyConfiguring Digest Snooping Stp config-digest-snoopingConfiguring Rapid Transition 6The Rstp rapid transition mechanism Stp no-agreement-check Configuring Rapid TransitionNo-agreement-check Vlan-vpn tunnel Configuring VLAN-VPN TunnelConfiguring VLAN-VPN tunnel STP Maintenance Configuration Enabling Log/Trap Output for Ports of Mstp InstanceStp instance instance id PortlogEnabling Trap Messages Conforming to 802.1d Standard Displaying and Maintaining Mstp# Activate the settings of the MST region manually Mstp Configuration ExampleConfigure Switch a # Enter MST region view Configure Switch B # Enter MST region view Configure Switch C # Enter MST region view# Configure the MST region Configure Switch D # Enter MST region viewVLAN-VPN tunnel Configuration Example Configure Switch a # Enable MstpConfigure Switch B # Enable Mstp Configure Switch C # Enable Mstp# Enable the VLAN-VPN tunnel function # Configure GigabitEthernet 1/0/2 as a trunk portConfigure Switch D # Enable Mstp # Configure GigabitEthernet 1/0/1 as a trunk portTable of Contents Introduction to 802.1x ConfigurationArchitecture of 802.1x Authentication Port access entity Port access control methodControlled port and uncontrolled port Valid direction of a controlled portFormat of an EAPoL packet Mechanism of an 802.1x Authentication SystemEncapsulation of EAPoL Messages Format of an EAP packet EAP relay mode 802.1x Authentication ProcedureFields added for EAP authentication Describes the basic EAP-MD5 authentication procedure EAP terminating mode Timers Used 9802.1x authentication procedure in EAP terminating modeAdditional 802.1x Features Implemented Checking the supplicant systemChecking the client version Guest Vlan functionIntroduction to 802.1x Configuration Enabling 802.1x re-authenticationDot1x Basic 802.1x ConfigurationConfiguring Basic 802.1x Functions Dot1x authentication-method chap Dot1x handshake enableDot1x interface interface-list Dot1x port-control authorized-forceDot1x retry max-retry-value Timer and Maximum User Number ConfigurationDot1x max-user user-number Advanced 802.1x Configuration Configuring Proxy CheckingConfiguring Client Version Checking Enabling DHCP-triggered Authentication Configuring Guest VlanDot1x dhcp-launch Dot1x port-method portbasedDot1x re-authenticate Configuring 802.1x Re-AuthenticationConfiguring the 802.1x Re-Authentication Timer 802.1x Configuration Example Displaying and Maintaining# Enable 802.1x globally # Enable 802.1x on GigabitEthernet 1/0/1 port# Create the domain named aabbcc.net and enter its view # Set the default user domain to be aabbcc.net# Create a local access user account Quick EAD Deployment Configuration Configuring Quick EAD DeploymentIntroduction to Quick EAD Deployment Quick EAD Deployment OverviewConfiguring a free IP range Setting the ACL timeout periodDot1x url url-string Dot1x free-ip ip-addressPeriod is 30 minutes Quick EAD Deployment Configuration ExampleDisplaying and Maintaining Quick EAD Deployment Troubleshooting SolutionSystem-Guard Configuration Configuring the System-Guard FeatureConfiguring the System-Guard Feature System-Guard OverviewDisplaying and Maintaining System-Guard Table of Contents Page Authentication AuthorizationAAA Overview Introduction to AAAIntroduction to AAA Services What is RadiusAccounting Introduction to ISP DomainBasic message exchange procedure in Radius 1Databases in a Radius serverRadius message format Code Message type Message descriptionDirection client-server Client transmits this message to the server to determine ifType field value Attribute type What is Hwtacacs Introduction to HwtacacsBasic message exchange procedure in Hwtacacs 5Network diagram for a typical Hwtacacs application6AAA implementation procedure for a telnet user Page Configuration Introduction AAA ConfigurationAAA Configuration Task List Creating an ISP Domain and Configuring Its Attributes Configuring an AAA Scheme for an ISP Domain Configuring a combined AAA schemeMessenger time enable limit Self-service-url disableConfiguring separate AAA schemes Domain isp-nameRadius-scheme-name local Hwtacacs-schemeAccounting none Configuring Dynamic Vlan AssignmentLocal local none Authorization none Configuring the Attributes of a Local User Domain isp-nameVlan-assignment-mode Integer stringPassword-display-mode Service-type ftp lan-accessAuthorization vlan string Access-limitRadius Configuration Task List Cutting Down User Connections ForciblyFollow these steps to cut down user connections forcibly Cut down userConfiguring ServersConfiguring Radius Authentication/Authorization Servers Radius client enableCreating a Radius Scheme Radius schemeConfiguring Radius Accounting Servers Primary authenticationSecondary authentication Ip-address port-numberConfiguring Shared Keys for Radius Messages Secondary accountingStop-accounting-buffer Retry stop-accountingKey accounting string Configuring the Type of Radius Servers to be SupportedKey authentication string Optional Servers to be supported Configuring the Status of Radius ServersServer-type extended State primary authentication Authentication blockCalling-station-id mode Block activeConfiguring the Local Radius Authentication Server Function Local-server enableKey password Local-server nas-ip ip-addressConfiguring Timers for Radius Servers Enabling the User Re-Authentication at Restart Function Times interval interval Hwtacacs Configuration Task ListAccounting-on enable send Hwtacacs scheme Configuring Tacacs Authentication ServersCreating a Hwtacacs Scheme Configuring Tacacs Authorization Servers Primary authorizationSecondary authorization Ip-address portConfiguring Tacacs Accounting Servers Configuring Shared Keys for Hwtacacs MessagesFollow these steps to configure Tacacs accounting servers Function is enabled Number of transmissionAuthentication string Key accountingMega-byte Data-flow-format packetConfiguring the Timers Regarding Tacacs Servers Scheme exists Set the response timeout timeOptional By default, the response timeout Tacacs servers Optional By default, the real-time IntervalDisplaying and maintaining Radius protocol information Displaying and Maintaining AAADisplaying and maintaining AAA information Displaying and maintaining Hwtacacs protocol information AAA Configuration ExamplesRemote Radius Authentication of Telnet/SSH Users # Adopt AAA authentication for Telnet users # Configure an ISP domain# Configure a Radius scheme # Associate the ISP domain with the Radius schemeLocal Authentication of FTP/Telnet Users # Create and configure a local user named telnetHwtacacs Authentication and Authorization of Telnet Users # Configure the domain name of the Hwtacacs scheme to hwtacTroubleshooting AAA Troubleshooting Radius ConfigurationTroubleshooting Hwtacacs Configuration Possible reasons and solutionsTypical Network Application of EAD EAD ConfigurationIntroduction to EAD EAD Configuration EAD Configuration ExampleSecurity-policy-server Ip-address# Configure the IP address of the security policy server # Associate the domain with the Radius schemeTable of Contents MAC Authentication Configuration MAC Authentication OverviewPerforming MAC Authentication on a Radius Server Performing MAC Authentication LocallyConfiguring Basic MAC Authentication Functions MAC Authentication TimersMac-authentication Related ConceptsMac-authentication interface Mac-authentication QuitMac-authentication authmode Uppercase fixedpassword passwordMAC Address Authentication Enhanced Function Configuration Configuring a Guest VlanGuest-vlan-reauth interval Mac-authentication timerGuest-vlan vlan-id Max-auth-num user-number Configure the maximum numberMAC address authentication Number of MAC address Displaying and Maintaining MAC Authentication MAC Authentication Configuration ExampleDisplay mac-authentication Reset mac-authentication statistics# Add a local user Specify the username and password Set the service type to lan-access# Specify to perform local authentication # Add an ISP domain named aabbcc.netTable of Contents IP Addressing Configuration IP Addressing OverviewIP Address Classes Net-idClass Address range Remarks Special Case IP AddressesSubnetting and Masking Mask-length sub Configuring IP AddressesIp address ip-address mask IP Address Configuration Examples IP Address Configuration ExampleDisplaying and Maintaining IP Addressing Network requirement4Network diagram for IP address configuration Page IP Performance Overview IP Performance ConfigurationConfiguring IP Performance Disabling Sending of Icmp Error Packets Displaying and Maintaining IP Performance Configuration Table of Contents Dhcp Overview Introduction to DhcpDhcp IP Address Assignment IP Address Assignment PolicyObtaining IP Addresses Dynamically Dhcp Packet Format Updating IP Address LeaseProtocols and Standards Dhcp Relay Agent Configuration Introduction to Dhcp Relay AgentUsage of Dhcp Relay Agent Dhcp Relay Agent FundamentalsIntroduction to Option Padding content of OptionDhcp Relay Agent Support for Option 2Padding contents for sub-option 1 of Option Mechanism of Option 82 supported on Dhcp relay agentConfiguring the Dhcp Relay Agent Dhcp Relay Agent Configuration Task ListDhcp-server groupNo ip Ip-address &1-8Configuring Dhcp Relay Agent Security Functions Configuring address checkingAddress-check enable Dhcp relay hand enableDhcp-security static ip-address Mac-addressConfiguring the Dhcp Relay Agent to Support Option Configuring the Dhcp relay agent to support OptionEnabling unauthorized Dhcp server detection PrerequisitesDisplaying and Maintaining Dhcp Relay Agent Configuration Dhcp Relay Agent Configuration ExampleTroubleshooting Dhcp Relay Agent Configuration SymptomSolution AnalysisPage Function of Dhcp Snooping Dhcp Snooping ConfigurationDhcp Snooping Overview Padding content and frame format of Option Overview of Dhcp Snooping OptionMechanism of DHCP-snooping Option 2Extended format of the circuit ID sub-optionDhcp-snooping information format command or Sub-option configuration Dhcp snooping device will…Dhcp-snooping information format command or the default HEX Overview of IP FilteringDhcp Snooping Configuration Configuring Dhcp SnoopingDHCP-snooping table IP static binding tableConfiguring Dhcp Snooping to Support Option DHCP-Snooping Option 82 Support Configuration Task ListEnable DHCP-snooping Option 82 support Required Specify the current port as aConfigure a handling policy for Dhcp packets with Option Configure the storage format of OptionDhcp-snooping information Strategy drop keep replaceConfigure the circuit ID sub-option Configure the remote ID sub-optionVlan vlan-id circuit-id string StringConfiguring IP Filtering Configure the padding format for OptionRemote-id sysname string Vlan vlan-id remote-idDhcp Snooping Configuration Example DHCP-Snooping Option 82 Support Configuration ExampleIP Filtering Configuration Example # Enable Dhcp snooping on Switch# Enable DHCP-snooping Option 82 support # Specify GigabitEthernet 1/0/5 as the trusted port7Network diagram for IP filtering configuration # Specify GigabitEthernet 1/0/1 as the trusted portDisplaying and Maintaining Dhcp Snooping Configuration Display dhcp-snoopingTrust Display ip source staticDHCP/BOOTP Client Configuration Introduction to Bootp ClientConfiguring a DHCP/BOOTP Client Follow these steps to configure a DHCP/BOOTP clientDhcp-alloc Dhcp Client Configuration ExampleIp address bootp-alloc Displaying and Maintaining DHCP/BOOTP Client Configuration Display bootp client interfaceBootp client Display related information on aTable of Contents ACL Matching Order ACL ConfigurationACL Overview Ways to Apply an ACL on a Device Depth-first match order for rules of a basic ACLDepth-first match order for rules of an advanced ACL Being applied to the hardware directlyTypes of ACLs Supported by Devices ACL ConfigurationConfiguring Time Range Time-range time-name start-time to end-time Days-of-the-week from start-time start-date toEnd-time end-date from start-time start-date to End-time end-date to end-time end-dateRule-string Rule-string , refer to ACL Command Configuring Basic ACLAuto config Configuring Advanced ACL Match-order auto configRule-string , refer to ACL Command Rule rule-id permit denyConfiguring Layer 2 ACL Rule-string Refer to ACL CommandACL Assignment Configure procedure Assigning an ACL GloballyAssigning an ACL to a Vlan Packet-filter inbound acl-ruleInbound acl-rule Assigning an ACL to a Port GroupSystem-view Packet-filter vlan vlan-id Displaying and Maintaining ACL Assigning an ACL to a PortExample for Controlling Telnet Login Users by Source IP Example for Controlling Web Login Users by Source IPSwitchPC Examples for Upper-layer Software Referencing ACLsExamples for Applying ACLs to Hardware Basic ACL Configuration ExampleAdvanced ACL Configuration Example Layer 2 ACL Configuration Example # Apply ACL 3000 on GigabitEthernet 1/0/1Example for Applying an ACL to a Vlan # Apply ACL 4000 on GigabitEthernet 1/0/1# Apply ACL 3000 to Vlan Table of Contents Page QoS Configuration Traditional Packet Forwarding ServiceIntroduction to QoS New Applications and New RequirementsTraffic Classification QoS Supported by DevicesMajor Traffic Control Techniques IP Precedence decimal IP Precedence binary Description PrecedenceIP precedence, ToS precedence, and Dscp precedence 802.1p priority Dscp value decimal Dscp value binary DescriptionPriority Trust Mode 802.1p priority decimal 802.1p priority binary DescriptionTrusting the 802.1p precedence Trusting the Dscp precedenceDscp precedence Target Dscp precedence Protocol Priority Priority MarkingTraffic Policing and Traffic Shaping Token bucketTraffic shaping Evaluating the traffic with the token bucketTraffic policing Queue Scheduling Traffic RedirectingVlan Mapping 7Diagram for SP queuing SP queuingSdwrr QoS Configuration QoS Configuration Task ListFlow-based Traffic Accounting BurstConfiguring Priority Trust Mode Priority priority-levelPriority-trust cos automap Priority-trust dscp automapQos cos-drop-precedence-map Configuring Priority MappingQos cos-local-precedence-map Qos cos-dscp-map cos0-map-dscp Qos dscp-local-precedence-map dscp-listQos dscp-drop-precedence-map dscp-list Qos dscp-cos-map dscp-list cos-valuePage Setting the Priority of Protocol Packets System-view Protocol-priorityProtocol-type Ip-precedenceMarking Packet Priority Traffic-priority inbound acl-rule dscpDscp-value cos cos-value Traffic-priority vlan vlan-id inbound acl-ruleConfiguring Traffic Policing Required Matching specific ACL rulesReset traffic-limit inbound acl-rule Reset traffic-limit vlan vlan-id inboundTraffic-limit inbound acl-rule target-rate Conform con-action exceedConfiguring Traffic Shaping View Configure trafficBy default, traffic policing is Policing Disabled Clear the trafficConfiguring Traffic Redirecting Configuration examplesTraffic-shape queue Traffic-redirect inbound acl-rule interfaceTraffic-redirect vlan vlan-id inbound acl-rule Configuring Vlan Mapping Configuring Queue SchedulingTraffic-remark-vlanid inbound Acl-rule remark-vlan vlan-idQueue-id queue-weight &1-8 Group2 queue-id queue-weightUndo queue-scheduler queue-id Queue-scheduler wrr group1Reset traffic-statistic inbound Collecting/Clearing Traffic StatisticsCollect the statistics on Packets matching specific ACL Traffic-statistic inbound acl-ruleTraffic-statistic vlan vlan-id Reset traffic-statistic vlan vlan-idReset traffic-statistic inbound acl-rule Configuring Traffic Mirroring Follow these steps to enable the burst functionEnabling the Burst Function Refer to Burst for information about the burst functionMonitor-port Mirrored-to inbound acl-ruleMonitor-interface Mirrored-to vlan vlan-idRequired Mirroring for packets that Traffic mirroring configurationRequired Destination port Exit current view Displaying and Maintaining QoS QoS Configuration Example Configuration Example of Traffic PolicingPage QoS Profile Configuration QoS Profile Application ModeDynamic application mode Manual application modeQoS Profile Configuration QoS Profile Configuration Task ListConfiguring a QoS Profile Applying a QoS ProfileDisplaying and Maintaining QoS Profile Qos-profile port-basedUndo qos-profile port-based System-view Apply qos-profileQoS Profile Configuration Example 1Network diagram for QoS profile configuration# Enable Table of Contents Mirroring Configuration Mirroring OverviewLocal Port Mirroring Remote Port MirroringSwitch Ports involved Function MAC-Based MirroringVLAN-Based Mirroring 1Ports involved in the mirroring operationMirroring Configuration Configuring Local Port MirroringConfiguring Remote Port Mirroring Configuration on the device acting as a source switchConfiguration on the device acting as a destination switch Configuring MAC-Based Mirroring Remote-probe-vlan-idRemote-destination Monitor-port monitor-portMirroring-group group-id Mirroring-mac mac vlan Configuring VLAN-Based MirroringLocal remote-source Mirroring Configuration Example Local Port Mirroring Configuration ExampleDisplaying and Maintaining Port Mirroring Mirroring-group group-id Mirroring-vlan vlan-idRemote Port Mirroring Configuration Example Configure Switch C # Create a local mirroring group4Network diagram for remote port mirroring # Configure Vlan 10 as the remote-probe Vlan# Configure Vlan 10 as the remote-probe Vlan Page Table of Contents ARP Configuration Introduction to ARPARP Function ARP Message FormatField Description Value DescriptionExperimental Ethernet Proteon ProNET Token RingARP entry Generation Method Maintenance Mode ARP TableARP Process ChaosARP attack detection Introduction to ARP Attack DetectionMan-in-the-middle attack Configuring ARP Configuring ARP Basic FunctionsArp timer aging aging-time Introduction to Gratuitous ARPConfiguring ARP Attack Detection Arp check enableArp detection enable Arp detection trustGratuitous-arp-learning Configuring Gratuitous ARPArp restricted-forwarding ARP Configuration Example ARP Basic Configuration ExampleARP Attack Detection Configuration Example Displaying and Maintaining ARP# Enable Dhcp snooping on Switch a # Enable ARP attack detection on all ports in VlanTable of Contents Snmp Configuration Snmp OverviewSnmp Operation Mechanism Snmp VersionsMIB attribute MIB content Related RFC Supported MIBsMIB II based on TCP/IP network device RFC Public MIBConfiguring Basic Snmp Functions Configuring basic Snmp functions for SNMPv1 or SNMPv2cSnmp-agent Snmp-agent sys-infoConfiguring basic Snmp functions for SNMPv3 Configuring Trap Parameters Configuring Basic TrapConfiguring Extended Trap Snmp Configuration Examples Snmp Configuration ExamplesEnabling Logging for Network Management Displaying and Maintaining SnmpNetwork procedure 2Network diagram for Snmp configurationConfiguring the NMS Working Mechanism of Rmon Rmon ConfigurationIntroduction to Rmon Commonly Used Rmon Groups Rmon Configuration Displaying and Maintaining Rmon Rmon Configuration ExamplesConfiguration procedures # Display the Rmon extended alarm entry numbered Table of Contents Multicast Overview Information Transmission in the Unicast ModeMulticast Overview Information Transmission in the Broadcast Mode 1Information transmission in the unicast modeInformation Transmission in the Multicast Mode 2Information transmission in the broadcast mode3Information transmission in the multicast mode Roles in MulticastMulticast Models Advantages and Applications of MulticastAdvantages of multicast Application of multicastMulticast Architecture ASM modelSFM model SSM modelReserved multicast addresses IP addresses for permanent IP multicast addressClass D address range Description Ethernet multicast MAC address Multicast Protocols Layer 3 multicast protocolsLayer 2 multicast protocols 5Positions of Layer 3 multicast protocolsMulticast Packet Forwarding Mechanism Implementation of the RPF MechanismRPF Check 7RPF check processPage Igmp Snooping Configuration Igmp Snooping OverviewPrinciple of Igmp Snooping Basic Concepts in Igmp SnoopingTimer Description Message before Action after expiry Expiry Work Mechanism of Igmp SnoopingWhen receiving a leave message When receiving a general queryWhen receiving a membership report Complete the following tasks to configure Igmp Snooping Igmp Snooping ConfigurationIgmp Snooping Configuration Task List Configuring the Version of Igmp Snooping Igmp-snooping enableEnabling Igmp Snooping Igmp-snooping versionEnabling fast leave processing in system view Configuring TimersConfiguring Fast Leave Processing Configuring a Multicast Group Filter Enable fast leave processingRequired By default, the fast leave For specific VLANs Enabling fast leave processing in Ethernet port viewConfiguring a multicast group filter in system view Configuring a multicast group filter in Ethernet port viewIgmp -snooping group -policy Acl-number vlan vlan-listVlan vlan list overflow-replace Configuring Igmp QuerierIgmp-snooping group-limit limit Configuring Static Member Port for a Multicast Group Suppressing Flooding of Unknown Multicast Traffic in a VlanConfiguring a Static Router Port Ethernet port viewVlan interface view Multicast static-groupConfiguring a Port as a Simulated Group Member Vlan viewIgmp host-join group-address Source-ip source-addressVlan-mapping vlan Configuring a Vlan Tag for Query MessagesConfiguring Multicast Vlan Igmp enable Service-type multicastHybrid Port hybrid vlan vlan-id-list Port trunk permit vlan vlan-listDisplaying and Maintaining Igmp Snooping Igmp Snooping Configuration ExamplesConfiguring Igmp Snooping 3Network diagram for Igmp Snooping configuration Configure Switch a # Enable Igmp Snooping globallyGigabitEthernet 1/0/1 is connected to the workstation Device Device description Networking descriptionInterface IP address of Vlan 20 is 4Network diagram for multicast Vlan configuration # Configure VlanTroubleshooting Igmp Snooping Symptom Multicast function does not work on the deviceCommon Multicast Configuration Common Multicast ConfigurationConfiguring a Multicast MAC Address Entry Mac-address multicastDisplaying and Maintaining Common Multicast Configuration Configuring Dropping Unknown Multicast PacketsUnknown-multicast drop Display mac-address multicastTable of Contents Applications of NTP NTP ConfigurationIntroduction to NTP Implementation Principle of NTP NTP Implementation Modes 1Implementation principle of NTPBroadcast mode Server/client modeSymmetric peer mode Multicast mode NTP implementation Configuration on the device ModeNTP Configuration Task List Configuring NTP Implementation ModesConfiguring NTP Server/Client Mode Complete the following tasks to configure NTPConfiguring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Configure the device to workNtp-service broadcast-server NTP broadcast serverConfiguring the device to work in the multicast client mode Configuring NTP Multicast ModeConfiguring the device to work in the multicast server mode Configuring Access Control Right Configuring NTP AuthenticationNtp-service access peer Server synchronizationConfiguring NTP authentication on the client Role of device Working modeConfiguring NTP authentication on the server Configuring Optional NTP Parameters Configure on NTP Broadcast ServerMode and NTP multicast Broadcast While ConfiguringDisplaying and Maintaining NTP Configuration NTP Configuration ExamplesDisabling an Interface from Receiving NTP messages Max-dynamic-sessions# Set Device a as the NTP server of Device B # Set Device C as the peer of Device B Configuring NTP Symmetric Peer ModeConfigure Device C # Set Device a as the NTP server 8Network diagram for the NTP broadcast mode configuration Configure Device C # Enter system view # Set Device a as a broadcast client9Network diagram for NTP multicast mode configuration # Enable the NTP authentication function Configuring NTP Server/Client Mode with AuthenticationConfigure Device B # Enter system view # Specify the key 42 as a trusted key Table of Contents SSH Configuration SSH OverviewIntroduction to SSH Algorithm and KeyStages Description Asymmetric Key AlgorithmSSH Operating Process Key negotiation Authentication negotiationVersion negotiation Data exchange Configuring the SSH ServerSession request SSH Server Configuration Tasks Configuring the Protocol Support for the User InterfaceAuthentication-mode scheme Command-authorizationGenerating/Destroying a RSA or DSA Key Pair Creating an SSH User and Specify an Authentication Type Exporting the RSA or DSA Public KeySpecifying a Service Type for an SSH User Configuring SSH ManagementSsh user username service-type Stelnet sftp allConfiguring the Client Public Key on the Server Rsa peer-public-key keyname Public-key-code endPeer-public-key end Assigning a Public Key to an SSH User Specifying a Source IP Address/Interface for the SSH ServerSsh user username assign Publickey rsa-key keynameConfiguring the SSH Client Using an SSH Client Software Configuring the SSH ClientSSH Client Configuration Tasks Generate a client key 2Generate a client key4Generate the client keys Specify the IP address of the Server Launch PuTTY.exe. The following window appearsAs shown in -7, select SSH under Protocol Select a protocol for remote connectionSelect an SSH version Open an SSH connection with publickey authentication 8SSH client configuration interface10SSH client interface Configure whether first-time authentication is supported Configuring the SSH Client on an SSH2-Capable DeviceOpen an SSH connection with password authentication Establish the connection between the SSH client and server Displaying and Maintaining SSH Configuration Specifying a Source IP address/Interface for the SSH clientSsh2 source-ip ip-address Ssh2 source-interface# Generate RSA and DSA key pairs SSH Configuration Examples# Enable the user interfaces to support SSH Page 14SSH client interface # Set the client’s command privilege level to # Assign the public key Switch001 to client client001Page 18Generate a client key pair Page 22SSH client interface Device system-view Device interface vlan-interface # Establish a connection to the server # Generate a DSA key pair # Set the user command privilege level to# Assign the public key Switch001 to user client001 25Network diagram of SSH client configuration # Assign public key Switch001 to user client001 # Set AAA authentication on user interfaces# Configure the user interfaces to support SSH # Specify the host public key pair name of the server # Establish the SSH connection to serverTable of Contents File System Management Configuration File System ConfigurationFile System Configuration Tasks Introduction to File SystemFile Operations Prompt Mode Configuration Flash Memory OperationsExecute filename Format deviceFile System Configuration Example File prompt alert quietIntroduction to File Attributes File Attribute ConfigurationAttribute Description Feature Identifier Configuring File Attributes Table of Contents FTP and Sftp Configuration Introduction to FTP and SftpIntroduction to FTP Description RemarksFTP Configuration FTP Configuration The Device Operating as an FTP ServerService-type ftp Introduction to SftpEnabling an FTP server Configuring connection idle timeFtp timeout minutes Disconnecting a specified user Ftp-server source-interfaceFtp-server source-ip ip-address Ftp disconnect user-nameConfiguring the banner for an FTP server Displaying FTP server information FTP Configuration The Device Operating as an FTP ClientBasic configurations on an FTP client Cdup LcdDisconnect CloseConfiguration Example The Device Operating as an FTP Server # Upload the config.cfg file. ftp put config.cfg FTP Banner Display Configuration Example 4Network diagram for FTP banner display configuration # Enter the authorized directory on the FTP server Sftp Configuration Sftp Configuration The Device Operating as an Sftp ServerComplete the following tasks to configure Sftp Follow these steps to enable an Sftp serverSftp Configuration The Device Operating as an Sftp Client Basic configurations on an Sftp clientFtp timeout time-out-value Time for the Sftp server Minutes by defaultHelp all command-name Sftp host-ip host-nameDelete remotefile Remove remote-fileSftp Configuration Example Sftp source-interfaceSftp source-ip ip-address Display sftp source-ip# Specify the SSH authentication mode as AAA # Specify the service type as Sftp# Enable the Sftp server # Create a local user client001Sftp-client # Exit Sftp Tftp Configuration Tftp ConfigurationComplete the following tasks to configure Tftp Introduction to TftpTftp Configuration The Device Operating as a Tftp Client Basic configurations on a Tftp clientTftp ascii binary Tftp-server acl acl-numberTftp Configuration Example Tftp source-interfaceTftp source-ip ip-address Display tftp source-ipDevice tftp 1.1.1.2 get config.cfg config.cfg Table of Contents Information Center Information Center OverviewIntroduction to Information Center Classification of system informationTen channels and six output directions of system information Outputting system information by source module Module name DescriptionSystem Information Format Sysname PriorityTimestamp Information Center Configuration Introduction to the Information Center Configuration TasksConfiguring Synchronous Information Output Set for the systemSetting to Output System Information to the Console Setting to output system information to the consoleEnabling system information display on the console Terminal monitorTerminal debugging Terminal loggingSetting to Output System Information to a Monitor Terminal Setting to output system information to a monitor terminalEnabling system information display on a monitor terminal Info-center monitor channelInfo-center loghost source Setting to Output System Information to a Log HostInfo-center loghost Setting to Output System Information to the Trap Buffer Setting to Output System Information to the Log BufferInfo-center trapbuffer Info-center sourceInfo-center snmp channel Setting to Output System Information to the Snmp NMSInfo-center logbuffer Log Output to a Unix Log Host Information Center Configuration ExamplesDisplaying and Maintaining Information Center # mkdir /var/log/Switch # touch /var/log/Switch/information 2Network diagram for log output to a Linux log host Log Output to a Linux Log Host3Network diagram for log output to the console Log Output to the Console# Enable terminal display 4Network diagramTable of Contents Host Configuration File Loading Remote Loading Using FTPLoading procedure using FTP client Introduction to Loading ApproachesLoading procedure using FTP server Restart Switch2Remote loading using FTP server Use the put command to upload the file config.cfg to Switch Remote Loading Using Tftp Basic System Configuration and Debugging Basic System ConfigurationDisplaying the System Status Debugging the SystemEnabling/Disabling System Debugging Display clockDisplaying Debugging Status Displaying Operating Information about Modules in SystemNetwork Connectivity Test Network Connectivity TestPing TracertDevice Management Configuration Device Management Configuration TasksRebooting the Device Device ManagementScheduling a Reboot on the Device Schedule reboot at hhmmSchedule reboot delay Schedule reboot regularityIdentifying pluggable transceivers Identifying and Diagnosing Pluggable TransceiversIntroduction to pluggable transceivers Diagnosing pluggable transceivers Table of Contents Introduction to VLAN-VPN VLAN-VPN ConfigurationVLAN-VPN Overview Adjusting the Tpid Values of VLAN-VPN Packets Implementation of VLAN-VPNProtocol type Value VLAN-VPN ConfigurationEnabling the VLAN-VPN Feature for a Port Tpid Adjusting Configuration Vlan-vpn uplink enableDisplaying and Maintaining VLAN-VPN Vlan-vpn tpid valueVLAN-VPN Configuration Example 4Network diagram for VLAN-VPN configurationSwitchA vlan-vpn tpid Data transfer processPage Selective QinQ Overview Selective QinQ ConfigurationSelective QinQ Overview Selective QinQ Configuration Enabling the Selective QinQ Feature for a PortInner-to-Outer Tag Priority Mapping Vlan-vpn vid vlan-idSelective QinQ Configuration Example Configuring the Inner-to-Outer Tag Priority Mapping FeatureProcessing Private Network Packets by Their Types Vlan-vpn priority2Network diagram for selective QinQ configuration # Enable the VLAN-VPN feature on GigabitEthernet 1/0/3SwitchA-GigabitEthernet1/0/3 vlan-vpn enable Page Table of Contents Introduction to HWPing HWPing ConfigurationHWPing Overview Test Types Supported by HWPing HWPing Test ParametersSupported test types Description Test parameter DescriptionDns-server Username and passwordDns HWPing server configuration tasks HWPing ConfigurationConfiguration on a HWPing Server HWPing client configuration HWPing Client ConfigurationHWPing server configuration Timeout time Test-enableCount times Datasize sizeTest-type ftp Test-type dhcpSource-port port-number Password password Ftp-operation get putUsername name Filename file-nameDestination-ip command to Dns-server ip-addressTest-type http Http-operation get postDestination-port Test-type jitterTest-type snmpquery Jitter-packetnum numberJitter-interval interval Configure the destination Configured on the HWPing Server for listening servicesOperation- tag This IP address and the oneHwping-server Tcpconnect ip-address7Test-type tcpprivate TcppublicTest-type udpprivate UdppublicTest-type dns Time Three seconds Optional Configure the service typeAddress is specified Configuring HWPing client to send Trap messages HWPing Configuration Example Administrator-name operation-tagDisplaying and Maintaining HWPing Icmp TestDhcp Test # Display test results# Configure the test type as dhcp FTP Test # Set the probe timeout time to 30 seconds # Configure the source IP addressHttp Test # Configure the test type as http# Configure the IP address of the Http server as Jitter Test Network diagram Configure HWPing Client Switch a # Enable the HWPing client# Configure the test type as jitter # Configure the IP address of the HWPing server asSnmp Test 7Network diagram for the Snmp test # Configure the test type as snmp8Network diagram for the Tcpprivate test TCP Test Tcpprivate Test on the Specified Ports# Configure the test type as tcpprivate # Configure the test type as udpprivate UDP Test Udpprivate Test on the Specified PortsDNS Test # Configure the test type as dns # Configure the IP address of the DNS server asIndex Table of Contents DNS Configuration Static Domain Name ResolutionDynamic Domain Name Resolution Resolution procedureDNS suffixes Configuring Domain Name ResolutionConfiguring Static Domain Name Resolution Static Domain Name Resolution Configuration Example DNS Configuration ExampleConfiguring Dynamic Domain Name Resolution Dynamic Domain Name Resolution Configuration Example 2Network diagram for static DNS configuration# Configure the IP address 2.1.1.2 for the DNS server # Configure com as the DNS suffixTroubleshooting DNS Configuration Displaying and Maintaining DNSTable of Contents Smart Link Configuration Smart Link OverviewBasic Concepts in Smart Link Smart Link groupMaster port Slave portFlush message Control Vlan for sending flush messagesOperating Mechanism of Smart Link Configuring Smart LinkComplete the following tasks to configure Smart Link Configuring a Smart Link Device Configuring Associated Devices PrecautionsFlush enable control-vlan Smart-link flush enable control-vlan vlan-id portDisplaying and Maintaining Smart Link Smart Link Configuration ExampleImplementing Link Redundancy Backup # Configure to send flush messages within Vlan # Return to system viewSwitchD system-view Monitor Link Configuration Introduction to Monitor Link2Network diagram for a Monitor Link group implementation How Monitor Link WorksCreating a Monitor Link Group Configuring Monitor LinkConfiguring the Uplink Port Port monitor-link group Configuring a Downlink PortUplink Monitor Link Configuration Example Displaying and Maintaining Monitor Link# Configure to send flush messages in Vlan # Create Smart Link group 1 and enter Smart Link group viewSwitchC monitor-link group Table of Contents PoE Configuration PoE OverviewIntroduction to PoE Advantages of PoEPoE Configuration PoE Features Supported by the DevicePoE Configuration Task List Maximum Power Provided by Each Electrical PortEnabling the PoE Feature on a Port Setting the Maximum Output Power on a PortPoe enable Poe max-power max-powerSetting PoE Management Mode and PoE Priority of a Port Setting the PoE Mode on a PortPoe power-management Poe priority critical highConfiguring the PD Compatibility Detection Function Poe legacy enablePoe update refresh Upgrading the PSE Processing Software OnlinePoE Configuration Example Displaying and Maintaining PoE ConfigurationPoE Configuration Example Networking requirements1Network diagram for PoE # Upgrade the PSE processing software onlinePoE Profile Configuration PoE Profile ConfigurationConfiguring PoE Profile Introduction to PoE ProfileDisplaying and Maintaining PoE Profile Configuration PoE Profile to PortDisplay poe-profile All-profile interface# Create Profile1, and enter PoE profile view PoE Profile Configuration ExamplePoE Profile Application Example # Create Profile2, and enter PoE profile view # Display detailed configuration information for Profile1# Display detailed configuration information for Profile2 Table of Contents Page IP Routing Protocol Overview Introduction to IP Route and Routing TableIP Route Routing TablePage Routing Protocol Overview Static Routing and Dynamic RoutingClassification of Dynamic Routing Protocols Routing Protocols and Routing PriorityLoad Sharing and Route Backup Route backupRouting Information Sharing Load sharingDisplaying and Maintaining a Routing Table Static Route Static Route ConfigurationIntroduction to Static Route Configuring a Static Route Static Route ConfigurationDefault Route Static Route Configuration Example Displaying and Maintaining Static RoutesTroubleshooting a Static Route # Approach 2 Configure a static route on Switch a# Approach 1 Configure static routes on Switch B # Approach 2 Configure a static route on Switch BRIP Configuration RIP OverviewBasic Concepts RIP routing databaseRouting loops prevention RIP timersRIP Startup and Operation RIP Configuration Task List Basic RIP ConfigurationConfiguring Basic RIP Functions RipSpecifying the RIP version on an interface Setting the RIP operating status on an interfaceRIP Route Control Configuring RIP Route Control Setting the additional routing metrics of an interfaceConfiguring RIP route summarization Rip metricin valueConfiguring RIP to filter incoming/outgoing routes Disabling the router from receiving host routesRIP Network Adjustment and Optimization Setting RIP preferenceConfiguration Tasks Configuring RIP timersConfiguring split horizon Configuring RIP-1 packet zero field checkSetting RIP-2 packet authentication mode Configuring RIP to unicast RIP packetsRip authentication-mode Simple password md5Displaying and Maintaining RIP Configuration RIP Configuration ExampleTroubleshooting RIP Configuration Failed to Receive RIP UpdatesConfigure Switch B # Configure RIP Configure Switch C # Configure RIPIP Route Policy Configuration IP Route Policy OverviewIntroduction to IP Route Policy FiltersIP Route Policy Configuration Task List Route Policy ConfigurationFor ACL configuration, refer to the part discussing ACL Route policyDefining a Route Policy Defining if-match Clauses and apply ClausesIP Route Policy Configuration Example Displaying and Maintaining IP Route PolicyIf-match ip next-hop acl Apply cost valueConfiguration considerations SwitchC-acl-basic-2000 quit SwitchC acl number Configuration verification Troubleshooting IP Route Policy PrecautionsTable of Contents Protocol UDP port number UDP Helper ConfigurationIntroduction to UDP Helper Configuring UDP Helper UDP Helper Configuration Example # Enable UDP Helper on Switch aDisplaying and Maintaining UDP Helper Cross-Network Computer Search Through UDP HelperTable of Contents Appendix a Acronyms Medium Access Control Non Broadcast MultiAccessProtocol Independent Multicast-Dense Mode Protocol Independent Multicast-Sparse Mode