Manuals / 3Com / Computer Equipment / Switch

3Com WX3000 Timer and Maximum User Number Configuration, Dot1x max-user user-number

Models: WX3000

1 715

Page 235

z802.1x configurations take effect only after you enable 802.1x both globally and for specified ports.

zIf you enable 802.1x for a port, you cannot set the maximum number of MAC addresses that can be learnt for the port. Meanwhile, if you set the maximum number of MAC addresses that can be learnt for a port, it is prohibited to enable 802.1x for the port.

zIf you enable 802.1x for a port, it is not available to add the port to an aggregation group. Meanwhile, if a port has been added to an aggregation group, it is prohibited to enable 802.1x for the port.

zChanging the access control method on a port by the dot1x port-methodcommand will forcibly log out the online 802.1x users on the port.

zWhen the device itself operates as an authentication server, its authentication method for 802.1x users cannot be configured as EAP.

zHandshaking packets are used to test whether a user is online or not. Users need to run the proprietary iNode client software to respond to the handshaking packets.

zAs clients not running the iNode client software do not support the online user handshaking function, the device cannot receive handshaking acknowledgement packets from the client in handshaking periods. To prevent the user being falsely considered offline, you need to disable the online user handshaking function in this case.

zFor the handshaking packet secure function to take effect, the clients that enable the function need to cooperate with the authentication server. If either the clients or the authentication server does not support the function, disabling the handshaking packet secure function is needed.

Timer and Maximum User Number Configuration

Follow these steps to configure 802.1x timers and the maximum number of users:

To do…		Use the command…	Remarks
Enter system view		system-view	—

Set the	In	dot1x max-user user-number
Set the	system	dot1x max-user user-number
maximum	system	[ interface interface-list ]
maximum	view	[ interface interface-list ]
number of	view		Optional
number of
concurrent		interface interface-type
concurrent		interface interface-type	By default, a port can accommodate
on-line		interface-number	By default, a port can accommodate
on-line	In port	interface-number	up to 256 users at a time.
users for
users for
specified	view	dot1x max-user user-number
ports
ports		quit
		quit

			Optional
Set the maximum retry			By default, the maximum retry times
Set the maximum retry			to send a request packet is 2. That
times to send request		dot1x retry max-retry-value	is, the authenticator system sends a
packets			request packet to a supplicant
			system for up to two times by
			default.

1-14

Page 235

Image 235

3Com WX3000 Timer and Maximum User Number Configuration, Dot1x max-user user-number, Dot1x retry max-retry-value

Contents

Manual Version 6W100 3Com WX3000 Series Unified Switches Switching EngineEnvironmental Statement About This Manual Part ContentsOrganization Convention Description Boldface ConventionsItalic Manual Description Related DocumentationConvention Description Create FolderObtaining Documentation Table of Contents Command Hierarchy CLI ConfigurationIntroduction to the CLI Setting a user level switching password Switching User LevelsSwitching to a specific user level Configuration example Setting the Level of a Command in a Specific ViewSetting the level of a command in a specific view Quit or return CLI ViewsDisplay Execute Operation QuitPeer-public-key command Gigabitethernet commandVlan-interface command Region-configurationExecute the radius scheme Public-key-cOde end Public-key-code beginOnline Help CLI FeaturesVlan-vpn enable Execute Command should be firstPress Ctrl+C Command HistoryTerminal Display Partial online helpCommand Edit Error PromptsTab Press… To…Table of Contents Page Supported User Interfaces Logging In to the Switching EngineLogging In to the Switching Engine Introduction to the User InterfaceUser Interface Index Common User Interface ConfigurationDisplay web users Display users allDisplay user-interface Type number numberOAP Overview Logging In to the Switching Engine Through OAPPress Enter to enter user view of the switching engine Logging In Through OAPAddress of an OAP module Configure the management IPNot configured by default Oap management-ipReset the OAP software Resetting the OAP Software SystemOap reboot slot Introduction Common ConfigurationConfiguration Description Logging In Through TelnetAuthentication Telnet configuration Description Mode Telnet Configurations for Different Authentication ModesConfiguration Procedure Telnet Configuration with Authentication Mode Being NoneConfiguration procedure Configuration ExampleNetwork requirements User privilege level level Password Set authenticationPassword cipher Auto-execute commandCommands by default Set the history command bufferDefault history command Command buffer can store up toTelnet Configuration with Authentication Mode Being Scheme Protocol inbound all ssh Scheme commandAuthorization History-command max-sizeUser privilege level level command is Level level Service-typePrivilege # Create a local user named guest and enter local user view Telnetting to the Switching Engine from a Terminal Telnetting to the Switching EngineDeviceoap connect slot Connected to OAP Page Device telnet Logging In from the Web-Based Network Management System Vlan interface of the switching engine is assigned an IPUser name and password for logging in to the Web-based Network management system are configuredSetting Up a Web Configuration Environment 3The login page of the Web-based network management system Configuring the Login BannerBy default, no login banner is Header login textThrough Web Configured Ip http shutdown Follow these steps to enable/disable the WEB serverEnable the Web server Enabling/Disabling the WEB ServerLogging In from NMS Connection Establishment Using NMSRelated information Configuration in system view Configuring Source IP Address for Telnet Service PacketsConfiguring Source IP Address for Telnet Service Packets Configuration in user viewInterface-number Displaying Source IP Address ConfigurationPrerequisites Login mode Control method Implementation ReferenceUser Control Controlling Telnet UsersAcl acl-number inbound Match-order config autoAcl number acl-number Rule rule-id deny permitRule rule-id deny Controlling Telnet Users by Source MAC AddressesPermit rule-string Controlling Network Management Users by Source IP Addresses Controlling Network Management Users by Source IP AddressesControlling Web Users by Source IP Address 2Network diagram for controlling Snmp users using ACLsFree web-users all user-id Disconnecting a Web User by ForceControlling Web Users by Source IP Addresses Ip http acl acl-numberDevice ip http acl Table of Contents Format of configuration file Configuration File ManagementIntroduction to Configuration File Types of configurationModes in saving the configuration Management of Configuration FileSaving the Current Configuration Startup with the configuration fileThree attributes of the configuration file Erasing the Startup Configuration FileStartup saved-configuration Specifying a Configuration File for Next StartupAssign main attribute to the startup configuration file Assign backup attribute to the startup configuration fileDisplaying and Maintaining Device Configuration Table of Contents Vlan Overview Vlan OverviewIntroduction to Vlan How Vlan Works Advantages of VLANsVlan tag 2Encapsulation format of traditional Ethernet frames MAC address learning mechanism of VLANsVlan Interface Port-Based VlanVlan Classification Ethernet II and 802.2/802.3 encapsulation Protocol-Based VlanIntroduction to Protocol-Based Vlan Encapsulation Format of Ethernet Data6802.3 raw encapsulation format Extended encapsulation formats of 802.2/802.3 packetsEncapsulation Ethernet 802.3 raw 802.2 LLC Snap Protocol Procedure for the Switch to Judge Packet ProtocolEncapsulation Formats Implementation of Protocol-Based VlanPage Basic Vlan Configuration Vlan ConfigurationVlan Configuration Configuration Task ListConfiguration prerequisites Basic Vlan Interface ConfigurationDisplaying and Maintaining Vlan Port interface-list Configuring a Port-Based VlanConfiguring a Port-Based Vlan Protocol-Based Vlan Configuration Example# Create Vlan 201, and add GigabitEthernet 1/0/2 to Vlan # Configure GigabitEthernet 1/0/10 of Switch B# Create Vlan 201, and add GigabitEthernet 1/0/12 to Vlan Configuring a Protocol Template for a Protocol-Based Vlan Configuring a Protocol-Based VlanVlan vlan-id protocol-index Associating a Port with a Protocol-Based VlanInterface interface-type Interface-number Port hybrid protocol-vlanDisplay protocol-vlan vlan vlan id Displaying and Maintaining Protocol-Based VlanDisplay vlan vlan-id to vlan-id all Dynamic staticVlan Protocol-Type Table of Contents Introduction to the Auto Detect Function Auto Detect ConfigurationAuto Detect Basic Configuration Auto Detect ConfigurationPreference-value reject blackhole Auto Detect Implementation in Vlan Interface BackupAuto Detect Implementation in Static Routing Ip route-static ip-address maskVlan -id Auto Detect Configuration ExamplesStandby detect-group Is reachable # Configure a static route to Switch a# Create auto detected group Table of Contents Voice Vlan Overview Voice Vlan ConfigurationHow an IP Phone Works Agent 1Network diagram for IP phonesHow the Device Identifies Voice Traffic Configuring Operation Mode for Voice VlanNumber OUI address Vendor Support for Voice Vlan on Various Ports Processing mode of tagged packets sent by IP voice devicesPort type Supported or not Traffic type Mode Security Mode of Voice VlanPort voice Voice Configuration Prerequisites Voice Vlan ConfigurationConfiguring a Voice Vlan to Operate in Automatic Mode Voice vlan security Configuring a Voice Vlan to Operate in Manual ModeEnable Undo voice vlan modePort trunk pvid vlan Port trunk permit vlanPort hybrid vlan vlan-id Tagged untaggedVoice Vlan Configuration Example Automatic Mode Voice Vlan Configuration ExampleDisplaying and Maintaining Voice Vlan # Enable the voice Vlan function on GigabitEthernet 1/0/1 Voice Vlan Configuration Example Manual Mode# Enable the voice Vlan function globally # Configure GigabitEthernet 1/0/1 as a hybrid port# Display the status of the current voice Vlan # Create Vlan 2 and configure it as a voice Vlan# Configure GigabitEthernet 1/0/1 to operate in manual mode VerificationTable of Contents Garp messages and timers Gvrp ConfigurationIntroduction to Gvrp Garp message format Operating mechanism of GarpGarp packets are in the following format Field Description Value 1Format of Garp packetsEnabling Gvrp Gvrp ConfigurationProtocol Specifications Configuration PrerequisiteGvrp Configuring Gvrp TimersGarp timer leaveall Garp timer hold joinDisplaying and Maintaining Gvrp Configuring Gvrp Port Registration Mode# Enable Gvrp on GigabitEthernet 1/0/1 Gvrp Configuration ExampleGvrp Configuration Example Configure Switch a # Enable Gvrp globally# Enable Gvrp on GigabitEthernet 1/0/3 SwitchE-GigabitEthernet1/0/1 gvrp registration fixed Table of Contents Combo Ports Mapping Relations Basic Port ConfigurationEthernet Port Overview Types and Numbers of Ethernet PortsLink Types of Ethernet Ports Configuring the Default Vlan ID for an Ethernet PortVlan tag Configuring Ethernet PortsMaking Basic Port Configuration Adding an Ethernet Port to Specified VLANsConfiguring Port Auto-Negotiation Speed Broadcast-suppression Setting the Ethernet Port Broadcast Suppression RatioEnabling Flow Control on a Port Speed auto 10 100Configuring Hybrid Port Attribute Configuring Access Port AttributeConfiguring Trunk Port Attribute Disabling Up/Down Log Output on a Port Configuration tasksAggregation-group destination-agg-id Copying Port Configuration to Other PortsConfiguring a Port Group System-view Copy configuration source interface-typeSetting Loopback Detection for an Ethernet Port Loopback detection only on VLANs for the trunk and hybrid Configuring the Ethernet Port to Run Loopback TestConfigure the Ethernet port to run Loopback-detection per-vlanVirtual-cable-test Enabling the System to Test Connected CableFlow-interval interval Displaying and Maintaining Ethernet Ports Ethernet Port Configuration Example# Configure the default Vlan ID of GigabitEthernet 1/0/1 as Troubleshooting Ethernet Port ConfigurationTable of Contents Introduction to Link Aggregation Link Aggregation ConfigurationIntroduction to Lacp Port status in manual aggregation group Operation KeyManual Aggregation Group Introduction to manual aggregation groupIntroduction to static Lacp aggregation Static Lacp Aggregation GroupPort status of static aggregation group Port status of dynamic aggregation group Configuring system priorityDynamic Lacp Aggregation Group Introduction to dynamic Lacp aggregation groupAggregation Group Categories Configuring port priorityConfiguring a Manual Aggregation Group Link Aggregation ConfigurationAgg-id Configuring a Static Lacp Aggregation GroupDescription agg-name Port link-aggregation groupLacp system -priority Configuring a Dynamic Lacp Aggregation GroupSystem-priority Displaying and Maintaining Link Aggregation Link Aggregation Configuration ExampleSwitch a Link aggregation Switch B Page Table of Contents Introduction to Port Isolation Port Isolation ConfigurationPort Isolation Configuration Port Isolation OverviewDisplaying and Maintaining Port Isolation Port Isolation Configuration ExampleDevice-GigabitEthernet1/0/4 quit device Table of Contents Introduction Port Security ConfigurationPort Security Features Port Security OverviewNeither Security mode Description FeatureThis mode Port Security ModesSecurity mode Description Feature Enabling Port Security Port Security ConfigurationComplete the following tasks to configure port security Follow these steps to enable port securityCount-value Setting the Port Security ModePort-security oui OUI-value UserLoginWithOUI mode, a Port-security max-mac-countConfiguring the NTK feature Configuring Port Security FeaturesConfiguring the Trap feature Configuring intrusion protectionConfiguring Security MAC Addresses Port Security Configuration Example Displaying and Maintaining Port Security Configuration# Enter GigabitEthernet 1/0/1 port view HostSwitch# Enable port security # Set the port security mode to autolearnPort Binding Overview Port Binding ConfigurationDisplaying and Maintaining Port Binding Configuration Configuring Port BindingConfigure switch a as follows # Enter system view Port Binding Configuration ExampleTable of Contents Dldp Overview Dldp ConfigurationDldp status Dldp FundamentalsStatus Description Interval of sending advertisement packets, which can be Dldp timersDldp works with the following timers 2DLDP timers Timer DescriptionEntry aging Timer expire Dldp operating modeEnhanced timer then sends one probe packets every one Mode During neighborDldp status Packet types Packet type Processing procedureNo Echo packet received from Processing procedure Neighbor 4Types of packets sent by DldpDldp neighbor state Dldp ConfigurationPrecautions During Dldp Configuration Dldp Configuration TasksResetting Dldp Status This command only applies to the ports in Dldp down status Reset the Dldp status of a port Dldp resetDldp Network Example # Display the Dldp status # Enable Dldp globally# Configure Dldp to work in enhanced mode # Set the interval of sending Dldp packets to 15 secondsTable of Contents Introduction to MAC Address Table MAC Address Table ManagementIntroduction to MAC Address Learning 1MAC address learning diagram Aging of MAC address table Managing MAC Address TableEntries in a MAC address table Configuring MAC Address Table ManagementSystem-view Mac-address static dynamic Configuring a MAC Address EntryAdding a MAC address entry in system view Adding a MAC address entry in Ethernet port viewMac-address timer aging Setting the Aging Time of MAC Address EntriesAge no-aging Max-mac-count Disabling MAC Address learning for a VlanMac-address Max-mac-count countDisplay mac-address Configuration ExampleDisplaying and Maintaining MAC Address Table Adding a Static MAC Address Entry ManuallyTable of Contents Page STP Overview Mstp ConfigurationSTP Overview All the ports on the root bridge are designated ports Classification Designated bridge Designated portStep Description How STP worksStep Description Device Port name Bpdu of port Device Comparison process Bpdu of port after 5Comparison process and result on each deviceDevice Comparison process Bpdu of port after 3The final calculated spanning tree Disadvantages of STP and Rstp Features of MstpMstp Overview Background of MstpMST region Basic Mstp TerminologiesPort role Vlan mapping tableRegion root Common root bridgeMSTP, a port can be in one of the following three states Port stateImplement STP algorithm Principle of MstpCalculate the Cist Calculate an MstiMstp Implementation on the Device Bpdu guard Loop guard TC-BPDU attack guard Bpdu packet drop Configuring Root BridgeComplete the following tasks to configure a root bridge STP-related StandardsConfiguring an MST Region # Verify the above configuration Stp instance instance-id root secondary Centi-secondsStp instance instance-id Configuring the Bridge Priority of the Current DeviceRequired Default bridge priority of a Current device Set the bridge priority forInterface-number compliance Stp interface interface-typeAuto dot1s legacy Legacy Configuring the Mstp Operation ModeStp mode stp rstp mstp Stp compliance auto dot1sConfiguring the Network Diameter of the Switched Network Configuring the Maximum Hop Count of an MST RegionStp max-hops hops Stp timer max-age Configuring the Mstp Time-related ParametersStp timer forward-delay Stp timer helloConfiguring the Timeout Time Factor Transmit-limit packetnum Stp interface interface-listStp transmit-limit packetnum Edged-port enable Configuring the Current Port as an Edge PortConfigure a port as an edge port in system view Configure a port as an edge port in Ethernet port viewForce-false auto Point-to-point force-trueStp point-to-point force-true Stp enableDisable Enabling MstpStp disable Configuring Leaf NodesTask Remarks Configuring a Port as an Edge Port Configuring the MST RegionDot1d-1998 dot1t legacy Configuring the Path Cost for a PortStandards for calculating path costs of ports Stp pathcost-standardConfiguration example a Configure the path cost for specific portsConfiguration example B Instance instance-id port Configuring Port PriorityConfigure port priority in system view Configure port priority in Ethernet port viewStp interface interface-list mcheck Performing mCheck OperationPerform the mCheck operation in system view Perform the mCheck operation in Ethernet port viewStp mcheck Configuring Guard FunctionsBpdu guard Root guardTC-BPDU attack guard Loop guardBpdu dropping Stp root-protection Configuring Bpdu GuardConfiguring Root Guard Root-protectionStp tc-protection Configuring Loop GuardConfiguring TC-BPDU Attack Guard Stp loop-protectionBpdu-drop any Configuring Digest SnoopingConfiguring Bpdu Dropping Interface interface-nameStp config-digest-snooping Configuring Digest SnoopingConfiguring Rapid Transition 6The Rstp rapid transition mechanism No-agreement-check Configuring Rapid TransitionStp no-agreement-check Configuring VLAN-VPN tunnel Configuring VLAN-VPN TunnelVlan-vpn tunnel Portlog STP Maintenance ConfigurationEnabling Log/Trap Output for Ports of Mstp Instance Stp instance instance idDisplaying and Maintaining Mstp Enabling Trap Messages Conforming to 802.1d StandardConfigure Switch a # Enter MST region view Mstp Configuration Example# Activate the settings of the MST region manually Configure Switch D # Enter MST region view Configure Switch B # Enter MST region viewConfigure Switch C # Enter MST region view # Configure the MST regionConfigure Switch C # Enable Mstp VLAN-VPN tunnel Configuration ExampleConfigure Switch a # Enable Mstp Configure Switch B # Enable Mstp# Configure GigabitEthernet 1/0/1 as a trunk port # Enable the VLAN-VPN tunnel function# Configure GigabitEthernet 1/0/2 as a trunk port Configure Switch D # Enable MstpTable of Contents Architecture of 802.1x Authentication 802.1x ConfigurationIntroduction to Valid direction of a controlled port Port access entityPort access control method Controlled port and uncontrolled portEncapsulation of EAPoL Messages Mechanism of an 802.1x Authentication SystemFormat of an EAPoL packet Format of an EAP packet Fields added for EAP authentication 802.1x Authentication ProcedureEAP relay mode Describes the basic EAP-MD5 authentication procedure EAP terminating mode 9802.1x authentication procedure in EAP terminating mode Timers UsedChecking the supplicant system Additional 802.1x Features ImplementedGuest Vlan function Checking the client versionEnabling 802.1x re-authentication Introduction to 802.1x ConfigurationConfiguring Basic 802.1x Functions Basic 802.1x ConfigurationDot1x Dot1x port-control authorized-force Dot1x authentication-method chapDot1x handshake enable Dot1x interface interface-listDot1x max-user user-number Timer and Maximum User Number ConfigurationDot1x retry max-retry-value Configuring Proxy Checking Advanced 802.1x ConfigurationConfiguring Client Version Checking Dot1x port-method portbased Enabling DHCP-triggered AuthenticationConfiguring Guest Vlan Dot1x dhcp-launchConfiguring the 802.1x Re-Authentication Timer Configuring 802.1x Re-AuthenticationDot1x re-authenticate Displaying and Maintaining 802.1x Configuration Example# Enable 802.1x on GigabitEthernet 1/0/1 port # Enable 802.1x globally# Create a local access user account # Set the default user domain to be aabbcc.net# Create the domain named aabbcc.net and enter its view Quick EAD Deployment Overview Quick EAD Deployment ConfigurationConfiguring Quick EAD Deployment Introduction to Quick EAD DeploymentDot1x free-ip ip-address Configuring a free IP rangeSetting the ACL timeout period Dot1x url url-stringDisplaying and Maintaining Quick EAD Deployment Quick EAD Deployment Configuration ExamplePeriod is 30 minutes Solution TroubleshootingSystem-Guard Overview System-Guard ConfigurationConfiguring the System-Guard Feature Configuring the System-Guard FeatureDisplaying and Maintaining System-Guard Table of Contents Page Introduction to AAA AuthenticationAuthorization AAA OverviewIntroduction to ISP Domain Introduction to AAA ServicesWhat is Radius Accounting1Databases in a Radius server Basic message exchange procedure in RadiusClient transmits this message to the server to determine if Radius message formatCode Message type Message description Direction client-serverType field value Attribute type Introduction to Hwtacacs What is Hwtacacs5Network diagram for a typical Hwtacacs application Basic message exchange procedure in Hwtacacs6AAA implementation procedure for a telnet user Page AAA Configuration Task List AAA ConfigurationConfiguration Introduction Creating an ISP Domain and Configuring Its Attributes Self-service-url disable Configuring an AAA Scheme for an ISP DomainConfiguring a combined AAA scheme Messenger time enable limitHwtacacs-scheme Configuring separate AAA schemesDomain isp-name Radius-scheme-name localLocal local none Authorization none Configuring Dynamic Vlan AssignmentAccounting none Integer string Configuring the Attributes of a Local UserDomain isp-name Vlan-assignment-modeAccess-limit Password-display-modeService-type ftp lan-access Authorization vlan stringCut down user Radius Configuration Task ListCutting Down User Connections Forcibly Follow these steps to cut down user connections forciblyServers ConfiguringRadius scheme Configuring Radius Authentication/Authorization ServersRadius client enable Creating a Radius SchemeIp-address port-number Configuring Radius Accounting ServersPrimary authentication Secondary authenticationRetry stop-accounting Configuring Shared Keys for Radius MessagesSecondary accounting Stop-accounting-bufferKey authentication string Configuring the Type of Radius Servers to be SupportedKey accounting string Server-type extended Configuring the Status of Radius ServersOptional Servers to be supported Block active State primary authenticationAuthentication block Calling-station-id modeLocal-server nas-ip ip-address Configuring the Local Radius Authentication Server FunctionLocal-server enable Key passwordConfiguring Timers for Radius Servers Enabling the User Re-Authentication at Restart Function Accounting-on enable send Hwtacacs Configuration Task ListTimes interval interval Creating a Hwtacacs Scheme Configuring Tacacs Authentication ServersHwtacacs scheme Ip-address port Configuring Tacacs Authorization ServersPrimary authorization Secondary authorizationFunction is enabled Number of transmission Configuring Tacacs Accounting ServersConfiguring Shared Keys for Hwtacacs Messages Follow these steps to configure Tacacs accounting serversData-flow-format packet Authentication stringKey accounting Mega-byteOptional By default, the real-time Interval Configuring the Timers Regarding Tacacs ServersScheme exists Set the response timeout time Optional By default, the response timeout Tacacs serversDisplaying and maintaining AAA information Displaying and Maintaining AAADisplaying and maintaining Radius protocol information Remote Radius Authentication of Telnet/SSH Users AAA Configuration ExamplesDisplaying and maintaining Hwtacacs protocol information # Associate the ISP domain with the Radius scheme # Adopt AAA authentication for Telnet users# Configure an ISP domain # Configure a Radius scheme# Create and configure a local user named telnet Local Authentication of FTP/Telnet Users# Configure the domain name of the Hwtacacs scheme to hwtac Hwtacacs Authentication and Authorization of Telnet UsersPossible reasons and solutions Troubleshooting AAATroubleshooting Radius Configuration Troubleshooting Hwtacacs ConfigurationIntroduction to EAD EAD ConfigurationTypical Network Application of EAD Ip-address EAD ConfigurationEAD Configuration Example Security-policy-server# Associate the domain with the Radius scheme # Configure the IP address of the security policy serverTable of Contents Performing MAC Authentication Locally MAC Authentication ConfigurationMAC Authentication Overview Performing MAC Authentication on a Radius ServerRelated Concepts Configuring Basic MAC Authentication FunctionsMAC Authentication Timers Mac-authenticationUppercase fixedpassword password Mac-authentication interfaceMac-authentication Quit Mac-authentication authmodeConfiguring a Guest Vlan MAC Address Authentication Enhanced Function ConfigurationGuest-vlan vlan-id Mac-authentication timerGuest-vlan-reauth interval MAC address authentication Number of MAC address Configure the maximum numberMax-auth-num user-number Reset mac-authentication statistics Displaying and Maintaining MAC AuthenticationMAC Authentication Configuration Example Display mac-authentication# Add an ISP domain named aabbcc.net # Add a local user Specify the username and passwordSet the service type to lan-access # Specify to perform local authenticationTable of Contents Net-id IP Addressing ConfigurationIP Addressing Overview IP Address ClassesSubnetting and Masking Special Case IP AddressesClass Address range Remarks Ip address ip-address mask Configuring IP AddressesMask-length sub Network requirement IP Address Configuration ExamplesIP Address Configuration Example Displaying and Maintaining IP Addressing4Network diagram for IP address configuration Page Configuring IP Performance IP Performance ConfigurationIP Performance Overview Disabling Sending of Icmp Error Packets Displaying and Maintaining IP Performance Configuration Table of Contents IP Address Assignment Policy Dhcp OverviewIntroduction to Dhcp Dhcp IP Address AssignmentObtaining IP Addresses Dynamically Updating IP Address Lease Dhcp Packet FormatProtocols and Standards Dhcp Relay Agent Fundamentals Dhcp Relay Agent ConfigurationIntroduction to Dhcp Relay Agent Usage of Dhcp Relay AgentDhcp Relay Agent Support for Option Padding content of OptionIntroduction to Option Mechanism of Option 82 supported on Dhcp relay agent 2Padding contents for sub-option 1 of OptionIp-address &1-8 Configuring the Dhcp Relay AgentDhcp Relay Agent Configuration Task List Dhcp-server groupNo ipConfiguring address checking Configuring Dhcp Relay Agent Security FunctionsMac-address Address-check enableDhcp relay hand enable Dhcp-security static ip-addressPrerequisites Configuring the Dhcp Relay Agent to Support OptionConfiguring the Dhcp relay agent to support Option Enabling unauthorized Dhcp server detectionDhcp Relay Agent Configuration Example Displaying and Maintaining Dhcp Relay Agent ConfigurationAnalysis Troubleshooting Dhcp Relay Agent ConfigurationSymptom SolutionPage Dhcp Snooping Overview Dhcp Snooping ConfigurationFunction of Dhcp Snooping Overview of Dhcp Snooping Option Padding content and frame format of Option2Extended format of the circuit ID sub-option Mechanism of DHCP-snooping OptionOverview of IP Filtering Dhcp-snooping information format command orSub-option configuration Dhcp snooping device will… Dhcp-snooping information format command or the default HEXIP static binding table Dhcp Snooping ConfigurationConfiguring Dhcp Snooping DHCP-snooping tableRequired Specify the current port as a Configuring Dhcp Snooping to Support OptionDHCP-Snooping Option 82 Support Configuration Task List Enable DHCP-snooping Option 82 supportStrategy drop keep replace Configure a handling policy for Dhcp packets with OptionConfigure the storage format of Option Dhcp-snooping informationString Configure the circuit ID sub-optionConfigure the remote ID sub-option Vlan vlan-id circuit-id stringVlan vlan-id remote-id Configuring IP FilteringConfigure the padding format for Option Remote-id sysname stringDHCP-Snooping Option 82 Support Configuration Example Dhcp Snooping Configuration Example# Specify GigabitEthernet 1/0/5 as the trusted port IP Filtering Configuration Example# Enable Dhcp snooping on Switch # Enable DHCP-snooping Option 82 support# Specify GigabitEthernet 1/0/1 as the trusted port 7Network diagram for IP filtering configurationDisplay ip source static Displaying and Maintaining Dhcp Snooping ConfigurationDisplay dhcp-snooping TrustFollow these steps to configure a DHCP/BOOTP client DHCP/BOOTP Client ConfigurationIntroduction to Bootp Client Configuring a DHCP/BOOTP ClientIp address bootp-alloc Dhcp Client Configuration ExampleDhcp-alloc Display related information on a Displaying and Maintaining DHCP/BOOTP Client ConfigurationDisplay bootp client interface Bootp clientTable of Contents ACL Overview ACL ConfigurationACL Matching Order Being applied to the hardware directly Ways to Apply an ACL on a DeviceDepth-first match order for rules of a basic ACL Depth-first match order for rules of an advanced ACLConfiguring Time Range ACL ConfigurationTypes of ACLs Supported by Devices End-time end-date to end-time end-date Time-range time-name start-time to end-timeDays-of-the-week from start-time start-date to End-time end-date from start-time start-date toAuto config Configuring Basic ACLRule-string Rule-string , refer to ACL Command Rule rule-id permit deny Configuring Advanced ACLMatch-order auto config Rule-string , refer to ACL CommandRule-string Refer to ACL Command Configuring Layer 2 ACLACL Assignment Packet-filter inbound acl-rule Configure procedureAssigning an ACL Globally Assigning an ACL to a VlanSystem-view Packet-filter vlan vlan-id Assigning an ACL to a Port GroupInbound acl-rule Assigning an ACL to a Port Displaying and Maintaining ACLExamples for Upper-layer Software Referencing ACLs Example for Controlling Telnet Login Users by Source IPExample for Controlling Web Login Users by Source IP SwitchPCAdvanced ACL Configuration Example Basic ACL Configuration ExampleExamples for Applying ACLs to Hardware # Apply ACL 3000 on GigabitEthernet 1/0/1 Layer 2 ACL Configuration Example# Apply ACL 4000 on GigabitEthernet 1/0/1 Example for Applying an ACL to a Vlan# Apply ACL 3000 to Vlan Table of Contents Page New Applications and New Requirements QoS ConfigurationTraditional Packet Forwarding Service Introduction to QoSMajor Traffic Control Techniques QoS Supported by DevicesTraffic Classification IP precedence, ToS precedence, and Dscp precedence PrecedenceIP Precedence decimal IP Precedence binary Description Dscp value decimal Dscp value binary Description 802.1p priority802.1p priority decimal 802.1p priority binary Description Priority Trust ModeTrusting the Dscp precedence Trusting the 802.1p precedenceDscp precedence Target Dscp precedence Token bucket Protocol PriorityPriority Marking Traffic Policing and Traffic ShapingTraffic policing Evaluating the traffic with the token bucketTraffic shaping Vlan Mapping Traffic RedirectingQueue Scheduling SP queuing 7Diagram for SP queuingSdwrr Burst QoS ConfigurationQoS Configuration Task List Flow-based Traffic AccountingPriority-trust dscp automap Configuring Priority Trust ModePriority priority-level Priority-trust cos automapQos cos-local-precedence-map Configuring Priority MappingQos cos-drop-precedence-map Qos dscp-cos-map dscp-list cos-value Qos cos-dscp-map cos0-map-dscpQos dscp-local-precedence-map dscp-list Qos dscp-drop-precedence-map dscp-listPage Ip-precedence Setting the Priority of Protocol PacketsSystem-view Protocol-priority Protocol-typeTraffic-priority vlan vlan-id inbound acl-rule Marking Packet PriorityTraffic-priority inbound acl-rule dscp Dscp-value cos cos-valueRequired Matching specific ACL rules Configuring Traffic PolicingConform con-action exceed Reset traffic-limit inbound acl-ruleReset traffic-limit vlan vlan-id inbound Traffic-limit inbound acl-rule target-rateDisabled Clear the traffic Configuring Traffic ShapingView Configure traffic By default, traffic policing is PolicingTraffic-redirect inbound acl-rule interface Configuring Traffic RedirectingConfiguration examples Traffic-shape queueTraffic-redirect vlan vlan-id inbound acl-rule Acl-rule remark-vlan vlan-id Configuring Vlan MappingConfiguring Queue Scheduling Traffic-remark-vlanid inboundQueue-scheduler wrr group1 Queue-id queue-weight &1-8Group2 queue-id queue-weight Undo queue-scheduler queue-idTraffic-statistic inbound acl-rule Reset traffic-statistic inboundCollecting/Clearing Traffic Statistics Collect the statistics on Packets matching specific ACLReset traffic-statistic inbound acl-rule Reset traffic-statistic vlan vlan-idTraffic-statistic vlan vlan-id Refer to Burst for information about the burst function Configuring Traffic MirroringFollow these steps to enable the burst function Enabling the Burst FunctionMirrored-to vlan vlan-id Monitor-portMirrored-to inbound acl-rule Monitor-interfaceRequired Destination port Exit current view Traffic mirroring configurationRequired Mirroring for packets that Displaying and Maintaining QoS Configuration Example of Traffic Policing QoS Configuration ExamplePage Manual application mode QoS Profile ConfigurationQoS Profile Application Mode Dynamic application modeApplying a QoS Profile QoS Profile ConfigurationQoS Profile Configuration Task List Configuring a QoS ProfileSystem-view Apply qos-profile Displaying and Maintaining QoS ProfileQos-profile port-based Undo qos-profile port-based1Network diagram for QoS profile configuration QoS Profile Configuration Example# Enable Table of Contents Mirroring Overview Mirroring ConfigurationRemote Port Mirroring Local Port Mirroring1Ports involved in the mirroring operation Switch Ports involved FunctionMAC-Based Mirroring VLAN-Based MirroringConfiguring Local Port Mirroring Mirroring ConfigurationConfiguration on the device acting as a source switch Configuring Remote Port MirroringConfiguration on the device acting as a destination switch Monitor-port monitor-port Configuring MAC-Based MirroringRemote-probe-vlan-id Remote-destinationLocal remote-source Configuring VLAN-Based MirroringMirroring-group group-id Mirroring-mac mac vlan Mirroring-group group-id Mirroring-vlan vlan-id Mirroring Configuration ExampleLocal Port Mirroring Configuration Example Displaying and Maintaining Port MirroringConfigure Switch C # Create a local mirroring group Remote Port Mirroring Configuration Example# Configure Vlan 10 as the remote-probe Vlan 4Network diagram for remote port mirroring# Configure Vlan 10 as the remote-probe Vlan Page Table of Contents ARP Message Format ARP ConfigurationIntroduction to ARP ARP FunctionProteon ProNET Token Ring Field DescriptionValue Description Experimental EthernetChaos ARP entry Generation Method Maintenance ModeARP Table ARP ProcessMan-in-the-middle attack Introduction to ARP Attack DetectionARP attack detection Introduction to Gratuitous ARP Configuring ARPConfiguring ARP Basic Functions Arp timer aging aging-timeArp detection trust Configuring ARP Attack DetectionArp check enable Arp detection enableArp restricted-forwarding Configuring Gratuitous ARPGratuitous-arp-learning Displaying and Maintaining ARP ARP Configuration ExampleARP Basic Configuration Example ARP Attack Detection Configuration Example# Enable ARP attack detection on all ports in Vlan # Enable Dhcp snooping on Switch aTable of Contents Snmp Versions Snmp ConfigurationSnmp Overview Snmp Operation MechanismPublic MIB MIB attribute MIB content Related RFCSupported MIBs MIB II based on TCP/IP network device RFCSnmp-agent sys-info Configuring Basic Snmp FunctionsConfiguring basic Snmp functions for SNMPv1 or SNMPv2c Snmp-agentConfiguring basic Snmp functions for SNMPv3 Configuring Basic Trap Configuring Trap ParametersConfiguring Extended Trap Displaying and Maintaining Snmp Snmp Configuration ExamplesSnmp Configuration Examples Enabling Logging for Network Management2Network diagram for Snmp configuration Network procedureConfiguring the NMS Introduction to Rmon Rmon ConfigurationWorking Mechanism of Rmon Commonly Used Rmon Groups Rmon Configuration Configuration procedures Rmon Configuration ExamplesDisplaying and Maintaining Rmon # Display the Rmon extended alarm entry numbered Table of Contents Multicast Overview Information Transmission in the Unicast ModeMulticast Overview 1Information transmission in the unicast mode Information Transmission in the Broadcast Mode2Information transmission in the broadcast mode Information Transmission in the Multicast ModeRoles in Multicast 3Information transmission in the multicast modeApplication of multicast Multicast ModelsAdvantages and Applications of Multicast Advantages of multicastSSM model Multicast ArchitectureASM model SFM modelClass D address range Description IP multicast addressReserved multicast addresses IP addresses for permanent Ethernet multicast MAC address Layer 3 multicast protocols Multicast Protocols5Positions of Layer 3 multicast protocols Layer 2 multicast protocolsImplementation of the RPF Mechanism Multicast Packet Forwarding Mechanism7RPF check process RPF CheckPage Basic Concepts in Igmp Snooping Igmp Snooping ConfigurationIgmp Snooping Overview Principle of Igmp SnoopingWork Mechanism of Igmp Snooping Timer Description Message before Action after expiry ExpiryWhen receiving a membership report When receiving a general queryWhen receiving a leave message Igmp Snooping Configuration Task List Igmp Snooping ConfigurationComplete the following tasks to configure Igmp Snooping Igmp-snooping version Configuring the Version of Igmp SnoopingIgmp-snooping enable Enabling Igmp SnoopingConfiguring Fast Leave Processing Configuring TimersEnabling fast leave processing in system view Enabling fast leave processing in Ethernet port view Configuring a Multicast Group FilterEnable fast leave processing Required By default, the fast leave For specific VLANsAcl-number vlan vlan-list Configuring a multicast group filter in system viewConfiguring a multicast group filter in Ethernet port view Igmp -snooping group -policyIgmp-snooping group-limit limit Configuring Igmp QuerierVlan vlan list overflow-replace Suppressing Flooding of Unknown Multicast Traffic in a Vlan Configuring Static Member Port for a Multicast GroupMulticast static-group Configuring a Static Router PortEthernet port view Vlan interface viewSource-ip source-address Configuring a Port as a Simulated Group MemberVlan view Igmp host-join group-addressConfiguring Multicast Vlan Configuring a Vlan Tag for Query MessagesVlan-mapping vlan Port trunk permit vlan vlan-list Igmp enableService-type multicast Hybrid Port hybrid vlan vlan-id-listConfiguring Igmp Snooping Igmp Snooping Configuration ExamplesDisplaying and Maintaining Igmp Snooping Configure Switch a # Enable Igmp Snooping globally 3Network diagram for Igmp Snooping configurationInterface IP address of Vlan 20 is Device Device description Networking descriptionGigabitEthernet 1/0/1 is connected to the workstation # Configure Vlan 4Network diagram for multicast Vlan configurationSymptom Multicast function does not work on the device Troubleshooting Igmp SnoopingMac-address multicast Common Multicast ConfigurationCommon Multicast Configuration Configuring a Multicast MAC Address EntryDisplay mac-address multicast Displaying and Maintaining Common Multicast ConfigurationConfiguring Dropping Unknown Multicast Packets Unknown-multicast dropTable of Contents Introduction to NTP NTP ConfigurationApplications of NTP Implementation Principle of NTP 1Implementation principle of NTP NTP Implementation ModesSymmetric peer mode Server/client modeBroadcast mode NTP implementation Configuration on the device Mode Multicast modeComplete the following tasks to configure NTP NTP Configuration Task ListConfiguring NTP Implementation Modes Configuring NTP Server/Client ModeConfiguring the NTP Symmetric Peer Mode NTP broadcast server Configuring NTP Broadcast ModeConfigure the device to work Ntp-service broadcast-serverConfiguring the device to work in the multicast server mode Configuring NTP Multicast ModeConfiguring the device to work in the multicast client mode Server synchronization Configuring Access Control RightConfiguring NTP Authentication Ntp-service access peerRole of device Working mode Configuring NTP authentication on the clientConfiguring NTP authentication on the server While Configuring Configuring Optional NTP ParametersConfigure on NTP Broadcast Server Mode and NTP multicast BroadcastMax-dynamic-sessions Displaying and Maintaining NTP ConfigurationNTP Configuration Examples Disabling an Interface from Receiving NTP messages# Set Device a as the NTP server of Device B Configure Device C # Set Device a as the NTP server Configuring NTP Symmetric Peer Mode# Set Device C as the peer of Device B 8Network diagram for the NTP broadcast mode configuration # Set Device a as a broadcast client Configure Device C # Enter system view9Network diagram for NTP multicast mode configuration Configure Device B # Enter system view Configuring NTP Server/Client Mode with Authentication# Enable the NTP authentication function # Specify the key 42 as a trusted key Table of Contents Algorithm and Key SSH ConfigurationSSH Overview Introduction to SSHSSH Operating Process Asymmetric Key AlgorithmStages Description Version negotiation Authentication negotiationKey negotiation Session request Configuring the SSH ServerData exchange Command-authorization SSH Server Configuration TasksConfiguring the Protocol Support for the User Interface Authentication-mode schemeGenerating/Destroying a RSA or DSA Key Pair Exporting the RSA or DSA Public Key Creating an SSH User and Specify an Authentication TypeStelnet sftp all Specifying a Service Type for an SSH UserConfiguring SSH Management Ssh user username service-typeConfiguring the Client Public Key on the Server Peer-public-key end Public-key-code endRsa peer-public-key keyname Publickey rsa-key keyname Assigning a Public Key to an SSH UserSpecifying a Source IP Address/Interface for the SSH Server Ssh user username assignSSH Client Configuration Tasks Configuring the SSH ClientConfiguring the SSH Client Using an SSH Client Software 2Generate a client key Generate a client key4Generate the client keys Launch PuTTY.exe. The following window appears Specify the IP address of the ServerSelect an SSH version Select a protocol for remote connectionAs shown in -7, select SSH under Protocol 8SSH client configuration interface Open an SSH connection with publickey authentication10SSH client interface Open an SSH connection with password authentication Configuring the SSH Client on an SSH2-Capable DeviceConfigure whether first-time authentication is supported Establish the connection between the SSH client and server Ssh2 source-interface Displaying and Maintaining SSH ConfigurationSpecifying a Source IP address/Interface for the SSH client Ssh2 source-ip ip-address# Enable the user interfaces to support SSH SSH Configuration Examples# Generate RSA and DSA key pairs Page 14SSH client interface # Assign the public key Switch001 to client client001 # Set the client’s command privilege level toPage 18Generate a client key pair Page 22SSH client interface Device system-view Device interface vlan-interface # Establish a connection to the server # Assign the public key Switch001 to user client001 # Set the user command privilege level to# Generate a DSA key pair 25Network diagram of SSH client configuration # Configure the user interfaces to support SSH # Set AAA authentication on user interfaces# Assign public key Switch001 to user client001 # Establish the SSH connection to server # Specify the host public key pair name of the serverTable of Contents Introduction to File System File System Management ConfigurationFile System Configuration File System Configuration TasksFile Operations Format device Prompt Mode ConfigurationFlash Memory Operations Execute filenameFile prompt alert quiet File System Configuration ExampleAttribute Description Feature Identifier File Attribute ConfigurationIntroduction to File Attributes Configuring File Attributes Table of Contents Description Remarks FTP and Sftp ConfigurationIntroduction to FTP and Sftp Introduction to FTPIntroduction to Sftp FTP ConfigurationFTP Configuration The Device Operating as an FTP Server Service-type ftpFtp timeout minutes Configuring connection idle timeEnabling an FTP server Ftp disconnect user-name Disconnecting a specified userFtp-server source-interface Ftp-server source-ip ip-addressConfiguring the banner for an FTP server Basic configurations on an FTP client FTP Configuration The Device Operating as an FTP ClientDisplaying FTP server information Close CdupLcd DisconnectConfiguration Example The Device Operating as an FTP Server # Upload the config.cfg file. ftp put config.cfg FTP Banner Display Configuration Example 4Network diagram for FTP banner display configuration # Enter the authorized directory on the FTP server Follow these steps to enable an Sftp server Sftp ConfigurationSftp Configuration The Device Operating as an Sftp Server Complete the following tasks to configure SftpTime for the Sftp server Minutes by default Sftp Configuration The Device Operating as an Sftp ClientBasic configurations on an Sftp client Ftp timeout time-out-valueRemove remote-file Help all command-nameSftp host-ip host-name Delete remotefileDisplay sftp source-ip Sftp Configuration ExampleSftp source-interface Sftp source-ip ip-address# Create a local user client001 # Specify the SSH authentication mode as AAA# Specify the service type as Sftp # Enable the Sftp serverSftp-client # Exit Sftp Introduction to Tftp Tftp ConfigurationTftp Configuration Complete the following tasks to configure TftpTftp-server acl acl-number Tftp Configuration The Device Operating as a Tftp ClientBasic configurations on a Tftp client Tftp ascii binaryDisplay tftp source-ip Tftp Configuration ExampleTftp source-interface Tftp source-ip ip-addressDevice tftp 1.1.1.2 get config.cfg config.cfg Table of Contents Classification of system information Information CenterInformation Center Overview Introduction to Information CenterTen channels and six output directions of system information Module name Description Outputting system information by source moduleSystem Information Format Timestamp PrioritySysname Introduction to the Information Center Configuration Tasks Information Center ConfigurationSet for the system Configuring Synchronous Information OutputSetting to output system information to the console Setting to Output System Information to the ConsoleTerminal logging Enabling system information display on the consoleTerminal monitor Terminal debuggingInfo-center monitor channel Setting to Output System Information to a Monitor TerminalSetting to output system information to a monitor terminal Enabling system information display on a monitor terminalInfo-center loghost Setting to Output System Information to a Log HostInfo-center loghost source Info-center source Setting to Output System Information to the Trap BufferSetting to Output System Information to the Log Buffer Info-center trapbufferInfo-center logbuffer Setting to Output System Information to the Snmp NMSInfo-center snmp channel Displaying and Maintaining Information Center Information Center Configuration ExamplesLog Output to a Unix Log Host # mkdir /var/log/Switch # touch /var/log/Switch/information Log Output to a Linux Log Host 2Network diagram for log output to a Linux log hostLog Output to the Console 3Network diagram for log output to the console4Network diagram # Enable terminal displayTable of Contents Introduction to Loading Approaches Host Configuration File LoadingRemote Loading Using FTP Loading procedure using FTP clientRestart Switch Loading procedure using FTP server2Remote loading using FTP server Use the put command to upload the file config.cfg to Switch Remote Loading Using Tftp Basic System Configuration Basic System Configuration and DebuggingDisplay clock Displaying the System StatusDebugging the System Enabling/Disabling System DebuggingDisplaying Operating Information about Modules in System Displaying Debugging StatusTracert Network Connectivity TestNetwork Connectivity Test PingDevice Management Device Management ConfigurationDevice Management Configuration Tasks Rebooting the DeviceSchedule reboot regularity Scheduling a Reboot on the DeviceSchedule reboot at hhmm Schedule reboot delayIntroduction to pluggable transceivers Identifying and Diagnosing Pluggable TransceiversIdentifying pluggable transceivers Diagnosing pluggable transceivers Table of Contents VLAN-VPN Overview VLAN-VPN ConfigurationIntroduction to VLAN-VPN Implementation of VLAN-VPN Adjusting the Tpid Values of VLAN-VPN PacketsEnabling the VLAN-VPN Feature for a Port VLAN-VPN ConfigurationProtocol type Value Vlan-vpn tpid value Tpid Adjusting ConfigurationVlan-vpn uplink enable Displaying and Maintaining VLAN-VPN4Network diagram for VLAN-VPN configuration VLAN-VPN Configuration ExampleData transfer process SwitchA vlan-vpn tpidPage Selective QinQ Overview Selective QinQ ConfigurationSelective QinQ Overview Vlan-vpn vid vlan-id Selective QinQ ConfigurationEnabling the Selective QinQ Feature for a Port Inner-to-Outer Tag Priority MappingVlan-vpn priority Selective QinQ Configuration ExampleConfiguring the Inner-to-Outer Tag Priority Mapping Feature Processing Private Network Packets by Their Types# Enable the VLAN-VPN feature on GigabitEthernet 1/0/3 2Network diagram for selective QinQ configurationSwitchA-GigabitEthernet1/0/3 vlan-vpn enable Page Table of Contents HWPing Overview HWPing ConfigurationIntroduction to HWPing Test parameter Description Test Types Supported by HWPingHWPing Test Parameters Supported test types DescriptionDns Username and passwordDns-server Configuration on a HWPing Server HWPing ConfigurationHWPing server configuration tasks HWPing server configuration HWPing Client ConfigurationHWPing client configuration Datasize size Timeout timeTest-enable Count timesSource-port port-number Test-type dhcpTest-type ftp Filename file-name Password passwordFtp-operation get put Username nameHttp-operation get post Destination-ip command toDns-server ip-address Test-type httpTest-type jitter Destination-portJitter-interval interval Jitter-packetnum numberTest-type snmpquery This IP address and the one Configure the destination Configured on the HWPingServer for listening services Operation- tagTcppublic Hwping-serverTcpconnect ip-address7 Test-type tcpprivateUdppublic Test-type udpprivateAddress is specified Time Three seconds Optional Configure the service typeTest-type dns Configuring HWPing client to send Trap messages Icmp Test HWPing Configuration ExampleAdministrator-name operation-tag Displaying and Maintaining HWPing# Display test results Dhcp Test# Configure the test type as dhcp FTP Test # Configure the source IP address # Set the probe timeout time to 30 seconds# Configure the IP address of the Http server as # Configure the test type as httpHttp Test Jitter Test # Configure the IP address of the HWPing server as Network diagramConfigure HWPing Client Switch a # Enable the HWPing client # Configure the test type as jitterSnmp Test # Configure the test type as snmp 7Network diagram for the Snmp testTCP Test Tcpprivate Test on the Specified Ports 8Network diagram for the Tcpprivate test# Configure the test type as tcpprivate UDP Test Udpprivate Test on the Specified Ports # Configure the test type as udpprivateDNS Test # Configure the IP address of the DNS server as # Configure the test type as dnsIndex Table of Contents Resolution procedure DNS ConfigurationStatic Domain Name Resolution Dynamic Domain Name ResolutionConfiguring Static Domain Name Resolution Configuring Domain Name ResolutionDNS suffixes Configuring Dynamic Domain Name Resolution DNS Configuration ExampleStatic Domain Name Resolution Configuration Example 2Network diagram for static DNS configuration Dynamic Domain Name Resolution Configuration Example# Configure com as the DNS suffix # Configure the IP address 2.1.1.2 for the DNS serverDisplaying and Maintaining DNS Troubleshooting DNS ConfigurationTable of Contents Smart Link group Smart Link ConfigurationSmart Link Overview Basic Concepts in Smart LinkControl Vlan for sending flush messages Master portSlave port Flush messageComplete the following tasks to configure Smart Link Configuring Smart LinkOperating Mechanism of Smart Link Configuring a Smart Link Device Smart-link flush enable control-vlan vlan-id port Configuring Associated DevicesPrecautions Flush enable control-vlanImplementing Link Redundancy Backup Smart Link Configuration ExampleDisplaying and Maintaining Smart Link # Return to system view # Configure to send flush messages within VlanSwitchD system-view Introduction to Monitor Link Monitor Link ConfigurationHow Monitor Link Works 2Network diagram for a Monitor Link group implementationConfiguring the Uplink Port Configuring Monitor LinkCreating a Monitor Link Group Uplink Configuring a Downlink PortPort monitor-link group Displaying and Maintaining Monitor Link Monitor Link Configuration Example# Create Smart Link group 1 and enter Smart Link group view # Configure to send flush messages in VlanSwitchC monitor-link group Table of Contents Advantages of PoE PoE ConfigurationPoE Overview Introduction to PoEMaximum Power Provided by Each Electrical Port PoE ConfigurationPoE Features Supported by the Device PoE Configuration Task ListPoe max-power max-power Enabling the PoE Feature on a PortSetting the Maximum Output Power on a Port Poe enablePoe priority critical high Setting PoE Management Mode and PoE Priority of a PortSetting the PoE Mode on a Port Poe power-managementUpgrading the PSE Processing Software Online Configuring the PD Compatibility Detection FunctionPoe legacy enable Poe update refreshNetworking requirements PoE Configuration ExampleDisplaying and Maintaining PoE Configuration PoE Configuration Example# Upgrade the PSE processing software online 1Network diagram for PoEIntroduction to PoE Profile PoE Profile ConfigurationPoE Profile Configuration Configuring PoE ProfileAll-profile interface Displaying and Maintaining PoE Profile ConfigurationPoE Profile to Port Display poe-profilePoE Profile Application Example PoE Profile Configuration Example# Create Profile1, and enter PoE profile view # Display detailed configuration information for Profile2 # Display detailed configuration information for Profile1# Create Profile2, and enter PoE profile view Table of Contents Page Routing Table IP Routing Protocol OverviewIntroduction to IP Route and Routing Table IP RoutePage Routing Protocols and Routing Priority Routing Protocol OverviewStatic Routing and Dynamic Routing Classification of Dynamic Routing ProtocolsLoad sharing Load Sharing and Route BackupRoute backup Routing Information SharingDisplaying and Maintaining a Routing Table Introduction to Static Route Static Route ConfigurationStatic Route Default Route Static Route ConfigurationConfiguring a Static Route Displaying and Maintaining Static Routes Static Route Configuration Example# Approach 2 Configure a static route on Switch B Troubleshooting a Static Route# Approach 2 Configure a static route on Switch a # Approach 1 Configure static routes on Switch BRIP routing database RIP ConfigurationRIP Overview Basic ConceptsRIP Startup and Operation RIP timersRouting loops prevention Rip RIP Configuration Task ListBasic RIP Configuration Configuring Basic RIP FunctionsRIP Route Control Setting the RIP operating status on an interfaceSpecifying the RIP version on an interface Rip metricin value Configuring RIP Route ControlSetting the additional routing metrics of an interface Configuring RIP route summarizationDisabling the router from receiving host routes Configuring RIP to filter incoming/outgoing routesSetting RIP preference RIP Network Adjustment and OptimizationConfiguring RIP-1 packet zero field check Configuration TasksConfiguring RIP timers Configuring split horizonSimple password md5 Setting RIP-2 packet authentication modeConfiguring RIP to unicast RIP packets Rip authentication-modeRIP Configuration Example Displaying and Maintaining RIP ConfigurationConfigure Switch C # Configure RIP Troubleshooting RIP ConfigurationFailed to Receive RIP Updates Configure Switch B # Configure RIPFilters IP Route Policy ConfigurationIP Route Policy Overview Introduction to IP Route PolicyRoute policy IP Route Policy Configuration Task ListRoute Policy Configuration For ACL configuration, refer to the part discussing ACLDefining if-match Clauses and apply Clauses Defining a Route PolicyApply cost value IP Route Policy Configuration ExampleDisplaying and Maintaining IP Route Policy If-match ip next-hop aclConfiguration considerations SwitchC-acl-basic-2000 quit SwitchC acl number Configuration verification Precautions Troubleshooting IP Route PolicyTable of Contents Introduction to UDP Helper UDP Helper ConfigurationProtocol UDP port number Configuring UDP Helper Cross-Network Computer Search Through UDP Helper UDP Helper Configuration Example# Enable UDP Helper on Switch a Displaying and Maintaining UDP HelperTable of Contents Appendix a Acronyms Protocol Independent Multicast-Sparse Mode Medium Access ControlNon Broadcast MultiAccess Protocol Independent Multicast-Dense Mode

Timer and Maximum User Number Configuration

dot1x max-user user-number

quit

dot1x retry max-retry-value