3Com WX3000 3

3-1

3 System-Guard Configuration

System-Guard Overview

At first, you must determine whether the CPU is under attack to implement system guard for the CPU.

You should not determine whether the CPU is under attack just according to whether congestion occurs

in a queue. Instead, you must do that in the following ways:

z According to the number of packets processed in the CPU in a time range.

z Or according to the time for one hundred packets to be processed.

If the CPU is under attack, the rate of packets to be processed in the CPU in a certain queue will exceed

the threshold value. In this case, you can determine that the CPU is under attack. Through analyzing

these packets, you get to know the characteristics of the attack source, and then you can adopt different

filtering rules according the characteristics of the attack source. Thus, system guard is implemented.

Configuring the System-Guard Feature

Through the following configuration, you can enable the system-guard feature, set the threshold for the

number of packets when an attack is detected and the length of the isolation after an attack is detected.

Configuring the System-Guard Feature

Follow these steps to configure the system-guard feature:

To do… Use the command… Remarks

Enter system view system-view —

Enable the system-guard

feature system-guard enable Required

By default, the system-guard feature

is disabled.

Set the threshold for the

number of packets when

an attack is detected

system-guard

detect-threshold

threshold-value

Optional

The default threshold value is 200

packets.

Set the length of the

isolation after an attack is

detected

system-guard timer-interval

isolate-timer

Optional

By default, the length of the isolation

after an attack is detected is 10

minutes.

Contents

Main ENVIRONMENTAL STATEMENT End of Life Statement Regulated Materials Statement Environmental Statement about the Documentation About This Manual Organization Conventions Command conventions GUI conventions Symbols Related Documentation Obtaining Documentation Page 1 Introduction to the CLI Command Hierarchy Switching User Levels Setting a user level switching password Switching to a specific user level Configuration example Setting the Level of a Command in a Specific View Setting the level of a command in a specific view Configuration example CLI Views Page Page CLI Features Online Help Complete online help Partial online help Terminal Display Command History Error Prompts Command Edit Page Page Page 1 Logging In to the Switching Engine Introduction to the User Interface Supported User Interfaces User Interface Index Common User Interface Configuration Page 2 OAP Overview Logging In to the Switching Engine Through OAP Configuring the Management IP Address of the OAP Software System Configuring the Management IP Address of the OAP Software System on the Switching Engine Configuring the Management IP Address of the OAP Software System of the Access Control Engine Resetting the OAP Software System 3 Common Configuration Telnet Configurations for Different Authentication Modes Telnet Configuration with Authentication Mode Being None Page Telnet Configuration with Authentication Mode Being Password Page Telnet Configuration with Authentication Mode Being Scheme Page Page Page Telnetting to the Switching Engine Telnetting to the Switching Engine from a Terminal Page Telnetting to the Switching Engine from the Access Control Engine Page 4 Management System Setting Up a Web Configuration Environment Configuring the Login Banner Page Enabling/Disabling the WEB Server 5 Introduction Connection Establishment Using NMS 6 Packets Overview Configuring Source IP Address for Telnet Service Packets Configuration in user view Displaying Source IP Address Configuration 7 Introduction Controlling Telnet Users Prerequisites Controlling Telnet Users by Source IP Addresses Controlling Telnet Users by Source and Destination IP Addresses Controlling Telnet Users by Source MAC Addresses Configuration Example Controlling Network Management Users by Source IP Addresses Prerequisites Controlling Network Management Users by Source IP Addresses Controlling Web Users by Source IP Address Prerequisites Controlling Web Users by Source IP Addresses Disconnecting a Web User by Force Configuration Example Page Page 1 Introduction to Configuration File Types of configuration Format of configuration file Main/backup attribute of the configuration file Management of Configuration File Saving the Current Configuration Modes in saving the configuration Three attributes of the configuration file Erasing the Startup Configuration File Specifying a Configuration File for Next Startup Assign main attribute to the startup configuration file Assign backup attribute to the startup configuration file Displaying and Maintaining Device Configuration Page 1 VLAN Overview Introduction to VLAN Advantages of VLANs How VLAN Works VLAN tag Type DataDA&SA TPIDDA&SA TypePriority CFI VLAN ID MAC address learning mechanism of VLANs VLAN Interface VLAN Classification Port-Based VLAN Protocol-Based VLAN Introduction to Protocol-Based VLAN Encapsulation Format of Ethernet Data Ethernet II and 802.2/802.3 encapsulation DA&SA(12) Type(2) Data Extended encapsulation formats of 802.2/802.3 packets DA&SA(12) Length(2) Data Procedure for the Switch to Judge Packet Protocol Figure 1-9 Procedure for the switch to judge packet protocol Encapsulation Formats Implementation of Protocol-Based VLAN Page 2 VLAN Configuration Configuration Task List Basic VLAN Configuration Basic VLAN Interface Configuration Displaying and Maintaining VLAN Configuring a Port-Based VLAN Configuring a Port-Based VLAN Protocol-Based VLAN Configuration Example Page Configuring a Protocol-Based VLAN Configuration Task List Configuring a Protocol Template for a Protocol-Based VLAN Associating a Port with a Protocol-Based VLAN Displaying and Maintaining Protocol-Based VLAN Protocol-Based VLAN Configuration Example Page Page Page 1 Introduction to the Auto Detect Function Auto Detect Configuration Auto Detect Basic Configuration Auto Detect Implementation in Static Routing Auto Detect Implementation in VLAN Interface Backup Auto Detect Configuration Examples Configuration Example for Auto Detect Implementation in Static Routing Configuration Example for Auto Detect Implementation in VLAN Interface Backup Page 1 Voice VLAN Overview How an IP Phone Works DHCP Server1 DHCP Server2 Call agent How the Device Identifies Voice Traffic Configuring Operation Mode for Voice VLAN Processing mode of untagged packets sent by IP voice devices Processing mode of tagged packets sent by IP voice devices Support for Voice VLAN on Various Ports Security Mode of Voice VLAN Voice VLAN Configuration Configuration Prerequisites Configuring a Voice VLAN to Operate in Automatic Mode Configuring a Voice VLAN to Operate in Manual Mode Page Displaying and Maintaining Voice VLAN Voice VLAN Configuration Example Voice VLAN Configuration Example (Automatic Mode) Voice VLAN Configuration Example (Manual Mode) Verification Page 1 Introduction to GVRP GARP GARP messages and timers Operating mechanism of GARP GARP message format Page GVRP Protocol Specifications GVRP Configuration Configuration Task List Enabling GVRP Configuration Prerequisite Configuring GVRP Timers Configuring GVRP Port Registration Mode Displaying and Maintaining GVRP GVRP Configuration Example GVRP Configuration Example Page Page Page 1 Ethernet Port Overview Types and Numbers of Ethernet Ports Combo Ports Mapping Relations Link Types of Ethernet Ports Configuring the Default VLAN ID for an Ethernet Port Adding an Ethernet Port to Specified VLANs Configuring Ethernet Ports Making Basic Port Configuration Configuring Port Auto-Negotiation Speed Setting the Ethernet Port Broadcast Suppression Ratio Enabling Flow Control on a Port Configuring Access Port Attribute Configuring Hybrid Port Attribute Configuring Trunk Port Attribute Disabling Up/Down Log Output on a Port Configuration tasks Configuration example Copying Port Configuration to Other Ports Configuring a Port Group Setting Loopback Detection for an Ethernet Port Configuring the Ethernet Port to Run Loopback Test Enabling the System to Test Connected Cable Configuring the Interval to Perform Statistical Analysis on Port Traffic Displaying and Maintaining Ethernet Ports Ethernet Port Configuration Example Troubleshooting Ethernet Port Configuration Page 1 Introduction to Link Aggregation Introduction to LACP Operation Key Manual Aggregation Group Introduction to manual aggregation group Port status in manual aggregation group Requirements on ports for manual aggregation Static LACP Aggregation Group Introduction to static LACP aggregation Port status of static aggregation group Dynamic LACP Aggregation Group Introduction to dynamic LACP aggregation group Port status of dynamic aggregation group Configuring system priority Configuring port priority Aggregation Group Categories Link Aggregation Configuration Configuring a Manual Aggregation Group Configuring a Static LACP Aggregation Group Configuring a Dynamic LACP Aggregation Group Displaying and Maintaining Link Aggregation Link Aggregation Configuration Example Switch A Link aggregation Switch B Page Page 1 Port Isolation Overview Introduction to Port Isolation Port Isolation Configuration Displaying and Maintaining Port Isolation Port Isolation Configuration Example Switch 1-3 # Display the information about the ports in the isolation group. Page 1 Port Security Overview Introduction Port Security Features Port Security Modes Page Port Security Configuration Enabling Port Security Setting the Maximum Number of MAC Addresses Allowed on a Port Setting the Port Security Mode Configuring Port Security Features Configuring the NTK feature Configuring intrusion protection Configuring the Trap feature Ignoring the Authorization Information from the RADIUS Server Configuring Security MAC Addresses Displaying and Maintaining Port Security Configuration Port Security Configuration Example Internet 2 Port Binding Overview Introduction Configuring Port Binding Displaying and Maintaining Port Binding Configuration Port Binding Configuration Example Page 1 DLDP Overview DLDP Fundamentals DLDP status DLDP timers DLDP operating mode DLDP implementation Page DLDP neighbor state Precautions During DLDP Configuration DLDP Configuration DLDP Configuration Tasks Resetting DLDP Status DLDP Network Example Page Page 1 Introduction to MAC Address Table Introduction to MAC Address Learning Page Managing MAC Address Table Aging of MAC address table Entries in a MAC address table Configuring MAC Address Table Management Configuring a MAC Address Entry Adding a MAC address entry in system view Adding a MAC address entry in Ethernet port view Setting the Aging Time of MAC Address Entries Setting the Maximum Number of MAC Addresses a Port Can Learn Disabling MAC Address learning for a VLAN Displaying and Maintaining MAC Address Table Configuration Example Adding a Static MAC Address Entry Manually Page Page 1 STP Overview STP Overview Functions of STP Protocol packets of STP Page How STP works Page Page Page Page Page MSTP Overview Background of MSTP Disadvantages of STP and RSTP Features of MSTP Basic MSTP Terminologies MST region Page Port state Principle of MSTP Calculate the CIST Calculate an MSTI Implement STP algorithm MSTP Implementation on the Device STP-related Standards Configuring Root Bridge Configuration Prerequisites Configuring an MST Region Configuration example Specifying the Current Device as a Root Bridge/Secondary Root Bridge Specify the current device as the root bridge of a spanning tree Specify the current device as the secondary root bridge of a spanning tree Configuring the Bridge Priority of the Current Device Configuring the Mode a Port Recognizes and Sends MSTP Packets Configuring the MSTP Operation Mode Configuring the Maximum Hop Count of an MST Region Configuring the Network Diameter of the Switched Network Configuring the MSTP Time-related Parameters Configuring the Timeout Time Factor Configuration procedure Configuration example Configuring the Maximum Transmitting Speed on the Current Port Configure the maximum transmitting speed for specified ports in system view Configure the maximum transmitting speed in Ethernet port view Configuration example Configuring the Current Port as an Edge Port Configure a port as an edge port in system view Configure a port as an edge port in Ethernet port view Configuration example Specifying Whether the Link Connected to a Port Is Point-to-point Link Specify whether the link connected to a port is point-to-point link in system view Specify whether the link connected to a port is point-to-point link in Ethernet port view Enabling MSTP Configuring Leaf Nodes Configuration Prerequisites Configuring the MST Region Configuring the Mode a Port Recognizes and Sends MSTP Packets Configuring the Timeout Time Factor Configuring the Maximum Transmitting Speed on the Current Port Configuring the Path Cost for a Port Standards for calculating path costs of ports Configure the path cost for specific ports Configuration example (A) Configuration example (B) Configuring Port Priority Configure port priority in system view Configure port priority in Ethernet port view Configuration example Specifying Whether the Link Connected to a Port Is a Point-to-point Link Performing mCheck Operation Configuration Prerequisites Configuration Procedure Perform the mCheck operation in system view Perform the mCheck operation in Ethernet port view Configuring Guard Functions BPDU guard Root guard Loop guard TC-BPDU attack guard BPDU dropping Configuration Prerequisites Configuring BPDU Guard Configuring Root Guard Configuring Loop Guard Configuring TC-BPDU Attack Guard Configuring BPDU Dropping Configuring Digest Snooping Introduction Configuring Digest Snooping Configuring Rapid Transition Page Configuring Rapid Transition Configuring VLAN-VPN Tunnel Introduction Configuring VLAN-VPN tunnel STP Maintenance Configuration Introduction Enabling Log/Trap Output for Ports of MSTP Instance Configuration Example Enabling Trap Messages Conforming to 802.1d Standard Displaying and Maintaining MSTP MSTP Configuration Example Page VLAN-VPN tunnel Configuration Example Page Page 1 Introduction to 802.1x Architecture of 802.1x Authentication Port access entity Controlled port and uncontrolled port The valid direction of a controlled port Port access control method The Mechanism of an 802.1x Authentication System Encapsulation of EAPoL Messages The format of an EAPoL packet The format of an EAP packet Fields added for EAP authentication 802.1x Authentication Procedure EAP relay mode Page EAP terminating mode ...... Timers Used in 802.1x Additional 802.1x Features Implemented Checking the supplicant system Checking the client version The Guest VLAN function Enabling 802.1x re-authentication Introduction to 802.1x Configuration Basic 802.1x Configuration Configuration Prerequisites Configuring Basic 802.1x Functions Page Timer and Maximum User Number Configuration Advanced 802.1x Configuration Configuring Proxy Checking Configuring Client Version Checking Enabling DHCP-triggered Authentication Configuring Guest VLAN Configuring 802.1x Re-Authentication Configuring the 802.1x Re-Authentication Timer Displaying and Maintaining 802.1x Configuration Example 802.1x Configuration Example Page Page 2 Introduction to Quick EAD Deployment Quick EAD Deployment Overview Operation of Quick EAD Deployment Restricted access Configuring a free IP range Setting the ACL timeout period Displaying and Maintaining Quick EAD Deployment Quick EAD Deployment Configuration Example Troubleshooting 3 System-Guard Overview Configuring the System-Guard Feature Configuring the System-Guard Feature Displaying and Maintaining System-Guard Page Page 1 Introduction to AAA Authentication Authorization Accounting Introduction to AAA Services Introduction to RADIUS Basic message exchange procedure in RADIUS RADIUS message format Page Introduction to HWTACACS What is HWTACACS Basic message exchange procedure in HWTACACS Page Page 2 AAA Configuration Task List Configuration Introduction Creating an ISP Domain and Configuring Its Attributes Configuring an AAA Scheme for an ISP Domain Configuring a combined AAA scheme Configuring separate AAA schemes Configuring Dynamic VLAN Assignment Configuring the Attributes of a Local User Page Cutting Down User Connections Forcibly RADIUS Configuration Task List Page Creating a RADIUS Scheme Configuring RADIUS Authentication/Authorization Servers Configuring RADIUS Accounting Servers Configuring Shared Keys for RADIUS Messages Configuring the Maximum Number of RADIUS Request Transmission Attempts Configuring the Type of RADIUS Servers to be Supported Configuring the Status of RADIUS Servers Configuring the Attributes of Data to be Sent to RADIUS Servers Configuring the Local RADIUS Authentication Server Function Configuring Timers for RADIUS Servers Enabling Sending Trap Message when a RADIUS Server Goes Down Enabling the User Re-Authentication at Restart Function HWTACACS Configuration Task List Creating a HWTACACS Scheme Configuring TACACS Authentication Servers Configuring TACACS Authorization Servers Configuring TACACS Accounting Servers Configuring Shared Keys for HWTACACS Messages Configuring the Attributes of Data to be Sent to TACACS Servers Configuring the Timers Regarding TACACS Servers Displaying and Maintaining AAA Displaying and maintaining AAA information Displaying and maintaining RADIUS protocol information Displaying and maintaining HWTACACS protocol information AAA Configuration Examples Remote RADIUS Authentication of Telnet/SSH Users Network requirements Page Local Authentication of FTP/Telnet Users HWTACACS Authentication and Authorization of Telnet Users Troubleshooting AAA Troubleshooting RADIUS Configuration Troubleshooting HWTACACS Configuration 3 Introduction to EAD Typical Network Application of EAD EAD Configuration EAD Configuration Example Page Page 1 MAC Authentication Overview Performing MAC Authentication on a RADIUS Server Performing MAC Authentication Locally Related Concepts MAC Authentication Timers Quiet MAC Address Configuring Basic MAC Authentication Functions Page MAC Address Authentication Enhanced Function Configuration MAC Address Authentication Enhanced Function Configuration Tasks Configuring a Guest VLAN Page Configuring the Maximum Number of MAC Address Authentication Users Allowed to Access a Port Displaying and Maintaining MAC Authentication MAC Authentication Configuration Example Page Page 1 IP Addressing Overview IP Address Classes Special Case IP Addresses Subnetting and Masking Configuring IP Addresses Displaying and Maintaining IP Addressing IP Address Configuration Examples IP Address Configuration Example I IP Address Configuration Example II Page 2 IP Performance Overview Introduction to IP Performance Configuration Introduction to FIB Configuring IP Performance Disabling Sending of ICMP Error Packets Displaying and Maintaining IP Performance Configuration Page 1 Introduction to DHCP DHCP IP Address Assignment IP Address Assignment Policy Obtaining IP Addresses Dynamically Updating IP Address Lease DHCP Packet Format Protocols and Standards 2 Introduction to DHCP Relay Agent Usage of DHCP Relay Agent DHCP Relay Agent Fundamentals DHCP Relay Agent Support for Option 82 Introduction to Option 82 Padding content of Option 82 Mechanism of Option 82 supported on DHCP relay agent Configuring the DHCP Relay Agent DHCP Relay Agent Configuration Task List Correlating a DHCP Server Group with a Relay Agent Interface Configuring DHCP Relay Agent Security Functions Configuring address checking Configuring the dynamic client address entry updating function Enabling unauthorized DHCP server detection Configuring the DHCP Relay Agent to Support Option 82 Prerequisites Configuring the DHCP relay agent to support Option 82 Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Example Configuration procedure Troubleshooting DHCP Relay Agent Configuration Symptom Analysis Solution Page 3 DHCP Snooping Overview Function of DHCP Snooping Overview of DHCP Snooping Option 82 Introduction to Option 82 Padding content and frame format of Option 82 Mechanism of DHCP-snooping Option 82 Overview of IP Filtering DHCP-snooping table IP static binding table IP filtering DHCP Snooping Configuration Configuring DHCP Snooping Configuring DHCP Snooping to Support Option 82 DHCP-Snooping Option 82 Support Configuration Task List Enable DHCP-snooping Option 82 support Configure a handling policy for DHCP packets with Option 82 Configure the storage format of Option 82 Configure the circuit ID sub-option Configure the remote ID sub-option Configure the padding format for Option 82 Configuring IP Filtering DHCP Snooping Configuration Example DHCP-Snooping Option 82 Support Configuration Example IP Filtering Configuration Example Page Displaying and Maintaining DHCP Snooping Configuration 4 Introduction to DHCP Client Introduction to BOOTP Client Configuring a DHCP/BOOTP Client DHCP Client Configuration Example Displaying and Maintaining DHCP/BOOTP Client Configuration Page 1 ACL Overview ACL Matching Order Depth-first match order for rules of a basic ACL Depth-first match order for rules of an advanced ACL Ways to Apply an ACL on a Device Being applied to the hardware directly Being referenced by upper-level software Types of ACLs Supported by Devices ACL Configuration Configuring Time Range Page Configuring Basic ACL Configuring Advanced ACL Configuring Layer 2 ACL ACL Assignment Assigning an ACL Globally Configuration prerequisites Configure procedure Configuration example Assigning an ACL to a VLAN Assigning an ACL to a Port Group Assigning an ACL to a Port Displaying and Maintaining ACL Examples for Upper-layer Software Referencing ACLs Example for Controlling Telnet Login Users by Source IP Internet Example for Controlling Web Login Users by Source IP Switch PC 10.110.100.46 Examples for Applying ACLs to Hardware Basic ACL Configuration Example Advanced ACL Configuration Example Layer 2 ACL Configuration Example Example for Applying an ACL to a VLAN Page Page Page 1 Introduction to QoS Traditional Packet Forwarding Service New Applications and New Requirements Major Traffic Control Techniques QoS Supported by Devices Traffic Classification Precedence IP precedence, ToS precedence, and DSCP precedence 802.1p priority Priority Trust Mode N Y Trusting the 802.1p precedence Trusting the DSCP precedence Page Protocol Priority Priority Marking Traffic Policing and Traffic Shaping Token bucket Evaluating the traffic with the token bucket Traffic policing Traffic shaping Traffic Redirecting VLAN Mapping Queue Scheduling Page Page Flow-based Traffic Accounting Burst Traffic mirroring QoS Configuration QoS Configuration Task List Configuring Priority Trust Mode Configuring Priority Mapping Page 1-17 Setting the Priority of Protocol Packets Marking Packet Priority Configuring Traffic Policing Page Configuring Traffic Shaping Configuration procedure Configuration examples Configuring Traffic Redirecting Configuration prerequisites Configuration procedure Page Configuring VLAN Mapping Configuring Queue Scheduling Page Collecting/Clearing Traffic Statistics Page Enabling the Burst Function Configuring Traffic Mirroring Page Page Displaying and Maintaining QoS QoS Configuration Example Configuration Example of Traffic Policing Switch Page 2 Introduction to QoS Profile QoS Profile Application Mode Dynamic application mode Manual application mode QoS Profile Configuration QoS Profile Configuration Task List Configuring a QoS Profile Applying a QoS Profile Displaying and Maintaining QoS Profile QoS Profile Configuration Example Page Page 1 Mirroring Overview Local Port Mirroring Remote Port Mirroring MAC-Based Mirroring VLAN-Based Mirroring Mirroring Configuration Configuring Local Port Mirroring Configuring Remote Port Mirroring Configuration on the device acting as a source switch Configuration on the device acting as an intermediate switch Configuration on the device acting as a destination switch Configuring MAC-Based Mirroring Configuring VLAN-Based Mirroring Displaying and Maintaining Port Mirroring Mirroring Configuration Example Local Port Mirroring Configuration Example Remote Port Mirroring Configuration Example Page Page Page Page 1 Introduction to ARP ARP Function ARP Message Format Page ARP Table ARP Process Introduction to ARP Attack Detection Man-in-the-middle attack ARP attack detection Introduction to Gratuitous ARP Configuring ARP Configuring ARP Basic Functions Configuring ARP Attack Detection Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Configuration Example ARP Basic Configuration Example ARP Attack Detection Configuration Example Page Page 1 SNMP Overview SNMP Operation Mechanism SNMP Versions Supported MIBs Configuring Basic SNMP Functions Configuring basic SNMP functions for SNMPv1 or SNMPv2c Configuring basic SNMP functions for SNMPv3 Configuring Trap Parameters Configuring Basic Trap Configuring Extended Trap Enabling Logging for Network Management Displaying and Maintaining SNMP SNMP Configuration Examples SNMP Configuration Examples Network procedure Configuring the NMS 2 Introduction to RMON Working Mechanism of RMON Commonly Used RMON Groups Event group Alarm group Extended alarm group History group RMON Configuration Displaying and Maintaining RMON RMON Configuration Examples Network requirements Interne t Configuration procedures # Display the RMON extended alarm entry numbered 2. Page 1 Multicast Overview Information Transmission in the Unicast Mode Information Transmission in the Broadcast Mode Information Transmission in the Multicast Mode Roles in Multicast Advantages and Applications of Multicast Advantages of multicast Application of multicast Multicast Models ASM model SFM model SSM model Multicast Architecture IP multicast address Ethernet multicast MAC address Multicast Protocols Layer 3 multicast protocols Layer 2 multicast protocols Multicast Packet Forwarding Mechanism Implementation of the RPF Mechanism RPF Check Page 2 IGMP Snooping Overview Principle of IGMP Snooping Basic Concepts in IGMP Snooping IGMP Snooping related ports Work Mechanism of IGMP Snooping When receiving a general query When receiving a membership report When receiving a leave message IGMP Snooping Configuration IGMP Snooping Configuration Task List Enabling IGMP Snooping Configuring the Version of IGMP Snooping Configuring Timers Configuring Fast Leave Processing Enabling fast leave processing in system view Enabling fast leave processing in Ethernet port view Configuring a Multicast Group Filter Configuring a multicast group filter in system view Configuring a multicast group filter in Ethernet port view Configuring the Maximum Number of Multicast Groups on a Port Configuring IGMP Querier Suppressing Flooding of Unknown Multicast Traffic in a VLAN Configuring Static Member Port for a Multicast Group In Ethernet port view In VLAN interface view Configuring a Static Router Port In Ethernet port view In VLAN view Configuring a Port as a Simulated Group Member Configuring a VLAN Tag for Query Messages Configuring Multicast VLAN Page Displaying and Maintaining IGMP Snooping IGMP Snooping Configuration Examples Configuring IGMP Snooping Page Configuring Multicast VLAN Page Troubleshooting IGMP Snooping 3 Common Multicast Configuration Configuring a Multicast MAC Address Entry Configuring Dropping Unknown Multicast Packets Displaying and Maintaining Common Multicast Configuration Page 1 Introduction to NTP Applications of NTP Implementation Principle of NTP NTP Implementation Modes Server/client mode Symmetric peer mode Broadcast mode Multicast mode NTP Configuration Task List Configuring NTP Implementation Modes Configuring NTP Server/Client Mode Configuring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Configuring the device to work in the NTP broadcast server mode Configuring the device to work in the NTP broadcast client mode Configuring NTP Multicast Mode Configuring the device to work in the multicast server mode Configuring the device to work in the multicast client mode Configuring Access Control Right Configuring NTP Authentication Configuring NTP authentication on the client Configuring NTP authentication on the server Configuring Optional NTP Parameters Configuring an Interface on the Local Device to Send NTP Messages Configuring the Number of Dynamic Sessions Allowed on the Local Device Disabling an Interface from Receiving NTP messages Displaying and Maintaining NTP Configuration NTP Configuration Examples Configuring NTP Server/Client Mode Page Configuring NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Page Configuring NTP Multicast Mode Configuring NTP Server/Client Mode with Authentication Page Page 1 SSH Overview Introduction to SSH Algorithm and Key Asymmetric Key Algorithm SSH Operating Process Version negotiation Key negotiation Authentication negotiation Session request Data exchange Configuring the SSH Server SSH Server Configuration Tasks Configuring the Protocol Support for the User Interface Generating/Destroying a RSA or DSA Key Pair Exporting the RSA or DSA Public Key Creating an SSH User and Specify an Authentication Type Specifying a Service Type for an SSH User Configuring SSH Management Configuring the Client Public Key on the Server Page Assigning a Public Key to an SSH User Specifying a Source IP Address/Interface for the SSH Server Configuring the SSH Client SSH Client Configuration Tasks Configuring the SSH Client Using an SSH Client Software Generate a client key Page Specify the IP address of the Server Page Open an SSH connection with publickey authentication Page Open an SSH connection with password authentication Configuring the SSH Client on an SSH2-Capable Device Configure whether first-time authentication is supported Establish the connection between the SSH client and server Specifying a Source IP address/Interface for the SSH client Displaying and Maintaining SSH Configuration SSH Configuration Examples When the Device Acts as the SSH Server and the Authentication Type is Password Page When the Device Acts as an SSH Server and the Authentication Type is Publickey Page Page Page Page Page When the Switch Acts as an SSH Client and the Authentication Type is Password When the Device Acts as an SSH Client and the Authentication Type is Publickey Page When the Device Acts as an SSH Client and First-time authentication is not Supported Page Page Page 1 File System Configuration Introduction to File System File System Configuration Tasks Directory Operations File Operations Flash Memory Operations Prompt Mode Configuration File System Configuration Example File Attribute Configuration Introduction to File Attributes Configuring File Attributes Page 1 Introduction to FTP and SFTP Introduction to FTP Introduction to SFTP FTP Configuration FTP Configuration: The Device Operating as an FTP Server Creating an FTP user Enabling an FTP server Configuring connection idle time Specifying the source interface and source IP address for an FTP server Disconnecting a specified user Configuring the banner for an FTP server Displaying FTP server information FTP Configuration: The Device Operating as an FTP Client Basic configurations on an FTP client Page Specifying the source interface and source IP address for an FTP client Configuration Example: The Device Operating as an FTP Server Network requirements Page FTP Banner Display Configuration Example FTP Configuration: The Device Operating as an FTP Client Page SFTP Configuration SFTP Configuration: The Device Operating as an SFTP Server Enabling an SFTP server Configuring connection idle time Supported SFTP client software SFTP Configuration: The Device Operating as an SFTP Client Basic configurations on an SFTP client Page Specifying the source interface or source IP address for an SFTP client SFTP Configuration Example Network requirements Configuration procedure Page 1-18 # Display the current directory of the server. Delete the file z and verify the result. # Add a directory new1, and then check whether the new directory is successfully created. # Rename the directory new1 as new2, and then verify the result. 1-19 # Download the file pubkey2 from the server and rename it as public. # Upload the file pu to the server and rename it as puk, and then verify the result. # Exit SFTP. 2 Introduction to TFTP TFTP Configuration TFTP Configuration: The Device Operating as a TFTP Client Basic configurations on a TFTP client Specifying the source interface or source IP address for an FTP client TFTP Configuration Example Page Page 1 Information Center Overview Introduction to Information Center Classification of system information Eight levels of system information Ten channels and six output directions of system information Outputting system information by source module System Information Format Priority Timestamp Sysname Module Level (Severity) Information Center Configuration Introduction to the Information Center Configuration Tasks Configuring Synchronous Information Output Configuring to Display the Time Stamp with the UTC Time Zone Setting to Output System Information to the Console Setting to output system information to the console Enabling system information display on the console Setting to Output System Information to a Monitor Terminal Setting to output system information to a monitor terminal Enabling system information display on a monitor terminal Setting to Output System Information to a Log Host Setting to Output System Information to the Trap Buffer Setting to Output System Information to the Log Buffer Setting to Output System Information to the SNMP NMS Displaying and Maintaining Information Center Information Center Configuration Examples Log Output to a UNIX Log Host Page Log Output to a Linux Log Host Log Output to the Console Page Page 1 Introduction to Loading Approaches Remote Loading Using FTP Loading procedure using FTP client Loading procedure using FTP server Page 1-4 Step 7: Use the put command to upload the file config.cfg to Switch. Remote Loading Using TFTP 2 Basic System Configuration Displaying the System Status Debugging the System Enabling/Disabling System Debugging Displaying Debugging Status Displaying Operating Information about Modules in System 3 Network Connectivity Test ping tracert 4 Introduction to Device Management Device Management Configuration Device Management Configuration Tasks Rebooting the Device Scheduling a Reboot on the Device Configuring Real-time Monitoring of the Running Status of the System Specifying the Main Configuration File to be Used at Next Reboot Identifying and Diagnosing Pluggable Transceivers Introduction to pluggable transceivers Identifying pluggable transceivers Diagnosing pluggable transceivers Displaying and Maintaining the Device Management Configuration Page 1 VLAN-VPN Overview Introduction to VLAN-VPN Implementation of VLAN-VPN Adjusting the TPID Values of VLAN-VPN Packets VLAN-VPN Configuration Configuration Task List Enabling the VLAN-VPN Feature for a Port TPID Adjusting Configuration Displaying and Maintaining VLAN-VPN VLAN-VPN Configuration Example Transmitting User Packets through a Tunnel in the Public Network by Using VLAN-VPN Data transfer process Page 2 Selective QinQ Overview Selective QinQ Overview Inner-to-Outer Tag Priority Mapping Selective QinQ Configuration Configuration Task List Enabling the Selective QinQ Feature for a Port Configuring the Inner-to-Outer Tag Priority Mapping Feature Selective QinQ Configuration Example Processing Private Network Packets by Their Types Page Page Page Page 1 HWPing Overview Introduction to HWPing Test Types Supported by HWPing HWPing Test Parameters Page HWPing Configuration Configuration on a HWPing Server HWPing server configuration tasks HWPing server configuration HWPing Client Configuration HWPing client configuration Page Page Page Page Page Page Page Page Page Page Configuring HWPing client to send Trap messages Displaying and Maintaining HWPing HWPing Configuration Example ICMP Test DHCP Test Page FTP Test Page HTTP Test Jitter Test Page 1-25 For detailed output description, see the corresponding command manual. SNMP Test Page 1-27 # Display test results For detailed output description, see the corresponding command manual. TCP Test (Tcpprivate Test) on the Specified Ports Figure 1-8 Network diagram for the Tcpprivate test IP network Page UDP Test (Udpprivate Test) on the Specified Ports DNS Test Page 1-32 Page 1 DNS Overview Static Domain Name Resolution Dynamic Domain Name Resolution Resolution procedure Configuring Domain Name Resolution Configuring Static Domain Name Resolution Configuring Dynamic Domain Name Resolution DNS Configuration Example Static Domain Name Resolution Configuration Example Host Switch Dynamic Domain Name Resolution Configuration Example IP network Page Displaying and Maintaining DNS Troubleshooting DNS Configuration Page 1 Smart Link Overview Basic Concepts in Smart Link Smart Link group Master port Slave port Flush message Control VLAN for sending flush messages Control VLAN for receiving flush messages Configuring Smart Link Configuration Task List Configuring a Smart Link Device Configuring Associated Devices Precautions Displaying and Maintaining Smart Link Smart Link Configuration Example Implementing Link Redundancy Backup Page Page 2 Introduction to Monitor Link How Monitor Link Works Configuring Monitor Link Configuration Task List Creating a Monitor Link Group Configuring the Uplink Port Configuring a Downlink Port Displaying and Maintaining Monitor Link Monitor Link Configuration Example Implementing Collaboration Between Smart Link and Monitor Link Page Page Page 1 PoE Overview Introduction to PoE Advantages of PoE PoE components PoE Configuration PoE Configuration Task List Enabling the PoE Feature on a Port Setting the Maximum Output Power on a Port Setting PoE Management Mode and PoE Priority of a Port Setting the PoE Mode on a Port Configuring the PD Compatibility Detection Function Upgrading the PSE Processing Software Online Displaying and Maintaining PoE Configuration PoE Configuration Example PoE Configuration Example Networking requirements Page 2 Introduction to PoE Profile PoE Profile Configuration Configuring PoE Profile Displaying and Maintaining PoE Profile Configuration PoE Profile Configuration Example PoE Profile Application Example Page Page Page 1 Introduction to IP Route and Routing Table IP Route Routing Table Function Page Routing Protocol Overview Static Routing and Dynamic Routing Classification of Dynamic Routing Protocols Operational scope Routing algorithm Load Sharing and Route Backup Load sharing Route backup Routing Information Sharing Displaying and Maintaining a Routing Table 2 Introduction to Static Route Static Route Default Route Static Route Configuration Configuration Prerequisites Configuring a Static Route Displaying and Maintaining Static Routes Static Route Configuration Example Troubleshooting a Static Route 3 RIP Overview Basic Concepts RIP RIP routing database RIP Startup and Operation RIP Configuration Task List Basic RIP Configuration Configuration Prerequisites Configuring Basic RIP Functions Enabling RIP on the interfaces attached to a specified network segment RIP Route Control Configuration Prerequisites Configuring RIP Route Control Setting the additional routing metrics of an interface Configuring RIP route summarization Disabling the router from receiving host routes Configuring RIP to filter incoming/outgoing routes Setting RIP preference Configuring RIP to redistribute routes from another protocol RIP Network Adjustment and Optimization Configuration Prerequisites Configuration Tasks Configuring RIP timers Configuring split horizon Configuring RIP-1 packet zero field check Setting RIP-2 packet authentication mode Configuring RIP to unicast RIP packets Displaying and Maintaining RIP Configuration RIP Configuration Example Troubleshooting RIP Configuration Failed to Receive RIP Updates 4 IP Route Policy Overview Introduction to IP Route Policy Filters ACL IP Route Policy Configuration Task List Route Policy Configuration Defining a Route Policy Defining if-match Clauses and apply Clauses Displaying and Maintaining IP Route Policy IP Route Policy Configuration Example Controlling RIP Packet Cost to Implement Dynamic Route Backup Configuration considerations Configuration procedure Page 4-7 # Create node 50 with the matching mode being permit, to allow all routing information to pass. # Configure RIP and apply the route policy in to the incoming routing information. Configuration verification Precautions Troubleshooting IP Route Policy Symptom Analysis Solution Page 1 Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Example Cross-Network Computer Search Through UDP Helper Page Appendix A Acronyms