Manual Version 6W100
3Com WX3000 Series Unified Switches Switching Engine
Environmental Statement
Part Contents
About This Manual
Organization
Conventions
Convention Description Boldface
Italic
Convention Description
Related Documentation
Create Folder
Manual Description
Obtaining Documentation
Table of Contents
CLI Configuration
Command Hierarchy
Introduction to the CLI
Switching User Levels
Setting a user level switching password
Switching to a specific user level
Setting the Level of a Command in a Specific View
Configuration example
Setting the level of a command in a specific view
Display Execute Operation
CLI Views
Quit
Quit or return
Vlan-interface command
Gigabitethernet command
Region-configuration
Peer-public-key command
Ode end
Public-key-c
Public-key-code begin
Execute the radius scheme
Vlan-vpn enable
CLI Features
Execute Command should be first
Online Help
Terminal Display
Command History
Partial online help
Press Ctrl+C
Command Edit
Error Prompts
Tab
Press… To…
Table of Contents
Page
Logging In to the Switching Engine
Logging In to the Switching Engine
Introduction to the User Interface
Supported User Interfaces
User Interface Index
Common User Interface Configuration
Display user-interface
Display users all
Type number number
Display web users
Press Enter to enter user view of the switching engine
Logging In to the Switching Engine Through OAP
Logging In Through OAP
OAP Overview
Not configured by default
Configure the management IP
Oap management-ip
Address of an OAP module
Resetting the OAP Software System
Reset the OAP software
Oap reboot slot
Configuration Description
Common Configuration
Logging In Through Telnet
Introduction
Authentication Telnet configuration Description Mode
Telnet Configurations for Different Authentication Modes
Configuration Procedure
Telnet Configuration with Authentication Mode Being None
Configuration Example
Configuration procedure
Network requirements
Password cipher
Password Set authentication
Auto-execute command
User privilege level level
Default history command
Set the history command buffer
Command buffer can store up to
Commands by default
Telnet Configuration with Authentication Mode Being Scheme
Authorization
Scheme command
History-command max-size
Protocol inbound all ssh
Service-type
User privilege level level command is Level level
Privilege
# Create a local user named guest and enter local user view
Telnetting to the Switching Engine from a Terminal
Telnetting to the Switching Engine
Deviceoap connect slot Connected to OAP
Page
Device telnet
User name and password for logging in to the Web-based
Vlan interface of the switching engine is assigned an IP
Network management system are configured
Logging In from the Web-Based Network Management System
Setting Up a Web Configuration Environment
3The login page of the Web-based network management system
Configuring the Login Banner
Header login text
By default, no login banner is
Through Web Configured
Enable the Web server
Follow these steps to enable/disable the WEB server
Enabling/Disabling the WEB Server
Ip http shutdown
Connection Establishment Using NMS
Logging In from NMS
Related information
Configuring Source IP Address for Telnet Service Packets
Configuring Source IP Address for Telnet Service Packets
Configuration in user view
Configuration in system view
Interface-number
Displaying Source IP Address Configuration
User Control
Login mode Control method Implementation Reference
Controlling Telnet Users
Prerequisites
Acl number acl-number
Match-order config auto
Rule rule-id deny permit
Acl acl-number inbound
Controlling Telnet Users by Source MAC Addresses
Rule rule-id deny
Permit rule-string
Controlling Network Management Users by Source IP Addresses
Controlling Network Management Users by Source IP Addresses
Controlling Web Users by Source IP Address
2Network diagram for controlling Snmp users using ACLs
Controlling Web Users by Source IP Addresses
Disconnecting a Web User by Force
Ip http acl acl-number
Free web-users all user-id
Device ip http acl
Table of Contents
Introduction to Configuration File
Configuration File Management
Types of configuration
Format of configuration file
Saving the Current Configuration
Management of Configuration File
Startup with the configuration file
Modes in saving the configuration
Three attributes of the configuration file
Erasing the Startup Configuration File
Assign main attribute to the startup configuration file
Specifying a Configuration File for Next Startup
Assign backup attribute to the startup configuration file
Startup saved-configuration
Displaying and Maintaining Device Configuration
Table of Contents
Vlan Overview
Vlan Overview
Introduction to Vlan
Advantages of VLANs
How Vlan Works
Vlan tag
2Encapsulation format of traditional Ethernet frames
MAC address learning mechanism of VLANs
Port-Based Vlan
Vlan Interface
Vlan Classification
Introduction to Protocol-Based Vlan
Protocol-Based Vlan
Encapsulation Format of Ethernet Data
Ethernet II and 802.2/802.3 encapsulation
6802.3 raw encapsulation format
Extended encapsulation formats of 802.2/802.3 packets
Encapsulation Formats
Procedure for the Switch to Judge Packet Protocol
Implementation of Protocol-Based Vlan
Encapsulation Ethernet 802.3 raw 802.2 LLC Snap Protocol
Page
Vlan Configuration
Vlan Configuration
Configuration Task List
Basic Vlan Configuration
Basic Vlan Interface Configuration
Configuration prerequisites
Displaying and Maintaining Vlan
Configuring a Port-Based Vlan
Configuring a Port-Based Vlan
Protocol-Based Vlan Configuration Example
Port interface-list
# Configure GigabitEthernet 1/0/10 of Switch B
# Create Vlan 201, and add GigabitEthernet 1/0/2 to Vlan
# Create Vlan 201, and add GigabitEthernet 1/0/12 to Vlan
Configuring a Protocol Template for a Protocol-Based Vlan
Configuring a Protocol-Based Vlan
Interface interface-type Interface-number
Associating a Port with a Protocol-Based Vlan
Port hybrid protocol-vlan
Vlan vlan-id protocol-index
Display vlan vlan-id to vlan-id all
Displaying and Maintaining Protocol-Based Vlan
Dynamic static
Display protocol-vlan vlan vlan id
Vlan
Protocol-Type
Table of Contents
Introduction to the Auto Detect Function
Auto Detect Configuration
Auto Detect Basic Configuration
Auto Detect Configuration
Auto Detect Implementation in Static Routing
Auto Detect Implementation in Vlan Interface Backup
Ip route-static ip-address mask
Preference-value reject blackhole
Auto Detect Configuration Examples
Vlan -id
Standby detect-group
# Configure a static route to Switch a
Is reachable
# Create auto detected group
Table of Contents
Voice Vlan Configuration
Voice Vlan Overview
How an IP Phone Works
Agent
1Network diagram for IP phones
Configuring Operation Mode for Voice Vlan
How the Device Identifies Voice Traffic
Number OUI address Vendor
Support for Voice Vlan on Various Ports
Processing mode of tagged packets sent by IP voice devices
Security Mode of Voice Vlan
Port type Supported or not Traffic type Mode
Port voice Voice
Voice Vlan Configuration
Configuration Prerequisites
Configuring a Voice Vlan to Operate in Automatic Mode
Enable
Configuring a Voice Vlan to Operate in Manual Mode
Undo voice vlan mode
Voice vlan security
Port hybrid vlan vlan-id
Port trunk permit vlan
Tagged untagged
Port trunk pvid vlan
Voice Vlan Configuration Example
Voice Vlan Configuration Example Automatic Mode
Displaying and Maintaining Voice Vlan
# Enable the voice Vlan function globally
Voice Vlan Configuration Example Manual Mode
# Configure GigabitEthernet 1/0/1 as a hybrid port
# Enable the voice Vlan function on GigabitEthernet 1/0/1
# Configure GigabitEthernet 1/0/1 to operate in manual mode
# Create Vlan 2 and configure it as a voice Vlan
Verification
# Display the status of the current voice Vlan
Table of Contents
Gvrp Configuration
Garp messages and timers
Introduction to Gvrp
Operating mechanism of Garp
Garp message format
Garp packets are in the following format
Field Description Value
1Format of Garp packets
Protocol Specifications
Gvrp Configuration
Configuration Prerequisite
Enabling Gvrp
Garp timer leaveall
Configuring Gvrp Timers
Garp timer hold join
Gvrp
Displaying and Maintaining Gvrp
Configuring Gvrp Port Registration Mode
Gvrp Configuration Example
Gvrp Configuration Example
Configure Switch a # Enable Gvrp globally
# Enable Gvrp on GigabitEthernet 1/0/1
# Enable Gvrp on GigabitEthernet 1/0/3
SwitchE-GigabitEthernet1/0/1 gvrp registration fixed
Table of Contents
Ethernet Port Overview
Basic Port Configuration
Types and Numbers of Ethernet Ports
Combo Ports Mapping Relations
Link Types of Ethernet Ports
Configuring the Default Vlan ID for an Ethernet Port
Making Basic Port Configuration
Configuring Ethernet Ports
Adding an Ethernet Port to Specified VLANs
Vlan tag
Configuring Port Auto-Negotiation Speed
Enabling Flow Control on a Port
Setting the Ethernet Port Broadcast Suppression Ratio
Speed auto 10 100
Broadcast-suppression
Configuring Access Port Attribute
Configuring Hybrid Port Attribute
Configuring Trunk Port Attribute
Disabling Up/Down Log Output on a Port
Configuration tasks
Configuring a Port Group
Copying Port Configuration to Other Ports
System-view Copy configuration source interface-type
Aggregation-group destination-agg-id
Setting Loopback Detection for an Ethernet Port
Configure the Ethernet port to run
Configuring the Ethernet Port to Run Loopback Test
Loopback-detection per-vlan
Loopback detection only on VLANs for the trunk and hybrid
Enabling the System to Test Connected Cable
Virtual-cable-test
Flow-interval interval
Displaying and Maintaining Ethernet Ports
Ethernet Port Configuration Example
# Configure the default Vlan ID of GigabitEthernet 1/0/1 as
Troubleshooting Ethernet Port Configuration
Table of Contents
Link Aggregation Configuration
Introduction to Link Aggregation
Introduction to Lacp
Manual Aggregation Group
Operation Key
Introduction to manual aggregation group
Port status in manual aggregation group
Static Lacp Aggregation Group
Introduction to static Lacp aggregation
Port status of static aggregation group
Dynamic Lacp Aggregation Group
Configuring system priority
Introduction to dynamic Lacp aggregation group
Port status of dynamic aggregation group
Aggregation Group Categories
Configuring port priority
Configuring a Manual Aggregation Group
Link Aggregation Configuration
Description agg-name
Configuring a Static Lacp Aggregation Group
Port link-aggregation group
Agg-id
Configuring a Dynamic Lacp Aggregation Group
Lacp system -priority
System-priority
Displaying and Maintaining Link Aggregation
Link Aggregation Configuration Example
Switch a Link aggregation Switch B
Page
Table of Contents
Port Isolation Configuration
Port Isolation Configuration
Port Isolation Overview
Introduction to Port Isolation
Displaying and Maintaining Port Isolation
Port Isolation Configuration Example
Device-GigabitEthernet1/0/4 quit device
Table of Contents
Port Security Features
Port Security Configuration
Port Security Overview
Introduction
This mode
Security mode Description Feature
Port Security Modes
Neither
Security mode Description Feature
Complete the following tasks to configure port security
Port Security Configuration
Follow these steps to enable port security
Enabling Port Security
Port-security oui OUI-value UserLoginWithOUI mode, a
Setting the Port Security Mode
Port-security max-mac-count
Count-value
Configuring the NTK feature
Configuring Port Security Features
Configuring the Trap feature
Configuring intrusion protection
Configuring Security MAC Addresses
Port Security Configuration Example
Displaying and Maintaining Port Security Configuration
# Enable port security
HostSwitch
# Set the port security mode to autolearn
# Enter GigabitEthernet 1/0/1 port view
Displaying and Maintaining Port Binding Configuration
Port Binding Configuration
Configuring Port Binding
Port Binding Overview
Configure switch a as follows # Enter system view
Port Binding Configuration Example
Table of Contents
Dldp Overview
Dldp Configuration
Dldp Fundamentals
Dldp status
Status Description
Dldp works with the following timers 2DLDP timers
Dldp timers
Timer Description
Interval of sending advertisement packets, which can be
Enhanced timer then sends one probe packets every one
Dldp operating mode
Mode During neighbor
Entry aging Timer expire
No Echo packet received from Processing procedure Neighbor
Packet type Processing procedure
4Types of packets sent by Dldp
Dldp status Packet types
Precautions During Dldp Configuration
Dldp Configuration
Dldp Configuration Tasks
Dldp neighbor state
Resetting Dldp Status
Reset the Dldp status of a port Dldp reset
This command only applies to the ports in Dldp down status
Dldp Network Example
# Configure Dldp to work in enhanced mode
# Enable Dldp globally
# Set the interval of sending Dldp packets to 15 seconds
# Display the Dldp status
Table of Contents
MAC Address Table Management
Introduction to MAC Address Table
Introduction to MAC Address Learning
1MAC address learning diagram
Aging of MAC address table
Managing MAC Address Table
Entries in a MAC address table
Configuring MAC Address Table Management
Adding a MAC address entry in system view
Configuring a MAC Address Entry
Adding a MAC address entry in Ethernet port view
System-view Mac-address static dynamic
Setting the Aging Time of MAC Address Entries
Mac-address timer aging
Age no-aging
Mac-address
Disabling MAC Address learning for a Vlan
Max-mac-count count
Max-mac-count
Displaying and Maintaining MAC Address Table
Configuration Example
Adding a Static MAC Address Entry Manually
Display mac-address
Table of Contents
Page
Mstp Configuration
STP Overview
STP Overview
All the ports on the root bridge are designated ports
Classification Designated bridge Designated port
Step Description
How STP works
Step Description
Device Port name Bpdu of port
Device Comparison process Bpdu of port after
5Comparison process and result on each device
Device Comparison process Bpdu of port after
3The final calculated spanning tree
Mstp Overview
Features of Mstp
Background of Mstp
Disadvantages of STP and Rstp
MST region
Basic Mstp Terminologies
Region root
Vlan mapping table
Common root bridge
Port role
MSTP, a port can be in one of the following three states
Port state
Calculate the Cist
Principle of Mstp
Calculate an Msti
Implement STP algorithm
Mstp Implementation on the Device
Complete the following tasks to configure a root bridge
Configuring Root Bridge
STP-related Standards
Bpdu guard Loop guard TC-BPDU attack guard Bpdu packet drop
Configuring an MST Region
# Verify the above configuration
Stp instance instance-id root secondary
Centi-seconds
Required Default bridge priority of a Current device
Configuring the Bridge Priority of the Current Device
Set the bridge priority for
Stp instance instance-id
Stp interface interface-type
Interface-number compliance
Auto dot1s legacy
Stp mode stp rstp mstp
Configuring the Mstp Operation Mode
Stp compliance auto dot1s
Legacy
Configuring the Maximum Hop Count of an MST Region
Configuring the Network Diameter of the Switched Network
Stp max-hops hops
Stp timer forward-delay
Configuring the Mstp Time-related Parameters
Stp timer hello
Stp timer max-age
Configuring the Timeout Time Factor
Stp interface interface-list
Transmit-limit packetnum
Stp transmit-limit packetnum
Configure a port as an edge port in system view
Configuring the Current Port as an Edge Port
Configure a port as an edge port in Ethernet port view
Edged-port enable
Force-false auto
Point-to-point force-true
Disable
Stp enable
Enabling Mstp
Stp point-to-point force-true
Configuring Leaf Nodes
Stp disable
Task Remarks
Configuring a Port as an Edge Port
Configuring the MST Region
Standards for calculating path costs of ports
Configuring the Path Cost for a Port
Stp pathcost-standard
Dot1d-1998 dot1t legacy
Configure the path cost for specific ports
Configuration example a
Configuration example B
Configure port priority in system view
Configuring Port Priority
Configure port priority in Ethernet port view
Instance instance-id port
Perform the mCheck operation in system view
Performing mCheck Operation
Perform the mCheck operation in Ethernet port view
Stp interface interface-list mcheck
Bpdu guard
Configuring Guard Functions
Root guard
Stp mcheck
Loop guard
TC-BPDU attack guard
Bpdu dropping
Configuring Root Guard
Configuring Bpdu Guard
Root-protection
Stp root-protection
Configuring TC-BPDU Attack Guard
Configuring Loop Guard
Stp loop-protection
Stp tc-protection
Configuring Bpdu Dropping
Configuring Digest Snooping
Interface interface-name
Bpdu-drop any
Stp config-digest-snooping
Configuring Digest Snooping
Configuring Rapid Transition
6The Rstp rapid transition mechanism
Configuring Rapid Transition
No-agreement-check
Stp no-agreement-check
Configuring VLAN-VPN Tunnel
Configuring VLAN-VPN tunnel
Vlan-vpn tunnel
Enabling Log/Trap Output for Ports of Mstp Instance
STP Maintenance Configuration
Stp instance instance id
Portlog
Displaying and Maintaining Mstp
Enabling Trap Messages Conforming to 802.1d Standard
Mstp Configuration Example
Configure Switch a # Enter MST region view
# Activate the settings of the MST region manually
Configure Switch C # Enter MST region view
Configure Switch B # Enter MST region view
# Configure the MST region
Configure Switch D # Enter MST region view
Configure Switch a # Enable Mstp
VLAN-VPN tunnel Configuration Example
Configure Switch B # Enable Mstp
Configure Switch C # Enable Mstp
# Configure GigabitEthernet 1/0/2 as a trunk port
# Enable the VLAN-VPN tunnel function
Configure Switch D # Enable Mstp
# Configure GigabitEthernet 1/0/1 as a trunk port
Table of Contents
802.1x Configuration
Architecture of 802.1x Authentication
Introduction to
Port access control method
Port access entity
Controlled port and uncontrolled port
Valid direction of a controlled port
Mechanism of an 802.1x Authentication System
Encapsulation of EAPoL Messages
Format of an EAPoL packet
Format of an EAP packet
802.1x Authentication Procedure
Fields added for EAP authentication
EAP relay mode
Describes the basic EAP-MD5 authentication procedure
EAP terminating mode
9802.1x authentication procedure in EAP terminating mode
Timers Used
Checking the supplicant system
Additional 802.1x Features Implemented
Guest Vlan function
Checking the client version
Enabling 802.1x re-authentication
Introduction to 802.1x Configuration
Basic 802.1x Configuration
Configuring Basic 802.1x Functions
Dot1x
Dot1x handshake enable
Dot1x authentication-method chap
Dot1x interface interface-list
Dot1x port-control authorized-force
Timer and Maximum User Number Configuration
Dot1x max-user user-number
Dot1x retry max-retry-value
Configuring Proxy Checking
Advanced 802.1x Configuration
Configuring Client Version Checking
Configuring Guest Vlan
Enabling DHCP-triggered Authentication
Dot1x dhcp-launch
Dot1x port-method portbased
Configuring 802.1x Re-Authentication
Configuring the 802.1x Re-Authentication Timer
Dot1x re-authenticate
Displaying and Maintaining
802.1x Configuration Example
# Enable 802.1x on GigabitEthernet 1/0/1 port
# Enable 802.1x globally
# Set the default user domain to be aabbcc.net
# Create a local access user account
# Create the domain named aabbcc.net and enter its view
Configuring Quick EAD Deployment
Quick EAD Deployment Configuration
Introduction to Quick EAD Deployment
Quick EAD Deployment Overview
Setting the ACL timeout period
Configuring a free IP range
Dot1x url url-string
Dot1x free-ip ip-address
Quick EAD Deployment Configuration Example
Displaying and Maintaining Quick EAD Deployment
Period is 30 minutes
Solution
Troubleshooting
Configuring the System-Guard Feature
System-Guard Configuration
Configuring the System-Guard Feature
System-Guard Overview
Displaying and Maintaining System-Guard
Table of Contents
Page
Authorization
Authentication
AAA Overview
Introduction to AAA
What is Radius
Introduction to AAA Services
Accounting
Introduction to ISP Domain
1Databases in a Radius server
Basic message exchange procedure in Radius
Code Message type Message description
Radius message format
Direction client-server
Client transmits this message to the server to determine if
Type field value Attribute type
Introduction to Hwtacacs
What is Hwtacacs
5Network diagram for a typical Hwtacacs application
Basic message exchange procedure in Hwtacacs
6AAA implementation procedure for a telnet user
Page
AAA Configuration
AAA Configuration Task List
Configuration Introduction
Creating an ISP Domain and Configuring Its Attributes
Configuring a combined AAA scheme
Configuring an AAA Scheme for an ISP Domain
Messenger time enable limit
Self-service-url disable
Domain isp-name
Configuring separate AAA schemes
Radius-scheme-name local
Hwtacacs-scheme
Configuring Dynamic Vlan Assignment
Local local none Authorization none
Accounting none
Domain isp-name
Configuring the Attributes of a Local User
Vlan-assignment-mode
Integer string
Service-type ftp lan-access
Password-display-mode
Authorization vlan string
Access-limit
Cutting Down User Connections Forcibly
Radius Configuration Task List
Follow these steps to cut down user connections forcibly
Cut down user
Servers
Configuring
Radius client enable
Configuring Radius Authentication/Authorization Servers
Creating a Radius Scheme
Radius scheme
Primary authentication
Configuring Radius Accounting Servers
Secondary authentication
Ip-address port-number
Secondary accounting
Configuring Shared Keys for Radius Messages
Stop-accounting-buffer
Retry stop-accounting
Configuring the Type of Radius Servers to be Supported
Key authentication string
Key accounting string
Configuring the Status of Radius Servers
Server-type extended
Optional Servers to be supported
Authentication block
State primary authentication
Calling-station-id mode
Block active
Local-server enable
Configuring the Local Radius Authentication Server Function
Key password
Local-server nas-ip ip-address
Configuring Timers for Radius Servers
Enabling the User Re-Authentication at Restart Function
Hwtacacs Configuration Task List
Accounting-on enable send
Times interval interval
Configuring Tacacs Authentication Servers
Creating a Hwtacacs Scheme
Hwtacacs scheme
Primary authorization
Configuring Tacacs Authorization Servers
Secondary authorization
Ip-address port
Configuring Shared Keys for Hwtacacs Messages
Configuring Tacacs Accounting Servers
Follow these steps to configure Tacacs accounting servers
Function is enabled Number of transmission
Key accounting
Authentication string
Mega-byte
Data-flow-format packet
Scheme exists Set the response timeout time
Configuring the Timers Regarding Tacacs Servers
Optional By default, the response timeout Tacacs servers
Optional By default, the real-time Interval
Displaying and Maintaining AAA
Displaying and maintaining AAA information
Displaying and maintaining Radius protocol information
AAA Configuration Examples
Remote Radius Authentication of Telnet/SSH Users
Displaying and maintaining Hwtacacs protocol information
# Configure an ISP domain
# Adopt AAA authentication for Telnet users
# Configure a Radius scheme
# Associate the ISP domain with the Radius scheme
# Create and configure a local user named telnet
Local Authentication of FTP/Telnet Users
# Configure the domain name of the Hwtacacs scheme to hwtac
Hwtacacs Authentication and Authorization of Telnet Users
Troubleshooting Radius Configuration
Troubleshooting AAA
Troubleshooting Hwtacacs Configuration
Possible reasons and solutions
EAD Configuration
Introduction to EAD
Typical Network Application of EAD
EAD Configuration Example
EAD Configuration
Security-policy-server
Ip-address
# Associate the domain with the Radius scheme
# Configure the IP address of the security policy server
Table of Contents
MAC Authentication Overview
MAC Authentication Configuration
Performing MAC Authentication on a Radius Server
Performing MAC Authentication Locally
MAC Authentication Timers
Configuring Basic MAC Authentication Functions
Mac-authentication
Related Concepts
Mac-authentication Quit
Mac-authentication interface
Mac-authentication authmode
Uppercase fixedpassword password
Configuring a Guest Vlan
MAC Address Authentication Enhanced Function Configuration
Mac-authentication timer
Guest-vlan vlan-id
Guest-vlan-reauth interval
Configure the maximum number
MAC address authentication Number of MAC address
Max-auth-num user-number
MAC Authentication Configuration Example
Displaying and Maintaining MAC Authentication
Display mac-authentication
Reset mac-authentication statistics
Set the service type to lan-access
# Add a local user Specify the username and password
# Specify to perform local authentication
# Add an ISP domain named aabbcc.net
Table of Contents
IP Addressing Overview
IP Addressing Configuration
IP Address Classes
Net-id
Special Case IP Addresses
Subnetting and Masking
Class Address range Remarks
Configuring IP Addresses
Ip address ip-address mask
Mask-length sub
IP Address Configuration Example
IP Address Configuration Examples
Displaying and Maintaining IP Addressing
Network requirement
4Network diagram for IP address configuration
Page
IP Performance Configuration
Configuring IP Performance
IP Performance Overview
Disabling Sending of Icmp Error Packets
Displaying and Maintaining IP Performance Configuration
Table of Contents
Introduction to Dhcp
Dhcp Overview
Dhcp IP Address Assignment
IP Address Assignment Policy
Obtaining IP Addresses Dynamically
Updating IP Address Lease
Dhcp Packet Format
Protocols and Standards
Introduction to Dhcp Relay Agent
Dhcp Relay Agent Configuration
Usage of Dhcp Relay Agent
Dhcp Relay Agent Fundamentals
Padding content of Option
Dhcp Relay Agent Support for Option
Introduction to Option
Mechanism of Option 82 supported on Dhcp relay agent
2Padding contents for sub-option 1 of Option
Dhcp Relay Agent Configuration Task List
Configuring the Dhcp Relay Agent
Dhcp-server groupNo ip
Ip-address &1-8
Configuring address checking
Configuring Dhcp Relay Agent Security Functions
Dhcp relay hand enable
Address-check enable
Dhcp-security static ip-address
Mac-address
Configuring the Dhcp relay agent to support Option
Configuring the Dhcp Relay Agent to Support Option
Enabling unauthorized Dhcp server detection
Prerequisites
Dhcp Relay Agent Configuration Example
Displaying and Maintaining Dhcp Relay Agent Configuration
Symptom
Troubleshooting Dhcp Relay Agent Configuration
Solution
Analysis
Page
Dhcp Snooping Configuration
Dhcp Snooping Overview
Function of Dhcp Snooping
Overview of Dhcp Snooping Option
Padding content and frame format of Option
2Extended format of the circuit ID sub-option
Mechanism of DHCP-snooping Option
Sub-option configuration Dhcp snooping device will…
Dhcp-snooping information format command or
Dhcp-snooping information format command or the default HEX
Overview of IP Filtering
Configuring Dhcp Snooping
Dhcp Snooping Configuration
DHCP-snooping table
IP static binding table
DHCP-Snooping Option 82 Support Configuration Task List
Configuring Dhcp Snooping to Support Option
Enable DHCP-snooping Option 82 support
Required Specify the current port as a
Configure the storage format of Option
Configure a handling policy for Dhcp packets with Option
Dhcp-snooping information
Strategy drop keep replace
Configure the remote ID sub-option
Configure the circuit ID sub-option
Vlan vlan-id circuit-id string
String
Configure the padding format for Option
Configuring IP Filtering
Remote-id sysname string
Vlan vlan-id remote-id
DHCP-Snooping Option 82 Support Configuration Example
Dhcp Snooping Configuration Example
# Enable Dhcp snooping on Switch
IP Filtering Configuration Example
# Enable DHCP-snooping Option 82 support
# Specify GigabitEthernet 1/0/5 as the trusted port
# Specify GigabitEthernet 1/0/1 as the trusted port
7Network diagram for IP filtering configuration
Display dhcp-snooping
Displaying and Maintaining Dhcp Snooping Configuration
Trust
Display ip source static
Introduction to Bootp Client
DHCP/BOOTP Client Configuration
Configuring a DHCP/BOOTP Client
Follow these steps to configure a DHCP/BOOTP client
Dhcp Client Configuration Example
Ip address bootp-alloc
Dhcp-alloc
Display bootp client interface
Displaying and Maintaining DHCP/BOOTP Client Configuration
Bootp client
Display related information on a
Table of Contents
ACL Configuration
ACL Overview
ACL Matching Order
Depth-first match order for rules of a basic ACL
Ways to Apply an ACL on a Device
Depth-first match order for rules of an advanced ACL
Being applied to the hardware directly
ACL Configuration
Configuring Time Range
Types of ACLs Supported by Devices
Days-of-the-week from start-time start-date to
Time-range time-name start-time to end-time
End-time end-date from start-time start-date to
End-time end-date to end-time end-date
Configuring Basic ACL
Auto config
Rule-string Rule-string , refer to ACL Command
Match-order auto config
Configuring Advanced ACL
Rule-string , refer to ACL Command
Rule rule-id permit deny
Rule-string Refer to ACL Command
Configuring Layer 2 ACL
ACL Assignment
Assigning an ACL Globally
Configure procedure
Assigning an ACL to a Vlan
Packet-filter inbound acl-rule
Assigning an ACL to a Port Group
System-view Packet-filter vlan vlan-id
Inbound acl-rule
Assigning an ACL to a Port
Displaying and Maintaining ACL
Example for Controlling Web Login Users by Source IP
Example for Controlling Telnet Login Users by Source IP
SwitchPC
Examples for Upper-layer Software Referencing ACLs
Basic ACL Configuration Example
Advanced ACL Configuration Example
Examples for Applying ACLs to Hardware
# Apply ACL 3000 on GigabitEthernet 1/0/1
Layer 2 ACL Configuration Example
# Apply ACL 4000 on GigabitEthernet 1/0/1
Example for Applying an ACL to a Vlan
# Apply ACL 3000 to Vlan
Table of Contents
Page
Traditional Packet Forwarding Service
QoS Configuration
Introduction to QoS
New Applications and New Requirements
QoS Supported by Devices
Major Traffic Control Techniques
Traffic Classification
Precedence
IP precedence, ToS precedence, and Dscp precedence
IP Precedence decimal IP Precedence binary Description
Dscp value decimal Dscp value binary Description
802.1p priority
802.1p priority decimal 802.1p priority binary Description
Priority Trust Mode
Trusting the Dscp precedence
Trusting the 802.1p precedence
Dscp precedence Target Dscp precedence
Priority Marking
Protocol Priority
Traffic Policing and Traffic Shaping
Token bucket
Evaluating the traffic with the token bucket
Traffic policing
Traffic shaping
Traffic Redirecting
Vlan Mapping
Queue Scheduling
SP queuing
7Diagram for SP queuing
Sdwrr
QoS Configuration Task List
QoS Configuration
Flow-based Traffic Accounting
Burst
Priority priority-level
Configuring Priority Trust Mode
Priority-trust cos automap
Priority-trust dscp automap
Configuring Priority Mapping
Qos cos-local-precedence-map
Qos cos-drop-precedence-map
Qos dscp-local-precedence-map dscp-list
Qos cos-dscp-map cos0-map-dscp
Qos dscp-drop-precedence-map dscp-list
Qos dscp-cos-map dscp-list cos-value
Page
System-view Protocol-priority
Setting the Priority of Protocol Packets
Protocol-type
Ip-precedence
Traffic-priority inbound acl-rule dscp
Marking Packet Priority
Dscp-value cos cos-value
Traffic-priority vlan vlan-id inbound acl-rule
Required Matching specific ACL rules
Configuring Traffic Policing
Reset traffic-limit vlan vlan-id inbound
Reset traffic-limit inbound acl-rule
Traffic-limit inbound acl-rule target-rate
Conform con-action exceed
View Configure traffic
Configuring Traffic Shaping
By default, traffic policing is Policing
Disabled Clear the traffic
Configuration examples
Configuring Traffic Redirecting
Traffic-shape queue
Traffic-redirect inbound acl-rule interface
Traffic-redirect vlan vlan-id inbound acl-rule
Configuring Queue Scheduling
Configuring Vlan Mapping
Traffic-remark-vlanid inbound
Acl-rule remark-vlan vlan-id
Group2 queue-id queue-weight
Queue-id queue-weight &1-8
Undo queue-scheduler queue-id
Queue-scheduler wrr group1
Collecting/Clearing Traffic Statistics
Reset traffic-statistic inbound
Collect the statistics on Packets matching specific ACL
Traffic-statistic inbound acl-rule
Reset traffic-statistic vlan vlan-id
Reset traffic-statistic inbound acl-rule
Traffic-statistic vlan vlan-id
Follow these steps to enable the burst function
Configuring Traffic Mirroring
Enabling the Burst Function
Refer to Burst for information about the burst function
Mirrored-to inbound acl-rule
Monitor-port
Monitor-interface
Mirrored-to vlan vlan-id
Traffic mirroring configuration
Required Destination port Exit current view
Required Mirroring for packets that
Displaying and Maintaining QoS
Configuration Example of Traffic Policing
QoS Configuration Example
Page
QoS Profile Application Mode
QoS Profile Configuration
Dynamic application mode
Manual application mode
QoS Profile Configuration Task List
QoS Profile Configuration
Configuring a QoS Profile
Applying a QoS Profile
Qos-profile port-based
Displaying and Maintaining QoS Profile
Undo qos-profile port-based
System-view Apply qos-profile
1Network diagram for QoS profile configuration
QoS Profile Configuration Example
# Enable
Table of Contents
Mirroring Overview
Mirroring Configuration
Remote Port Mirroring
Local Port Mirroring
MAC-Based Mirroring
Switch Ports involved Function
VLAN-Based Mirroring
1Ports involved in the mirroring operation
Configuring Local Port Mirroring
Mirroring Configuration
Configuration on the device acting as a source switch
Configuring Remote Port Mirroring
Configuration on the device acting as a destination switch
Remote-probe-vlan-id
Configuring MAC-Based Mirroring
Remote-destination
Monitor-port monitor-port
Configuring VLAN-Based Mirroring
Local remote-source
Mirroring-group group-id Mirroring-mac mac vlan
Local Port Mirroring Configuration Example
Mirroring Configuration Example
Displaying and Maintaining Port Mirroring
Mirroring-group group-id Mirroring-vlan vlan-id
Configure Switch C # Create a local mirroring group
Remote Port Mirroring Configuration Example
# Configure Vlan 10 as the remote-probe Vlan
4Network diagram for remote port mirroring
# Configure Vlan 10 as the remote-probe Vlan
Page
Table of Contents
Introduction to ARP
ARP Configuration
ARP Function
ARP Message Format
Value Description
Field Description
Experimental Ethernet
Proteon ProNET Token Ring
ARP Table
ARP entry Generation Method Maintenance Mode
ARP Process
Chaos
Introduction to ARP Attack Detection
Man-in-the-middle attack
ARP attack detection
Configuring ARP Basic Functions
Configuring ARP
Arp timer aging aging-time
Introduction to Gratuitous ARP
Arp check enable
Configuring ARP Attack Detection
Arp detection enable
Arp detection trust
Configuring Gratuitous ARP
Arp restricted-forwarding
Gratuitous-arp-learning
ARP Basic Configuration Example
ARP Configuration Example
ARP Attack Detection Configuration Example
Displaying and Maintaining ARP
# Enable ARP attack detection on all ports in Vlan
# Enable Dhcp snooping on Switch a
Table of Contents
Snmp Overview
Snmp Configuration
Snmp Operation Mechanism
Snmp Versions
Supported MIBs
MIB attribute MIB content Related RFC
MIB II based on TCP/IP network device RFC
Public MIB
Configuring basic Snmp functions for SNMPv1 or SNMPv2c
Configuring Basic Snmp Functions
Snmp-agent
Snmp-agent sys-info
Configuring basic Snmp functions for SNMPv3
Configuring Basic Trap
Configuring Trap Parameters
Configuring Extended Trap
Snmp Configuration Examples
Snmp Configuration Examples
Enabling Logging for Network Management
Displaying and Maintaining Snmp
2Network diagram for Snmp configuration
Network procedure
Configuring the NMS
Rmon Configuration
Introduction to Rmon
Working Mechanism of Rmon
Commonly Used Rmon Groups
Rmon Configuration
Rmon Configuration Examples
Configuration procedures
Displaying and Maintaining Rmon
# Display the Rmon extended alarm entry numbered
Table of Contents
Information Transmission in the Unicast Mode
Multicast Overview
Multicast Overview
1Information transmission in the unicast mode
Information Transmission in the Broadcast Mode
2Information transmission in the broadcast mode
Information Transmission in the Multicast Mode
Roles in Multicast
3Information transmission in the multicast mode
Advantages and Applications of Multicast
Multicast Models
Advantages of multicast
Application of multicast
ASM model
Multicast Architecture
SFM model
SSM model
IP multicast address
Class D address range Description
Reserved multicast addresses IP addresses for permanent
Ethernet multicast MAC address
Layer 3 multicast protocols
Multicast Protocols
5Positions of Layer 3 multicast protocols
Layer 2 multicast protocols
Implementation of the RPF Mechanism
Multicast Packet Forwarding Mechanism
7RPF check process
RPF Check
Page
Igmp Snooping Overview
Igmp Snooping Configuration
Principle of Igmp Snooping
Basic Concepts in Igmp Snooping
Work Mechanism of Igmp Snooping
Timer Description Message before Action after expiry Expiry
When receiving a general query
When receiving a membership report
When receiving a leave message
Igmp Snooping Configuration
Igmp Snooping Configuration Task List
Complete the following tasks to configure Igmp Snooping
Igmp-snooping enable
Configuring the Version of Igmp Snooping
Enabling Igmp Snooping
Igmp-snooping version
Configuring Timers
Configuring Fast Leave Processing
Enabling fast leave processing in system view
Enable fast leave processing
Configuring a Multicast Group Filter
Required By default, the fast leave For specific VLANs
Enabling fast leave processing in Ethernet port view
Configuring a multicast group filter in Ethernet port view
Configuring a multicast group filter in system view
Igmp -snooping group -policy
Acl-number vlan vlan-list
Configuring Igmp Querier
Igmp-snooping group-limit limit
Vlan vlan list overflow-replace
Suppressing Flooding of Unknown Multicast Traffic in a Vlan
Configuring Static Member Port for a Multicast Group
Ethernet port view
Configuring a Static Router Port
Vlan interface view
Multicast static-group
Vlan view
Configuring a Port as a Simulated Group Member
Igmp host-join group-address
Source-ip source-address
Configuring a Vlan Tag for Query Messages
Configuring Multicast Vlan
Vlan-mapping vlan
Service-type multicast
Igmp enable
Hybrid Port hybrid vlan vlan-id-list
Port trunk permit vlan vlan-list
Igmp Snooping Configuration Examples
Configuring Igmp Snooping
Displaying and Maintaining Igmp Snooping
Configure Switch a # Enable Igmp Snooping globally
3Network diagram for Igmp Snooping configuration
Device Device description Networking description
Interface IP address of Vlan 20 is
GigabitEthernet 1/0/1 is connected to the workstation
# Configure Vlan
4Network diagram for multicast Vlan configuration
Symptom Multicast function does not work on the device
Troubleshooting Igmp Snooping
Common Multicast Configuration
Common Multicast Configuration
Configuring a Multicast MAC Address Entry
Mac-address multicast
Configuring Dropping Unknown Multicast Packets
Displaying and Maintaining Common Multicast Configuration
Unknown-multicast drop
Display mac-address multicast
Table of Contents
NTP Configuration
Introduction to NTP
Applications of NTP
Implementation Principle of NTP
1Implementation principle of NTP
NTP Implementation Modes
Server/client mode
Symmetric peer mode
Broadcast mode
NTP implementation Configuration on the device Mode
Multicast mode
Configuring NTP Implementation Modes
NTP Configuration Task List
Configuring NTP Server/Client Mode
Complete the following tasks to configure NTP
Configuring the NTP Symmetric Peer Mode
Configure the device to work
Configuring NTP Broadcast Mode
Ntp-service broadcast-server
NTP broadcast server
Configuring NTP Multicast Mode
Configuring the device to work in the multicast server mode
Configuring the device to work in the multicast client mode
Configuring NTP Authentication
Configuring Access Control Right
Ntp-service access peer
Server synchronization
Role of device Working mode
Configuring NTP authentication on the client
Configuring NTP authentication on the server
Configure on NTP Broadcast Server
Configuring Optional NTP Parameters
Mode and NTP multicast Broadcast
While Configuring
NTP Configuration Examples
Displaying and Maintaining NTP Configuration
Disabling an Interface from Receiving NTP messages
Max-dynamic-sessions
# Set Device a as the NTP server of Device B
Configuring NTP Symmetric Peer Mode
Configure Device C # Set Device a as the NTP server
# Set Device C as the peer of Device B
8Network diagram for the NTP broadcast mode configuration
# Set Device a as a broadcast client
Configure Device C # Enter system view
9Network diagram for NTP multicast mode configuration
Configuring NTP Server/Client Mode with Authentication
Configure Device B # Enter system view
# Enable the NTP authentication function
# Specify the key 42 as a trusted key
Table of Contents
SSH Overview
SSH Configuration
Introduction to SSH
Algorithm and Key
Asymmetric Key Algorithm
SSH Operating Process
Stages Description
Authentication negotiation
Version negotiation
Key negotiation
Configuring the SSH Server
Session request
Data exchange
Configuring the Protocol Support for the User Interface
SSH Server Configuration Tasks
Authentication-mode scheme
Command-authorization
Generating/Destroying a RSA or DSA Key Pair
Exporting the RSA or DSA Public Key
Creating an SSH User and Specify an Authentication Type
Configuring SSH Management
Specifying a Service Type for an SSH User
Ssh user username service-type
Stelnet sftp all
Configuring the Client Public Key on the Server
Public-key-code end
Peer-public-key end
Rsa peer-public-key keyname
Specifying a Source IP Address/Interface for the SSH Server
Assigning a Public Key to an SSH User
Ssh user username assign
Publickey rsa-key keyname
Configuring the SSH Client
SSH Client Configuration Tasks
Configuring the SSH Client Using an SSH Client Software
2Generate a client key
Generate a client key
4Generate the client keys
Launch PuTTY.exe. The following window appears
Specify the IP address of the Server
Select a protocol for remote connection
Select an SSH version
As shown in -7, select SSH under Protocol
8SSH client configuration interface
Open an SSH connection with publickey authentication
10SSH client interface
Configuring the SSH Client on an SSH2-Capable Device
Open an SSH connection with password authentication
Configure whether first-time authentication is supported
Establish the connection between the SSH client and server
Specifying a Source IP address/Interface for the SSH client
Displaying and Maintaining SSH Configuration
Ssh2 source-ip ip-address
Ssh2 source-interface
SSH Configuration Examples
# Enable the user interfaces to support SSH
# Generate RSA and DSA key pairs
Page
14SSH client interface
# Assign the public key Switch001 to client client001
# Set the client’s command privilege level to
Page
18Generate a client key pair
Page
22SSH client interface
Device system-view Device interface vlan-interface
# Establish a connection to the server
# Set the user command privilege level to
# Assign the public key Switch001 to user client001
# Generate a DSA key pair
25Network diagram of SSH client configuration
# Set AAA authentication on user interfaces
# Configure the user interfaces to support SSH
# Assign public key Switch001 to user client001
# Establish the SSH connection to server
# Specify the host public key pair name of the server
Table of Contents
File System Configuration
File System Management Configuration
File System Configuration Tasks
Introduction to File System
File Operations
Flash Memory Operations
Prompt Mode Configuration
Execute filename
Format device
File prompt alert quiet
File System Configuration Example
File Attribute Configuration
Attribute Description Feature Identifier
Introduction to File Attributes
Configuring File Attributes
Table of Contents
Introduction to FTP and Sftp
FTP and Sftp Configuration
Introduction to FTP
Description Remarks
FTP Configuration The Device Operating as an FTP Server
FTP Configuration
Service-type ftp
Introduction to Sftp
Configuring connection idle time
Ftp timeout minutes
Enabling an FTP server
Ftp-server source-interface
Disconnecting a specified user
Ftp-server source-ip ip-address
Ftp disconnect user-name
Configuring the banner for an FTP server
FTP Configuration The Device Operating as an FTP Client
Basic configurations on an FTP client
Displaying FTP server information
Lcd
Cdup
Disconnect
Close
Configuration Example The Device Operating as an FTP Server
# Upload the config.cfg file. ftp put config.cfg
FTP Banner Display Configuration Example
4Network diagram for FTP banner display configuration
# Enter the authorized directory on the FTP server
Sftp Configuration The Device Operating as an Sftp Server
Sftp Configuration
Complete the following tasks to configure Sftp
Follow these steps to enable an Sftp server
Basic configurations on an Sftp client
Sftp Configuration The Device Operating as an Sftp Client
Ftp timeout time-out-value
Time for the Sftp server Minutes by default
Sftp host-ip host-name
Help all command-name
Delete remotefile
Remove remote-file
Sftp source-interface
Sftp Configuration Example
Sftp source-ip ip-address
Display sftp source-ip
# Specify the service type as Sftp
# Specify the SSH authentication mode as AAA
# Enable the Sftp server
# Create a local user client001
Sftp-client
# Exit Sftp
Tftp Configuration
Tftp Configuration
Complete the following tasks to configure Tftp
Introduction to Tftp
Basic configurations on a Tftp client
Tftp Configuration The Device Operating as a Tftp Client
Tftp ascii binary
Tftp-server acl acl-number
Tftp source-interface
Tftp Configuration Example
Tftp source-ip ip-address
Display tftp source-ip
Device tftp 1.1.1.2 get config.cfg config.cfg
Table of Contents
Information Center Overview
Information Center
Introduction to Information Center
Classification of system information
Ten channels and six output directions of system information
Module name Description
Outputting system information by source module
System Information Format
Priority
Timestamp
Sysname
Introduction to the Information Center Configuration Tasks
Information Center Configuration
Set for the system
Configuring Synchronous Information Output
Setting to output system information to the console
Setting to Output System Information to the Console
Terminal monitor
Enabling system information display on the console
Terminal debugging
Terminal logging
Setting to output system information to a monitor terminal
Setting to Output System Information to a Monitor Terminal
Enabling system information display on a monitor terminal
Info-center monitor channel
Setting to Output System Information to a Log Host
Info-center loghost
Info-center loghost source
Setting to Output System Information to the Log Buffer
Setting to Output System Information to the Trap Buffer
Info-center trapbuffer
Info-center source
Setting to Output System Information to the Snmp NMS
Info-center logbuffer
Info-center snmp channel
Information Center Configuration Examples
Displaying and Maintaining Information Center
Log Output to a Unix Log Host
# mkdir /var/log/Switch # touch /var/log/Switch/information
Log Output to a Linux Log Host
2Network diagram for log output to a Linux log host
Log Output to the Console
3Network diagram for log output to the console
4Network diagram
# Enable terminal display
Table of Contents
Remote Loading Using FTP
Host Configuration File Loading
Loading procedure using FTP client
Introduction to Loading Approaches
Restart Switch
Loading procedure using FTP server
2Remote loading using FTP server
Use the put command to upload the file config.cfg to Switch
Remote Loading Using Tftp
Basic System Configuration
Basic System Configuration and Debugging
Debugging the System
Displaying the System Status
Enabling/Disabling System Debugging
Display clock
Displaying Operating Information about Modules in System
Displaying Debugging Status
Network Connectivity Test
Network Connectivity Test
Ping
Tracert
Device Management Configuration Tasks
Device Management Configuration
Rebooting the Device
Device Management
Schedule reboot at hhmm
Scheduling a Reboot on the Device
Schedule reboot delay
Schedule reboot regularity
Identifying and Diagnosing Pluggable Transceivers
Introduction to pluggable transceivers
Identifying pluggable transceivers
Diagnosing pluggable transceivers
Table of Contents
VLAN-VPN Configuration
VLAN-VPN Overview
Introduction to VLAN-VPN
Implementation of VLAN-VPN
Adjusting the Tpid Values of VLAN-VPN Packets
VLAN-VPN Configuration
Enabling the VLAN-VPN Feature for a Port
Protocol type Value
Vlan-vpn uplink enable
Tpid Adjusting Configuration
Displaying and Maintaining VLAN-VPN
Vlan-vpn tpid value
4Network diagram for VLAN-VPN configuration
VLAN-VPN Configuration Example
Data transfer process
SwitchA vlan-vpn tpid
Page
Selective QinQ Configuration
Selective QinQ Overview
Selective QinQ Overview
Enabling the Selective QinQ Feature for a Port
Selective QinQ Configuration
Inner-to-Outer Tag Priority Mapping
Vlan-vpn vid vlan-id
Configuring the Inner-to-Outer Tag Priority Mapping Feature
Selective QinQ Configuration Example
Processing Private Network Packets by Their Types
Vlan-vpn priority
# Enable the VLAN-VPN feature on GigabitEthernet 1/0/3
2Network diagram for selective QinQ configuration
SwitchA-GigabitEthernet1/0/3 vlan-vpn enable
Page
Table of Contents
HWPing Configuration
HWPing Overview
Introduction to HWPing
HWPing Test Parameters
Test Types Supported by HWPing
Supported test types Description
Test parameter Description
Username and password
Dns
Dns-server
HWPing Configuration
Configuration on a HWPing Server
HWPing server configuration tasks
HWPing Client Configuration
HWPing server configuration
HWPing client configuration
Test-enable
Timeout time
Count times
Datasize size
Test-type dhcp
Source-port port-number
Test-type ftp
Ftp-operation get put
Password password
Username name
Filename file-name
Dns-server ip-address
Destination-ip command to
Test-type http
Http-operation get post
Test-type jitter
Destination-port
Jitter-packetnum number
Jitter-interval interval
Test-type snmpquery
Server for listening services
Configure the destination Configured on the HWPing
Operation- tag
This IP address and the one
Tcpconnect ip-address7
Hwping-server
Test-type tcpprivate
Tcppublic
Udppublic
Test-type udpprivate
Time Three seconds Optional Configure the service type
Address is specified
Test-type dns
Configuring HWPing client to send Trap messages
Administrator-name operation-tag
HWPing Configuration Example
Displaying and Maintaining HWPing
Icmp Test
# Display test results
Dhcp Test
# Configure the test type as dhcp
FTP Test
# Configure the source IP address
# Set the probe timeout time to 30 seconds
# Configure the test type as http
# Configure the IP address of the Http server as
Http Test
Jitter Test
Configure HWPing Client Switch a # Enable the HWPing client
Network diagram
# Configure the test type as jitter
# Configure the IP address of the HWPing server as
Snmp Test
# Configure the test type as snmp
7Network diagram for the Snmp test
TCP Test Tcpprivate Test on the Specified Ports
8Network diagram for the Tcpprivate test
# Configure the test type as tcpprivate
UDP Test Udpprivate Test on the Specified Ports
# Configure the test type as udpprivate
DNS Test
# Configure the IP address of the DNS server as
# Configure the test type as dns
Index
Table of Contents
Static Domain Name Resolution
DNS Configuration
Dynamic Domain Name Resolution
Resolution procedure
Configuring Domain Name Resolution
Configuring Static Domain Name Resolution
DNS suffixes
DNS Configuration Example
Configuring Dynamic Domain Name Resolution
Static Domain Name Resolution Configuration Example
2Network diagram for static DNS configuration
Dynamic Domain Name Resolution Configuration Example
# Configure com as the DNS suffix
# Configure the IP address 2.1.1.2 for the DNS server
Displaying and Maintaining DNS
Troubleshooting DNS Configuration
Table of Contents
Smart Link Overview
Smart Link Configuration
Basic Concepts in Smart Link
Smart Link group
Slave port
Master port
Flush message
Control Vlan for sending flush messages
Configuring Smart Link
Complete the following tasks to configure Smart Link
Operating Mechanism of Smart Link
Configuring a Smart Link Device
Precautions
Configuring Associated Devices
Flush enable control-vlan
Smart-link flush enable control-vlan vlan-id port
Smart Link Configuration Example
Implementing Link Redundancy Backup
Displaying and Maintaining Smart Link
# Return to system view
# Configure to send flush messages within Vlan
SwitchD system-view
Introduction to Monitor Link
Monitor Link Configuration
How Monitor Link Works
2Network diagram for a Monitor Link group implementation
Configuring Monitor Link
Configuring the Uplink Port
Creating a Monitor Link Group
Configuring a Downlink Port
Uplink
Port monitor-link group
Displaying and Maintaining Monitor Link
Monitor Link Configuration Example
# Create Smart Link group 1 and enter Smart Link group view
# Configure to send flush messages in Vlan
SwitchC monitor-link group
Table of Contents
PoE Overview
PoE Configuration
Introduction to PoE
Advantages of PoE
PoE Features Supported by the Device
PoE Configuration
PoE Configuration Task List
Maximum Power Provided by Each Electrical Port
Setting the Maximum Output Power on a Port
Enabling the PoE Feature on a Port
Poe enable
Poe max-power max-power
Setting the PoE Mode on a Port
Setting PoE Management Mode and PoE Priority of a Port
Poe power-management
Poe priority critical high
Poe legacy enable
Configuring the PD Compatibility Detection Function
Poe update refresh
Upgrading the PSE Processing Software Online
Displaying and Maintaining PoE Configuration
PoE Configuration Example
PoE Configuration Example
Networking requirements
# Upgrade the PSE processing software online
1Network diagram for PoE
PoE Profile Configuration
PoE Profile Configuration
Configuring PoE Profile
Introduction to PoE Profile
PoE Profile to Port
Displaying and Maintaining PoE Profile Configuration
Display poe-profile
All-profile interface
PoE Profile Configuration Example
PoE Profile Application Example
# Create Profile1, and enter PoE profile view
# Display detailed configuration information for Profile1
# Display detailed configuration information for Profile2
# Create Profile2, and enter PoE profile view
Table of Contents
Page
Introduction to IP Route and Routing Table
IP Routing Protocol Overview
IP Route
Routing Table
Page
Static Routing and Dynamic Routing
Routing Protocol Overview
Classification of Dynamic Routing Protocols
Routing Protocols and Routing Priority
Route backup
Load Sharing and Route Backup
Routing Information Sharing
Load sharing
Displaying and Maintaining a Routing Table
Static Route Configuration
Introduction to Static Route
Static Route
Static Route Configuration
Default Route
Configuring a Static Route
Displaying and Maintaining Static Routes
Static Route Configuration Example
# Approach 2 Configure a static route on Switch a
Troubleshooting a Static Route
# Approach 1 Configure static routes on Switch B
# Approach 2 Configure a static route on Switch B
RIP Overview
RIP Configuration
Basic Concepts
RIP routing database
RIP timers
RIP Startup and Operation
Routing loops prevention
Basic RIP Configuration
RIP Configuration Task List
Configuring Basic RIP Functions
Rip
Setting the RIP operating status on an interface
RIP Route Control
Specifying the RIP version on an interface
Setting the additional routing metrics of an interface
Configuring RIP Route Control
Configuring RIP route summarization
Rip metricin value
Disabling the router from receiving host routes
Configuring RIP to filter incoming/outgoing routes
Setting RIP preference
RIP Network Adjustment and Optimization
Configuring RIP timers
Configuration Tasks
Configuring split horizon
Configuring RIP-1 packet zero field check
Configuring RIP to unicast RIP packets
Setting RIP-2 packet authentication mode
Rip authentication-mode
Simple password md5
RIP Configuration Example
Displaying and Maintaining RIP Configuration
Failed to Receive RIP Updates
Troubleshooting RIP Configuration
Configure Switch B # Configure RIP
Configure Switch C # Configure RIP
IP Route Policy Overview
IP Route Policy Configuration
Introduction to IP Route Policy
Filters
Route Policy Configuration
IP Route Policy Configuration Task List
For ACL configuration, refer to the part discussing ACL
Route policy
Defining if-match Clauses and apply Clauses
Defining a Route Policy
Displaying and Maintaining IP Route Policy
IP Route Policy Configuration Example
If-match ip next-hop acl
Apply cost value
Configuration considerations
SwitchC-acl-basic-2000 quit SwitchC acl number
Configuration verification
Precautions
Troubleshooting IP Route Policy
Table of Contents
UDP Helper Configuration
Introduction to UDP Helper
Protocol UDP port number
Configuring UDP Helper
# Enable UDP Helper on Switch a
UDP Helper Configuration Example
Displaying and Maintaining UDP Helper
Cross-Network Computer Search Through UDP Helper
Table of Contents
Appendix a Acronyms
Non Broadcast MultiAccess
Medium Access Control
Protocol Independent Multicast-Dense Mode
Protocol Independent Multicast-Sparse Mode
