Introduction to AAA Services, Accounting | 3Com WX3000 specification

Local authorization: Users are authorized according to the related attributes configured for their local accounts on this device.

RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS protocol, authentication and authorization are combined together, and authorization cannot be performed alone without authentication.

HWTACACS authorization: Users are authorized by a TACACS server.

Accounting

AAA supports the following accounting methods:

None accounting: No accounting is performed for users.

Remote accounting: User accounting is performed on a remote RADIUS or TACACS server.

Introduction to ISP Domain

An Internet service provider (ISP) domain is a group of users who belong to the same ISP. For a user name in the format of userid@isp-name or userid.isp-name, the isp-name following the "@" or “.” character is the ISP domain name. The access device uses userid as the user name for authentication, and isp-name as the domain name.

In a multi-ISP environment, the users connected to the same access device may belong to different domains. Since the users of different ISPs may have different attributes (such as different forms of user name and password, different service types/access rights), it is necessary to distinguish the users by setting ISP domains.

You can configure a set of ISP domain attributes (including AAA policy, RADIUS scheme, and so on) for each ISP domain independently in ISP domain view.

Introduction to AAA Services

Introduction to RADIUS

AAAis a management framework. It can be implemented by not only one protocol. But in practice, the most commonly used service for AAA is RADIUS.

What is RADIUS

RADIUS (remote authentication dial-in user service) is a distributed service based on client/server structure. It can prevent unauthorized access to your network and is commonly used in network environments where both high security and remote user access service are required.

The RADIUS service involves three components:

Protocol: Based on the UDP/IP layer, RFC 2865 and 2866 define the message format and message transfer mechanism of RADIUS, and define 1812 as the authentication port and 1813 as the accounting port.

Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains user authentication information and network service access information.

Client: RADIUS Client runs on network access servers throughout the network.

RADIUS operates in the client/server model.

zA device acting as a RADIUS client passes user information to a specified RADIUS server, and takes appropriate action (such as establishing/terminating user connection) depending on the responses returned from the server.

1-2

Page 252

Image 252

3Com WX3000 Introduction to AAA Services, Accounting, Introduction to ISP Domain, Introduction to Radius, What is Radius

Contents

3Com WX3000 Series Unified Switches Switching Engine Manual Version 6W100 Environmental Statement Part Contents About This ManualOrganization Conventions Convention Description BoldfaceItalic Related Documentation Convention DescriptionCreate Folder Manual Description Obtaining Documentation Table of Contents CLI Configuration Command HierarchyIntroduction to the CLI Switching User Levels Setting a user level switching passwordSwitching to a specific user level Setting the Level of a Command in a Specific View Configuration exampleSetting the level of a command in a specific view CLI Views Display Execute OperationQuit Quit or return Gigabitethernet command Vlan-interface commandRegion-configuration Peer-public-key command Public-key-c Ode endPublic-key-code begin Execute the radius scheme CLI Features Vlan-vpn enableExecute Command should be first Online Help Command History Terminal DisplayPartial online help Press Ctrl+C Error Prompts Command Edit Press… To… Tab Table of Contents Page Logging In to the Switching Engine Logging In to the Switching EngineIntroduction to the User Interface Supported User Interfaces Common User Interface Configuration User Interface Index Display users all Display user-interfaceType number number Display web users Logging In to the Switching Engine Through OAP Press Enter to enter user view of the switching engineLogging In Through OAP OAP Overview Configure the management IP Not configured by defaultOap management-ip Address of an OAP module Resetting the OAP Software System Reset the OAP softwareOap reboot slot Common Configuration Configuration DescriptionLogging In Through Telnet Introduction Telnet Configurations for Different Authentication Modes Authentication Telnet configuration Description Mode Telnet Configuration with Authentication Mode Being None Configuration Procedure Configuration Example Configuration procedureNetwork requirements Password Set authentication Password cipherAuto-execute command User privilege level level Set the history command buffer Default history commandCommand buffer can store up to Commands by default Telnet Configuration with Authentication Mode Being Scheme Scheme command AuthorizationHistory-command max-size Protocol inbound all ssh Service-type User privilege level level command is Level levelPrivilege # Create a local user named guest and enter local user view Telnetting to the Switching Engine Telnetting to the Switching Engine from a Terminal Deviceoap connect slot Connected to OAP Page Device telnet Vlan interface of the switching engine is assigned an IP User name and password for logging in to the Web-basedNetwork management system are configured Logging In from the Web-Based Network Management System Setting Up a Web Configuration Environment Configuring the Login Banner 3The login page of the Web-based network management system Header login text By default, no login banner isThrough Web Configured Follow these steps to enable/disable the WEB server Enable the Web serverEnabling/Disabling the WEB Server Ip http shutdown Connection Establishment Using NMS Logging In from NMSRelated information Configuring Source IP Address for Telnet Service Packets Configuring Source IP Address for Telnet Service PacketsConfiguration in user view Configuration in system view Displaying Source IP Address Configuration Interface-number Login mode Control method Implementation Reference User ControlControlling Telnet Users Prerequisites Match-order config auto Acl number acl-numberRule rule-id deny permit Acl acl-number inbound Controlling Telnet Users by Source MAC Addresses Rule rule-id denyPermit rule-string Controlling Network Management Users by Source IP Addresses Controlling Network Management Users by Source IP Addresses 2Network diagram for controlling Snmp users using ACLs Controlling Web Users by Source IP Address Disconnecting a Web User by Force Controlling Web Users by Source IP AddressesIp http acl acl-number Free web-users all user-id Device ip http acl Table of Contents Configuration File Management Introduction to Configuration FileTypes of configuration Format of configuration file Management of Configuration File Saving the Current ConfigurationStartup with the configuration file Modes in saving the configuration Erasing the Startup Configuration File Three attributes of the configuration file Specifying a Configuration File for Next Startup Assign main attribute to the startup configuration fileAssign backup attribute to the startup configuration file Startup saved-configuration Displaying and Maintaining Device Configuration Table of Contents Vlan Overview Vlan OverviewIntroduction to Vlan Advantages of VLANs How Vlan WorksVlan tag MAC address learning mechanism of VLANs 2Encapsulation format of traditional Ethernet frames Port-Based Vlan Vlan InterfaceVlan Classification Protocol-Based Vlan Introduction to Protocol-Based VlanEncapsulation Format of Ethernet Data Ethernet II and 802.2/802.3 encapsulation Extended encapsulation formats of 802.2/802.3 packets 6802.3 raw encapsulation format Procedure for the Switch to Judge Packet Protocol Encapsulation FormatsImplementation of Protocol-Based Vlan Encapsulation Ethernet 802.3 raw 802.2 LLC Snap ProtocolPage Vlan Configuration Vlan ConfigurationConfiguration Task List Basic Vlan Configuration Basic Vlan Interface Configuration Configuration prerequisitesDisplaying and Maintaining Vlan Configuring a Port-Based Vlan Configuring a Port-Based VlanProtocol-Based Vlan Configuration Example Port interface-list # Configure GigabitEthernet 1/0/10 of Switch B # Create Vlan 201, and add GigabitEthernet 1/0/2 to Vlan# Create Vlan 201, and add GigabitEthernet 1/0/12 to Vlan Configuring a Protocol-Based Vlan Configuring a Protocol Template for a Protocol-Based Vlan Associating a Port with a Protocol-Based Vlan Interface interface-type Interface-numberPort hybrid protocol-vlan Vlan vlan-id protocol-index Displaying and Maintaining Protocol-Based Vlan Display vlan vlan-id to vlan-id allDynamic static Display protocol-vlan vlan vlan id Vlan Protocol-Type Table of Contents Auto Detect Configuration Introduction to the Auto Detect Function Auto Detect Configuration Auto Detect Basic Configuration Auto Detect Implementation in Vlan Interface Backup Auto Detect Implementation in Static RoutingIp route-static ip-address mask Preference-value reject blackhole Auto Detect Configuration Examples Vlan -idStandby detect-group # Configure a static route to Switch a Is reachable# Create auto detected group Table of Contents Voice Vlan Configuration Voice Vlan OverviewHow an IP Phone Works 1Network diagram for IP phones Agent Configuring Operation Mode for Voice Vlan How the Device Identifies Voice TrafficNumber OUI address Vendor Processing mode of tagged packets sent by IP voice devices Support for Voice Vlan on Various Ports Security Mode of Voice Vlan Port type Supported or not Traffic type ModePort voice Voice Voice Vlan Configuration Configuration PrerequisitesConfiguring a Voice Vlan to Operate in Automatic Mode Configuring a Voice Vlan to Operate in Manual Mode EnableUndo voice vlan mode Voice vlan security Port trunk permit vlan Port hybrid vlan vlan-idTagged untagged Port trunk pvid vlan Voice Vlan Configuration Example Voice Vlan Configuration Example Automatic ModeDisplaying and Maintaining Voice Vlan Voice Vlan Configuration Example Manual Mode # Enable the voice Vlan function globally# Configure GigabitEthernet 1/0/1 as a hybrid port # Enable the voice Vlan function on GigabitEthernet 1/0/1 # Create Vlan 2 and configure it as a voice Vlan # Configure GigabitEthernet 1/0/1 to operate in manual modeVerification # Display the status of the current voice Vlan Table of Contents Gvrp Configuration Garp messages and timersIntroduction to Gvrp Operating mechanism of Garp Garp message formatGarp packets are in the following format 1Format of Garp packets Field Description Value Gvrp Configuration Protocol SpecificationsConfiguration Prerequisite Enabling Gvrp Configuring Gvrp Timers Garp timer leaveallGarp timer hold join Gvrp Configuring Gvrp Port Registration Mode Displaying and Maintaining Gvrp Gvrp Configuration Example Gvrp Configuration ExampleConfigure Switch a # Enable Gvrp globally # Enable Gvrp on GigabitEthernet 1/0/1 # Enable Gvrp on GigabitEthernet 1/0/3 SwitchE-GigabitEthernet1/0/1 gvrp registration fixed Table of Contents Basic Port Configuration Ethernet Port OverviewTypes and Numbers of Ethernet Ports Combo Ports Mapping Relations Configuring the Default Vlan ID for an Ethernet Port Link Types of Ethernet Ports Configuring Ethernet Ports Making Basic Port ConfigurationAdding an Ethernet Port to Specified VLANs Vlan tag Configuring Port Auto-Negotiation Speed Setting the Ethernet Port Broadcast Suppression Ratio Enabling Flow Control on a PortSpeed auto 10 100 Broadcast-suppression Configuring Access Port Attribute Configuring Hybrid Port AttributeConfiguring Trunk Port Attribute Configuration tasks Disabling Up/Down Log Output on a Port Copying Port Configuration to Other Ports Configuring a Port GroupSystem-view Copy configuration source interface-type Aggregation-group destination-agg-id Setting Loopback Detection for an Ethernet Port Configuring the Ethernet Port to Run Loopback Test Configure the Ethernet port to runLoopback-detection per-vlan Loopback detection only on VLANs for the trunk and hybrid Enabling the System to Test Connected Cable Virtual-cable-testFlow-interval interval Ethernet Port Configuration Example Displaying and Maintaining Ethernet Ports Troubleshooting Ethernet Port Configuration # Configure the default Vlan ID of GigabitEthernet 1/0/1 as Table of Contents Link Aggregation Configuration Introduction to Link AggregationIntroduction to Lacp Operation Key Manual Aggregation GroupIntroduction to manual aggregation group Port status in manual aggregation group Static Lacp Aggregation Group Introduction to static Lacp aggregationPort status of static aggregation group Configuring system priority Dynamic Lacp Aggregation GroupIntroduction to dynamic Lacp aggregation group Port status of dynamic aggregation group Configuring port priority Aggregation Group Categories Link Aggregation Configuration Configuring a Manual Aggregation Group Configuring a Static Lacp Aggregation Group Description agg-namePort link-aggregation group Agg-id Configuring a Dynamic Lacp Aggregation Group Lacp system -prioritySystem-priority Link Aggregation Configuration Example Displaying and Maintaining Link Aggregation Switch a Link aggregation Switch B Page Table of Contents Port Isolation Configuration Port Isolation ConfigurationPort Isolation Overview Introduction to Port Isolation Port Isolation Configuration Example Displaying and Maintaining Port Isolation Device-GigabitEthernet1/0/4 quit device Table of Contents Port Security Configuration Port Security FeaturesPort Security Overview Introduction Security mode Description Feature This modePort Security Modes Neither Security mode Description Feature Port Security Configuration Complete the following tasks to configure port securityFollow these steps to enable port security Enabling Port Security Setting the Port Security Mode Port-security oui OUI-value UserLoginWithOUI mode, aPort-security max-mac-count Count-value Configuring Port Security Features Configuring the NTK feature Configuring intrusion protection Configuring the Trap feature Configuring Security MAC Addresses Displaying and Maintaining Port Security Configuration Port Security Configuration Example HostSwitch # Enable port security# Set the port security mode to autolearn # Enter GigabitEthernet 1/0/1 port view Port Binding Configuration Displaying and Maintaining Port Binding ConfigurationConfiguring Port Binding Port Binding Overview Port Binding Configuration Example Configure switch a as follows # Enter system view Table of Contents Dldp Configuration Dldp Overview Dldp Fundamentals Dldp statusStatus Description Dldp timers Dldp works with the following timers 2DLDP timersTimer Description Interval of sending advertisement packets, which can be Dldp operating mode Enhanced timer then sends one probe packets every oneMode During neighbor Entry aging Timer expire Packet type Processing procedure No Echo packet received from Processing procedure Neighbor4Types of packets sent by Dldp Dldp status Packet types Dldp Configuration Precautions During Dldp ConfigurationDldp Configuration Tasks Dldp neighbor state Resetting Dldp Status Reset the Dldp status of a port Dldp reset This command only applies to the ports in Dldp down statusDldp Network Example # Enable Dldp globally # Configure Dldp to work in enhanced mode# Set the interval of sending Dldp packets to 15 seconds # Display the Dldp status Table of Contents MAC Address Table Management Introduction to MAC Address TableIntroduction to MAC Address Learning 1MAC address learning diagram Managing MAC Address Table Aging of MAC address table Configuring MAC Address Table Management Entries in a MAC address table Configuring a MAC Address Entry Adding a MAC address entry in system viewAdding a MAC address entry in Ethernet port view System-view Mac-address static dynamic Setting the Aging Time of MAC Address Entries Mac-address timer agingAge no-aging Disabling MAC Address learning for a Vlan Mac-addressMax-mac-count count Max-mac-count Configuration Example Displaying and Maintaining MAC Address TableAdding a Static MAC Address Entry Manually Display mac-address Table of Contents Page Mstp Configuration STP OverviewSTP Overview Classification Designated bridge Designated port All the ports on the root bridge are designated ports How STP works Step Description Step Description Device Port name Bpdu of port 5Comparison process and result on each device Device Comparison process Bpdu of port after Device Comparison process Bpdu of port after 3The final calculated spanning tree Features of Mstp Mstp OverviewBackground of Mstp Disadvantages of STP and Rstp Basic Mstp Terminologies MST region Vlan mapping table Region rootCommon root bridge Port role Port state MSTP, a port can be in one of the following three states Principle of Mstp Calculate the CistCalculate an Msti Implement STP algorithm Mstp Implementation on the Device Configuring Root Bridge Complete the following tasks to configure a root bridgeSTP-related Standards Bpdu guard Loop guard TC-BPDU attack guard Bpdu packet drop Configuring an MST Region # Verify the above configuration Centi-seconds Stp instance instance-id root secondary Configuring the Bridge Priority of the Current Device Required Default bridge priority of a Current deviceSet the bridge priority for Stp instance instance-id Stp interface interface-type Interface-number complianceAuto dot1s legacy Configuring the Mstp Operation Mode Stp mode stp rstp mstpStp compliance auto dot1s Legacy Configuring the Maximum Hop Count of an MST Region Configuring the Network Diameter of the Switched NetworkStp max-hops hops Configuring the Mstp Time-related Parameters Stp timer forward-delayStp timer hello Stp timer max-age Configuring the Timeout Time Factor Stp interface interface-list Transmit-limit packetnumStp transmit-limit packetnum Configuring the Current Port as an Edge Port Configure a port as an edge port in system viewConfigure a port as an edge port in Ethernet port view Edged-port enable Point-to-point force-true Force-false auto Stp enable DisableEnabling Mstp Stp point-to-point force-true Configuring Leaf Nodes Stp disableTask Remarks Configuring the MST Region Configuring a Port as an Edge Port Configuring the Path Cost for a Port Standards for calculating path costs of portsStp pathcost-standard Dot1d-1998 dot1t legacy Configure the path cost for specific ports Configuration example aConfiguration example B Configuring Port Priority Configure port priority in system viewConfigure port priority in Ethernet port view Instance instance-id port Performing mCheck Operation Perform the mCheck operation in system viewPerform the mCheck operation in Ethernet port view Stp interface interface-list mcheck Configuring Guard Functions Bpdu guardRoot guard Stp mcheck Loop guard TC-BPDU attack guardBpdu dropping Configuring Bpdu Guard Configuring Root GuardRoot-protection Stp root-protection Configuring Loop Guard Configuring TC-BPDU Attack GuardStp loop-protection Stp tc-protection Configuring Digest Snooping Configuring Bpdu DroppingInterface interface-name Bpdu-drop any Configuring Digest Snooping Stp config-digest-snooping Configuring Rapid Transition 6The Rstp rapid transition mechanism Configuring Rapid Transition No-agreement-checkStp no-agreement-check Configuring VLAN-VPN Tunnel Configuring VLAN-VPN tunnelVlan-vpn tunnel STP Maintenance Configuration Enabling Log/Trap Output for Ports of Mstp InstanceStp instance instance id Portlog Enabling Trap Messages Conforming to 802.1d Standard Displaying and Maintaining Mstp Mstp Configuration Example Configure Switch a # Enter MST region view# Activate the settings of the MST region manually Configure Switch B # Enter MST region view Configure Switch C # Enter MST region view# Configure the MST region Configure Switch D # Enter MST region view VLAN-VPN tunnel Configuration Example Configure Switch a # Enable MstpConfigure Switch B # Enable Mstp Configure Switch C # Enable Mstp # Enable the VLAN-VPN tunnel function # Configure GigabitEthernet 1/0/2 as a trunk portConfigure Switch D # Enable Mstp # Configure GigabitEthernet 1/0/1 as a trunk port Table of Contents 802.1x Configuration Architecture of 802.1x AuthenticationIntroduction to Port access entity Port access control methodControlled port and uncontrolled port Valid direction of a controlled port Mechanism of an 802.1x Authentication System Encapsulation of EAPoL MessagesFormat of an EAPoL packet Format of an EAP packet 802.1x Authentication Procedure Fields added for EAP authenticationEAP relay mode Describes the basic EAP-MD5 authentication procedure EAP terminating mode Timers Used 9802.1x authentication procedure in EAP terminating mode Additional 802.1x Features Implemented Checking the supplicant system Checking the client version Guest Vlan function Introduction to 802.1x Configuration Enabling 802.1x re-authentication Basic 802.1x Configuration Configuring Basic 802.1x FunctionsDot1x Dot1x authentication-method chap Dot1x handshake enableDot1x interface interface-list Dot1x port-control authorized-force Timer and Maximum User Number Configuration Dot1x max-user user-numberDot1x retry max-retry-value Advanced 802.1x Configuration Configuring Proxy Checking Configuring Client Version Checking Enabling DHCP-triggered Authentication Configuring Guest VlanDot1x dhcp-launch Dot1x port-method portbased Configuring 802.1x Re-Authentication Configuring the 802.1x Re-Authentication TimerDot1x re-authenticate 802.1x Configuration Example Displaying and Maintaining # Enable 802.1x globally # Enable 802.1x on GigabitEthernet 1/0/1 port # Set the default user domain to be aabbcc.net # Create a local access user account# Create the domain named aabbcc.net and enter its view Quick EAD Deployment Configuration Configuring Quick EAD DeploymentIntroduction to Quick EAD Deployment Quick EAD Deployment Overview Configuring a free IP range Setting the ACL timeout periodDot1x url url-string Dot1x free-ip ip-address Quick EAD Deployment Configuration Example Displaying and Maintaining Quick EAD DeploymentPeriod is 30 minutes Troubleshooting Solution System-Guard Configuration Configuring the System-Guard FeatureConfiguring the System-Guard Feature System-Guard Overview Displaying and Maintaining System-Guard Table of Contents Page Authentication AuthorizationAAA Overview Introduction to AAA Introduction to AAA Services What is RadiusAccounting Introduction to ISP Domain Basic message exchange procedure in Radius 1Databases in a Radius server Radius message format Code Message type Message descriptionDirection client-server Client transmits this message to the server to determine if Type field value Attribute type What is Hwtacacs Introduction to Hwtacacs Basic message exchange procedure in Hwtacacs 5Network diagram for a typical Hwtacacs application 6AAA implementation procedure for a telnet user Page AAA Configuration AAA Configuration Task ListConfiguration Introduction Creating an ISP Domain and Configuring Its Attributes Configuring an AAA Scheme for an ISP Domain Configuring a combined AAA schemeMessenger time enable limit Self-service-url disable Configuring separate AAA schemes Domain isp-nameRadius-scheme-name local Hwtacacs-scheme Configuring Dynamic Vlan Assignment Local local none Authorization noneAccounting none Configuring the Attributes of a Local User Domain isp-nameVlan-assignment-mode Integer string Password-display-mode Service-type ftp lan-accessAuthorization vlan string Access-limit Radius Configuration Task List Cutting Down User Connections ForciblyFollow these steps to cut down user connections forcibly Cut down user Configuring Servers Configuring Radius Authentication/Authorization Servers Radius client enableCreating a Radius Scheme Radius scheme Configuring Radius Accounting Servers Primary authenticationSecondary authentication Ip-address port-number Configuring Shared Keys for Radius Messages Secondary accountingStop-accounting-buffer Retry stop-accounting Configuring the Type of Radius Servers to be Supported Key authentication stringKey accounting string Configuring the Status of Radius Servers Server-type extendedOptional Servers to be supported State primary authentication Authentication blockCalling-station-id mode Block active Configuring the Local Radius Authentication Server Function Local-server enableKey password Local-server nas-ip ip-address Configuring Timers for Radius Servers Enabling the User Re-Authentication at Restart Function Hwtacacs Configuration Task List Accounting-on enable sendTimes interval interval Configuring Tacacs Authentication Servers Creating a Hwtacacs SchemeHwtacacs scheme Configuring Tacacs Authorization Servers Primary authorizationSecondary authorization Ip-address port Configuring Tacacs Accounting Servers Configuring Shared Keys for Hwtacacs MessagesFollow these steps to configure Tacacs accounting servers Function is enabled Number of transmission Authentication string Key accountingMega-byte Data-flow-format packet Configuring the Timers Regarding Tacacs Servers Scheme exists Set the response timeout timeOptional By default, the response timeout Tacacs servers Optional By default, the real-time Interval Displaying and Maintaining AAA Displaying and maintaining AAA informationDisplaying and maintaining Radius protocol information AAA Configuration Examples Remote Radius Authentication of Telnet/SSH UsersDisplaying and maintaining Hwtacacs protocol information # Adopt AAA authentication for Telnet users # Configure an ISP domain# Configure a Radius scheme # Associate the ISP domain with the Radius scheme Local Authentication of FTP/Telnet Users # Create and configure a local user named telnet Hwtacacs Authentication and Authorization of Telnet Users # Configure the domain name of the Hwtacacs scheme to hwtac Troubleshooting AAA Troubleshooting Radius ConfigurationTroubleshooting Hwtacacs Configuration Possible reasons and solutions EAD Configuration Introduction to EADTypical Network Application of EAD EAD Configuration EAD Configuration ExampleSecurity-policy-server Ip-address # Configure the IP address of the security policy server # Associate the domain with the Radius scheme Table of Contents MAC Authentication Configuration MAC Authentication OverviewPerforming MAC Authentication on a Radius Server Performing MAC Authentication Locally Configuring Basic MAC Authentication Functions MAC Authentication TimersMac-authentication Related Concepts Mac-authentication interface Mac-authentication QuitMac-authentication authmode Uppercase fixedpassword password MAC Address Authentication Enhanced Function Configuration Configuring a Guest Vlan Mac-authentication timer Guest-vlan vlan-idGuest-vlan-reauth interval Configure the maximum number MAC address authentication Number of MAC addressMax-auth-num user-number Displaying and Maintaining MAC Authentication MAC Authentication Configuration ExampleDisplay mac-authentication Reset mac-authentication statistics # Add a local user Specify the username and password Set the service type to lan-access# Specify to perform local authentication # Add an ISP domain named aabbcc.net Table of Contents IP Addressing Configuration IP Addressing OverviewIP Address Classes Net-id Special Case IP Addresses Subnetting and MaskingClass Address range Remarks Configuring IP Addresses Ip address ip-address maskMask-length sub IP Address Configuration Examples IP Address Configuration ExampleDisplaying and Maintaining IP Addressing Network requirement 4Network diagram for IP address configuration Page IP Performance Configuration Configuring IP PerformanceIP Performance Overview Disabling Sending of Icmp Error Packets Displaying and Maintaining IP Performance Configuration Table of Contents Dhcp Overview Introduction to DhcpDhcp IP Address Assignment IP Address Assignment Policy Obtaining IP Addresses Dynamically Dhcp Packet Format Updating IP Address Lease Protocols and Standards Dhcp Relay Agent Configuration Introduction to Dhcp Relay AgentUsage of Dhcp Relay Agent Dhcp Relay Agent Fundamentals Padding content of Option Dhcp Relay Agent Support for OptionIntroduction to Option 2Padding contents for sub-option 1 of Option Mechanism of Option 82 supported on Dhcp relay agent Configuring the Dhcp Relay Agent Dhcp Relay Agent Configuration Task ListDhcp-server groupNo ip Ip-address &1-8 Configuring Dhcp Relay Agent Security Functions Configuring address checking Address-check enable Dhcp relay hand enableDhcp-security static ip-address Mac-address Configuring the Dhcp Relay Agent to Support Option Configuring the Dhcp relay agent to support OptionEnabling unauthorized Dhcp server detection Prerequisites Displaying and Maintaining Dhcp Relay Agent Configuration Dhcp Relay Agent Configuration Example Troubleshooting Dhcp Relay Agent Configuration SymptomSolution AnalysisPage Dhcp Snooping Configuration Dhcp Snooping OverviewFunction of Dhcp Snooping Padding content and frame format of Option Overview of Dhcp Snooping Option Mechanism of DHCP-snooping Option 2Extended format of the circuit ID sub-option Dhcp-snooping information format command or Sub-option configuration Dhcp snooping device will…Dhcp-snooping information format command or the default HEX Overview of IP Filtering Dhcp Snooping Configuration Configuring Dhcp SnoopingDHCP-snooping table IP static binding table Configuring Dhcp Snooping to Support Option DHCP-Snooping Option 82 Support Configuration Task ListEnable DHCP-snooping Option 82 support Required Specify the current port as a Configure a handling policy for Dhcp packets with Option Configure the storage format of OptionDhcp-snooping information Strategy drop keep replace Configure the circuit ID sub-option Configure the remote ID sub-optionVlan vlan-id circuit-id string String Configuring IP Filtering Configure the padding format for OptionRemote-id sysname string Vlan vlan-id remote-id Dhcp Snooping Configuration Example DHCP-Snooping Option 82 Support Configuration Example IP Filtering Configuration Example # Enable Dhcp snooping on Switch# Enable DHCP-snooping Option 82 support # Specify GigabitEthernet 1/0/5 as the trusted port 7Network diagram for IP filtering configuration # Specify GigabitEthernet 1/0/1 as the trusted port Displaying and Maintaining Dhcp Snooping Configuration Display dhcp-snoopingTrust Display ip source static DHCP/BOOTP Client Configuration Introduction to Bootp ClientConfiguring a DHCP/BOOTP Client Follow these steps to configure a DHCP/BOOTP client Dhcp Client Configuration Example Ip address bootp-allocDhcp-alloc Displaying and Maintaining DHCP/BOOTP Client Configuration Display bootp client interfaceBootp client Display related information on a Table of Contents ACL Configuration ACL OverviewACL Matching Order Ways to Apply an ACL on a Device Depth-first match order for rules of a basic ACLDepth-first match order for rules of an advanced ACL Being applied to the hardware directly ACL Configuration Configuring Time RangeTypes of ACLs Supported by Devices Time-range time-name start-time to end-time Days-of-the-week from start-time start-date toEnd-time end-date from start-time start-date to End-time end-date to end-time end-date Configuring Basic ACL Auto configRule-string Rule-string , refer to ACL Command Configuring Advanced ACL Match-order auto configRule-string , refer to ACL Command Rule rule-id permit deny Configuring Layer 2 ACL Rule-string Refer to ACL Command ACL Assignment Configure procedure Assigning an ACL GloballyAssigning an ACL to a Vlan Packet-filter inbound acl-rule Assigning an ACL to a Port Group System-view Packet-filter vlan vlan-idInbound acl-rule Displaying and Maintaining ACL Assigning an ACL to a Port Example for Controlling Telnet Login Users by Source IP Example for Controlling Web Login Users by Source IPSwitchPC Examples for Upper-layer Software Referencing ACLs Basic ACL Configuration Example Advanced ACL Configuration ExampleExamples for Applying ACLs to Hardware Layer 2 ACL Configuration Example # Apply ACL 3000 on GigabitEthernet 1/0/1 Example for Applying an ACL to a Vlan # Apply ACL 4000 on GigabitEthernet 1/0/1 # Apply ACL 3000 to Vlan Table of Contents Page QoS Configuration Traditional Packet Forwarding ServiceIntroduction to QoS New Applications and New Requirements QoS Supported by Devices Major Traffic Control TechniquesTraffic Classification Precedence IP precedence, ToS precedence, and Dscp precedenceIP Precedence decimal IP Precedence binary Description 802.1p priority Dscp value decimal Dscp value binary Description Priority Trust Mode 802.1p priority decimal 802.1p priority binary Description Trusting the 802.1p precedence Trusting the Dscp precedence Dscp precedence Target Dscp precedence Protocol Priority Priority MarkingTraffic Policing and Traffic Shaping Token bucket Evaluating the traffic with the token bucket Traffic policingTraffic shaping Traffic Redirecting Vlan MappingQueue Scheduling 7Diagram for SP queuing SP queuing Sdwrr QoS Configuration QoS Configuration Task ListFlow-based Traffic Accounting Burst Configuring Priority Trust Mode Priority priority-levelPriority-trust cos automap Priority-trust dscp automap Configuring Priority Mapping Qos cos-local-precedence-mapQos cos-drop-precedence-map Qos cos-dscp-map cos0-map-dscp Qos dscp-local-precedence-map dscp-listQos dscp-drop-precedence-map dscp-list Qos dscp-cos-map dscp-list cos-valuePage Setting the Priority of Protocol Packets System-view Protocol-priorityProtocol-type Ip-precedence Marking Packet Priority Traffic-priority inbound acl-rule dscpDscp-value cos cos-value Traffic-priority vlan vlan-id inbound acl-rule Configuring Traffic Policing Required Matching specific ACL rules Reset traffic-limit inbound acl-rule Reset traffic-limit vlan vlan-id inboundTraffic-limit inbound acl-rule target-rate Conform con-action exceed Configuring Traffic Shaping View Configure trafficBy default, traffic policing is Policing Disabled Clear the traffic Configuring Traffic Redirecting Configuration examplesTraffic-shape queue Traffic-redirect inbound acl-rule interface Traffic-redirect vlan vlan-id inbound acl-rule Configuring Vlan Mapping Configuring Queue SchedulingTraffic-remark-vlanid inbound Acl-rule remark-vlan vlan-id Queue-id queue-weight &1-8 Group2 queue-id queue-weightUndo queue-scheduler queue-id Queue-scheduler wrr group1 Reset traffic-statistic inbound Collecting/Clearing Traffic StatisticsCollect the statistics on Packets matching specific ACL Traffic-statistic inbound acl-rule Reset traffic-statistic vlan vlan-id Reset traffic-statistic inbound acl-ruleTraffic-statistic vlan vlan-id Configuring Traffic Mirroring Follow these steps to enable the burst functionEnabling the Burst Function Refer to Burst for information about the burst function Monitor-port Mirrored-to inbound acl-ruleMonitor-interface Mirrored-to vlan vlan-id Traffic mirroring configuration Required Destination port Exit current viewRequired Mirroring for packets that Displaying and Maintaining QoS QoS Configuration Example Configuration Example of Traffic PolicingPage QoS Profile Configuration QoS Profile Application ModeDynamic application mode Manual application mode QoS Profile Configuration QoS Profile Configuration Task ListConfiguring a QoS Profile Applying a QoS Profile Displaying and Maintaining QoS Profile Qos-profile port-basedUndo qos-profile port-based System-view Apply qos-profile QoS Profile Configuration Example 1Network diagram for QoS profile configuration # Enable Table of Contents Mirroring Configuration Mirroring Overview Local Port Mirroring Remote Port Mirroring Switch Ports involved Function MAC-Based MirroringVLAN-Based Mirroring 1Ports involved in the mirroring operation Mirroring Configuration Configuring Local Port Mirroring Configuring Remote Port Mirroring Configuration on the device acting as a source switch Configuration on the device acting as a destination switch Configuring MAC-Based Mirroring Remote-probe-vlan-idRemote-destination Monitor-port monitor-port Configuring VLAN-Based Mirroring Local remote-sourceMirroring-group group-id Mirroring-mac mac vlan Mirroring Configuration Example Local Port Mirroring Configuration ExampleDisplaying and Maintaining Port Mirroring Mirroring-group group-id Mirroring-vlan vlan-id Remote Port Mirroring Configuration Example Configure Switch C # Create a local mirroring group 4Network diagram for remote port mirroring # Configure Vlan 10 as the remote-probe Vlan # Configure Vlan 10 as the remote-probe Vlan Page Table of Contents ARP Configuration Introduction to ARPARP Function ARP Message Format Field Description Value DescriptionExperimental Ethernet Proteon ProNET Token Ring ARP entry Generation Method Maintenance Mode ARP TableARP Process Chaos Introduction to ARP Attack Detection Man-in-the-middle attackARP attack detection Configuring ARP Configuring ARP Basic FunctionsArp timer aging aging-time Introduction to Gratuitous ARP Configuring ARP Attack Detection Arp check enableArp detection enable Arp detection trust Configuring Gratuitous ARP Arp restricted-forwardingGratuitous-arp-learning ARP Configuration Example ARP Basic Configuration ExampleARP Attack Detection Configuration Example Displaying and Maintaining ARP # Enable Dhcp snooping on Switch a # Enable ARP attack detection on all ports in Vlan Table of Contents Snmp Configuration Snmp OverviewSnmp Operation Mechanism Snmp Versions MIB attribute MIB content Related RFC Supported MIBsMIB II based on TCP/IP network device RFC Public MIB Configuring Basic Snmp Functions Configuring basic Snmp functions for SNMPv1 or SNMPv2cSnmp-agent Snmp-agent sys-info Configuring basic Snmp functions for SNMPv3 Configuring Trap Parameters Configuring Basic Trap Configuring Extended Trap Snmp Configuration Examples Snmp Configuration ExamplesEnabling Logging for Network Management Displaying and Maintaining Snmp Network procedure 2Network diagram for Snmp configuration Configuring the NMS Rmon Configuration Introduction to RmonWorking Mechanism of Rmon Commonly Used Rmon Groups Rmon Configuration Rmon Configuration Examples Configuration proceduresDisplaying and Maintaining Rmon # Display the Rmon extended alarm entry numbered Table of Contents Information Transmission in the Unicast Mode Multicast OverviewMulticast Overview Information Transmission in the Broadcast Mode 1Information transmission in the unicast mode Information Transmission in the Multicast Mode 2Information transmission in the broadcast mode 3Information transmission in the multicast mode Roles in Multicast Multicast Models Advantages and Applications of MulticastAdvantages of multicast Application of multicast Multicast Architecture ASM modelSFM model SSM model IP multicast address Class D address range DescriptionReserved multicast addresses IP addresses for permanent Ethernet multicast MAC address Multicast Protocols Layer 3 multicast protocols Layer 2 multicast protocols 5Positions of Layer 3 multicast protocols Multicast Packet Forwarding Mechanism Implementation of the RPF Mechanism RPF Check 7RPF check processPage Igmp Snooping Configuration Igmp Snooping OverviewPrinciple of Igmp Snooping Basic Concepts in Igmp Snooping Timer Description Message before Action after expiry Expiry Work Mechanism of Igmp Snooping When receiving a general query When receiving a membership reportWhen receiving a leave message Igmp Snooping Configuration Igmp Snooping Configuration Task ListComplete the following tasks to configure Igmp Snooping Configuring the Version of Igmp Snooping Igmp-snooping enableEnabling Igmp Snooping Igmp-snooping version Configuring Timers Configuring Fast Leave ProcessingEnabling fast leave processing in system view Configuring a Multicast Group Filter Enable fast leave processingRequired By default, the fast leave For specific VLANs Enabling fast leave processing in Ethernet port view Configuring a multicast group filter in system view Configuring a multicast group filter in Ethernet port viewIgmp -snooping group -policy Acl-number vlan vlan-list Configuring Igmp Querier Igmp-snooping group-limit limitVlan vlan list overflow-replace Configuring Static Member Port for a Multicast Group Suppressing Flooding of Unknown Multicast Traffic in a Vlan Configuring a Static Router Port Ethernet port viewVlan interface view Multicast static-group Configuring a Port as a Simulated Group Member Vlan viewIgmp host-join group-address Source-ip source-address Configuring a Vlan Tag for Query Messages Configuring Multicast VlanVlan-mapping vlan Igmp enable Service-type multicastHybrid Port hybrid vlan vlan-id-list Port trunk permit vlan vlan-list Igmp Snooping Configuration Examples Configuring Igmp SnoopingDisplaying and Maintaining Igmp Snooping 3Network diagram for Igmp Snooping configuration Configure Switch a # Enable Igmp Snooping globally Device Device description Networking description Interface IP address of Vlan 20 isGigabitEthernet 1/0/1 is connected to the workstation 4Network diagram for multicast Vlan configuration # Configure Vlan Troubleshooting Igmp Snooping Symptom Multicast function does not work on the device Common Multicast Configuration Common Multicast ConfigurationConfiguring a Multicast MAC Address Entry Mac-address multicast Displaying and Maintaining Common Multicast Configuration Configuring Dropping Unknown Multicast PacketsUnknown-multicast drop Display mac-address multicast Table of Contents NTP Configuration Introduction to NTPApplications of NTP Implementation Principle of NTP NTP Implementation Modes 1Implementation principle of NTP Server/client mode Symmetric peer modeBroadcast mode Multicast mode NTP implementation Configuration on the device Mode NTP Configuration Task List Configuring NTP Implementation ModesConfiguring NTP Server/Client Mode Complete the following tasks to configure NTP Configuring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Configure the device to workNtp-service broadcast-server NTP broadcast server Configuring NTP Multicast Mode Configuring the device to work in the multicast server modeConfiguring the device to work in the multicast client mode Configuring Access Control Right Configuring NTP AuthenticationNtp-service access peer Server synchronization Configuring NTP authentication on the client Role of device Working mode Configuring NTP authentication on the server Configuring Optional NTP Parameters Configure on NTP Broadcast ServerMode and NTP multicast Broadcast While Configuring Displaying and Maintaining NTP Configuration NTP Configuration ExamplesDisabling an Interface from Receiving NTP messages Max-dynamic-sessions # Set Device a as the NTP server of Device B Configuring NTP Symmetric Peer Mode Configure Device C # Set Device a as the NTP server# Set Device C as the peer of Device B 8Network diagram for the NTP broadcast mode configuration Configure Device C # Enter system view # Set Device a as a broadcast client 9Network diagram for NTP multicast mode configuration Configuring NTP Server/Client Mode with Authentication Configure Device B # Enter system view# Enable the NTP authentication function # Specify the key 42 as a trusted key Table of Contents SSH Configuration SSH OverviewIntroduction to SSH Algorithm and Key Asymmetric Key Algorithm SSH Operating ProcessStages Description Authentication negotiation Version negotiationKey negotiation Configuring the SSH Server Session requestData exchange SSH Server Configuration Tasks Configuring the Protocol Support for the User InterfaceAuthentication-mode scheme Command-authorization Generating/Destroying a RSA or DSA Key Pair Creating an SSH User and Specify an Authentication Type Exporting the RSA or DSA Public Key Specifying a Service Type for an SSH User Configuring SSH ManagementSsh user username service-type Stelnet sftp all Configuring the Client Public Key on the Server Public-key-code end Peer-public-key endRsa peer-public-key keyname Assigning a Public Key to an SSH User Specifying a Source IP Address/Interface for the SSH ServerSsh user username assign Publickey rsa-key keyname Configuring the SSH Client SSH Client Configuration TasksConfiguring the SSH Client Using an SSH Client Software Generate a client key 2Generate a client key 4Generate the client keys Specify the IP address of the Server Launch PuTTY.exe. The following window appears Select a protocol for remote connection Select an SSH versionAs shown in -7, select SSH under Protocol Open an SSH connection with publickey authentication 8SSH client configuration interface 10SSH client interface Configuring the SSH Client on an SSH2-Capable Device Open an SSH connection with password authenticationConfigure whether first-time authentication is supported Establish the connection between the SSH client and server Displaying and Maintaining SSH Configuration Specifying a Source IP address/Interface for the SSH clientSsh2 source-ip ip-address Ssh2 source-interface SSH Configuration Examples # Enable the user interfaces to support SSH# Generate RSA and DSA key pairs Page 14SSH client interface # Set the client’s command privilege level to # Assign the public key Switch001 to client client001Page 18Generate a client key pair Page 22SSH client interface Device system-view Device interface vlan-interface # Establish a connection to the server # Set the user command privilege level to # Assign the public key Switch001 to user client001# Generate a DSA key pair 25Network diagram of SSH client configuration # Set AAA authentication on user interfaces # Configure the user interfaces to support SSH# Assign public key Switch001 to user client001 # Specify the host public key pair name of the server # Establish the SSH connection to server Table of Contents File System Management Configuration File System ConfigurationFile System Configuration Tasks Introduction to File System File Operations Prompt Mode Configuration Flash Memory OperationsExecute filename Format device File System Configuration Example File prompt alert quiet File Attribute Configuration Attribute Description Feature IdentifierIntroduction to File Attributes Configuring File Attributes Table of Contents FTP and Sftp Configuration Introduction to FTP and SftpIntroduction to FTP Description Remarks FTP Configuration FTP Configuration The Device Operating as an FTP ServerService-type ftp Introduction to Sftp Configuring connection idle time Ftp timeout minutesEnabling an FTP server Disconnecting a specified user Ftp-server source-interfaceFtp-server source-ip ip-address Ftp disconnect user-name Configuring the banner for an FTP server FTP Configuration The Device Operating as an FTP Client Basic configurations on an FTP clientDisplaying FTP server information Cdup LcdDisconnect Close Configuration Example The Device Operating as an FTP Server # Upload the config.cfg file. ftp put config.cfg FTP Banner Display Configuration Example 4Network diagram for FTP banner display configuration # Enter the authorized directory on the FTP server Sftp Configuration Sftp Configuration The Device Operating as an Sftp ServerComplete the following tasks to configure Sftp Follow these steps to enable an Sftp server Sftp Configuration The Device Operating as an Sftp Client Basic configurations on an Sftp clientFtp timeout time-out-value Time for the Sftp server Minutes by default Help all command-name Sftp host-ip host-nameDelete remotefile Remove remote-file Sftp Configuration Example Sftp source-interfaceSftp source-ip ip-address Display sftp source-ip # Specify the SSH authentication mode as AAA # Specify the service type as Sftp# Enable the Sftp server # Create a local user client001 Sftp-client # Exit Sftp Tftp Configuration Tftp ConfigurationComplete the following tasks to configure Tftp Introduction to Tftp Tftp Configuration The Device Operating as a Tftp Client Basic configurations on a Tftp clientTftp ascii binary Tftp-server acl acl-number Tftp Configuration Example Tftp source-interfaceTftp source-ip ip-address Display tftp source-ip Device tftp 1.1.1.2 get config.cfg config.cfg Table of Contents Information Center Information Center OverviewIntroduction to Information Center Classification of system information Ten channels and six output directions of system information Outputting system information by source module Module name Description System Information Format Priority TimestampSysname Information Center Configuration Introduction to the Information Center Configuration Tasks Configuring Synchronous Information Output Set for the system Setting to Output System Information to the Console Setting to output system information to the console Enabling system information display on the console Terminal monitorTerminal debugging Terminal logging Setting to Output System Information to a Monitor Terminal Setting to output system information to a monitor terminalEnabling system information display on a monitor terminal Info-center monitor channel Setting to Output System Information to a Log Host Info-center loghostInfo-center loghost source Setting to Output System Information to the Trap Buffer Setting to Output System Information to the Log BufferInfo-center trapbuffer Info-center source Setting to Output System Information to the Snmp NMS Info-center logbufferInfo-center snmp channel Information Center Configuration Examples Displaying and Maintaining Information CenterLog Output to a Unix Log Host # mkdir /var/log/Switch # touch /var/log/Switch/information 2Network diagram for log output to a Linux log host Log Output to a Linux Log Host 3Network diagram for log output to the console Log Output to the Console # Enable terminal display 4Network diagram Table of Contents Host Configuration File Loading Remote Loading Using FTPLoading procedure using FTP client Introduction to Loading Approaches Loading procedure using FTP server Restart Switch 2Remote loading using FTP server Use the put command to upload the file config.cfg to Switch Remote Loading Using Tftp Basic System Configuration and Debugging Basic System Configuration Displaying the System Status Debugging the SystemEnabling/Disabling System Debugging Display clock Displaying Debugging Status Displaying Operating Information about Modules in System Network Connectivity Test Network Connectivity TestPing Tracert Device Management Configuration Device Management Configuration TasksRebooting the Device Device Management Scheduling a Reboot on the Device Schedule reboot at hhmmSchedule reboot delay Schedule reboot regularity Identifying and Diagnosing Pluggable Transceivers Introduction to pluggable transceiversIdentifying pluggable transceivers Diagnosing pluggable transceivers Table of Contents VLAN-VPN Configuration VLAN-VPN OverviewIntroduction to VLAN-VPN Adjusting the Tpid Values of VLAN-VPN Packets Implementation of VLAN-VPN VLAN-VPN Configuration Enabling the VLAN-VPN Feature for a PortProtocol type Value Tpid Adjusting Configuration Vlan-vpn uplink enableDisplaying and Maintaining VLAN-VPN Vlan-vpn tpid value VLAN-VPN Configuration Example 4Network diagram for VLAN-VPN configuration SwitchA vlan-vpn tpid Data transfer processPage Selective QinQ Configuration Selective QinQ OverviewSelective QinQ Overview Selective QinQ Configuration Enabling the Selective QinQ Feature for a PortInner-to-Outer Tag Priority Mapping Vlan-vpn vid vlan-id Selective QinQ Configuration Example Configuring the Inner-to-Outer Tag Priority Mapping FeatureProcessing Private Network Packets by Their Types Vlan-vpn priority 2Network diagram for selective QinQ configuration # Enable the VLAN-VPN feature on GigabitEthernet 1/0/3 SwitchA-GigabitEthernet1/0/3 vlan-vpn enable Page Table of Contents HWPing Configuration HWPing OverviewIntroduction to HWPing Test Types Supported by HWPing HWPing Test ParametersSupported test types Description Test parameter Description Username and password DnsDns-server HWPing Configuration Configuration on a HWPing ServerHWPing server configuration tasks HWPing Client Configuration HWPing server configurationHWPing client configuration Timeout time Test-enableCount times Datasize size Test-type dhcp Source-port port-numberTest-type ftp Password password Ftp-operation get putUsername name Filename file-name Destination-ip command to Dns-server ip-addressTest-type http Http-operation get post Destination-port Test-type jitter Jitter-packetnum number Jitter-interval intervalTest-type snmpquery Configure the destination Configured on the HWPing Server for listening servicesOperation- tag This IP address and the one Hwping-server Tcpconnect ip-address7Test-type tcpprivate Tcppublic Test-type udpprivate Udppublic Time Three seconds Optional Configure the service type Address is specifiedTest-type dns Configuring HWPing client to send Trap messages HWPing Configuration Example Administrator-name operation-tagDisplaying and Maintaining HWPing Icmp Test Dhcp Test # Display test results # Configure the test type as dhcp FTP Test # Set the probe timeout time to 30 seconds # Configure the source IP address # Configure the test type as http # Configure the IP address of the Http server asHttp Test Jitter Test Network diagram Configure HWPing Client Switch a # Enable the HWPing client# Configure the test type as jitter # Configure the IP address of the HWPing server as Snmp Test 7Network diagram for the Snmp test # Configure the test type as snmp 8Network diagram for the Tcpprivate test TCP Test Tcpprivate Test on the Specified Ports # Configure the test type as tcpprivate # Configure the test type as udpprivate UDP Test Udpprivate Test on the Specified Ports DNS Test # Configure the test type as dns # Configure the IP address of the DNS server as Index Table of Contents DNS Configuration Static Domain Name ResolutionDynamic Domain Name Resolution Resolution procedure Configuring Domain Name Resolution Configuring Static Domain Name ResolutionDNS suffixes DNS Configuration Example Configuring Dynamic Domain Name ResolutionStatic Domain Name Resolution Configuration Example Dynamic Domain Name Resolution Configuration Example 2Network diagram for static DNS configuration # Configure the IP address 2.1.1.2 for the DNS server # Configure com as the DNS suffix Troubleshooting DNS Configuration Displaying and Maintaining DNS Table of Contents Smart Link Configuration Smart Link OverviewBasic Concepts in Smart Link Smart Link group Master port Slave portFlush message Control Vlan for sending flush messages Configuring Smart Link Complete the following tasks to configure Smart LinkOperating Mechanism of Smart Link Configuring a Smart Link Device Configuring Associated Devices PrecautionsFlush enable control-vlan Smart-link flush enable control-vlan vlan-id port Smart Link Configuration Example Implementing Link Redundancy BackupDisplaying and Maintaining Smart Link # Configure to send flush messages within Vlan # Return to system view SwitchD system-view Monitor Link Configuration Introduction to Monitor Link 2Network diagram for a Monitor Link group implementation How Monitor Link Works Configuring Monitor Link Configuring the Uplink PortCreating a Monitor Link Group Configuring a Downlink Port UplinkPort monitor-link group Monitor Link Configuration Example Displaying and Maintaining Monitor Link # Configure to send flush messages in Vlan # Create Smart Link group 1 and enter Smart Link group view SwitchC monitor-link group Table of Contents PoE Configuration PoE OverviewIntroduction to PoE Advantages of PoE PoE Configuration PoE Features Supported by the DevicePoE Configuration Task List Maximum Power Provided by Each Electrical Port Enabling the PoE Feature on a Port Setting the Maximum Output Power on a PortPoe enable Poe max-power max-power Setting PoE Management Mode and PoE Priority of a Port Setting the PoE Mode on a PortPoe power-management Poe priority critical high Configuring the PD Compatibility Detection Function Poe legacy enablePoe update refresh Upgrading the PSE Processing Software Online PoE Configuration Example Displaying and Maintaining PoE ConfigurationPoE Configuration Example Networking requirements 1Network diagram for PoE # Upgrade the PSE processing software online PoE Profile Configuration PoE Profile ConfigurationConfiguring PoE Profile Introduction to PoE Profile Displaying and Maintaining PoE Profile Configuration PoE Profile to PortDisplay poe-profile All-profile interface PoE Profile Configuration Example PoE Profile Application Example# Create Profile1, and enter PoE profile view # Display detailed configuration information for Profile1 # Display detailed configuration information for Profile2# Create Profile2, and enter PoE profile view Table of Contents Page IP Routing Protocol Overview Introduction to IP Route and Routing TableIP Route Routing TablePage Routing Protocol Overview Static Routing and Dynamic RoutingClassification of Dynamic Routing Protocols Routing Protocols and Routing Priority Load Sharing and Route Backup Route backupRouting Information Sharing Load sharing Displaying and Maintaining a Routing Table Static Route Configuration Introduction to Static RouteStatic Route Static Route Configuration Default RouteConfiguring a Static Route Static Route Configuration Example Displaying and Maintaining Static Routes Troubleshooting a Static Route # Approach 2 Configure a static route on Switch a# Approach 1 Configure static routes on Switch B # Approach 2 Configure a static route on Switch B RIP Configuration RIP OverviewBasic Concepts RIP routing database RIP timers RIP Startup and OperationRouting loops prevention RIP Configuration Task List Basic RIP ConfigurationConfiguring Basic RIP Functions Rip Setting the RIP operating status on an interface RIP Route ControlSpecifying the RIP version on an interface Configuring RIP Route Control Setting the additional routing metrics of an interfaceConfiguring RIP route summarization Rip metricin value Configuring RIP to filter incoming/outgoing routes Disabling the router from receiving host routes RIP Network Adjustment and Optimization Setting RIP preference Configuration Tasks Configuring RIP timersConfiguring split horizon Configuring RIP-1 packet zero field check Setting RIP-2 packet authentication mode Configuring RIP to unicast RIP packetsRip authentication-mode Simple password md5 Displaying and Maintaining RIP Configuration RIP Configuration Example Troubleshooting RIP Configuration Failed to Receive RIP UpdatesConfigure Switch B # Configure RIP Configure Switch C # Configure RIP IP Route Policy Configuration IP Route Policy OverviewIntroduction to IP Route Policy Filters IP Route Policy Configuration Task List Route Policy ConfigurationFor ACL configuration, refer to the part discussing ACL Route policy Defining a Route Policy Defining if-match Clauses and apply Clauses IP Route Policy Configuration Example Displaying and Maintaining IP Route PolicyIf-match ip next-hop acl Apply cost value Configuration considerations SwitchC-acl-basic-2000 quit SwitchC acl number Configuration verification Troubleshooting IP Route Policy Precautions Table of Contents UDP Helper Configuration Introduction to UDP HelperProtocol UDP port number Configuring UDP Helper UDP Helper Configuration Example # Enable UDP Helper on Switch aDisplaying and Maintaining UDP Helper Cross-Network Computer Search Through UDP Helper Table of Contents Appendix a Acronyms Medium Access Control Non Broadcast MultiAccessProtocol Independent Multicast-Dense Mode Protocol Independent Multicast-Sparse Mode

3Com WX3000 Introduction to AAA Services, Accounting, Introduction to ISP Domain, What is Radius

Models: WX3000

Accounting

Introduction to ISP Domain

Introduction to AAA Services

Introduction to RADIUS

What is RADIUS