- DL manuals
- 3Com
- Switch
- H3C S3100 8C SI
- Operation Manual
3Com H3C S3100 8C SI Operation Manual
Summary of H3C S3100 8C SI
Page 1
H3c s3100 series ethernet switches operation manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: 20080710-c-1.05.
Page 2
Copyright © 2007-2008, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , i...
Page 3: About This Manual
About this manual organization h3c s3100 series ethernet switches operation manual is organized as follows: part contents 0 product overview introduces the characteristics and implementations of the ethernet switch. 1 cli introduces the command hierarchy, command view and cli features of the etherne...
Page 4
Part contents 18 aaa introduces aaa, radius, hwtacacs, ead, and the related configurations. 19 mac address authentication introduces mac address authentication and the related configuration. 20 arp introduces arp and the related configuration. 21 dhcp introduces dhcp, dhcp-snooping, and the related ...
Page 6
Convention description note means a complementary description. Related documentation in addition to this manual, each h3c s3100 series ethernet switches documentation set includes the following: manual description h3c s3100 series ethernet switches installation manual it provides information for the...
Page 7: Table of Contents
Operation manual – product overview h3c s3100 series ethernet switches table of contents i table of contents chapter 1 obtaining the documentation .................................................................................... 1-1 1.1 cd-rom ........................................................
Page 8
Operation manual – product overview h3c s3100 series ethernet switches chapter 1 obtaining the documentation 1-1 chapter 1 obtaining the documentation hangzhou h3c technologies co., ltd. Provides various ways for you to obtain documentation, through which you can obtain the product documentations an...
Page 9
Operation manual – product overview h3c s3100 series ethernet switches chapter 1 obtaining the documentation 1-2 1.3 software release notes with software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release note...
Page 10: Documentation and Software
Operation manual – product overview h3c s3600 series ethernet switches chapter 2 correspondence between documentation and software 2-1 chapter 2 correspondence between documentation and software 2.1 manual list manual name corresponding product h3c s3100 series ethernet switches installation manual ...
Page 11
Operation manual – product overview h3c s3600 series ethernet switches chapter 2 correspondence between documentation and software 2-2 table 2-2 added features compared with the earlier software version of s3100-si software version added features compared with the earlier version manual assigning ma...
Page 12: Chapter 3 Product Overview
Operation manual – product overview h3c s3100 series ethernet switches chapter 3 product overview 3-1 chapter 3 product overview note: for the convenience of users, units of mega bps/1000 mega bps in the following chapters are simplified as m/g. 3.1 overview the h3c s3100 series ethernet switches ar...
Page 13
Operation manual – product overview h3c s3100 series ethernet switches chapter 3 product overview 3-2 part features 6 ip address-ip performance configuration z configuring an ip address for a switch z configuring the tcp attributes for a switch 7 voice vlan voice vlan (supported by only s3100-ei ser...
Page 14
Operation manual – product overview h3c s3100 series ethernet switches chapter 3 product overview 3-3 part features 20 arp z gratuitous arp z manually configuring arp entries 21 dhcp z dhcp client z dhcp snooping z using option82 in dhcp snooping (supported by only s3100-ei series switches) 22 acl z...
Page 15
Operation manual – product overview h3c s3100 series ethernet switches chapter 3 product overview 3-4 part features 34 vlan-vpn z vlan-vpn (qinq) z vlan mapping (supported by only s3100-ei series switches) z configuring tpid value (supported by only s3100-ei series switches) z configuring bpdu tunne...
Page 16: Chapter 4 Network Design
Operation manual – product overview h3c s3100 series ethernet switches chapter 4 network design 4-1 chapter 4 network design the s3100 series can be flexibly deployed in networks. They can be used in enterprise networks, or serve as broadband access points. The following examples are three typical n...
Page 17
Operation manual – product overview h3c s3100 series ethernet switches chapter 4 network design 4-2 router. This enables the users in the campus to exchange information and share resources in the scope of the education network. School building sever courseware nms network center video classroom/conf...
Page 18
Operation manual – product overview h3c s3100 series ethernet switches chapter 4 network design 4-3 multi-service deployment. As broadband users increase explosively and services appear continuously, however, the traditional vlan technology cannot meet the requirements of service deployments. In thi...
Page 19
Operation manual – product overview h3c s3100 series ethernet switches chapter 4 network design 4-4 figure 4-4 new vlan management scheme.
Page 20: Table of Contents
Operation manual – cli h3c s3100 series ethernet switches table of contents i table of contents chapter 1 cli configuration ........................................................................................................ 1-1 1.1 introduction to the cli ..........................................
Page 21
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-1 chapter 1 cli configuration 1.1 introduction to the cli a command line interface (cli) is a user interface to interact with a switch. Through the cli on a switch, a user can enter commands to configure the swit...
Page 22
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-2 z monitor level (level 1): commands at this level are mainly used to maintain the system and diagnose service faults, and they cannot be saved in configuration file. Such commands include debugging and terminal...
Page 23
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-3 caution: z it is recommended not to change the level of a command arbitrarily, for it may cause inconvenience to maintenance and operation. Z when you change the level of a command with multiple keywords, you s...
Page 24
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-4 super password authentication mode and hwtacacs authentication mode are available at the same time to provide authentication redundancy. The configuration of authentication mode for user level switching is perf...
Page 25
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-5 password is set, the system prompts “%password is not set” when you attempt to switch to a higher user level. In this case, you cannot pass the super password authentication. Table 1-4 lists the operations to c...
Page 26
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-6 note: when setting the hwtacacs authentication scheme for user level switching using the authenticationsuper hwtacacs-scheme command, make sure the hwtacacs authentication scheme identified by the hwtacacs-sche...
Page 27
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-7 # after configuring the switch, the general user switches back to user level 0. Super 0 user privilege level is 0, and only those commands can be used whose level is equal or less than this. Privilege note: 0-v...
Page 28
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-8 table 1-7 cli views view available operation prompt example enter method quit method user view display operation status and statistical information of the switch enter user view once logging into the switch. Ex...
Page 29
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-9 view available operation prompt example enter method quit method null interface view configure null interface parameters [sysname-nu ll0] execute the interface null command in system view. Local user view confi...
Page 30
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-10 view available operation prompt example enter method quit method basic acl view define rules for a basic acl (with id ranging from 2000 to 2999) [sysname-acl- basic-2000] execute the acl number command in syst...
Page 31
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-11 view available operation prompt example enter method quit method poe profile view configure poe profile parameters supported by only s3100-tp-p wr-ei series switches [sysname-poe -profile-a123] execute the poe...
Page 32
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-12 1.4 cli features 1.4.1 online help when configuring the switch, you can use the online help to get related help information. The cli provides two types of online help: complete and partial. I. Complete online ...
Page 33
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-13 ii. Partial online help 1) enter a character/string, and then a question mark (?) next to it. All the commands beginning with the character/string will be displayed on your terminal. For example: p? Ping pwd 2...
Page 34
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-14 and execute them again in a convenient way. By default, the cli can store up to 10 latest executed commands for each user. You can view the command history by performing the operations listed in table 1-9 . Ta...
Page 35
Operation manual – cli h3c s3100 series ethernet switches chapter 1 cli configuration 1-15 error message description wrong parameter a parameter entered is wrong. Found at '^' position an error is found at the '^' position. 1.4.5 command edit the cli provides basic command edit functions and support...
Page 36: Table of Contents
Operation manual – login h3c s3100 series ethernet switches table of contents i table of contents chapter 1 logging into an ethernet switch ............................................................................... 1-1 1.1 logging into an ethernet switch ...........................................
Page 37
Operation manual – login h3c s3100 series ethernet switches table of contents ii chapter 4 logging in using a modem......................................................................................... 4-1 4.1 introduction .............................................................................
Page 38
Operation manual – login h3c s3100 series ethernet switches chapter 1 logging into an ethernet switch 1-1 chapter 1 logging into an ethernet switch 1.1 logging into an ethernet switch you can log into an s3100 ethernet switch in one of the following ways: z logging in locally through the console por...
Page 39
Operation manual – login h3c s3100 series ethernet switches chapter 1 logging into an ethernet switch 1-2 1.2.2 user interface index two kinds of user interface index exist: absolute user interface index and relative user interface index. 1) the absolute user interface indexes are as follows: z the ...
Page 40
Operation manual – login h3c s3100 series ethernet switches chapter 1 logging into an ethernet switch 1-3 operation command description enter user interface view user-interface [ type ] first-number [ last-number ] — display the information about the current user interface/all user interfaces displa...
Page 41
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-1 chapter 2 logging in through the console port 2.1 introduction to log in through the console port is the most common way to log into a switch. It is also the prerequisite to configure other ...
Page 42
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-2 2) if you use a pc to connect to the console port, launch a terminal emulation utility (such as terminal in windows 3.X or hyperterminal in windows 9x/windows 2000/windows xp. The following ...
Page 43
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-3 figure 2-4 set port parameters 3) turn on the switch. You will be prompted to press the enter key if the switch successfully completes post (power-on self test). The prompt (such as ) appear...
Page 44
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-4 2.3 console port login configuration 2.3.1 common configuration table 2-2 lists the common configuration of console port login. Table 2-2 common configuration of console port login configura...
Page 45
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-5 caution: the change to console port configuration takes effect immediately, so the connection may be disconnected when you log in through a console port and then configure this console port....
Page 46
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-6 authentication mode console port login configuration remarks specify to perform local authenticatio n or remote radius authenticatio n aaa configuration specifies whether to perform local au...
Page 47
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-7 operation command description configure not to authenticate users authentication-mode none required by default, users logging in through the console port (aux user interface) are not authent...
Page 48
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-8 operation command description set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the timeo...
Page 49
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-9 iii. Configuration procedure # enter system view. System-view # enter aux user interface view. [sysname] user-interface aux 0 # specify not to authenticate users logging in through the conso...
Page 50
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-10 operation command description configure to authenticate users using the local password authentication-mod e password required by default, users logging into a switch through the console por...
Page 51
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-11 operation command description set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the time...
Page 52
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-12 iii. Configuration procedure # enter system view. System-view # enter aux user interface view. [sysname] user-interface aux 0 # specify to authenticate users logging in through the console ...
Page 53
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-13 2.6 console port login configuration with authentication mode being scheme 2.6.1 configuration procedure table 2-6 console port login configuration with the authentication mode being scheme...
Page 54
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-14 operation command description configure to authenticate users locally or remotely authentication-mod e scheme [ command- authorization ] required the specified aaa scheme determines whether...
Page 55
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-15 operation command description set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the time...
Page 56
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-16 ii. Network diagram user pc running telnet ethernet ethernet1/0/1 figure 2-8 network diagram for aux user interface configuration (with the authentication mode being scheme) iii. Configurat...
Page 57
Operation manual – login h3c s3100 series ethernet switches chapter 2 logging in through the console port 2-17 [sysname-ui-aux0] idle-timeout 6 after the above configuration, you need to modify the configuration of the terminal emulation utility running on the pc accordingly in the dialog box shown ...
Page 58
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-1 chapter 3 logging in through telnet 3.1 introduction s3100 series ethernet switches support telnet. You can manage and maintain a switch remotely by telnetting to the switch. To log into a switch thro...
Page 59
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-2 table 3-2 common telnet configuration configuration description configure the command level available to users logging into the vty user interface optional by default, commands of level 0 are availabl...
Page 60
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-3 authenticati on mode telnet configuration description specify to perform local authentication or remote radius authentication aaa configuration specifies whether to perform local authentication or rad...
Page 61
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-4 3.2 telnet configuration with authentication mode being none 3.2.1 configuration procedure table 3-4 telnet configuration with the authentication mode being none operation command description enter sy...
Page 62
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-5 operation command description set the timeout time of the vty user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the timeout time...
Page 63
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-6 # configure not to authenticate telnet users logging into vty 0. [sysname-ui-vty0] authentication-mode none # specify commands of level 2 are available to users logging into vty 0. [sysname-ui-vty0] u...
Page 64
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-7 operation command description set the commands to be executed automatically after a user login to the user interface successfully auto-execute command text optional by default, no command is executed ...
Page 65
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-8 z authenticate users using the local password. Z set the local password to 123456 (in plain text). Z commands of level 2 are available to the users. Z telnet protocol is supported. Z the screen can co...
Page 66
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-9 3.4 telnet configuration with authentication mode being scheme 3.4.1 configuration procedure table 3-6 telnet configuration with the authentication mode being scheme operation command description ente...
Page 67
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-10 operation command description configure to authenticate users locally or remotely authentication-mode scheme [ command- authorization ] required the specified aaa scheme determines whether to authent...
Page 68
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-11 operation command description set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the timeout time b...
Page 69
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-12 scenario authenticati on mode user type command command level the user privilege level level command is not executed, and the service-type command does not specify the available command level. The us...
Page 70
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-13 3.4.2 configuration example i. Network requirements assume current user logins through the console port and the user level is set to the administrator level (level 3). Perform the following configura...
Page 71
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-14 [sysname-ui-vty0] protocol inbound telnet # set the maximum number of lines the screen can contain to 30. [sysname-ui-vty0] screen-length 30 # set the maximum number of commands the history command b...
Page 72
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-15 figure 3-5 the terminal window z perform the following operations in the terminal window to assign ip address 202.38.160.92/24 to vlan–interface 1 of the switch. System-view [sysname] interface vlan-...
Page 73
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-16 4) launch telnet on your pc, with the ip address of vlan–interface 1 of the switch as the parameter, as shown in figure 3-7 . Figure 3-7 launch telnet 5) if the password authentication mode is specif...
Page 74
Operation manual – login h3c s3100 series ethernet switches chapter 3 logging in through telnet 3-17 as shown in figure 3-8 , after telnetting to a switch (labeled as telnet client), you can telnet to another switch (labeled as telnet server) by executing the telnet command and then configure it. Fi...
Page 75
Operation manual – login h3c s3100 series ethernet switches chapter 4 logging in using a modem 4-1 chapter 4 logging in using a modem 4.1 introduction the administrator can log into the console port of a remote switch using a modem through public switched telephone network (pstn) if the remote switc...
Page 76
Operation manual – login h3c s3100 series ethernet switches chapter 4 logging in using a modem 4-2 you can verify your configuration by executing the at&v command. Note: the configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing th...
Page 77
Operation manual – login h3c s3100 series ethernet switches chapter 4 logging in using a modem 4-3 login configuration with authentication mode being none ”, section 2.5 “ console port login configuration with authentication mode being password ”, and section 2.6 “ console port login configuration w...
Page 78
Operation manual – login h3c s3100 series ethernet switches chapter 4 logging in using a modem 4-4 figure 4-3 set the telephone number figure 4-4 call the modem 5) if the password authentication mode is specified, enter the password when prompted. If the password is correct, the prompt (such as ) ap...
Page 79: Network Management System
Operation manual – login h3c s3100 series ethernet switches chapter 5 logging in through the web-based network management system 5-1 chapter 5 logging in through the web-based network management system 5.1 introduction an s3100 ethernet switch has a web server built in. It enables you to log into an...
Page 80
Operation manual – login h3c s3100 series ethernet switches chapter 5 logging in through the web-based network management system 5-2 [sysname-luser-admin] password simple admin 3) establish an http connection between your pc and the switch, as shown in figure 5-1 . Figure 5-1 establish an http conne...
Page 81
Operation manual – login h3c s3100 series ethernet switches chapter 5 logging in through the web-based network management system 5-3 table 5-2 configure the login banner operation command description enter system view system-view — configure the banner to be displayed when a user logs in through web...
Page 82
Operation manual – login h3c s3100 series ethernet switches chapter 5 logging in through the web-based network management system 5-4 figure 5-4 banner page displayed when a user logs in to the switch through web click to enter user login authentication page. You will enter the main page of the web-b...
Page 83
Operation manual – login h3c s3100 series ethernet switches chapter 6 logging in through nms 6-1 chapter 6 logging in through nms 6.1 introduction you can also log into a switch through a network management station (nms), and then configure and manage the switch through the agent module on the switc...
Page 84: Chapter 7 User Control
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-1 chapter 7 user control note: refer to the acl part for information about acl. 7.1 introduction a switch provides ways to control different types of login users, as listed in table 7-1 . Table 7-1 ways to control d...
Page 85
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-2 7.2.2 controlling telnet users by source ip addresses controlling telnet users by source ip addresses is achieved by applying basic acls, which are numbered from 2000 to 2999. Table 7-2 control telnet users by sou...
Page 86
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-3 operation command description quit to system view quit — enter user interface view user-interface [ type ] first-number [ last-number ] — apply the acl to control telnet users by specified source and destination i...
Page 87
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-4 7.2.5 configuration example i. Network requirements only the telnet users sourced from the ip address of 10.110.100.52 are permitted to access the switch. Ii. Network diagram switch 10.110.100.46 host a ip network...
Page 88
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-5 7.3.1 prerequisites the controlling policy against network management users is determined, including the source ip addresses to be controlled and the controlling actions (permitting or denying). 7.3.2 controlling ...
Page 89
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-6 7.3.3 configuration example i. Network requirements only snmp users sourced from the ip addresses of 10.110.100.52 are permitted to log into the switch. Ii. Network diagram switch 10.110.100.46 host a ip network h...
Page 90
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-7 7.4.1 prerequisites the controlling policy against web users is determined, including the source ip addresses to be controlled and the controlling actions (permitting or denying). 7.4.2 controlling web users by so...
Page 91
Operation manual – login h3c s3100 series ethernet switches chapter 7 user control 7-8 ii. Network diagram switch 10.110.100.46 host a ip network host b 10.110.100.52 figure 7-3 network diagram for controlling web users using acls iii. Configuration procedure # define a basic acl. System-view [sysna...
Page 92: Table of Contents
Operation manual – configuration file management h3c s3100 series ethernet switches table of contents i table of contents chapter 1 configuration file management ................................................................................. 1-1 1.1 introduction to configuration file.................
Page 93
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-1 chapter 1 configuration file management 1.1 introduction to configuration file a configuration file records and stores user configurations performed to a switch. It also en...
Page 94
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-2 z when saving the current configuration, you can specify the file to be a main or backup or normal configuration file. Z when removing a configuration file from a device, y...
Page 95
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-3 i. Modes in saving the configuration z fast saving mode. This is the mode when you use the save command without the safely keyword. The mode saves the file quicker but is l...
Page 96
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-4 1.2.2 erasing the startup configuration file you can clear the configuration files saved on the device through commands. After you clear the configuration files, the device...
Page 97
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-5 i. Assign main attribute to the startup configuration file z if you save the current configuration to the main configuration file, the system will automatically set the fil...
Page 98
Operation manual – configuration file management h3c s3100 series ethernet switches chapter 1 configuration file management 1-6 table 1-5 display device configuration operation command description display the initial configuration file saved in the storage device display saved - configuration [ unit...
Page 99: Table of Contents
Operation manual – vlan h3c s3100 series ethernet switches table of contents i table of contents chapter 1 vlan overview ............................................................................................................ 1-1 1.1 vlan overview....................................................
Page 100: Chapter 1 Vlan Overview
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-1 chapter 1 vlan overview this chapter covers these topics: z vlan overview z port-based vlan z protocol-based vlan 1.1 vlan overview 1.1.1 introduction to vlan the traditional ethernet is a broadcast network, where...
Page 101
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-2 communicate with each other directly but need the help of network layer devices, such as routers and layer 3 switches. Figure 1-1 illustrates a vlan implementation. Figure 1-1 a vlan implementation 1.1.2 advantage...
Page 102
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-3 figure 1-2 encapsulation format of traditional ethernet frames ieee 802.1q inserts a four-byte vlan tag after the da&sa field, as shown in figure 1-3 . Figure 1-3 format of vlan tag a vlan tag comprises four field...
Page 103
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-4 ii. Mac address learning mechanism of vlans switches forward packets according to the destination mac addresses of the packets. So that switches maintain a table called mac address forwarding table to record the s...
Page 104
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-5 1.1.5 vlan classification depending on how vlans are established, vlans fall into the following six categories. Z port-based vlans z mac address-based vlans z protocol-based vlans z ip-subnet-based vlans z policy-...
Page 105
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-6 1.2.2 assigning an ethernet port to specified vlans you can assign an ethernet port to a vlan to forward packets for the vlan, thus allowing the vlan on the current switch to communicate with the same vlan on the ...
Page 106
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-7 table 1-2 packet processing of a trunk port processing of an incoming packet for an untagged packet for a tagged packet processing of an outgoing packet z if the port has already been added to its default vlan, ta...
Page 107
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-8 values of specific fields. If a packet is matched, the switch will add a corresponding vlan tag to it automatically. Thus, data of specific protocol is assigned automatically to the corresponding vlan for transmis...
Page 108
Operation manual – vlan h3c s3100 series ethernet switches chapter 1 vlan overview 1-9 1.3.3 encapsulation formats table 1-4 lists the encapsulation formats supported by some protocols. In brackets are type values of these protocols. Table 1-4 encapsulation formats encapsulation (left) protocol (dow...
Page 109
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-1 chapter 2 vlan configuration when configuring a vlan, go to these sections for information you are interested in: z vlan configuration z configuring a port-based vlan z configuring a protocol-based vlan 2.1 v...
Page 110
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-2 caution: z vlan 1 is the system default vlan, which needs not to be created and cannot be removed, either. Z the vlan you created in the way described above is a static vlan. On the switch, there are dynamic ...
Page 111
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-3 to do... Use the command... Remarks disable the vlan interface shutdown enable the vlan interface undo shutdown optional by default, the vlan interface is enabled. In this case, the vlan interface’s status is...
Page 112
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-4 to do… use the command… remarks enter vlan view vlan vlan-id required if the specified vlan does not exist, this command be created first creates the vlan before entering its view. Add an access port to the c...
Page 114
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-6 note: z to convert a trunk port into a hybrid port (or vice versa), you need to use the access port as a medium. For example, the trunk port has to be configured as an access port first and then a hybrid port...
Page 115
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-7 # create vlan 101, specify its descriptive string as “dmz”, and add ethernet1/0/1 to vlan 101. System-view [switcha] vlan 101 [switcha-vlan101] description dmz [switcha-vlan101] port ethernet 1/0/1 [switcha-v...
Page 116
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-8 2.2.6 troubleshooting ethernet port configuration symptom : fail to configure the default vlan id of an ethernet port. Solution : take the following steps. Z use the display interface or display port command ...
Page 118
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-10 ii. Configuration procedure follow these steps to associate a port with the protocol-based vlan: to do... Use the command... Remarks enter system view system-view — enter port view interface interface-type i...
Page 119
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-11 ii. Network diagram figure 2-2 network diagram for protocol-based vlan configuration iii. Configuration procedure # create vlan 100 and vlan 200, and add ethernet 1/0/11 and ethernet 1/0/12 to vlan 100 and v...
Page 120
Operation manual – vlan h3c s3100 series ethernet switches chapter 2 vlan configuration 2-12 vlan type: protocol-based vlan protocol index protocol type 0 ip 1 ethernetii etype 0x0806 vlan id: 200 vlan type: protocol-based vlan protocol index protocol type 0 at # configure ethernet 1/0/10 as a hybri...
Page 121: Table of Contents
Operation manual – management vlan h3c s3100 series ethernet switches table of contents i table of contents chapter 1 management vlan configuration ............................................................................. 1-1 1.1 introduction to management vlan......................................
Page 122
Operation manual – management vlan h3c s3100 series ethernet switches chapter 1 management vlan configuration 1-1 chapter 1 management vlan configuration 1.1 introduction to management vlan 1.1.1 management vlan to manage an ethernet switch remotely through telnet or the built-in web server, the swi...
Page 123
Operation manual – management vlan h3c s3100 series ethernet switches chapter 1 management vlan configuration 1-2 1.1.3 default route the switch uses the default route when it fails to find a matching entry in the routing table: z if the destination address of a packet fails to match any entry in th...
Page 125
Operation manual – management vlan h3c s3100 series ethernet switches chapter 1 management vlan configuration 1-4 ii. Network diagram rs-232 serial interface console port console cable vlan- interface10 1.1.1.1/ 24 switch a telnet user ethernet1/1 1.1.1.2/ 24 router current user figure 1-1 network d...
Page 126
Operation manual – management vlan h3c s3100 series ethernet switches chapter 1 management vlan configuration 1-5 1.3 displaying and maintaining management vlan configuration table 1-2 displaying and maintaining management vlan configuration operation command remarks display the ip-related informati...
Page 127: Table of Contents
Operation manual – ip address-ip performance h3c s3100 series ethernet switches table of contents i table of contents chapter 1 ip addressing configuration ...................................................................................... 1-1 1.1 ip addressing overview .............................
Page 128
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 1 ip addressing configuration 1-1 chapter 1 ip addressing configuration 1.1 ip addressing overview 1.1.1 ip address classes ip addressing uses a 32-bit address to identify each host on a network. An example is 010...
Page 129
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 1 ip addressing configuration 1-2 table 1-1 ip address classes and ranges class address range description a 0.0.0.0 to 127.255.255.255 address 0.0.0.0 means this host no this network. This address is used by a hos...
Page 130
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 1 ip addressing configuration 1-3 figure 1-2 shows how a class b network is subnetted. Figure 1-2 subnet a class b network while allowing you to create multiple logical networks within a single class a, b, or c ne...
Page 131
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 1 ip addressing configuration 1-4 note: this chapter only covers how to assign an ip address manually. For the other two approaches to ip address assignment, refer to the part discussing dhcp in this manual. Table...
Page 132
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 1 ip addressing configuration 1-5 1.4 ip address configuration examples 1.4.1 ip address configuration example i i. Network requirement assign ip address 129.2.2.1 with mask 255.255.255.0 to vlan interface 1 of th...
Page 133
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 2 ip performance configuration 2-1 chapter 2 ip performance configuration 2.1 ip performance overview 2.1.1 introduction to ip performance configuration in some network environments, you need to adjust the ip para...
Page 134
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 2 ip performance configuration 2-2 z finwait timer: when the tcp connection is changed into fin_wait_2 state, finwait timer will be started. If no fin packets are received within the timer timeout, the tcp connect...
Page 135
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 2 ip performance configuration 2-3 table 2-3 disable sending icmp error packets operation command remarks enter system view system-view — disable sending icmp redirects undo icmp redirect send required enabled by ...
Page 136
Operation manual –ip address-ip performance h3c s3100 series ethernet switches chapter 2 ip performance configuration 2-4 table 2-4 display and maintain ip performance operation command remarks display tcp connection status display tcp status display tcp connection statistics display tcp statistics ...
Page 137: Table of Contents
Operation manual – voice vlan h3c s3100 series ethernet switches table of contents i table of contents chapter 1 voice vlan configuration.......................................................................................... 1-1 1.1 voice vlan overview ...............................................
Page 138
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-1 chapter 1 voice vlan configuration note: the contents of this chapter are only applicable to the s3100-ei series among s3100 series switches. When configuring voice vlan, go to these sections for ...
Page 139
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-2 when an ip phone applies for an ip address from a dhcp server, the ip phone can also apply for the following extensive information from the dhcp server through the option184 field: z ip address of...
Page 140
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-3 note: in cases where an ip phone obtains an ip address from a dhcp server that does not support option 184, the ip phone directly communicates through the gateway after it obtains an ip address. I...
Page 141
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-4 note: an oui address is a globally unique identifier assigned to a vendor by ieee. You can determine which vendor a device belongs to according to the oui address which forms the first 24 bits of ...
Page 142
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-5 the voice vlan. In voice vlan assignment automatic mode, ports can not be added to or removed from a voice vlan manually. Z manual voice vlan assignment mode: in this mode, you need to add a port ...
Page 143
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-6 voice vlan assignment mode voice traffic type port type supported or not access not supported trunk supported make sure the default vlan of the port exists and is not a voice vlan, and the access ...
Page 144
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-7 table 1-3 matching relationship between port types and voice devices acquiring voice vlan through manual configuration voice vlan assignment mode port type supported or not access not supported tr...
Page 145
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-8 1.2.2 configuring the voice vlan to operate in automatic voice vlan assignment mode follow these steps to configure a voice vlan to operate in automatic voice vlan assignment mode: to do… use the ...
Page 146
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-9 caution: z a port working in automatic voice vlan assignment mode cannot be assigned to the voice vlan manually. Therefore, if a vlan is configured as the voice vlan and a protocol-based vlan at t...
Page 147
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-10 to do… use the command… remarks enable the voice vlan function globally voice vlan vlan-id enable required enter port view interface interface-type interface-number required enable voice vlan on ...
Page 148
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-11 caution: z the voice vlan function can be enabled for only one vlan at one time. Z if the link aggregation control protocol (lacp) is enabled on a port, voice vlan feature cannot be enabled on it...
Page 149
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-12 to do… use the command… remarks display the ports operating in the voice vlan display vlan vlan-id 1.4 voice vlan configuration example 1.4.1 voice vlan configuration example (automatic voice vla...
Page 150
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-13 [devicea] vlan 6 [devicea-vlan6] quit # set the voice vlan aging timer. [devicea] voice vlan aging 100 # add a user-defined oui address 0011-2200-000 and set the description string to “test”. [de...
Page 151
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-14 ii. Network diagram internet device a eth1/0/1 vlan2 vlan2 010-1001 oui:0011-2200-0000 mask:ffff-ff00-0000 device b figure 1-3 network diagram for voice vlan configuration (manual voice vlan assi...
Page 152
Operation manual – voice vlan h3c s3100 series ethernet switches chapter 1 voice vlan configuration 1-15 [devicea-ethernet1/0/1] voice vlan enable iv. Verification # display the oui addresses, the corresponding oui address masks and the corresponding description strings that the system supports. Dis...
Page 153: Table of Contents
Operation manual – gvrp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 gvrp configuration .................................................................................................... 1-1 1.1 introduction to gvrp ...............................................
Page 154
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-1 chapter 1 gvrp configuration when configuring gvrp, go to these sections for information you are interested in: z introduction to gvrp z gvrp configuration z displaying and maintaining gvrp z gvrp configurati...
Page 155
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-2 messages deregister all the attributes, through which the attribute information of the entity can be registered again on the other garp entities. Leave messages, leaveall messages, together with join messages...
Page 156
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-3 workstation or a bridge; it instructs other garp members to register/deregister its attribute information by declaration/recant, and register/deregister other garp member's attribute information according to ...
Page 157
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-4 field description value attribute each general attribute consists of three parts: attribute length, attribute event, and attribute value. Each leaveall attribute consists of two parts: attribute length and le...
Page 158
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-5 z normal. A port in this mode can dynamically register/deregister vlans and propagate dynamic/static vlan information. Z fixed. A port in this mode cannot register/deregister vlans dynamically. It only propag...
Page 159
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-6 to do ... Use the command ... Remarks enable gvrp on the port gvrp required by default, gvrp is disabled on the port. Notes z after you enable gvrp on a trunk port, you cannot change the port to a different t...
Page 160
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-7 table 1-2 relations between the timers timer lower threshold upper threshold hold 10 centiseconds this upper threshold is less than or equal to one-half of the timeout time of the join timer. You can change t...
Page 162
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-9 ii. Network diagram switch c switch e eth1/0/1 eth1/0/1 switch a switch b switch d vlan 5 vlan 8 vlan 5 vlan 7 eth1/0/1 eth1/0/2 eth1/0/3 eth1/0/2 eth1/0/1 eth1/0/1 figure 1-2 network diagram for gvrp configu...
Page 163
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-10 2) configure switch b # the configuration procedure of switch b is similar to that of switch a and is thus omitted. 3) configure switch c # enable gvrp on switch c, which is similar to that of switch a and i...
Page 164
Operation manual – gvrp h3c s3100 series ethernet switches chapter 1 gvrp configuration 1-11 7) configure ethernet1/0/1 on switch e to operate in fixed gvrp registration mode and display the vlan information dynamically registered on switch a, switch b, and switch e. # configure ethernet1/0/1 on swi...
Page 165: Table of Contents
Operation manual – port basic configuration h3c s3100 series ethernet switches table of contents i table of contents chapter 1 port basic configuration ............................................................................................ 1-1 1.1 ethernet port configuration ......................
Page 166
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-1 chapter 1 port basic configuration note: two functions are added to release 2107: configuring loopback detection for a list of ports in bulk, and enabling auto-shutdown of loopback p...
Page 168
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-3 operation command remarks limit unknown multicast and unknown unicast traffic received on the current port multicast-suppression bps max-bps optional the switch will suppress the unk...
Page 169
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-4 table 1-4 duplicate the configuration of a port to specific ports operation command remarks enter system view system-view — duplicate the configuration of a port to specific ports co...
Page 170
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-5 messages to the terminal, and remove the corresponding mac forwarding entry. After the loop is removed, the port will automatically resume the normal forwarding state. Z if the loopb...
Page 171
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-6 operation command remarks enable loopback detection on a specified port loopback-detection enable optional by default, the loopback detection function is enabled on ports if the devi...
Page 172
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-7 1.1.7 enabling loopback test you can configure the ethernet port to run loopback test to check if it operates normally. The port running loopback test cannot forward data packets nor...
Page 173
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-8 table 1-7 configuring a port group operation command remarks enter system view system-view — create a port group or enter the specified port group view port-group group-id required a...
Page 174
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-9 1.1.10 configuring the interval to perform statistical analysis on port traffic by performing the following configuration, you can set the interval to perform statistical analysis on...
Page 175
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-10 i. Disable up/down log output on a port table 1-10 disable up/down log output on a port operation command remarks enter system view system-view — enter ethernet port view interface ...
Page 176
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-11 1.1.12 displaying and maintaining basic port configuration table 1-11 display and maintain basic port configuration operation command remarks display port configuration information ...
Page 177
Operation manual – port basic configuration h3c s3100 series ethernet switches chapter 1 port basic configuration 1-12 iii. Configuration procedure note: z only the configuration for switch a is listed below. The configuration for switch b is similar to that of switch a. Z this example supposes that...
Page 178: Table of Contents
Operation manual – link aggregation h3c s3100 series ethernet switches table of contents i table of contents chapter 1 link aggregation configuration ................................................................................ 1-1 1.1 overview .......................................................
Page 179
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-1 chapter 1 link aggregation configuration 1.1 overview 1.1.1 introduction to link aggregation link aggregation can aggregate multiple ethernet ports together to form a logical aggregati...
Page 180
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-2 z qos configuration, including traffic limit, priority remarking, 802.1p priority, traffic redirection, traffic statistics, and so on. Z vlan configuration, including permitted vlans, ...
Page 181
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-3 number supported by the device, those with lower port numbers operate as the selected ports, and others as unselected ports. Among the selected ports in an aggregation group, the one w...
Page 182
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-4 z the system sets the ports with basic port configuration different from that of the master port to unselected state. Z there is a limit on the number of selected ports in an aggregati...
Page 183
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-5 priorities, then the two port numbers if the two port priorities are equal; the port with the smallest port id is the selected port and the left ports are unselected ports. Note: for a...
Page 184
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-6 z for aggregation groups, the one that might gain higher speed if resources were allocated to it has higher priority than others. If the groups can gain the same speed, the one with sm...
Page 185
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-7 1.4 link aggregation configuration caution: z the commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time. Z the ports w...
Page 186
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-8 table 1-1 configure a manual aggregation group operation command remarks enter system view system-view — create a manual aggregation group link-aggregation group agg-id mode manual req...
Page 187
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-9 table 1-2 configure a static lacp aggregation group operation command remarks enter system view system-view — create a static aggregation group link-aggregation group agg-id mode stati...
Page 188
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-10 table 1-3 configure a dynamic lacp aggregation group operation command remarks enter system view system-view — configure the system priority lacp system - priority system-priority opt...
Page 189
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-11 caution: if you have saved the current configuration with the save command, after system reboot, the configuration concerning manual and static aggregation groups and their descriptio...
Page 190
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-12 1.6 link aggregation configuration example 1.6.1 ethernet port aggregation configuration example i. Network requirements z switch a connects to switch b with three ports ethernet1/0/1...
Page 191
Operation manual – link aggregation h3c s3100 series ethernet switches chapter 1 link aggregation configuration 1-13 [sysname-ethernet1/0/2] quit [sysname] interface ethernet1/0/3 [sysname-ethernet1/0/3] port link-aggregation group 1 2) adopting static lacp aggregation mode # create static aggregati...
Page 192: Table of Contents
Operation manual – port isolation h3c s3100 series ethernet switches table of contents i table of contents chapter 1 port isolation configuration ....................................................................................... 1-1 1.1 port isolation overview......................................
Page 193
Operation manual – port isolation h3c s3100 series ethernet switches chapter 1 port isolation configuration 1-1 chapter 1 port isolation configuration 1.1 port isolation overview through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the layer 2...
Page 194
Operation manual – port isolation h3c s3100 series ethernet switches chapter 1 port isolation configuration 1-2 note: z when a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local device will join/leave the isolation group at...
Page 195
Operation manual – port isolation h3c s3100 series ethernet switches chapter 1 port isolation configuration 1-3 ii. Network diagram figure 1-1 network diagram for port isolation configuration iii. Configuration procedure # add ethernet1/0/2, ethernet1/0/3, and ethernet1/0/4 to the isolation group. S...
Page 196: Table of Contents
Operation manual – port security-port binding h3c s3100 series ethernet switches table of contents i table of contents chapter 1 port security configuration........................................................................................ 1-1 1.1 port security overview ...........................
Page 197
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-1 chapter 1 port security configuration when configuring port security, go to these sections for information you are interested in: z port security overview z port security config...
Page 198
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-2 z trap feature: when special data packets (generated from illegal intrusion, abnormal login/logout or other special activities) are passing through the switch port, trap feature...
Page 199
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-3 security mode description feature userloginsecur e mac-based 802.1x authentication is performed on the access user. The port is enabled only after the authentication succeeds. W...
Page 200
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-4 security mode description feature macaddressoru serloginsecure ext this mode is similar to the macaddressoruserloginsecure mode, except that there can be more than one 802.1x-au...
Page 201
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-5 1.2 port security configuration task list complete the following tasks to configure port security: task remarks enabling port security required setting the maximum number of mac...
Page 202
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-6 caution: enabling port security resets the following configurations on the ports to the defaults (shown in parentheses below): z 802.1x (disabled), port access control method ( ...
Page 203
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-7 1.2.3 setting the port security mode follow these steps to set the port security mode: to do... Use the command... Remarks enter system view system-view — set the oui value for ...
Page 204
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-8 note: z before setting the port security mode to autolearn , you need to set the maximum number of mac addresses allowed on the port with the port-security max-mac-count command...
Page 205
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-9 ii. Configuring intrusion protection follow these steps to configure the intrusion protection feature: to do... Use the command... Remarks enter system view system-view — enter ...
Page 206
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-10 iii. Configuring the trap feature follow these steps to configure port security trapping: to do... Use the command... Remarks enter system view system-view — enable sending tra...
Page 207
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-11 z if the amount of security mac addresses has not yet reach the maximum number, the port will learn new mac addresses and turn them to security mac addresses; z if the amount o...
Page 208
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-12 1.4 port security configuration example 1.4.1 port security configuration example i. Network requirements implement access user restrictions through the following configuration...
Page 209
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 1 port security configuration 1-13 [switch-ethernet1/0/1] port-security intrusion-mode disableport-temporarily [switch-ethernet1/0/1] quit [switch] port-security timer disableport 30
Page 210
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 2 port binding configuration 2-1 chapter 2 port binding configuration when configuring port binding, go to these sections for information you are interested in: z port binding overview z displaying and maintaini...
Page 211
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 2 port binding configuration 2-2 note: z an ip address can be bound to only one port at a time. Z a mac address can be bound to only one port at a time. 2.2 displaying and maintaining port binding configuration ...
Page 212
Operation manual – port security-port binding h3c s3100 series ethernet switches chapter 2 port binding configuration 2-3 system-view # enter ethernet 1/0/1 port view. [switcha] interface ethernet 1/0/1 # bind the mac address and the ip address of host a to ethernet 1/0/1. [switcha-ethernet1/0/1] am...
Page 213: Table of Contents
Operation manual – dldp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 dldp configuration .................................................................................................... 1-1 1.1 overview ...........................................................
Page 214
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-1 chapter 1 dldp configuration note: only s3100-ei series switches support dldp feature. 1.1 overview 1.1.1 introduction you may have encountered unidirectional links in networking. When a unidirectional link o...
Page 215
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-2 switchb switcha pc ge1/1/1 pc ge1/1/1 ge1/1/2 ge1/1/2 figure 1-2 fiber broken or not connected dldp provides the following features: z as a link layer protocol, it works together with the physical layer proto...
Page 216
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-3 table 1-1 dldp packet types dldp packet type function advertisement notifies the neighbor devices of the existence of the local device. An advertisement packet carries only the local port information, and it ...
Page 217
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-4 dldp packet type function linkdown linkdown packets are used to notify unidirectional link emergencies (a unidirectional link emergency occurs when the local port is down and the peer port is up). Linkdown pa...
Page 218
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-5 2) a dldp packet received is processed as follows: z in authentication mode, the dldp packet is authenticated and is then dropped if it fails the authentication. Z the packet is further processed, as describe...
Page 219
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-6 table 1-4 processing procedure when no echo packet is received from the neighbor no echo packet received from the neighbor processing procedure in normal mode, no echo packet is received when the echo waiting...
Page 220
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-7 1.2.3 dldp timers table 1-6 dldp timers timer description advertisement sending timer interval between sending advertisement packets, which can be configured on a command line interface. By default, the timer...
Page 221
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-8 timer description delaydown timer when a device in the active, advertisement, or probe dldp state receives a port down message, it does not removes the corresponding neighbor immediately, neither does it chan...
Page 222
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-9 table 1-8 description on the two dldp neighbor states dldp neighbor state description two way the link to the neighbor operates properly. Unknown the device is detecting the neighbor and the neighbor state is...
Page 223
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-10 1.3 dldp configuration 1.3.1 performing basic dldp configuration table 1-9 perform basic dldp configuration operation command description enter system view system-view — enable dldp globally dldp enable ente...
Page 224
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-11 z the interval for sending advertisement packets ranges from 1 to 100 seconds and defaults to 5 seconds. You can adjust this setting as needed to enable dldp to respond in time to link failures. If the inter...
Page 225
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-12 table 1-10 reset dldp state operation command description system-view reset dldp state for all the ports shut down by dldp dldp reset interface interface-type interface-number reset the dldp state for a port...
Page 226
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-13 ii. Network diagram switchb switcha pc ge1/1/1 switchb switcha pc switchb switcha pc switchb switcha pc ge1/1/1 ge1/1/2 ge1/1/2 figure 1-3 network diagram for dldp configuration iii. Configuration procedure ...
Page 227
Operation manual – dldp h3c s3100 series ethernet switches chapter 1 dldp configuration 1-14 note: when two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state. When a fiber is connected to a device correctly on o...
Page 228: Table of Contents
Operation manual – mac address table management h3c s3100 series ethernet switches table of contents i table of contents chapter 1 mac address table management.............................................................................. 1-1 1.1 overview ................................................
Page 229
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-1 chapter 1 mac address table management when configuring mac address table management, go to these sections for information you are interested in: z overview z configuring mac...
Page 230
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-2 1.1.2 introduction to mac address learning mac address table entries can be updated and maintained through the following two ways: z manual configuration z mac address learni...
Page 231
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-3 eth1/0/1 eth1/0/3 eth1/0/4 user a user b user c figure 1-3 mac address learning diagram (2) 3) because the switch broadcasts the packet, both user b and user c can receive th...
Page 232
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-4 figure 1-5 mac address table entries of the switch (2) 5) after this interaction, the switch directly unicasts the packets destined for user a and user b based on the corresp...
Page 233
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-5 themselves. Using static mac address entries can reduce broadcast packets remarkably and are suitable for networks where network devices seldom change. Z dynamic mac address ...
Page 234
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-6 1.2.2 configuring a mac address entry you can add, modify, or remove a mac address entry, remove all mac address entries concerning a specific port, or remove specific type o...
Page 235
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-7 caution: z when you add a mac address entry, the current port must belong to the vlan specified by the vlan argument in the command. Otherwise, the entry will not be added. Z...
Page 236
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-8 for these mac addresses through the hardware, improving the forwarding efficiency. A mac address table too big in size may prolong the time for searching mac address entries,...
Page 237
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-9 you can disable a switch from learning mac addresses in specific vlans to improve stability and security for the users belong to these vlans and prevent unauthorized accesses...
Page 238
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-10 follow these steps to configure the start port mac address: to do… use the command… remarks enter system view system-view — configure the start port mac address port-mac sta...
Page 239
Operation manual – mac address table management h3c s3100 series ethernet switches chapter 1 mac address table management 1-11 1.4 configuration example 1.4.1 adding a static mac address entry manually i. Network requirements the server connects to the switch through ethernet 1/0/2. To prevent the s...
Page 240: Table of Contents
Operation manual – mstp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 mstp configuration .................................................................................................... 1-1 1.1 stp overview .......................................................
Page 241
Operation manual – mstp h3c s3100 series ethernet switches table of contents ii 1.6 configuring guard functions........................................................................................... 1-43 1.6.1 introduction.............................................................................
Page 242
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-1 chapter 1 mstp configuration 1.1 stp overview i. Functions of stp spanning tree protocol (stp) is a protocol conforming to ieee 802.1d. It aims to eliminate loops on data link layer in a local area network (l...
Page 243
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-2 2) root port on a non-root bridge device, the root port is the port with the lowest path cost to the root bridge. The root port is used for communicating with the root bridge. A non-root-bridge device has one...
Page 244
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-3 note: all the ports on the root bridge are designated ports. 4) path cost path cost is a value used for measuring link capacity. By comparing the path costs of different links, stp selects the most robust lin...
Page 245
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-4 z selection of the optimum configuration bpdu each device sends out its configuration bpdu and receives configuration bpdus from other devices. The process of selecting the optimum configuration bpdu is as fo...
Page 246
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-5 table 1-3 selection of the root port and designated ports step description 1 a non-root-bridge device takes the port on which the optimum configuration bpdu was received as the root port. 2 based on the confi...
Page 247
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-6 figure 1-2 network diagram for stp algorithm z initial state of each device the following table shows the initial state of each device. Table 1-4 initial state of each device device port name bpdu of port ap1...
Page 248
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-7 table 1-5 comparison process and result on each device device comparison process bpdu of port after comparis on device a z port ap1 receives the configuration bpdu of device b {1, 0, 1, bp1}. Device a finds t...
Page 249
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-8 device comparison process bpdu of port after comparis on z port cp1 receives the configuration bpdu of device a {0, 0, 0, ap2}. Device c finds that the received configuration bpdu is superior to the configura...
Page 250
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-9 figure 1-3 the final calculated spanning tree note: to facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated. 6) the bpdu fo...
Page 251
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-10 root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur. 7) stp timers the following three time parameters are important for stp calculation: z forward del...
Page 252
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-11 note: z in rstp, the state of a root port can transit fast under the following conditions: the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding ...
Page 253
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-12 figure 1-4 basic mstp terminologies i. Mst region a multiple spanning tree region (mst region) comprises multiple physically-interconnected mstp-enabled switches and the corresponding network segments connec...
Page 254
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-13 iii. Vlan mapping table a vlan mapping table is a property of an mst region. It contains information about how vlans are mapped to mstis. For example, in figure 1-4 , the vlan mapping table of region a0 is: ...
Page 255
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-14 z a designated port is used to forward packets to a downstream network segment or switch. Z a master port connects an mst region to the common root. The path from the master port to the common root is the sh...
Page 256
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-15 connecting to the common root bridge region boundary ports port 1 port 2 master port alternate port designated port port 3 port 4 port 5 a b c d port 6 backup port mst region figure 1-5 port roles x. Port st...
Page 257
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-16 1.2.3 principle of mstp mstp divides a layer 2 network into multiple mst regions. The csts are generated between these mst regions, and multiple spanning trees (also called mstis) can be generated in each ms...
Page 258
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-17 z for configuration bpdus with both the same root bridge id and the same external path costs, master bridge id, internal path cost, designated bridge id, id of sending port, id of receiving port are compared...
Page 259
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-18 z root bridge hold z root bridge backup z root guard z bpdu guard z loop guard z tc-bpdu attack guard z bpdu packet drop 1.2.5 stp-related standards stp-related standards include the following. Z ieee 802.1d...
Page 260
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-19 operation description related section configure the mode a port recognizes and sends mstp packets optional section 1.3.5 “ configuring the mode a port recognizes and sends mstp packets ” configure the mstp o...
Page 261
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-20 1.3.1 configuration prerequisites the role (root, branch, or leaf) of each switch in each spanning tree instance is determined. 1.3.2 configuring an mst region i. Configuration procedure table 1-8 configure ...
Page 262
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-21 topology jitter caused by the configuration, mstp does not recalculate spanning trees immediately after the configuration; it does this only after you perform one of the following operations, and then the co...
Page 263
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-22 1.3.3 specifying the current switch as a root bridge/secondary root bridge mstp can automatically choose a switch as a root bridge through calculation. You can also manually specify the current switch as a r...
Page 264
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-23 diameter of the switched network ” and 1.3.9 “ configuring the mstp time-related parameters ” for information about the network diameter parameter and the hello time parameter. Note: z you can configure a sw...
Page 265
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-24 caution: z once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch cannot be configured any more...
Page 266
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-25 z if packets in legacy format are received, the port turns to discarding state to prevent network storm. I. Configuration procedure table 1-12 configure the mode a port recognizes and sends mstp packets (in ...
Page 267
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-26 1.3.6 configuring the mstp operation mode to make a mstp-enabled switch compatible with stp/rstp, mstp provides the following three operation modes: z stp-compatible mode, where the ports of a switch send st...
Page 268
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-27 mechanism disables the switches that are beyond the maximum hop count from participating in spanning tree calculation, and thus limits the size of an mst region. With such a mechanism, the maximum hop count ...
Page 269
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-28 the network diameter parameter indicates the size of a network. The bigger the network diameter is, the larger the network size is. After you configure the network diameter of a switched network, an mstp-ena...
Page 270
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-29 caution: z the forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large forward delay. A too small forward delay parameter may result in temp...
Page 271
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-30 by the hello time parameter to check link failures. Normally, a switch regards its upstream switch faulty if the former does not receive any bpdu from the latter in a period three times of the hello time and...
Page 272
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-31 operation command description configure the maximum transmitting speed for specified ports stp interface interface-list transmit-limit packetnum required the maximum transmitting speed of all ethernet ports ...
Page 273
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-32 you can configure a port as an edge port in one of the following two ways. I. Configure a port as an edge port in system view table 1-21 configure a port as an edge port in system view operation command desc...
Page 274
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-33 2) configure ethernet 1/0/1 as an edge port in ethernet port view system-view [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] stp edged-port enable 1.3.13 specifying whether the link connected to a...
Page 275
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-34 note: z if you configure the link connected to a port in an aggregation group as a point-to-point link, the configuration will be synchronized to the rest ports in the same aggregation group. Z if an auto-ne...
Page 276
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-35 table 1-26 enable mstp in ethernet port view operation command description enter system view system-view — enable mstp stp enable required mstp is disabled by default. Enter ethernet port view interface inte...
Page 277
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-36 table 1-27 configure leaf nodes operation description related section enable mstp required to prevent network topology jitter caused by other related configurations, you are recommended to enable mstp after ...
Page 278
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-37 1.4.1 configuration prerequisites the role (root, branch, or leaf) of each switch in each spanning tree instance is determined. 1.4.2 configuring the mst region refer to section 1.3.2 “ configuring an mst re...
Page 279
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-38 table 1-28 specify the standard for calculating path costs operation command description enter system view system-view — specify the standard for calculating the default path costs of the links connected to ...
Page 280
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-39 where ‘link transmission speed” is the sum of the speeds of all the unblocked ports on the aggregated link measured in 100 kbps. Ii. Configure the path cost for specific ports table 1-30 configure the path c...
Page 281
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-40 iii. Configuration example (a) # configure the path cost of ethernet 1/0/1 in spanning tree instance 1 to be 2,000. 1) perform this configuration in system view system-view [sysname] stp interface ethernet1/...
Page 282
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-41 operation command description configure port priority for specified ports stp interface interface-list instance instance-id port priority priority required the default port priority is 128. Ii. Configure por...
Page 283
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-42 1.4.10 enabling mstp refer to section 1.3.14 “ enabling mstp ”. 1.5 performing mcheck operation ports on an mstp-enabled switch can operate in three modes: stp-compatible, rstp-compatible, and mstp. A port o...
Page 284
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-43 operation command description enter ethernet port view interface interface-type interface-number — perform the mcheck operation stp mcheck required 1.5.3 configuration example # perform the mcheck operation ...
Page 285
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-44 bridge to be elected and network topology jitter to occur. In this case, flows that should travel along high-speed links may be led to low-speed links, and network congestion may occur. You can avoid this pr...
Page 286
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-45 you can use the stp tc-protection threshold command to set the maximum times for a switch to remove the mac address table and arp entries in a specific period. When the number of the tc-bpdus received within...
Page 287
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-46 operation command description enable the bpdu guard function stp bpdu-protection required the bpdu guard function is disabled by default. Ii. Configuration example # enable the bpdu guard function. System-vi...
Page 288
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-47 [sysname-ethernet1/0/1] stp root-protection 1.6.5 configuring loop guard i. Configuration procedure table 1-39 configure loop guard operation command description enter system view system-view — enter etherne...
Page 289
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-48 iii. Configuration example # enable the tc-bpdu attack guard function system-view [sysname] stp tc-protection enable # set the maximum times for the switch to remove the mac address table within 10 seconds t...
Page 290
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-49 the same mst region-related configuration as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the s3100 ethernet switch regards another manufacturer's...
Page 291
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-50 operation command description display the current configuration display current-configuration you can execute this command in any view. Note: z when the digest snooping feature is enabled on a port, the port...
Page 292
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-51 z for mstp, the upstream switch sends agreement packets to the downstream switch; and the downstream switch sends agreement packets to the upstream switch only after it receives agreement packets from the up...
Page 293
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-52 some other manufacturers' switches adopt proprietary spanning tree protocols that are similar to rstp in the way to implement rapid transition on designated ports. When a switch of this kind operating as the...
Page 294
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-53 operation command description enable the rapid transition feature stp interface interface-type interface-number no-agreement-check required by default, the rapid transition feature is disabled on a port. 2) ...
Page 295
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-54 as shown in figure 1-9 , the upper part is the operator’s network, and the lower part is the user’s network. The operator’s network comprises packet ingress/egress devices, and the user’s network has network...
Page 296
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-55 note: z the vlan-vpn tunnel function can be enabled on stp-enabled devices only. Z to enable the vlan-vpn tunnel function, make sure the links between operator’s networks are trunk links. 1.10 stp maintenanc...
Page 297
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-56 1.11 enabling trap messages conforming to 802.1d standard when enabled, the switch sends the following two types of 802.1d-compliant traps to the network management device: z when the switch is configured to...
Page 298
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-57 operation command display information about the ports that are shut down by stp protection display stp portdown display information about the ports that are blocked by stp protection display stp abnormalport...
Page 299
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-58 note: the word “permit” shown in figure 1-10 means the corresponding link permits packets of specific vlans. Iii. Configuration procedure 1) configure switch a # enter mst region view. System-view [sysname] ...
Page 300
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-59 # enter mst region view. System-view [sysname] stp region-configuration # configure the mst region. [sysname-mst-region] region-name example [sysname-mst-region] instance 1 vlan 10 [sysname-mst-region] insta...
Page 301
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-60 ii. Network diagram eth 1/0/1 switch a switch d switch c switch b eth 1/0/1 ge 1/0/2 ge 1/0/1 ge 1/0/2 ge 1/0/1 figure 1-11 network diagram for vlan-vpn tunnel configuration iii. Configuration procedure 1) c...
Page 302
Operation manual – mstp h3c s3100 series ethernet switches chapter 1 mstp configuration 1-61 # enable the vlan vpn function on it. [sysname] interface gigabitethernet 1/0/1 [sysname-gigabitethernet1/0/1] port access vlan 10 [sysname-gigabitethernet1/0/1] vlan-vpn enable [sysname-gigabitethernet1/0/1...
Page 303: Table of Contents
Operation manual – multicast h3c s3100 series ethernet switches table of contents i table of contents chapter 1 multicast overview ...................................................................................................... 1-1 1.1 multicast overview...........................................
Page 304
Operation manual – multicast h3c s3100 series ethernet switches table of contents ii chapter 3 common multicast configuration.............................................................................. 3-1 3.1 common multicast configuration.............................................................
Page 305
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-1 chapter 1 multicast overview 1.1 multicast overview with development of networks on the internet, more and more interaction services such as data, voice, and video services are running on the networks. I...
Page 306
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-2 traffic over the network is in direct proportion to the number of users that receive this information, when a large number of users need this information, the server must send many pieces of information ...
Page 307
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-3 1.1.3 information transmission in the multicast mode as described in the previous sections, unicast is suitable for networks with sparsely distributed users, whereas broadcast is suitable for networks wi...
Page 308
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-4 z multicast brings no waste of network resources and makes proper use of bandwidth. 1.1.4 roles in multicast the following roles are involved in multicast transmission: z an information sender is referre...
Page 309
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-5 z enhanced efficiency: multicast decreases network traffic and reduces server load and cpu load. Z optimal performance: multicast reduces redundant traffic. Z distributive application: multicast makes mu...
Page 310
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-6 iii. Ssm model in the practical life, users may be interested in the multicast data from only certain multicast sources. The ssm model provides a transmission service that allows users to specify the mul...
Page 311
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-7 these questions are about multicast addressing. To enable the communication between the information source and members of a multicast group (a group of information receivers), network-layer multicast add...
Page 312
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-8 table 1-2 range and description of class d ip addresses class d address range description 224.0.0.0 to 224.0.0.255 reserved multicast addresses (ip addresses for permanent multicast groups). The ip addre...
Page 313
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-9 class d address range description 224.0.0.18 virtual router redundancy protocol (vrrp) 224.0.0.19 to 224.0.0.255 other protocols note: like having reserved the private network segment 10.0.0.0/8 for unic...
Page 314
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-10 1.3.2 multicast protocols note: z generally, we refer to ip multicast working at the network layer as layer 3 multicast and the corresponding multicast protocols as layer 3 multicast protocols, which in...
Page 315
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-11 2) multicast routing protocols a multicast routing protocol runs on layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicas...
Page 316
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-12 and layer 3 multicast devices, thus effectively controlling the flooding of multicast data in a layer 2 network. 1.4 multicast packet forwarding mechanism in a multicast model, a multicast source sends ...
Page 317
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-13 3) if no corresponding (s, g) entry exists in the multicast forwarding table, the packet is also subject to an rpf check. The router creates an (s, g) entry based on the relevant routing information and...
Page 318
Operation manual – multicast h3c s3100 series ethernet switches chapter 1 multicast overview 1-14 z a multicast packet from source arrives to vlan-interface 1 of switch c, and the corresponding forwarding entry does not exist in the multicast forwarding table of switch c. Switch c performs an rpf ch...
Page 319
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-1 chapter 2 igmp snooping configuration 2.1 igmp snooping overview internet group management protocol snooping (igmp snooping) is a multicast constraining mechanism that runs on layer 2 devices to...
Page 320
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-2 2.1.2 basic concepts in igmp snooping i. Igmp snooping related ports as shown in figure 2-2 , router a connects to the multicast source, igmp snooping runs on switch a and switch b, host a and h...
Page 321
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-3 timer description message before expiry action after expiry member port aging timer when a port joins a multicast group, the switch sets a timer for the port, which is initialized to the member ...
Page 322
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-4 note: a switch will not forward an igmp report through a non-router port for the following reason: due to the igmp report suppression mechanism, if member hosts of that multicast group still exi...
Page 323
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-5 caution: after an ethernet switch enables igmp snooping, when it receives the igmp leave message sent by a host in a multicast group, it judges whether the multicast group exists automatically. ...
Page 324
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-6 operation command remarks enter vlan view vlan vlan-id — enable igmp snooping on the vlan igmp - snooping enable required by default, igmp snooping is disabled on all the vlans. Caution: z befor...
Page 325
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-7 caution: z before configuring related igmp snooping functions, you must enable igmp snooping in the specified vlan. Z different multicast group addresses should be configured for different multi...
Page 326
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-8 i. Enabling fast leave processing in system view table 2-6 enable fast leave processing in system view operation command remarks enter system view system - view — enable fast leave processing ig...
Page 327
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-9 2.2.5 configuring a multicast group filter on an igmp snooping-enabled switch, the configuration of a multicast group allows the service provider to define restrictions on multicast programs ava...
Page 328
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-10 note: z a port can belong to multiple vlans, you can configure only one acl rule per vlan on a port. Z if no acl rule is configured, all the multicast groups will be filtered. Z since most devi...
Page 329
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-11 note: z to prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the s...
Page 330
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-12 operation command remarks enable igmp snooping igmp-snooping enable required. Enable igmp snooping querier igmp-snooping querier required by default, igmp snooping querier is disabled. Configur...
Page 331
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-13 operation command remarks configure specified port(s) as static member port(s) of a multicast group in the vlan multicast static-group group-address interface interface-list required by default...
Page 332
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-14 there is no member of the multicast group on the local subnet and remove the corresponding path. To avoid this from happening, you can configure a port of the vlan of the switch as a multicast ...
Page 333
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-15 2.2.11 configuring a vlan tag for query messages by configuring the vlan in which igmp general and group-specific queries forwarded and sent by igmp snooping switches are transmitted, you can e...
Page 334
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-16 operation command remarks return to system view quit — enter vlan interface view interface vlan-interface vlan-id — enable igmp igmp enable required by default, the igmp feature is disabled. Re...
Page 336
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-18 table 2-20 display and maintain igmp snooping operation command remarks display the current igmp snooping configuration display igmp-snooping configuration display igmp snooping message statist...
Page 337
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-19 ii. Network diagram multicast packets source router a switch a receiver receiver host b host a host c 1.1.1.1/24 eth1/0/4 eth1/0/2 eth1/0/3 igmp querier eth1/0/1 eth1/0/1 10.1.1.1/24 eth1/0/2 1...
Page 338
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-20 [switcha-vlan100] port ethernet 1/0/1 to ethernet 1/0/4 [switcha-vlan100] igmp-snooping enable [switcha-vlan100] quit 4) verify the configuration # view the detailed information of the multicas...
Page 339
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-21 table 2-21 network devices and their configurations device device description networking description switch a layer 3 switch the interface ip address of vlan 20 is 168.10.1.1. Ethernet 1/0/1 is...
Page 340
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-22 1) configure switch a: # set the interface ip address of vlan 20 to 168.10.1.1 and enable pim dm on the vlan interface. System-view [switcha] multicast routing-enable [switcha] vlan 20 [switcha...
Page 341
Operation manual – multicast h3c s3100 series ethernet switches chapter 2 igmp snooping configuration 2-23 [switchb-ethernet1/0/10] port link-type hybrid [switchb-ethernet1/0/10] port hybrid vlan 2 3 10 tagged [switchb-ethernet1/0/10] quit # define ethernet 1/0/1 as a hybrid port, add the port to vl...
Page 342
Operation manual – multicast h3c s3100 series ethernet switches chapter 3 common multicast configuration 3-1 chapter 3 common multicast configuration 3.1 common multicast configuration table 3-1 common multicast configuration tasks configuration task remarks configuring suppression on the multicast ...
Page 343
Operation manual – multicast h3c s3100 series ethernet switches chapter 3 common multicast configuration 3-2 ii. Configuring multicast source port suppression in ethernet port view table 3-3 configure multicast source port suppression in ethernet port view operation command remarks enter system view...
Page 344
Operation manual – multicast h3c s3100 series ethernet switches chapter 3 common multicast configuration 3-3 note: z if the multicast mac address entry to be created already exists, the system gives you a prompt. Z if you want to add a port to a multicast mac address entry created through the mac - ...
Page 345
Operation manual – multicast h3c s3100 series ethernet switches chapter 3 common multicast configuration 3-4 table 3-7 display common multicast configuration operation command remarks display the statistics information about multicast source port suppression display multicast - source - deny [ inter...
Page 346: Table of Contents
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches table of contents i table of contents chapter 1 802.1x configuration ................................................................................................... 1-1 1.1 introduction to 802.1x .............................
Page 347
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches table of contents ii 3.4 displaying habp................................................................................................................ 3-2 chapter 4 system-guard configuration (for s3100-ei) ....................
Page 348
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-1 chapter 1 802.1x configuration 1.1 introduction to 802.1x the 802.1x protocol (802.1x for short) was developed by ieee802 lan/wan committee to address security issues of wireless lans. It was...
Page 349
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-2 z the authenticator system is another entity residing at one end of a lan segment. It authenticates the connected supplicant systems. The authenticator system is usually an 802.1x-supported n...
Page 350
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-3 iv. The way a port is controlled a port of a h3c series switch can be controlled in the following two ways. Z port-based authentication. When a port is controlled in this way, all the supplic...
Page 351
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-4 figure 1-3 the format of an eapol packet in an eapol packet: z the pae ethernet type field holds the protocol identifier. The identifier for 802.1x is 0x888e. Z the protocol version field hol...
Page 352
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-5 0 15 code data length 7 identifier 2 4 n figure 1-4 the format of an eap packet in an eap packet: z the code field indicates the eap packet type, which can be request, response, success, or f...
Page 353
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-6 figure 1-6 the format of an eap-message field the message-authenticator field, whose format is shown in figure 1-7 , is used to prevent unauthorized interception to access requesting packets ...
Page 354
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-7 z peap creates and uses tls security channels to ensure data integrity and then performs new eap negotiations to verify supplicant systems. Figure 1-8 describes the basic eap-md5 authenticati...
Page 355
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-8 z upon receiving the packet from the switch, the radius server retrieves the user name from the packet, finds the corresponding password by matching the user name in its database, encrypts th...
Page 356
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-9 supplicant system pae authenticator system pae radius server eapol radius eapol-start eap-request/identity eap-response/identity eap-request/md5 challenge eap-success eap-response/md5 challen...
Page 357
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-10 period (set by the quiet-period timer) before it processes another authentication request re-initiated by the supplicant system. During this quiet period, the switch does not perform any 802...
Page 358
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-11 note: h3c's cams server is a service management system used to manage networks and to secure networks and user information. With the cooperation of other networking devices (such as switches...
Page 359
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-12 ii. Checking the client version with the 802.1x client version-checking function enabled, a switch checks the version and validity of an 802.1x client to prevent unauthorized users or users ...
Page 360
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-13 to the user. To connect to the switch again, the user needs to initiate 802.1x authentication with the client software again. Note: z when re-authenticating a user, a switch goes through the...
Page 361
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-14 note: 802.1x re-authentication will fail if a cams server is used and configured to perform authentication but not accounting. This is because a cams server establishes a user session after ...
Page 362
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-15 1.3 basic 802.1x configuration 1.3.1 configuration prerequisites z configure isp domain and the aaa scheme to be adopted. You can specify a radius scheme or a local scheme. Z ensure that the...
Page 364
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-17 1.3.3 timer and maximum user number configuration table 1-2 configure 802.1x timers and the maximum number of users operation command remarks enter system view system-view — in system view d...
Page 365
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-18 note: z as for the dot1x max-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also use this command in...
Page 366
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-19 note: z the proxy checking function needs the cooperation of h3c's 802.1x client (inode) program. Z the proxy checking function depends on the online user handshaking function. To enable the...
Page 367
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-20 1.4.3 enabling dhcp-triggered authentication after performing the following configuration, 802.1x allows running dhcp on access users, and users are authenticated when they apply for dynamic...
Page 368
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-21 caution: z the guest vlan function is available only when the switch operates in the port-based authentication mode. Z only one guest vlan can be configured for each switch. Z the guest vlan...
Page 369
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-22 1) the switch uses the value of the session-timeout attribute field of the access-accept packet sent by the radius server as the re-authentication interval. 2) the switch uses the value conf...
Page 370
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-23 1.6 configuration example 1.6.1 802.1x configuration example i. Network requirements z authenticate users on all ports to control their accesses to the internet. The switch operates in mac a...
Page 371
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-24 iii. Configuration procedure note: following configuration covers the major aaa/radius configuration commands. Refer to aaa operation manual for the information about these commands. Configu...
Page 372
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 1 802.1x configuration 1-25 # set the timer for the switch to send real-time accounting packets to the radius servers. [sysname-radius-radius1] timer realtime-accounting 15 # configure to send the user name to the radi...
Page 373
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-1 chapter 2 quick ead deployment configuration note: the configuration introduced in this chapter is only supported by the s3100-ei series switches. 2.1 introduction to quick ead ...
Page 374
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-2 note: the quick ead deployment feature takes effect only when the access control mode of an 802.1x-enabled port is set to auto . 2.2 configuring quick ead deployment 2.2.1 confi...
Page 375
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-3 caution: z you must configure the url for http redirection before configuring a free ip range. A url must start with http:// and the segment where the url resides must be in the...
Page 376
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-4 2.2.3 displaying and maintaining quick ead deployment after performing the above configurations, you can display and verify the quick ead deployment-related configuration by exe...
Page 377
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-5 iii. Configuration procedure note: before enabling quick ead deployment, be sure that: z the web server is configured properly. Z the default gateway of the user’s pc is configu...
Page 378
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 2 quick ead deployment configuration 2-6 z check that you have configured an ip address in the free ip range for the web server and a correct url for redirection, and that the server provides web services properly..
Page 379
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 3 habp configuration 3-1 chapter 3 habp configuration 3.1 introduction to habp with 802.1x enabled, a switch authenticates and then authorizes 802.1x-enabled ports. Packets can be forwarded only by authorized ports. Fo...
Page 380
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 3 habp configuration 3-2 operation command remarks configure the current switch to be an habp server habp server vlan vlan-id required by default, a switch operates as an habp client after you enable habp on the switch...
Page 381: S3100-Ei)
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 4 system-guard configuration (for s3100-ei) 4-1 chapter 4 system-guard configuration (for s3100-ei) note: the configuration introduced in this chapter is only supported by the s3100-ei series switches. 4.1 system-guard...
Page 382
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 4 system-guard configuration (for s3100-ei) 4-2 operation command description enable system-guard on specified ports system-guard permit interface-list required by default, the system-guard function is disabled on a po...
Page 383: S3100-Si)
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 5 system-guard configuration (for s3100-si) 5-1 chapter 5 system-guard configuration (for s3100-si) note: the configuration introduced in this chapter is only supported by the s3100-si series switches. 5.1 system-guard...
Page 384
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 5 system-guard configuration (for s3100-si) 5-2 5.2.2 configuring system-guard-related parameters table 5-2 lists the operations to configure system-guard-related parameters, including system-guard mode, checking inter...
Page 385
Operation manual – 802.1x-system guard h3c s3100 series ethernet switches chapter 5 system-guard configuration (for s3100-si) 5-3 5.3 displaying and maintaining the system-guard function after the above configuration, you can display and verify your configuration by performing the operation listed i...
Page 386: Table of Contents
Operation manual – aaa h3c s3100 series ethernet switches table of contents i table of contents chapter 1 aaa overview .............................................................................................................. 1-1 1.1 introduction to aaa .............................................
Page 387
Operation manual – aaa h3c s3100 series ethernet switches table of contents ii 2.3.6 configuring the attributes of data to be sent to tacacs servers ...................... 2-29 2.3.7 configuring the timers regarding tacacs servers ........................................... 2-30 2.4 displaying and m...
Page 388: Chapter 1 Aaa Overview
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-1 chapter 1 aaa overview 1.1 introduction to aaa aaa is the acronym for the three security functions: authentication, authorization and accounting. It provides a uniform framework for you to configure these three func...
Page 389
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-2 z radius authorization: users are authorized after they pass radius authentication. In radius protocol, authentication and authorization are combined together, and authorization cannot be performed alone without aut...
Page 390
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-3 z server: radius server runs on a computer or workstation at the center. It stores and maintains user authentication information and network service access information. Z client: radius client runs on network access...
Page 391
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-4 radius client radius server ( 1 ) the user inputs the user name and password ( 3 ) access-accept ( 2 ) access-request (4 ) accounting-request (start) ( 5 ) accounting-response ( 6 ) the user begins to access resourc...
Page 392
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-5 adopts the following mechanisms: timer management, retransmission, and backup server. Figure 1-3 depicts the format of radius messages. Figure 1-3 radius message format 1) the code field (one byte) decides the type ...
Page 393
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-6 code message type message description 5 accounting-respons e direction: server->client. The server transmits this message to the client to notify the client that it has received the accounting-request message and ha...
Page 394
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-7 type field value attribute type type field value attribute type 9 framed-ip-netmask 31 calling-station-id 10 framed-routing 32 nas-identifier 11 filter-id 33 proxy-state 12 framed-mtu 34 login-lat-service 13 framed-...
Page 395
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-8 1.2.2 introduction to hwtacacs i. What is hwtacacs huawei terminal access controller access control system (hwtacacs) is an enhanced security protocol based on tacacs (rfc 1492). Similar to the radius protocol, it i...
Page 396
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-9 ii. Basic message exchange procedure in hwtacacs the following text takes telnet user as an example to describe how hwtacacs implements authentication, authorization, and accounting for a user. Figure 1-6 illustrate...
Page 397
Operation manual – aaa h3c s3100 series ethernet switches chapter 1 aaa overview 1-10 3) after receiving the username from the user, the tacacs client sends an authentication continuance message carrying the username. 4) the tacacs server returns an authentication response, asking for the password. ...
Page 398
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-1 chapter 2 aaa configuration 2.1 aaa configuration task list 2.1.1 configuration introduction you need to configure aaa to provide network access services for legal users while protecting network devices and pre...
Page 399
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-2 table 2-2 aaa configuration tasks (configuring separate aaa schemes for an isp domain) task remarks creating an isp domain and configuring its attributes required configuring separate aaa schemes required confi...
Page 401
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-4 z the self-service server location function needs the cooperation of a radius server that supports self-service, such as comprehensive access management server (cams). Through self-service, users can manage and...
Page 402
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-5 caution: z you can execute the scheme radius-scheme radius-scheme-name command to adopt an already configured radius scheme to implement all the three aaa functions. If you adopt the local scheme, only the auth...
Page 403
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-6 table 2-5 configure separate aaa schemes operation command remarks enter system view system-view — create an isp domain and enter its view, or enter the view of an existing isp domain domain isp-name required c...
Page 404
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-7 note: z if a combined aaa scheme is configured as well as the separate authentication, authorization and accounting schemes, the separate ones will be adopted in precedence. Z radius scheme and local scheme do ...
Page 405
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-8 table 2-6 configure dynamic vlan assignment operation command remarks enter system view system-view — create an isp domain and enter its view domain isp-name — set the vlan assignment mode vlan-assignment-mode ...
Page 407
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-10 caution: z the following characters are not allowed in the user-name string: /:*?. And you cannot input more than one “@” in the string. Z after the local-user password-display-mode cipher-force command is exe...
Page 408
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-11 note: you can use the display connection command to view the connections of telnet users, but you cannot use the cut connection command to cut down their connections. 2.2 radius configuration task list h3c’s e...
Page 409
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-12 table 2-10 radius configuration tasks (the switch functions as a local radius server) task remarks creating a radius scheme required configuring radius authentication/authorization servers required configuring...
Page 410
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-13 note: actually, the radius service configuration only defines the parameters for information exchange between switch and radius server. To make these parameters take effect, you must reference the radius schem...
Page 411
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-14 operation command remarks set the ip address and port number of the primary radius authentication/authorizati on server primary authentication ip-address [ port-number ] required by default, the ip address and...
Page 412
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-15 operation command remarks set the ip address and port number of the primary radius accounting server primary accounting ip-address [ port-number ] required by default, the ip address and udp port number of the...
Page 413
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-16 note: z in an actual network environment, you can specify one server as both the primary and secondary accounting servers, as well as specifying two radius servers as the primary and secondary accounting serve...
Page 414
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-17 operation command remarks set a shared key for radius accounting messages key accounting string required by default, no shared key is created. Caution: the authentication/authorization shared key and the accou...
Page 415
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-18 2.2.6 configuring the type of radius servers to be supported table 2-16 configure the type of radius servers to be supported operation command remarks enter system view system-view — create a radius scheme and...
Page 416
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-19 table 2-17 set the status of radius servers operation command remarks enter system view system-view — create a radius scheme and enter its view radius scheme radius-scheme-name required by default, a radius sc...
Page 418
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-21 addition to radius client service, where separate authentication/authorization server and the accounting server are used for user authentication. Table 2-19 configure the local radius authentication server fun...
Page 419
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-22 system is called the response timeout timer of radius servers. If the switch gets no answer within the response timeout time, it needs to retransmit the request to ensure that the user can obtain radius servic...
Page 420
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-23 2.2.11 enabling sending trap message when a radius server goes down table 2-21 specify to send trap message when a radius server goes down operation command remarks enter system view system-view — enable the s...
Page 421
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-24 3) once the cams receives the accounting-on message, it sends a response to the switch. At the same time it finds and deletes the original online information of the users who were accessing the network through...
Page 422
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-25 2.3 hwtacacs configuration task list table 2-23 hwtacacs configuration tasks task remarks creating a hwtacacs scheme required configuring tacacs authentication servers required configuring tacacs authorization...
Page 423
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-26 2.3.2 configuring tacacs authentication servers table 2-25 configure tacacs authentication servers operation command remarks enter system view system-view — create a hwtacacs scheme and enter its view hwtacacs...
Page 424
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-27 operation command remarks set the ip address and port number of the primary tacacs authorization server primary authorization ip-address [ port ] required by default, the ip address of the primary authorizatio...
Page 425
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-28 operation command remarks enable the stop-accounting message retransmission function and set the maximum number of transmission attempts of a buffered stop-accounting message retry stop-accounting retry-times ...
Page 426
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-29 2.3.6 configuring the attributes of data to be sent to tacacs servers table 2-29 configure the attributes for data to be sent to tacacs servers operation command remarks enter system view system-view — create ...
Page 427
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-30 2.3.7 configuring the timers regarding tacacs servers table 2-30 configure the timers regarding tacacs servers operation command remarks enter system view system-view — create a hwtacacs scheme and enter its v...
Page 428
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-31 table 2-31 display aaa information operation command remarks display configuration information about one specific or all isp domains display domain [ isp-name ] display information about user connections displ...
Page 429
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-32 table 2-33 display and maintain hwtacacs protocol information operation command remarks display the configuration or statistic information about one specific or all hwtacacs schemes display hwtacacs [ hwtacacs...
Page 430
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-33 the telnet user names added to the radius server must be in the format of userid @ isp-name if you have configured the switch to include domain names in the user names to be sent to the radius server in the ra...
Page 431
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-34 a telnet user logging into the switch by a name in the format of userid @cams belongs to the cams domain and will be authenticated according to the configuration of the cams domain. 2.5.2 local authentication ...
Page 432
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-35 [sysname] domain system [sysname-isp-system] scheme local a telnet user logging into the switch with the name telnet@system belongs to the "system" domain and will be authenticated according to the configurati...
Page 433
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-36 iii. Configuration procedure # add a telnet user. (omitted here) # configure a hwtacacs scheme. System-view [sysname] hwtacacs scheme hwtac [sysname-hwtacacs-hwtac] primary authentication 10.110.91.164 49 [sys...
Page 434
Operation manual – aaa h3c s3100 series ethernet switches chapter 2 aaa configuration 2-37 z the communication links (physical/link layer) between the switch and the radius server is disconnected/blocked — take measures to make the links connected/unblocked. Z none or incorrect radius server ip addr...
Page 435
Operation manual – aaa h3c s3100 series ethernet switches chapter 3 ead configuration 3-1 chapter 3 ead configuration note: only the s3100-ei series switches support the ead configuration. 3.1 introduction to ead endpoint admission defense (ead) is an attack defense solution. Using this solution, yo...
Page 436
Operation manual – aaa h3c s3100 series ethernet switches chapter 3 ead configuration 3-2 virus patch server supplicant authentication server security policy server figure 3-1 typical network application of ead after a client passes the authentication, the security client (software installed on the ...
Page 437
Operation manual – aaa h3c s3100 series ethernet switches chapter 3 ead configuration 3-3 table 3-1 ead configuration operation command remarks enter system view system-view — enter radius scheme view radius scheme radius-scheme-name — configure the radius server type to extended server-type extende...
Page 438
Operation manual – aaa h3c s3100 series ethernet switches chapter 3 ead configuration 3-4 ii. Network diagram ethernet1/0/1 internet user security policy servers 10.110.91.166 virus patch servers 10.110.91.168 authentication servers 10.110.91.164 figure 3-2 ead configuration iii. Configuration proce...
Page 439: Table of Contents
Operation manual – mac address authentication h3c s3100 series ethernet switches table of contents i table of contents chapter 1 mac authentication configuration............................................................................ 1-1 1.1 mac authentication overview .............................
Page 440
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-1 chapter 1 mac authentication configuration 1.1 mac authentication overview mac authentication provides a way for authenticating users based on ports and mac addresses, with...
Page 441
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-2 z in fixed mode, all users’ mac addresses are automatically mapped to the configured local passwords and usernames. Z the service type of a local user needs to be configure...
Page 442
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-3 1.3 configuring basic mac authentication functions table 1-1 configure basic mac authentication functions operation command remarks enter system view system-view — enable m...
Page 444
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-5 1.4.2 configuring a guest vlan note: different from guest vlans described in the 802.1x and system-guard manual , guest vlans mentioned in this section refer to guests vlan...
Page 445
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-6 caution: z guest vlans are implemented in the mode of adding a port to a vlan. For example, when multiple users are connected to a port, if the first user fails in the auth...
Page 446
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-7 caution: z if more than one client are connected to a port, you cannot configure a guest vlan for this port. Z when a guest vlan is configured for a port, only one mac addr...
Page 447
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-8 caution: z if both the limit on the number of mac address authentication users and the limit on the number of users configured in the port security function are configured ...
Page 448
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-9 operation command description clear the statistics of global or on-port mac authentication reset mac-authentication statistics [ interface interface-type interface-number ]...
Page 449
Operation manual – mac address authentication h3c s3100 series ethernet switches chapter 1 mac authentication configuration 1-10 [sysname-luser-00-0d-88-f6-44-c1] quit # add an isp domain named aabbcc.Net. [sysname] domain aabbcc.Net new domain added. # specify to perform local authentication. [sysn...
Page 450: Table of Contents
Operation manual – arp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 arp configuration....................................................................................................... 1-1 1.1 introduction to arp.................................................
Page 451
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-1 chapter 1 arp configuration 1.1 introduction to arp 1.1.1 arp function address resolution protocol (arp) is used to resolve an ip address into a data link layer address. An ip address is the address of a host a...
Page 452
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-2 hardware type (16 bits) protocol type (16 bits) length of hardware address length of protocol address operator (16 bits) hardware address of the sender ip address of the sender hardware address of the receiver ...
Page 453
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-3 table 1-2 description on the values of the hardware type field value description 1 ethernet 2 experimental ethernet 3 x.25 4 proteon pronet (token ring) 5 chaos 6 ieee802.X 7 arc network 1.1.3 arp table in an e...
Page 454
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-4 1.1.4 arp process figure 1-2 arp process suppose that host a and host b are on the same subnet and that host a sends a message to host b. The resolution process is as follows: 1) host a looks in its arp mapping...
Page 455
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-5 to prevent such attacks, you can configure arp source mac address consistency check on s3100 series ethernet switches (operating as gateways). With this function, the device can verify whether an arp packet is ...
Page 456
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-6 ii. Arp attack detection to guard against the man-in-the-middle attacks launched by hackers or attackers, s3100-ei series ethernet switches support the arp attack detection function. All arp (both request and r...
Page 457
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-7 1.1.8 introduction to gratuitous arp the following are the characteristics of gratuitous arp packets: z both source and destination ip addresses carried in a gratuitous arp packet are the local addresses, and t...
Page 458
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-8 operation command remarks enable the arp entry checking function (that is, disable the switch from learning arp entries with multicast mac addresses) arp check enable optional by default, the arp entry checking...
Page 459
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-9 operation command remarks specify the current port as a trusted port dhcp-snooping trust required by default, after dhcp snooping is enabled, all ports of a switch are untrusted ports. Quit to system view quit ...
Page 460
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-10 note: z you need to enable dhcp snooping and configure dhcp snooping trusted ports on the switch before configuring the arp attack detection function. For more information about dhcp snooping, refer to the dhc...
Page 461
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-11 operation command remarks configure the port state auto-recovery interval arp protective-down recover interval interval optional by default, when the port state auto-recovery function is enabled, the port stat...
Page 463
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-13 1.5.2 arp attack detection and packet rate limit configuration example i. Network requirements as shown in figure 1-4 , ethernet1/0/1 of switch a (s3100-ei) connects to dhcp server; ethernet1/0/2 connects to c...
Page 464
Operation manual – arp h3c s3100 series ethernet switches chapter 1 arp configuration 1-14 # enable arp attack detection on all ports in vlan 1. [switcha] vlan 1 [switcha-vlan1] arp detection enable [switcha-vlan1] quit # enable the arp packet rate limit function on ethernet1/0/2, and set the maximu...
Page 465: Table of Contents
Operation manual – dhcp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 dhcp overview............................................................................................................ 1-1 1.1 introduction to dhcp .............................................
Page 466
Operation manual – dhcp h3c s3100 series ethernet switches table of contents ii 4.5 displaying dhcp/bootp client configuration................................................................. 4-3.
Page 467: Chapter 1 Dhcp Overview
Operation manual – dhcp h3c s3100 series ethernet switches chapter 1 dhcp overview 1-1 chapter 1 dhcp overview 1.1 introduction to dhcp with networks getting larger in size and more complicated in structure, lack of available ip addresses becomes the common situation the network administrators have ...
Page 468
Operation manual – dhcp h3c s3100 series ethernet switches chapter 1 dhcp overview 1-2 z dynamic assignment. The dhcp server assigns ip addresses to dhcp clients for predetermined period of time. In this case, a dhcp client must apply for an ip address again at the expiration of the period. This pol...
Page 469
Operation manual – dhcp h3c s3100 series ethernet switches chapter 1 dhcp overview 1-3 1.2.3 updating ip address lease after a dhcp server dynamically assigns an ip address to a dhcp client, the ip address keeps valid only within a specified lease time and will be reclaimed by the dhcp server when t...
Page 470
Operation manual – dhcp h3c s3100 series ethernet switches chapter 1 dhcp overview 1-4 z hops: number of dhcp relay agents which a dhcp packet passes. For each dhcp relay agent that the dhcp request packet passes, the field value increases by 1. Z xid: random number that the client selects when it i...
Page 471
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-1 chapter 2 dhcp snooping configuration 2.1 introduction 2.1.1 introduction to dhcp snooping for the sake of security, the ip addresses used by online dhcp clients need to be tracked for the administra...
Page 472
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-2 2.1.2 introduction to dhcp snooping trusted/untrusted ports when an unauthorized dhcp server exists in the network, a dhcp client may obtains an illegal ip address. To ensure that the dhcp clients ob...
Page 473
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-3 2.1.4 overview of dhcp-snooping option 82 i. Introduction to option 82 option 82 is the relay agent information option in the dhcp message. It records the location information of the dhcp client. Whe...
Page 474
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-4 figure 2-3 extended format of the remote id sub-option in practice, some network devices do not support the type and length identifiers of the circuit id and remote id sub-options. To interwork with ...
Page 475
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-5 handling policy sub-option configuration the dhcp snooping device will… neither of the two sub-options is configured forward the packet after replacing the original option 82 with the default content...
Page 476
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-6 forwarding the packet, or will directly forward the packet if the packet does not contain the option 82 field. 2.1.5 overview of ip filtering a denial-of-service (dos) attack means an attempt of an a...
Page 477
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-7 table or static binding table, the switch regards the packet as a valid packet and forwards it; otherwise, the switch drops it directly. 2.2 dhcp snooping configuration 2.2.1 configuring dhcp snoopin...
Page 478
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-8 note: z only the s3100-ei series among s3100 series switches support the configuration of dhcp snooping trusted ports.S3100-si series ethernet switches do not support the configuration of dhcp snoopi...
Page 479
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-9 operation command description display information about unauthorized dhcp servers display dhcp-snooping server-guard available in any view note: z you need to enable dhcp snooping before enabling una...
Page 480
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-10 i. Enable dhcp-snooping option 82 support table 2-7 enable dhcp-snooping option 82 support operation command description enter system view system-view — enable dhcp-snooping option 82 support dhcp-s...
Page 481
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-11 table 2-9 configure a storage format for the option 82 field operation command description enter system view system-view — configure a storage format for the option 82 field dhcp-snooping informatio...
Page 482
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-12 note: z if you have configured a circuit id with the vlan vlan-id argument specified, and the other one without the argument in ethernet port view, the former circuit id applies to the dhcp messages...
Page 483
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-13 note: z if you configure a remote id sub-option in both system view and on a port, the remote id sub-option configured on the port applies when the port receives a packet, and the global remote id a...
Page 484
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-14 operation command description enable ip filtering ip check source ip-address [ mac-address ] required by default, this function is disabled. Create an ip static binding entry ip source static bindin...
Page 485
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-15 table 2-14 display dhcp snooping operation command description display the user ip-mac address mapping entries recorded by the dhcp snooping function display dhcp-snooping [ unit unit-id ] display t...
Page 486
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-16 ii. Network diagram eth1/0/2 client b switch dhcp snooping client a eth1/0/1 client c eth1/0/3 eth1/0/5 dhcp server figure 2-6 network diagram for dhcp-snooping option 82 support configuration iii. ...
Page 487
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-17 2.5.2 unauthorized dhcp server detection configuration example i. Network requirements as shown in figure 2-7 , ethernet 1/0/1 of the switch (s3100-si) is connected to the dhcp server, and ethernet ...
Page 488
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-18 [sysname-ethernet1/0/2] dhcp-snooping server-guard enable # specify the method for handling unauthorized dhcp servers as trap on ethernet 1/0/2. [sysname-ethernet1/0/2] dhcp-snooping server-guard me...
Page 489
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-19 ii. Network diagram switch dhcp snooping eth1/0/2 client c eth1/0/1 dhcp server client b host a ip:1.1.1.1 mac:0001-0001-0001 eth1/0/3 eth1/0/4 figure 2-8 network diagram for ip filtering configurat...
Page 490
Operation manual – dhcp h3c s3100 series ethernet switches chapter 2 dhcp snooping configuration 2-20 [switch-ethernet1/0/2] ip source static binding ip-address 1.1.1.1 mac-address 0001-0001-0001.
Page 491
Operation manual – dhcp h3c s3100 series ethernet switches chapter 3 dhcp packet rate limit configuration 3-1 chapter 3 dhcp packet rate limit configuration note: the contents of this chapter are only applicable to the s3100-ei series among s3100 series switches. 3.1 introduction to dhcp packet rate...
Page 492
Operation manual – dhcp h3c s3100 series ethernet switches chapter 3 dhcp packet rate limit configuration 3-2 3.2 configuring dhcp packet rate limit 3.2.1 configuring dhcp packet rate limit table 3-1 configure rate limit of dhcp packets operation command description enter system view system-view — e...
Page 493
Operation manual – dhcp h3c s3100 series ethernet switches chapter 3 dhcp packet rate limit configuration 3-3 operation command description configure the port state auto-recovery interval dhcp protective-down recover interval interval optional by default, the auto-discovery interval is 300 seconds. ...
Page 494
Operation manual – dhcp h3c s3100 series ethernet switches chapter 3 dhcp packet rate limit configuration 3-4 [switch-ethernet1/0/1] dhcp-snooping trust [switch-ethernet1/0/1] quit # enable auto recovery. [switch] dhcp protective-down recover enable # set the port state auto-recovery interval to 30 ...
Page 495
Operation manual – dhcp h3c s3100 series ethernet switches chapter 4 dhcp/bootp client configuration 4-1 chapter 4 dhcp/bootp client configuration 4.1 introduction to dhcp client after you specify a vlan interface as a dhcp client, the device can use dhcp to obtain parameters such as ip address dyna...
Page 496
Operation manual – dhcp h3c s3100 series ethernet switches chapter 4 dhcp/bootp client configuration 4-2 4.3 configuring a dhcp/bootp client table 4-1 configure a dhcp/bootp client operation command description enter system view system-view — enter vlan interface view interface vlan-interface vlan-i...
Page 497
Operation manual – dhcp h3c s3100 series ethernet switches chapter 4 dhcp/bootp client configuration 4-3 ii. Network diagram figure 4-1 a dhcp network iii. Configuration procedure the following describes only the configuration on switch a serving as a dhcp client. # configure vlan-interface 1 to dyn...
Page 498: Table of Contents
Operation manual – acl h3c s3100 series ethernet switches table of contents i table of contents chapter 1 acl configuration....................................................................................................... 1-1 1.1 acl overview .......................................................
Page 499
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-1 chapter 1 acl configuration 1.1 acl overview as the network scale and network traffic are increasingly growing, security control and bandwidth assignment play a more and more important role in network managemen...
Page 500
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-2 i. Depth-first match order for rules of a basic acl 1) range of source ip address: the smaller the source ip address range (that is, the more the number of zeros in the wildcard mask), the higher the match prio...
Page 501
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-3 ii. Being referenced by upper-level software acls can also be used to filter and classify the packets to be processed by software. In this case, the rules in an acl can be matched in one of the following two wa...
Page 502
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-4 1.2 acl configuration 1.2.1 configuring time range time ranges can be used to filter packets. You can specify a time range for each rule in an acl. A time range-based acl takes effect only in specified time ran...
Page 503
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-5 section ranging from 00:00 january 1, 2004 to 23:59 december 31, 2004, and a periodic time section ranging from 12:00 to 14:00 on every wednesday. This time range is active only when the system time is within t...
Page 505
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-7 acl's step is 1 rule 0 deny source 192.168.0.1 0 1.2.3 configuring advanced acl an advanced acl can filter packets by their source and destination ip addresses, the protocols carried by ip, and protocol-specifi...
Page 506
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-8 note that: z with the config match order specified for the advanced acl, you can modify any existent rule. The unmodified part of the rule remains. With the auto match order specified for the acl, you cannot mo...
Page 507
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-9 z the settings to be specified in the rule, such as source and destination mac addresses, vlan priorities, and layer 2 protocol types, are determined. Ii. Configuration procedure table 1-4 define a layer 2 acl ...
Page 508
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-10 [sysname-acl-ethernetframe-4000] display acl 4000 ethernet frame acl 4000, 1 rule acl's step is 1 rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff 1.3 ac...
Page 509
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-11 operation command description assign an acl globally packet-filter inbound acl-rule required for description on the acl-rule argument, refer to acl command . Iii. Configuration example # apply acl 2000 globall...
Page 510
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-12 1.3.3 assigning an acl to a port group i. Configuration prerequisites before applying acl rules to a vlan, you need to define the related acls. For information about defining an acl, refer to section 1.2.2 con...
Page 511
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-13 ii. Configuration procedure table 1-8 apply an acl to a port operation command description enter system view system-view — enter ethernet port view interface interface-type interface-number — apply an acl to t...
Page 512
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-14 1.5 example for upper-layer software referencing acls 1.5.1 example for controlling telnet login users by source ip i. Network requirements apply an acl to permit users with the source ip address of 10.110.100...
Page 513
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-15 ii. Network diagram switch pc 10.110.100.46 internet figure 1-2 network diagram for controlling web login users by source ip iii. Configuration procedure # define acl 2001. System-view [sysname] acl number 200...
Page 514
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-16 iii. Configuration procedure # define a periodic time range that is active from 8:00 to 18:00 everyday. System-view [sysname] time-range test 8:00 to 18:00 daily # define acl 2000 to filter packets with the so...
Page 515
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-17 [sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test [sysname-acl-adv-3000] quit # apply acl 3000 on ethernet 1/0/1. [sysname] interface ethernet1/0/1 [sysname-ethernet1/0/1] packet-...
Page 516
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-18 1.6.4 example for applying an acl to a port group i. Network requirements pc 1, pc 2 and pc 3 connect to the switch through ethernet 1/0/1, ethernet 1/0/2 and ethernet 1/0/3 respectively. Ethernet 1/0/1, ether...
Page 517
Operation manual – acl h3c s3100 series ethernet switches chapter 1 acl configuration 1-19 [sysname-port-group-1] packet-filter inbound ip-group 3000
Page 518: Table of Contents
Operation manual – qos-qos profile h3c s3100 series ethernet switches table of contents i table of contents chapter 1 qos configuration....................................................................................................... 1-1 1.1 overview ...............................................
Page 519
Operation manual – qos-qos profile h3c s3100 series ethernet switches table of contents ii 2.2 qos profile configuration .................................................................................................. 2-2 2.2.1 configuring a qos profile ...............................................
Page 520
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-1 chapter 1 qos configuration 1.1 overview 1.1.1 introduction to qos quality of service (qos) is a concept concerning service demand and supply. It reflects the ability to meet customer needs. General...
Page 521
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-2 are critical for videoconference and vod. As for other applications, such as transaction processing and telnet, although bandwidth is not as critical, a too long delay may cause unexpected results. ...
Page 522
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-3 adjusting traffic. Congestion avoidance is usually applied in the outbound direction of a port. Traffic classification is the basis of all the above-mentioned traffic management technologies. It ide...
Page 523
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-4 category features refer to… qos actions directly configured as required: z priority trust mode z traffic shaping z line rate z burst z for information about priority trust mode, refer to priority tr...
Page 524
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-5 1.3.2 priority trust mode i. Precedence types 1) ip precedence, tos precedence, and dscp precedence figure 1-2 ds field and tos byte the tos field in an ip header contains eight bits numbered 0 thro...
Page 525
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-6 z assured forwarding (af) class: this class is further divided into four subclasses (af1/2/3/4) and a subclass is further divided into three drop priorities, so the af service level can be segmented...
Page 526
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-7 802.1p priority lies in layer 2 packet headers and is applicable to occasions where the layer 3 packet header does not need analysis but qos must be assured at layer 2. Figure 1-3 an ethernet frame ...
Page 527
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-8 the precedence is called 802.1p priority because the related applications of this precedence are defined in detail in the 802.1p specifications. 3) local precedence local precedence is a locally sig...
Page 528
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-9 trusted priority type description dscp precedence the switch searches for the local precedence corresponding to the dscp value of the packet in the dscp-to-local precedence mapping table and assigns...
Page 529
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-10 table 1-8 ip-precedence-to-local-precedence mapping table ip precedence local precedence 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 note: the configuration of trusting the ip precedence of received packets an...
Page 530
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-11 implemented according to the evaluation result on the premise of knowing whether the traffic exceeds the specification when traffic policing or traffic shaping is performed. Normally, token bucket ...
Page 531
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-12 iii. Traffic policing the typical application of traffic policing is to supervise specific traffic into the network and limit it to a reasonable range, or to "discipline" the extra traffic. In this...
Page 532
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-13 figure 1-6 diagram for traffic shaping for example, if the device a sends packets to the device b. The device b will perform traffic policing on packets from the device a to drop the packets beyond...
Page 533
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-14 1.3.7 queue scheduling when the network is congested, the problem that many packets compete for resources must be solved, usually through queue scheduling. In the following section, strict priority...
Page 534
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-15 figure 1-8 diagram for wrr queuing wrr queue-scheduling algorithm schedules all the queues in turn and every queue can be assured of a certain service time. Assume there are four output queues on a...
Page 535
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-16 z large amount of broadcast/multicast packets and large burst traffic exist. Z packets of high-rate links are forwarded to low-rate links or packets of multiple links with the equal rates are forwa...
Page 536
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-17 you can configure the switch to trust the 802.1p priority, dscp precedence, or ip precedence of packets. If no trusted priority type is specified, the switch trusts the 802.1p priority of received ...
Page 537
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-18 operation command description configure to trust packet priority priority trust required by default, the s3100 series switches trust port priority. Z if you configure to trust packet priority witho...
Page 538
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-19 [sysname] undo priority trust [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] priority 7 # configure an s3100-si switch to trust the dscp precedence of the received packets. System-view ...
Page 539
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-20 table 1-12 configure dscp-precedence-to-local-precedence mapping table operation command description enter system view system-view — configure dscp-precedence-to-local- precedence mapping table qos...
Page 540
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-21 1.4.3 marking packet priority note: only h3c s3100-ei series switches support this configuration. Refer to section priority marking for information about marking packet priority. Marking packet pri...
Page 541
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-22 table 1-15 mark the priority for packets that are of a vlan and match specific acl rules operation command description enter system view system-view — mark the priorities for packets matching speci...
Page 542
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-23 1) method i system-view [sysname] acl number 2000 [sysname-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [sysname-acl-basic-2000] quit [sysname] interface ethernet1/0/1 [sysname-ethernet1/0...
Page 543
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-24 table 1-18 configure traffic policing for all the packets matching specific acl rules operation command description enter system view system-view — configure traffic policing traffic-limit inbound ...
Page 544
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-25 table 1-21 configure traffic policing for packets passing a port and matching specific acl rules operation command description enter system view system-view — enter ethernet port view interface int...
Page 545
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-26 [sysname] traffic-limit vlan 2 inbound ip-group 2000 128 exceed remark-dscp 56 1.4.5 configuring traffic shaping note: only h3c s3100-ei series switches support this configuration. Refer to section...
Page 546
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-27 i. Configuration prerequisites z the port on which port rate limiting configuration is to be performed is determined. Z the target rate and the direction of rate limiting (inbound or outbound) are ...
Page 547
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-28 ii. Configuration procedure you can redirect all the packets matching specific acl rules, or packets that match specific acl rules and are of a vlan, of a port group, or pass a port. Table 1-24 red...
Page 548
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-29 note: z the traffic redirecting function configured on a vlan is only applicable to packets tagged with 802.1q header. Z packets redirected to the cpu are not forwarded. Z if the traffic is redirec...
Page 550
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-31 i. Configuration prerequisites the acl rules for traffic classification are defined. Refer to the acl module of this manual for information about defining acl rules. Ii. Configuration procedure you...
Page 551
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-32 table 1-32 generate traffic statistics on packets passing a port and matching specific acl rules operation command description enter system view system-view — enter ethernet port view interface int...
Page 552
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-33 i. Configuration prerequisites the burst function is required. Ii. Configuration procedure table 1-33 enable the burst function operation command description enter system view system-view — enable ...
Page 553
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-34 table 1-34 configure traffic mirroring globally operation command description enter system view system-view — enter ethernet port view of the destination port interface interface-type interface-num...
Page 554
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-35 table 1-37 configure traffic mirroring for a port operation command description enter system view system-view — enter ethernet port view of the destination port interface interface-type interface-n...
Page 555
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-36 [sysname-acl-basic-2000] quit [sysname] interface ethernet 1/0/4 [sysname-ethernet1/0/4] monitor-port [sysname-ethernet1/0/4] quit [sysname] mirrored-to vlan 2 inbound ip-group 2000 monitor-interfa...
Page 557
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 1 qos configuration 1-38 ii. Network diagram the r&d department 192.168.1.0/24 the marketing department 192.168.2.0/24 switch to the router eth1/0/1 eth1/0/2 figure 1-9 network diagram for traffic policing configuration ii...
Page 558
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-1 chapter 2 qos profile configuration note: only h3c s3100-ei series switches support this configuration. 2.1 overview 2.1.1 introduction to qos profile qos profile is a set of qos configurati...
Page 559
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-2 the switch directly applies the qos profile to the port the user is connected to. Note: a user-based qos profile application fails if the traffic classification rule defined in the qos profi...
Page 560
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-3 operation command description configure traffic policing traffic-limit inbound acl-rule target-rate [ burst-bucket burst-bucket-size ] [ conform con-action ] [ exceed exceed-action ] [ meter...
Page 561
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-4 operation command description configure the mode to apply a qos profile as port-based qos-profile port-based specify the mode to apply a qos profile configure the mode to apply a qos profile...
Page 562
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-5 2.3 configuration example 2.3.1 qos profile configuration example i. Network requirements all departments of a company are interconnected through a switch. The 802.1x protocol is used to aut...
Page 563
Operation manual – qos-qos profile h3c s3100 series ethernet switches chapter 2 qos profile configuration 2-6 [sysname-radius-radius1] secondary accounting 10.11.1.1 # set the encryption passwords for the switch to exchange packets with the authentication radius servers and accounting radius servers...
Page 564: Table of Contents
Operation manual – mirroring h3c s3100 series ethernet switches table of contents i table of contents chapter 1 mirroring configuration .............................................................................................. 1-1 1.1 mirroring overview..............................................
Page 565
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-1 chapter 1 mirroring configuration 1.1 mirroring overview mirroring refers to the process of copying packets of one or more ports (source ports) to a destination port which is connected to a data det...
Page 566
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-2 1.1.2 remote port mirroring remote port mirroring does not require the source and destination ports to be on the same device. The source and destination ports can be located on multiple devices acro...
Page 567
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-3 table 1-1 ports involved in the mirroring operation switch ports involved function source port port monitored. It copies packets to the reflector port through local port mirroring. There can be more...
Page 568
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-4 1.2 mirroring configuration table 1-2 mirroring configuration tasks task remarks configuring local port mirroring optional configuring remote port mirroring optional 1.2.1 configuring local port mir...
Page 569
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-5 z you need to configure the source and destination ports for the local port mirroring to take effect. Z the destination port cannot be a member port of an aggregation group or a port enabled with la...
Page 570
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-6 operation command description return to system view quit — create a remote source mirroring group mirroring-group group-id remote-source required configure source port(s) for the remote source mirro...
Page 571
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-7 table 1-5 configuration on the intermediate switch operation command description enter system view system-view — create a vlan and enter vlan view vlan vlan-id v lan-id is the id of the remote-probe...
Page 572
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-8 operation command description configure the current port as trunk port port link-type trunk required by default, the port type is access. Configure trunk port to permit packets from the remote-probe...
Page 573
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-9 1.3 mirroring configuration example 1.3.1 local port mirroring configuration example i. Network requirements the departments of a company connect to each other through s3100 ethernet switches: z res...
Page 574
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-10 [sysname] mirroring-group 1 monitor-port ethernet 1/0/3 # display configuration information about local mirroring group 1. [sysname] display mirroring-group 1 mirroring-group 1: type: local status:...
Page 575
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-11 ii. Network diagram figure 1-4 network diagram for remote port mirroring iii. Configuration procedure 1) configure the source switch (switch a) # create remote source mirroring group 1. System-view...
Page 576
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-12 ethernet1/0/1 inbound ethernet1/0/2 inbound reflector port: ethernet1/0/4 remote-probe vlan: 10 2) configure the intermediate switch (switch b) # configure vlan 10 as the remote-probe vlan. System-...
Page 577
Operation manual – mirroring h3c s3100 series ethernet switches chapter 1 mirroring configuration 1-13 mirroring-group 1: type: remote-destination status: active monitor port: ethernet1/0/2 remote-probe vlan: 10 after the configurations, you can monitor all packets sent from department 1 and 2 on th...
Page 578: Table of Contents
Operation manual – stack-cluster h3c s3100 series ethernet switches table of contents i table of contents chapter 1 stack ............................................................................................................................. 1-1 1.1 stack function overview .......................
Page 579: Chapter 1 Stack
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-1 chapter 1 stack 1.1 stack function overview a stack is a management domain formed by a group of ethernet switches interconnected through their stack ports. A stack contains a main switch and multiple slave switch...
Page 580
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-2 z when adding a switch joins in a stack, the main switch automatically assigns an ip address to it. Z the main switch automatically adds any switches that are newly connected to the stack through their stack port...
Page 581
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-3 z make sure the ip addresses in the ip address pool of a stack are successive so that they can be assigned successively. For example, the ip addresses in an ip address pool with its start ip address something lik...
Page 582
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-4 you can configure the stack-port function on the stack ports that are connected with other switches to choose whether to send join-in requests to the switches, so as to prevent the switches that do not belong to ...
Page 583
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-5 operation command description display the stack status information on a slave switch display stacking optional the display command can be executed in any view. The displayed information indicates that the local s...
Page 584
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-6 # create the stack on switch a. [sysname] stacking enable [stack_0.Sysname] quit # display the information about the stack on switch a. Display stacking main device for stack. Total members:3 management-vlan:1(de...
Page 585
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 1 stack 1-7 # switch back to switch a. Quit # switch to switch c (a slave switch). Stacking 2 # switch back to switch a. Quit.
Page 586: Chapter 2 Cluster
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-1 chapter 2 cluster 2.1 cluster overview 2.1.1 introduction to hgmp a cluster contains a group of switches. Through cluster management, you can manage multiple geographically dispersed in a centralized way. Clust...
Page 587
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-2 z it eases the configuration and management of multiple switches: you just need to configure a public ip address for the management device instead of for all the devices in the cluster; and then you can configu...
Page 588
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-3 role configuration function candidate device normally, a candidate device is not assigned an external ip address candidate device refers to the devices that do not belong to any clusters but are cluster-capable...
Page 589
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-4 2.1.3 how a cluster works hgmpv2 consists of the following three protocols: z neighbor discovery protocol (ndp) z neighbor topology discovery protocol (ntdp) z cluster a cluster configures and manages the devic...
Page 590
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-5 ii. Introduction to ntdp ntdp is a protocol used to collect network topology information. Ntdp provides information required for cluster management: it collects topology information about the switches within th...
Page 591
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-6 note: z to implement ntdp, you need to enable ntdp both globally and on specific ports on the management device, and configure ntdp parameters. Z on member/candidate devices, you only need to enable ntdp global...
Page 592
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-7 through ndp and ntdp, and adds them to the cluster. You can also add candidate devices to a cluster manually. After a candidate device is added to a cluster, the management device assigns a member number and a ...
Page 593
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-8 z if the connection between the management device and a member device in disconnect state is recovered, the member device will be added to the cluster again. After that, the state of the member device will turn...
Page 594
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-9 note: z by default, the management vlan interface is used as the network management interface. Z there is only one network management interface on a management device; any newly configured network management in...
Page 595
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-10 (or ip address) is found, the multicast packet will not be forwarded to the downstream any more. Note: z if the queried ip address has a corresponding arp entry, but the mac address entry corresponding to the ...
Page 596
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-11 task remarks configuring cluster parameters required configuring inside-outside interaction for a cluster optional note: to reduce the risk of being attacked by malicious users against opened socket and enhanc...
Page 597
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-12 operation command description enter system view system-view — configure the holdtime of ndp information ndp timer aging aging-in-seconds optional by default, the holdtime of ndp information is 180 seconds. Con...
Page 598
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-13 operation command description configure the interval to collect topology information periodically ntdp timer interval-in-minutes optional by default, the topology collection interval is one minute. Quit system...
Page 599
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-14 operation command description configure a multicast mac address for the cluster cluster-mac h-h-h required by default, the cluster multicast mac address is 0180-c200-000a. Set the interval for the management d...
Page 600
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-15 operation command description enter system view system-view — enter cluster view cluster required configure a shared ftp server for the cluster ftp-server ip-address optional by default, the management device ...
Page 601
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-16 note: to reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the s3100 series ethernet switches provide the following functions, so that a cluster socket is ...
Page 602
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-17 iii. Enabling ntdp globally and on a specific port follow these steps to enable ntdp globally and a specific port: operation command description enter system view system-view — enable ntdp globally ntdp enable...
Page 603
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-18 operation command description enter system view system-view — enter cluster view cluster — configuring mac address of management device administrator - address mac-address name name optional add a candidate de...
Page 604
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-19 z display the tree structure three layers above or below the specified node. Z display the topology between two connected nodes. Note: the topology information is saved as a topology.Top file in the flash memo...
Page 606
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-21 operation command description enter system view system-view — enter cluster view cluster — add the mac address of a specified device to the cluster blacklist black-list add-mac mac-address optional by default,...
Page 607
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-22 operation command description clear the statistics on ndp ports reset ndp statistics [ interface port-list ] you can execute the reset command in user view. Note: when you display the cluster topology informat...
Page 608
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-23 ii. Network diagram network ftp server/tftp server snmp host/logging host 63.172.55.1/24 69.172.55.4/24 eth1/0/1 vlan-int2 163.172.55.1/24 eth1/0/3 eth1/0/2 eth1/0/1 eth1/0/1 member switch mac:000f.E001.0011 m...
Page 609
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-24 [sysname-ethernet1/0/2] ndp enable [sysname-ethernet1/0/2] quit [sysname] interface ethernet 1/0/3 [sysname-ethernet1/0/3] ndp enable [sysname-ethernet1/0/3] quit # set the holdtime of ndp information to 200 s...
Page 610
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-25 [aaa_0.Sysname-cluster] add-member 1 mac-address 000f-e20f-0011 [aaa_0.Sysname-cluster] add-member 17 mac-address 000f-e20f-0012 # set the holdtime of member device information to 100 seconds. [aaa_0.Sysname-c...
Page 612
Operation manual – stack-cluster h3c s3100 series ethernet switches chapter 2 cluster 2-27 ii. Network diagram figure 2-5 network diagram for the enhanced cluster feature configuration iii. Configuration procedure # enter cluster view. System-view [aaa_0.Sysname] cluster # add the mac address 0001-2...
Page 613: Table of Contents
Operation manual – poe-poe profile h3c s3100 series ethernet switches table of contents i table of contents chapter 1 poe configuration ....................................................................................................... 1-1 1.1 poe overview ..........................................
Page 614
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-1 chapter 1 poe configuration 1.1 poe overview 1.1.1 introduction to poe power over ethernet (poe)-enabled devices use twisted pairs through electrical ports to supply power to the remote powered devi...
Page 615
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-2 table 1-1 power supply parameters of poe switches switch input power supply number of electrical ports supplying power maximum poe distance maximum power provided by each electrical port total maxim...
Page 616
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-3 note: z when you use the poe-enabled s3100 switch to supply power, the pds need no external power supply. Z if a remote pd has an external power supply, the poe-enabled s3100 switch and the external...
Page 617
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-4 caution: z by default, the poe function on a port is enabled by the default configuration file config.Def when the device is delivered. Z if you delete the default configuration file without specify...
Page 618
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-5 z manual : when the switch is close to its full load in supplying power, it will not make change to its original power supply status based on its priority when a new pd is added. For example: port a...
Page 619
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-6 1.2.6 configuring the pd compatibility detection function after the pd compatibility detection function is enabled, the switch can detect the pds that do not conform to the 802.3af standard and supp...
Page 620
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-7 1.2.8 upgrading the pse processing software online the online upgrading of pse processing software can update the processing software or repair the software if it is damaged. Before performing the f...
Page 621
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-8 table 1-10 display poe configuration operation command description display the poe status of a specific port or all ports of the switch display poe interface [ interface-type interface-number ] disp...
Page 622
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-9 ii. Networking diagram switch a network eth1/0/2 eth1/0/1 eth1/0/8 switch b ap ap figure 1-1 network diagram for poe iii. Configuration procedure # upgrade the pse processing software online. System...
Page 623
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 1 poe configuration 1-10 # enable the pd compatibility detect of the switch to allow the switch to supply power to part of the devices noncompliant with the 802.3af standard. [switcha] poe legacy enable.
Page 624
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 2 poe profile configuration 2-1 chapter 2 poe profile configuration 2.1 introduction to poe profile on a large-sized network or a network with mobile users, to help network administrators to monitor the poe features of the...
Page 625
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 2 poe profile configuration 2-2 operation command description in system view apply poe-profile profile-name interface interface-type interface-number [ to interface-type interface-number ] enter ethernet port view interfac...
Page 626
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 2 poe profile configuration 2-3 table 2-2 display the poe profile configuration operation command description display the detailed information about the poe profiles created on the switch display poe-profile { all-profile ...
Page 627
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 2 poe profile configuration 2-4 ii. Network diagram network ip phone switch a ap ip phone ip phone ip phone ap ap ap eth1/0/1~eth1/0/5 eth1/0/6~eth1/0/10 figure 2-1 poe profile application iii. Configuration procedure # cr...
Page 628
Operation manual – poe-poe profile h3c s3100 series ethernet switches chapter 2 poe profile configuration 2-5 [switcha] poe-profile profile2 # in profile2, add the poe policy configuration applicable to ethernet 1/0/6 through ethernet 1/0/10 ports for users of group a. [switcha-poe-profile-profile2]...
Page 629: Table of Contents
Operation manual – snmp-rmon h3c s3100 series ethernet switches table of contents i table of contents chapter 1 snmp configuration.................................................................................................... 1-1 1.1 snmp overview...................................................
Page 630
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-1 chapter 1 snmp configuration 1.1 snmp overview the simple network management protocol (snmp) is used for ensuring the transmission of the management information between any two network nodes. In this way...
Page 631
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-2 z specifying mib view that a community can access. Z set the permission for a community to access an mib object to be read-only or read-write. Communities with read-only permissions can only query the sw...
Page 632
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-3 table 1-1 common mibs mib attribute mib content related rfc mib ii based on tcp/ip network device rfc 1213 rfc 1493 bridge mib rfc 2675 rip mib rfc 1724 rmon mib rfc 2819 ethernet mib rfc 2665 public mib...
Page 634
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-5 operation command description enable snmp agent snmp-agent optional disabled by default. You can enable snmp agent by executing this command or any of the commands used to configure snmp agent. Set syste...
Page 636
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-7 operation command description quit to system view quit set the destination for trap messages snmp-agent target-host trap address udp-domain { ip-address } [ udp-port port-number ] params securityname sec...
Page 637
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-8 1.4 enabling logging for network management table 1-6 enable logging for network management operation command description enter system view system-view — enable logging for network management snmp-agent ...
Page 639
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-10 ii. Network diagram figure 1-2 network diagram for snmp configuration iii. Network procedure # enable snmp agent, and set the snmpv1 and snmpv2c community names. System-view [sysname] snmp-agent [sysnam...
Page 640
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 1 snmp configuration 1-11 [sysname] snmp-agent trap enable standard authentication [sysname] snmp-agent trap enable standard coldstart [sysname] snmp-agent trap enable standard linkup [sysname] snmp-agent trap enable standard li...
Page 641
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 2 rmon configuration 2-1 chapter 2 rmon configuration 2.1 introduction to rmon remote monitoring (rmon) is a kind of management information base (mib) defined by internet engineering task force (ietf). It is an important enhance...
Page 642
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 2 rmon configuration 2-2 rmon probe function. Through the rmon-capable snmp agents running on the ethernet switch, an nms can obtain the information about the total traffic, error statistics and performance statistics of the net...
Page 643
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 2 rmon configuration 2-3 iv. History group after a history group is configured, the ethernet switch collects network statistics information periodically and stores the statistics information temporarily for later use. A history ...
Page 646
Operation manual – snmp-rmon h3c s3100 series ethernet switches chapter 2 rmon configuration 2-6 [sysname] rmon event 1 log [sysname] rmon event 2 trap 10.21.30.55 # add an entry numbered 2 to the extended alarm table to allow the system to calculate the alarm variables with the (.1.3.6.1.2.1.16.1.1...
Page 647: Table of Contents
Operation manual – ntp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 ntp configuration ....................................................................................................... 1-1 1.1 introduction to ntp ...............................................
Page 648
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-1 chapter 1 ntp configuration 1.1 introduction to ntp network time protocol (ntp) is a time synchronization protocol defined in rfc 1305. It is used for time synchronization between a set of distributed time serv...
Page 649
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-2 note: z the clock stratum determines the accuracy, which ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock accuracy decreases as the stratum number increases. A stratum 16 clo...
Page 650
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-3 ip network ip network ip network ip network device b device a device b device a device b device a device b device a 10:00:00 am 11:00:01 am 10:00:00 am ntp message 10:00:00 am 11:00:01 am 11:00:02 am ntp messag...
Page 651
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-4 1.1.3 ntp implementation modes according to the network structure and the position of the local ethernet switch in the network, the local ethernet switch can work in multiple ntp modes to synchronize the clock....
Page 652
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-5 iii. Broadcast mode figure 1-4 broadcast mode iv. Multicast mode figure 1-5 multicast mode table 1-1 describes how the above mentioned ntp modes are implemented on h3c s3100 series ethernet switches. Table 1-1 ...
Page 653
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-6 ntp implementation mode configuration on s3100 series switches broadcast mode z configure the local s3100 ethernet switch to work in ntp broadcast server mode. In this mode, the local switch broadcasts ntp mess...
Page 654
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-7 1.3 configuring ntp implementation modes an s3100 ethernet switch can work in one of the following ntp modes: z configuring ntp server/client mode z configuring the ntp symmetric peer mode z configuring ntp bro...
Page 655
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-8 note: z the remote server specified by remote-ip or server-name serves as the ntp server, and the local switch serves as the ntp client. The clock of the ntp client will be synchronized by but will not synchron...
Page 656
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-9 note: z in the symmetric peer mode, you need to execute the related ntp configuration commands (refer to section 1.3 for details) to enable ntp on a symmetric-passive peer; otherwise, the symmetric-passive peer...
Page 657
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-10 i. Configuring a switch to work in the ntp broadcast server mode table 1-5 configure a switch to work in the ntp broadcast server mode operation command description enter system view system-view — enter vlan i...
Page 658
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-11 note: z a multicast server can synchronize multicast clients only after its clock has been synchronized. Z an s3100 series switch working in the multicast server mode supports up to 1,024 multicast clients. I....
Page 659
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-12 z synchronization : synchronization right. This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query. Z server : serv...
Page 660
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-13 authentication. This improves network security. Table 1-10 shows the roles of devices in the ntp authentication function. Table 1-10 description on the roles of devices in ntp authentication function role of d...
Page 661
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-14 1.5.2 configuration procedure i. Configuring ntp authentication on the client table 1-11 configure ntp authentication on the client operation command description enter system view system-view — enable the ntp ...
Page 662
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-15 operation command description configure an ntp authentication key ntp-service authentication-keyid key-id authentication-mode md5 value required by default, no ntp authentication key is configured. Configure t...
Page 663
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-16 1.6.1 configuring an interface on the local switch to send ntp messages table 1-14 configure an interface on the local switch to send ntp messages operation command description enter system view system-view — ...
Page 664
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-17 1.6.3 disabling an interface from receiving ntp messages table 1-16 disable an interface from receiving ntp messages operation command description enter system view system-view — enter vlan interface view inte...
Page 665
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-18 ii. Network diagram figure 1-6 network diagram for the ntp server/client mode configuration iii. Configuration procedure perform the following configurations on device b. # view the ntp status of device b befo...
Page 666
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-19 the above output information indicates that device b is synchronized to device a, and the stratum level of its clock is 3, one level lower than that of device a. # view the information about ntp sessions of de...
Page 667
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-20 # enter system view. System-view # set device c as the peer of device b. [deviceb] ntp-service unicast-peer 3.0.1.33 device c and device b are symmetric peers after the above configuration. Device b works in s...
Page 668
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-21 z device a and device d are two s3100 ethernet switches. Configure device a and device d to work in the ntp broadcast client mode and listen to broadcast messages through their own vlan-interface2. Ii. Network...
Page 669
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-22 view the ntp status of device d after the clock synchronization. [deviced] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 3.0.1.31 nominal frequency: 100.0000 hz act...
Page 670
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-23 ii. Network diagram vlan-int2 1.0.1.31/24 vlan-int2 3.0.1.31/24 vlan-int2 3.0.1.32/24 device a device b device c device d figure 1-9 network diagram for ntp multicast mode configuration iii. Configuration proc...
Page 671
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-24 clock status: synchronized clock stratum: 3 reference clock id: 3.0.1.31 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^18 clock offset: 198.7425 ms root delay: 27.47 ms root d...
Page 672
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-25 iii. Configuration procedure 1) configure device b. # enter system view. System-view # enable the ntp authentication function. [deviceb] ntp-service authentication enable # configure an md5 authentication key,...
Page 673
Operation manual – ntp h3c s3100 series ethernet switches chapter 1 ntp configuration 1-26 clock offset: 0.66 ms root delay: 27.47 ms root dispersion: 208.39 ms peer dispersion: 9.63 ms reference time: 17:03:32.022 utc apr 2 2007 (bf422ae4.05aea86c) the output information indicates that the clock of...
Page 674: Table of Contents
Operation manual – ssh h3c s3100 series ethernet switches table of contents i table of contents chapter 1 ssh configuration....................................................................................................... 1-1 1.1 ssh overview........................................................
Page 675
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-1 chapter 1 ssh configuration when configuring ssh, go to these sections for information you are interested: z ssh overview z ssh server and client configuration task list z displaying and maintaining ssh configu...
Page 676
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-2 characters called a key, which controls the transformation between plain text and cipher text, for example, changing the plain text into cipher text or cipher text into plain text. Figure 1-1 encryption and dec...
Page 677
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-3 table 1-1 stages in establishing a session between the ssh client and server stages description version negotiation ssh1 and ssh2 are supported. The two parties negotiate a version to use. Key and algorithm neg...
Page 678
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-4 algorithm list, message authentication code (mac) algorithm list, and compressed algorithm list. Z the server and the client calculate the final algorithm according to the algorithm lists supported. Z the serve...
Page 679
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-5 and goes on to the interactive session stage with the client. Otherwise, the server sends back to the client an ssh_smsg_failure packet, indicating that the processing fails or it cannot resolve the request. Th...
Page 680
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-6 table 1-2 complete the following tasks to configure the ssh server: task remarks configuring the user interfaces for ssh clients required preparation configuring the ssh management functions optional version co...
Page 681
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-7 1.3.1 configuring the user interfaces for ssh clients an ssh client accesses the device through a vty user interface. Therefore, you need to configure the user interfaces for ssh clients to allow ssh login. Not...
Page 682
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-8 table 1-4 follow these steps to configure ssh management functions: to do... Use the command... Remarks enter system view system-view — set the ssh authentication timeout time ssh server timeout seconds optiona...
Page 683
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-9 caution: currently, only the s3100-ei series support the ssh server compatible-ssh1x enable command. 1.3.4 generating/destroying key pairs this configuration task lets you generate or destroy a key pair. You mu...
Page 684
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-10 note: z the ssh server’s key pairs are for generating session keys and for ssh clients to authenticate the server. As different clients may support different public key algorithms, the server may use different...
Page 685
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-11 caution: z for password authentication type, the username argument must be consistent with the valid user name defined in aaa; for publickey authentication, the username argument is the ssh local user name, so...
Page 686
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-12 caution: if the ssh user service-type command is executed with a username that does not exist, the system will automatically create the ssh user. However, the user cannot log in unless you specify an authentic...
Page 687
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-13 to do... Use the command... Remarks return to public key view from public key edit view public-key-code end — exit public key view and return to system view peer-public-key end — table 1-9 follow these steps t...
Page 688
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-14 table 1-11 follow these steps to export the rsa public key: to do... Use the command... Remarks enter system view system-view — display the rsa key on the screen in a specified format or export it to a specifi...
Page 689
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-15 ssh client configuration task scenario for a client running ssh client software for a client assumed by an ssh2-capable switch whether first-authentication is supported — configuring an ssh client assumed by a...
Page 690
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-16 the following takes the client software of putty version 0.58 as an example to illustrate how to configure the ssh client: i. Generating a client key to generate a client key, run puttygen.Exe, and select from...
Page 691
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-17 figure 1-3 generate the client keys (2) after the key pair is generated, click save public key and enter the name of the file for saving the public key ( public in this case) to save the public key..
Page 692
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-18 figure 1-4 generate the client keys (3) likewise, to save the private key, click save private key . A warning window pops up to prompt you whether to save the private key without any precaution. Click yes and ...
Page 693
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-19 figure 1-6 generate the client keys (5) ii. Specifying the ip address of the server launch putty.Exe. The following window appears..
Page 694
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-20 figure 1-7 ssh client configuration interface 1 in the host name (or ip address) text box, enter the ip address of the server. Note that there must be a route available between the ip address of the server and...
Page 695
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-21 figure 1-8 ssh client configuration interface 2 under protocol options , select 2 from preferred ssh protocol version . Note: some ssh client software, for example, tectia client software, supports the des alg...
Page 696
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-22 from the category on the left of the window, select connection / ssh / auth . The following window appears. Figure 1-9 ssh client configuration interface 3 click browse… to bring up the file selection window, ...
Page 697
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-23 i. Configuring the ssh client for publickey authentication when the authentication mode is publickey , you need to configure the rsa or dsa public key of the client on the server: z to generate a key pair on t...
Page 698
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-24 to do... Use the command... Remarks configure server public key refer to configuring the public key of a client on the server required the method of configuring server public key on the client is similar to th...
Page 701
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-27 iii. Configuration procedure z configure the ssh server # create a vlan interface on the switch and assign an ip address, which the ssh client will use as the destination for ssh connection. System-view [switc...
Page 702
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-28 figure 1-11 ssh client configuration interface in the host name (or ip address) text box, enter the ip address of the ssh server. 2) from the category on the left pane of the window, select ssh under connectio...
Page 703
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-29 figure 1-12 ssh client configuration interface 2 under protocol options , select 2 from preferred ssh protocol version . 3) as shown in figure 1-12 , click open . If the connection is normal, you will be promp...
Page 704
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-30 ii. Network diagram figure 1-13 switch acts as server for password and radius authentication iii. Configuration procedure 1) configure the radius server note: this document takes cams version 2.10 as an exampl...
Page 705
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-31 figure 1-14 add an access device # add a user for device management. From the navigation tree, select user management > user for device management , and then in the right pane, click add to enter the add accou...
Page 706
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-32 [switch] interface vlan-interface 2 [switch-vlan-interface2] ip address 192.168.1.70 255.255.255.0 [switch-vlan-interface2] quit caution: generating the rsa and dsa key pairs on the server is prerequisite to s...
Page 707
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-33 z run putty.Exe to enter the following configuration interface. Figure 1-16 ssh client configuration interface (1) in the host name (or ip address) text box, enter the ip address of the ssh server. Z from the ...
Page 708
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-34 figure 1-17 ssh client configuration interface (2) under protocol options , select 2 from preferred ssh protocol version . Then, click open . If the connection is normal, you will be prompted to enter the user...
Page 709
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-35 ii. Network diagram ssh user internet switch hwtacacs server 10.1.1.1/24 vlan-int2 192.168.1.70/24 figure 1-18 switch acts as server for password and hwtacacs authentication iii. Configuration procedure z conf...
Page 710
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-36 [switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [switch-hwtacacs-hwtac] key authentication expert [switch-hwtacacs-hwtac] key authorization expert [switch-hwtacacs-hwtac] user-name-format without-dom...
Page 711
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-37 figure 1-20 ssh client configuration interface (2) under protocol options , select 2 from preferred ssh protocol version . Then, click open . If the connection is normal, you will be prompted to enter the user...
Page 712
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-38 iii. Configuration procedure note: under the publickey authentication mode, either the rsa or dsa public key can be generated for the server to authenticate the client. Here takes the rsa public key as an exam...
Page 713
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-39 note: before performing the following steps, you must generate an rsa public key pair (using the client software) on the client, save the key pair in a file named public, and then upload the file to the ssh se...
Page 714
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-40 note: while generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in figure 1-23 . Otherwise, the process bar stops moving and the key pair generating...
Page 715
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-41 figure 1-24 generate a client key pair (3) likewise, to save the private key, click save private key . A warning window pops up to prompt you whether to save the private key without any protection. Click yes a...
Page 716
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-42 # establish a connection with the ssh server 2) launch putty.Exe to enter the following interface. Figure 1-26 ssh client configuration interface 1 in the host name (or ip address) text box, enter the ip addre...
Page 717
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-43 figure 1-27 ssh client configuration interface 2 under protocol options , select 2 from preferred ssh protocol version . 4) select connection / ssh / auth . The following window appears..
Page 718
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-44 figure 1-28 ssh client configuration interface (2) click browse… to bring up the file selection window, navigate to the private key file and click ok . 5) from the window shown in figure 1-28 , click open . If...
Page 719
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-45 iii. Configuration procedure z configure switch b # create a vlan interface on the switch and assign an ip address, which the ssh client will use as the destination for ssh connection. System-view [switchb] in...
Page 720
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-46 # establish a connection to the server 10.165.87.136. [switcha] ssh2 10.165.87.136 username: client001 trying 10.165.87.136 ... Press ctrl+k to abort connected to 10.165.87.136 ... The server is not authentica...
Page 721
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-47 z configure switch b # create a vlan interface on the switch and assign an ip address, which the ssh client will use as the destination for ssh connection. System-view [switchb] interface vlan-interface 1 [swi...
Page 722
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-48 z configure switch a # create a vlan interface on the switch and assign an ip address, which serves as the ssh client’s address in an ssh connection. System-view [switcha] interface vlan-interface 1 [switcha-v...
Page 723
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-49 1.7.7 when switch acts as client and first-time authentication is not supported i. Network requirements as shown in figure 1-31 , establish an ssh connection between switch a (ssh client) and switch b (ssh ser...
Page 724
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-50 [switchb-ui-vty0-4] user privilege level 3 [switchb-ui-vty0-4] quit # specify the authentication type for user client001 as publickey. [switchb] ssh user client001 authentication-type publickey note: before do...
Page 725
Operation manual – ssh h3c s3100 series ethernet switches chapter 1 ssh configuration 1-51 note: after generating the key pair, you need to upload the key pair file to the server through ftp or tftp and complete the server end configuration before you continue to configure the client. # disable firs...
Page 726: Table of Contents
Operation manual – file system management h3c s3100 series ethernet switches table of contents i table of contents chapter 1 file system management configuration ................................................................... 1-1 1.1 file system configuration........................................
Page 727
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-1 chapter 1 file system management configuration 1.1 file system configuration 1.1.1 introduction to file system to facilitate management on the switch memory, s3100 series e...
Page 728
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-2 table 1-2 describes the directory-related operations. Perform the following configuration in user view. Table 1-2 directory operations to do… use the command… remarks creat...
Page 729
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-3 to do… use the command… remarks copy a file copy fileurl - source fileurl - dest optional move a file move fileurl - source fileurl - dest optional display the content of a...
Page 730
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-4 caution: the format operation leads to the loss of all files, including the configuration files, on the flash memory and is irretrievable. 1.1.6 prompt mode configuration y...
Page 731
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-5 copy flash:/config.Cfg flash:/test/1.Cfg copy unit1>flash:/config.Cfg to unit1>flash:/test/1.Cfg?[y/n]:y .. %copy file unit1>flash:/config.Cfg to unit1>flash:/test/1.Cfg......
Page 732
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-6 the app files, configuration files, and web files support three kinds of attributes: main, backup and none, as described in table 1-6 . Table 1-6 descriptions on file attri...
Page 733
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-7 for the web file and configuration file, hangzhou h3c technologies co., ltd (referred to as h3c hereinafter) may provide corresponding default file when releasing software ...
Page 734
Operation manual – file system management h3c s3100 series ethernet switches chapter 1 file system management configuration 1-8 to do… use the command… remarks display the information about the app file used as the startup file display boot-loader [ unit unit-id ] display information about the web f...
Page 735: Table of Contents
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches table of contents i table of contents chapter 1 ftp and sftp configuration...................................................................................... 1-1 1.1 introduction to ftp and sftp .....................................
Page 736
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-1 chapter 1 ftp and sftp configuration 1.1 introduction to ftp and sftp 1.1.1 introduction to ftp ftp (file transfer protocol) is commonly used in ip-based networks to transmit files. Before wo...
Page 737
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-2 data transmission. In addition, since the switch can be used as a client, you can log in to remote devices to transfer files securely. 1.2 ftp configuration table 1-2 ftp configuration tasks ...
Page 738
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-3 ii. Enabling an ftp server table 1-4 enable an ftp server operation command description enter system view system-view — enable the ftp server function ftp server enable required disabled by d...
Page 739
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-4 iv. Disconnecting a specified user on the ftp server, you can disconnect a specified user from the ftp server to secure the network. Table 1-6 disconnect a specified user operation command de...
Page 740
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-5 figure 1-2 process of displaying a shell banner table 1-7 configure the banner display for an ftp server operation command description enter system view system-view — configure a login banner...
Page 741
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-6 1.2.2 ftp configuration: a switch operating as an ftp client i. Basic configurations on an ftp client by default a switch can operate as an ftp client in this case you can connect the switch ...
Page 742
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-7 operation command description dir [ remotefile ] [ localfile ] query a specified file on the ftp server ls [ remotefile ] [ localfile ] optional if no file name is specified, all the files in...
Page 743
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-8 download the configuration file config.Cfg from the switch, thus to back up the configuration file. Z create a user account on the ftp server with the user name “switch” and password “hello”....
Page 744
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-9 c:\> ftp 1.1.1.1 connected to 1.1.1.1. 220 ftp service ready. User (1.1.1.1:(none)): switch 331 password required for switch. Password: 230 user logged in. Ftp> # upload the switch.Bin file. ...
Page 745
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-10 boot boot-loader switch.Bin reboot note: for information about the boot boot-loader command and how to specify the startup file for a switch, refer to the system maintenance and debugging pa...
Page 746
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-11 2) configure the pc (ftp client) # access the ethernet switch through ftp. Enter the user name “switch“ and the password “hello” to log in to the switch, and then enter ftp view. Login banne...
Page 747
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-12 iii. Configuration procedure 1) configure the pc (ftp server) perform ftp server–related configurations on the pc, that is, create a user account on the ftp server with user name “switch” an...
Page 748
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-13 [ftp] get switch.Bin # execute the quit command to terminate the ftp connection and return to user view. [ftp] quit # after downloading the file, use the boot boot-loader command to specify ...
Page 749
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-14 table 1-11 enable an sftp server operation command description enter system view system-view — enable an sftp server sftp server enable required disabled by default ii. Configuring connectio...
Page 750
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-15 note: z currently an h3c s3100 series ethernet switch operating as an sftp server supports the connection of only one sftp user. When multiple users attempt to log in to the sftp server or m...
Page 751
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-16 operation command description change the working directory on the remote sftp server cd pathname change the working directory to be the parent directory cdup display the working directory on...
Page 752
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-17 note: if you specify to authenticate a client through public key on the server, the client needs to read the local private key when logging in to the sftp server. Since both rsa and dsa are ...
Page 753
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-18 [sysname-ui-vty0-4] protocol inbound ssh [sysname-ui-vty0-4] quit # create a local user client001. [sysname] local-user client001 [sysname-luser-client001] password simple abc [sysname-luser...
Page 754
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-19 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 sep 01 06:22 new -rwxrwxrwx 1 noone nogroup 225 sep 01 06:55 pub -rwxrwxrwx 1 noone nogroup 0 sep 01 08:00 z ...
Page 755
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 1 ftp and sftp configuration 1-20 -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 sep 01 06:22 new -rwxrwxrwx 1 noone nogroup 225 sep 01 06...
Page 756
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 2 tftp configuration 2-1 chapter 2 tftp configuration 2.1 introduction to tftp compared with ftp, tftp (trivial file transfer protocol) features simple interactive access interface and no authentication control. Therefore, t...
Page 757
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 2 tftp configuration 2-2 2.2 tftp configuration table 2-1 tftp configuration tasks item configuration task description tftp configuration: a switch operating as a tftp client basic configurations on a tftp client — tftp serv...
Page 758
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 2 tftp configuration 2-3 z the tftp working directory is configured on the tftp server. Z configure the ip addresses of a vlan interface on the switch and the pc as 1.1.1.1 and 1.1.1.2 respectively. The port through which th...
Page 759
Operation manual – ftp-sftp-tftp h3c s3100 series ethernet switches chapter 2 tftp configuration 2-4 # download the switch application named switch.Bin from the tftp server to the switch. Tftp 1.1.1.2 get switch.Bin switch.Bin # upload the switch configuration file named config.Cfg to the tftp serve...
Page 760: Table of Contents
Operation manual – information center h3c s3100 series ethernet switches table of contents i table of contents chapter 1 information center....................................................................................................... 1-1 1.1 information center overview ........................
Page 761
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-1 chapter 1 information center 1.1 information center overview 1.1.1 introduction to information center acting as the system information hub, information center classifies and manages system infor...
Page 762
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-2 z if the threshold is set to 1, only information with the severity being emergencies will be output; z if the threshold is set to 8, information of all severities will be output. Iii. Ten channe...
Page 763
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-3 note: configurations for the six output directions function independently and take effect only after the information center is enabled. Iv. Outputting system information by source module the sys...
Page 764
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-4 module name description nat network address translation module ndp neighbor discovery protocol module ntdp network topology discovery protocol module ntp network time protocol module pki public ...
Page 765
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-5 note: z the space, the forward slash /, and the colon are all required in the above format. Z before may have %, “#, or * followed with a space, indicating log, alarm, or debugging information r...
Page 766
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-6 ii. Timestamp timestamp records the time when system information is generated to allow users to check and identify system events. Note that there is a space between the timestamp and sysname (ho...
Page 767
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-7 iii. Sysname sysname is the system name of the local switch and defaults to “h3c”. You can use the sysname command to modify the system name. Refer to the system maintenance and debugging part o...
Page 768
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-8 1.2 information center configuration 1.2.1 introduction to the information center configuration tasks table 1-4 information center configuration tasks task remarks configuring synchronous inform...
Page 769
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-9 note: z if the system information is output before you input any information following the current command line prompt, the system does not echo any command line prompt after the system informat...
Page 770
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-10 operation command description set to display the utc time zone in the output information of the information center info-center timestamp utc required by default, no utc time zone is displayed i...
Page 771
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-11 table 1-8 default output rules for different output directions log trap debug output direction modules allowed enabl ed/dis abled severi ty enable d/disab led severit y enable d/disab led sever...
Page 772
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-12 note: make sure that the debugging/log/trap information terminal display function is enabled (use the terminal monitor command) before you enable the corresponding terminal display function by ...
Page 773
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-13 note: z when there are multiple telnet users or dumb terminal users, they share some configuration parameters including module filter, language and severity level threshold. In this case, chang...
Page 774
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-14 1.2.6 setting to output system information to a log host table 1-12 set to output system information to a log host operation command description enter system view system-view — enable the infor...
Page 775
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-15 1.2.7 setting to output system information to the trap buffer table 1-13 set to output system information to the trap buffer operation command description enter system view system-view — enable...
Page 777
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-17 1.3 displaying and maintaining information center after the above configurations, you can execute the display commands in any view to display the running status of the information center, and t...
Page 778
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-18 ii. Network diagram network switch pc figure 1-1 network diagram for log output to a unix log host iii. Configuration procedure 1) configure the switch: # enable the information center. System-...
Page 779
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-19 note: when you edit the file “/etc/syslog.Conf”, note that: z a note must start in a new line, starting with a “#” sign. Z in each pair, a tab should be used as a separator instead of a space. ...
Page 780
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-20 iii. Configuration procedure 1) configure the switch: # enable the information center. System-view [switch] info-center enable # configure the host whose ip address is 202.38.1.10 as the log ho...
Page 781
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-21 in case of linux log host, the daemon “syslogd” must be started with the “-r” option. After all the above operations, the switch can record information in the corresponding log file. Note: thro...
Page 782
Operation manual – information center h3c s3100 series ethernet switches chapter 1 information center 1-22 terminal logging 1.4.4 configuration example i. Network requirements z the switch is in the time zone of gmt+ 08:00:00. Z the time stamp format of output log information is date. Z utc time zon...
Page 783: Table of Contents
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches table of contents i table of contents chapter 1 boot rom and host software loading ..................................................................... 1-1 1.1 introduction to loading approaches ....................
Page 784
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-1 chapter 1 boot rom and host software loading traditionally, switch software is loaded through a serial port. This approach is slow, time-consuming and cannot be use...
Page 785
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-2 note: the loading process of the boot rom software is the same as that of the host software, except that during the former process, you should press “6” or and afte...
Page 786
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-3 enter the correct boot rom password (no password is set by default). The system enters the boot menu: boot menu 1. Download application file to flash 2. Select appl...
Page 787
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-4 3. Set xmodem protocol parameter 0. Return to boot menu enter your choice(0-3): step 2: press 3 in the above menu to download the boot rom using xmodem. The system ...
Page 788
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-5 figure 1-1 properties dialog box figure 1-2 console port configuration dialog box.
Page 789
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-6 step 5: click the button to disconnect the hyperterminal from the switch and then click the button to reconnect the hyperterminal to the switch, as shown in figure ...
Page 790
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-7 figure 1-5 sending file page step 9: after the sending process completes, the system displays the following information: loading ...Cccccccccc done! Step 10: reset ...
Page 791
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-8 3. Set xmodem protocol parameter 0. Return to boot menu enter your choice(0-3): step 2: enter 3 in the above menu to load the host software by using xmodem. The sub...
Page 792
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-9 note: you can use one pc as both the configuration device and the tftp server. Step 2: run the tftp server program on the tftp server, and specify the path of the p...
Page 793
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-10 step 1: select in boot menu and press . The system displays the following information: 1. Set tftp protocol parameter 2. Set ftp protocol parameter 3. Set xmodem p...
Page 794
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-11 note: you can use one computer as both configuration device and ftp server. Step 2: run the ftp server program on the ftp server, configure an ftp user name and pa...
Page 795
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-12 enter your choice(0-3): enter 2 in the above menu to download the host software using ftp. The subsequent steps are the same as those for loading the boot rom, exc...
Page 796
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-13 password: 230 logged in successfully [ftp] get switch.Btm [ftp] bye note: when using different ftp server software on pc, different information will be output to t...
Page 797
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-14 ii. Loading procedure using ftp server as shown in figure 1-9 , the switch is used as the ftp server. You can telnet to the switch, and then execute the ftp comman...
Page 798
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-15 figure 1-10 command line interface step 5: use the cd command on the interface to enter the path that the boot rom upgrade file is to be stored. Assume the name of...
Page 799
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-16 figure 1-12 log on to the ftp server step 7: use the put command to upload the file switch.Btm to the switch, as shown in figure 1-13 . Figure 1-13 upload file swi...
Page 800
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 1 boot rom and host software loading 1-17 boot bootrom switch.Btm this will update bootrom on unit 1. Continue? [y/n] y upgrading bootrom, please wait... Upgrade bootrom succeeded! Reboot after the switch ...
Page 801: Debugging
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 2 basic system configuration and debugging 2-1 chapter 2 basic system configuration and debugging 2.1 basic system configuration table 2-1 basic system configuration operation command description set the c...
Page 802
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 2 basic system configuration and debugging 2-2 operation command description return from current view to user view return optional the composite key has the same effect with the return command. 2.2 display...
Page 803
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 2 basic system configuration and debugging 2-3 figure 2-1 the relationship between the protocol and screen debugging switch note: displaying debugging information on the terminal is the most commonly used ...
Page 804
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 2 basic system configuration and debugging 2-4 2.3.2 displaying debugging status table 2-4 display the current debugging status in the system operation command description display all enabled debugging on ...
Page 805
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 3 network connectivity test 3-1 chapter 3 network connectivity test 3.1 network connectivity test 3.1.1 ping you can use the ping command to check the network connectivity and the reachability of a host. T...
Page 806
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 3 network connectivity test 3-2 table 3-2 the tracert command operation command description view the gateways that a packet passes from the source host to the destination tracert [ -a source-ip ] [ -f firs...
Page 807
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-1 chapter 4 device management 4.1 introduction to device management device management includes the following: z reboot the ethernet switch z configure real-time monitoring of the runn...
Page 808
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-2 table 4-2 reboot the ethernet switch operation command description reboot the ethernet switch reboot [ unit unit-id ] available in user view 4.2.3 scheduling a reboot on the switch ...
Page 809
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-3 caution: enabling of this function consumes some amounts of cpu resources. Therefore, if your network has a high cpu usage requirement, you can disable this function to release your...
Page 810
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-4 table 4-7 commonly used pluggable transceivers transceiver type applied environment whether can be an optical transceiver whether can be an electrical transceiver sfp (small form-fa...
Page 811
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-5 z you can use the vendor name field in the prompt information of the display transceiver interface command to identify an anti-spoofing pluggable transceiver customized by h3c. If t...
Page 812
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-6 table 4-10 display the operating status of the device management operation command description display the app to be adopted at next startup display boot-loader [ unit unit-id ] dis...
Page 813
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-7 the host software switch.Bin and the boot rom file boot.Btm of the switch are stored in the directory switch on the pc. Use ftp to download the switch.Bin and boot.Btm files from th...
Page 814
Operation manual – system maintenance and debugging h3c s3100 series ethernet switches chapter 4 device management 4-8 connected. 220 wftpd 2.0 service (by texas imperial software) ready for new user user(none):switch 331 give me your password, please password: 230 logged in successfully [ftp] 5) en...
Page 815: Table of Contents
Operation manual – vlan-vpn h3c s3100 series ethernet switches table of contents i table of contents chapter 1 vlan-vpn configuration............................................................................................ 1-1 1.1 vlan-vpn overview ...................................................
Page 816
Operation manual – vlan-vpn h3c s3100 series ethernet switches table of contents ii 4.2.1 configuration prerequisites..................................................................................... 4-4 4.2.2 configuring a bpdu tunnel.................................................................
Page 817
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-1 chapter 1 vlan-vpn configuration when configuring vlan-vpn, go to these sections for information you are interested in: z vlan-vpn overview z vlan-vpn configuration z displaying and maintaining vlan-v...
Page 818
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-2 the vlan-vpn feature provides you with the following benefits: z saves public network vlan id resource. Z you can have vlan ids of your own, which is independent of public network vlan ids. Z provides...
Page 819
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-3 when tagging a received vlan-vpn frame as needed. When doing that, you should set the same tpid on both the customer-side port and the service provider-side port. The tpid in an ethernet frame has the...
Page 820
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-4 to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type interface-number — enable the vlan-vpn feature on the port vlan-vpn enable require...
Page 821
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-5 1.3 displaying and maintaining vlan-vpn configuration to do... Use the command... Remarks display the vlan-vpn configurations of all the ports display port vlan-vpn available in any view 1.4 vlan-vpn ...
Page 822
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-6 ii. Network diagram tpid=0x9200 vlan 1040 eth1/0/11 eth1/0/12 eth1/0/21 eth1/0/22 vlan 100 vlan 200 pc user terminal user switcha switchb vlan 100 vlan 200 pc server terminal server figure 1-4 network...
Page 823
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-7 # enable the vlan-vpn feature on ethernet 1/0/21 of switch b and tag the packets received on this port with the tag of vlan 1040 as the outer vlan tag. System-view [switchb] vlan 1040 [switchb-vlan104...
Page 824
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 1 vlan-vpn configuration 1-8 2) the tpid value of the outer vlan tag is set to 0x9200 before the packet is forwarded to the public network through ethernet1/0/12 of switch a. 3) the outer vlan tag of the packet remains unchanged ...
Page 825
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-1 chapter 2 selective qinq configuration note: this chapter is only applicable to s3100-ei series switches. When configuring selective qinq, go to these sections for information you are interested...
Page 826
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-2 figure 2-1 diagram for a selective qinq implementation in this implementation, switch a is an access device of the service provider. The users connecting to it include common customers (in vlan ...
Page 827
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-3 task remarks configuring global tag mapping rules for selective qinq required enabling the selective qinq feature for a port optional 2.2.2 configuring global tag mapping rules for selective qin...
Page 828
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-4 2.3 selective qinq configuration example 2.3.1 processing private network packets by their types i. Network requirements z ethernet 1/0/3 of switch a provides public network access for pc users ...
Page 829
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-5 ii. Network diagram figure 2-2 network diagram for selective qinq configuration iii. Configuration procedure z configure switch a. # create vlan 1000, vlan 1200 and vlan 5 (the default vlan of e...
Page 830
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-6 # configure ethernet 1/0/3 as a hybrid port and configure vlan 5 as its default vlan. Configure ethernet 1/0/3 to remove vlan tags when forwarding packets of vlan 5, vlan 1000, and vlan 1200. [s...
Page 831
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 2 selective qinq configuration 2-7 [switchb-etherent1/0/11] port link-type hybrid [switchb-etherent1/0/11] port hybrid vlan 12 13 1000 1200 tagged # configure ethernet1/0/12 as a hybrid port and configure vlan 12 as its default v...
Page 832
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-1 chapter 3 vlan mapping configuration note: this chapter is only applicable to s3100-ei series switches. 3.1 vlan mapping overview 3.1.1 introduction to vlan mapping the vlan mapping function can r...
Page 833
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-2 3.1.2 vlan mapping implementation you can configure vlan mapping rules for each port of an s3100 series switch. With the vlan mapping function enabled on a port, the port maps private network vlan...
Page 834
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-3 operation command description enable the vlan mapping function vlan-mapping enable required by default, the vlan mapping function is disabled. Note: z a port that is in a link aggregation port gro...
Page 835
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-4 note: z a port that is in a link aggregation port group cannot have the vlan mapping feature enabled. Z when configuring a vlan mapping rule, make sure that the mapping relationship between privat...
Page 836
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-5 ii. Network diagram figure 3-3 network diagram for vlan mapping configuration iii. Configuration procedure note: in this example, the vlan mapping function is enabled based on port-level vlan mapp...
Page 837
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-6 # as ethernet 1/0/11 of switch a not only receives packets of the customer vlan but also forward packets from the service provider network, you need to configure the port as a trunk port or hybrid...
Page 838
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 3 vlan mapping configuration 3-7 [switcha-ethernet1/0/12] vlan-mapping vlan 200 remark 600 after the above configurations, switch a maps the vlan tags of the customer packets received through ethernet 1/0/11 and ethernet 1/0/12 t...
Page 839
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-1 chapter 4 bpdu tunnel configuration note: this chapter is only applicable to s3100-ei series switches. When configuring bpdu tunnel, go to these sections for information you are interested in: z bp...
Page 840
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-2 address is used to identify the corresponding proprietary protocol, and the type field is used to identify the specific protocol type. Ii. Transmitting bpdu packets transparently as shown in figure...
Page 841
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-3 figure 3-2 and figure 3-3 show the structure of a bpdu packet before and after it enter a bpdu tunnel. Figure 4-2 the structure of a bpdu packet before it enters a bpdu tunnel figure 4-3 the struct...
Page 842
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-4 z proprietary protocols of other vendors, including cdp (cisco discovery protocol), pagp (port aggregation protocol), pvst (per-vlan spanning tree), vtp (vlan trunk protocol), and udld (uni-directi...
Page 843
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-5 note: z if bpdu tunnel transparent transmission is enabled for packets of a protocol, the protocol cannot be enabled on the port. For example, if you execute the bpdu-tunnel lacp command, the lacp ...
Page 844
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-6 z enable the service provider network to transmit stp packets of the customer network through bpdu tunnel. The destination mac address for tunnel packets is 010f-e233-8b22. Z enable the vlan-vpn fe...
Page 845
Operation manual – vlan-vpn h3c s3100 series ethernet switches chapter 4 bpdu tunnel configuration 4-7 2) configure provider2. # disable stp on ethernet1/0/4. System-view [sysname] interface ethernet 1/0/4 [sysname-ethernet1/0/4] stp disable # enable bpdu tunnel for stp packets. [sysname-ethernet1/0...
Page 846: Table of Contents
Operation manual – hwping h3c s3100 series ethernet switches table of contents i table of contents chapter 1 hwping configuration ................................................................................................ 1-1 1.1 hwping overview.....................................................
Page 847
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-1 chapter 1 hwping configuration 1.1 hwping overview 1.1.1 introduction to hwping hwping (pronounced hua’wei ping) is a network diagnostic tool. It is used to test the performance of various protocols runni...
Page 848
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-2 1.1.2 test types supported by hwping table 1-1 test types supported by hwping supported test types description icmp test dhcp test ftp test http test dns test snmp test for these types of tests, you need ...
Page 849
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-3 test parameter description source interface ( source-interface ) z for dhcp test, you must specify a source interface, which will be used by hwping client to send dhcp requests. If no source interface is ...
Page 850
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-4 test parameter description type of service ( tos ) type of service is the value of the tos field in ip header in the test packets. Dns z this parameter is used to specify a dns domain name in a hwping dns...
Page 851
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-5 test parameter description trap z a hwping test will generate a trap message no matter whether the test successes or not. You can use the trap switch to enable or disable the output of trap messages. Z yo...
Page 852
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-6 table 1-4 hwping server configuration operation command description enter system view system-view — enable the hwping server function hwping-server enable required disabled by default. Configure a udp lis...
Page 853
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-7 operation command description configure the source ip address source-ip ip-address optional by default, no source ip address is configured. Configure the number of probes per test count times optional by ...
Page 854
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-8 table 1-6 configure dhcp test on hwping client operation command description enter system view system-view — enable the hwping client function hwping-agent enable required by default, the hwping client fu...
Page 855
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-9 operation command description create a hwping test group and enter its view hwping administrator-name operation-tag required by default, no test group is configured. Configure the test type test-typeftp r...
Page 856
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-10 operation command description configure an ftp login username username name configure an ftp login password password password required by default, neither username nor password is configured. Configure a...
Page 857
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-11 operation command description configure dns-server dns-server ip-address z required: when you use h3c s3100-ei series switches as hwping client for http test and set the destination address as host name....
Page 858
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-12 operation command description configure the http operation string and version in an http test http-string string version required by default, http operation string and version are not configured. Start t...
Page 859
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-13 operation command description configure the source port source-port port-number optional by default, no source port is configured. Configure the number of probes per test count times optional by default,...
Page 860
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-14 table 1-10 configure snmp test on hwping client operation command description enter system view system-view — enable the hwping client function hwping-agent enable required by default, the hwping client ...
Page 861
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-15 operation command description display test results display hwping results [ admin-name operation-tag ] required you can execute the command in any view. 7) configuring tcp test on hwping client table 1-1...
Page 862
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-16 operation command description configure the source ip address source-ip ip-address optional by default, the source ip address is not specified. Configure the source port source-port port-number optional ...
Page 864
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-18 operation command description configure the automatic test interval frequency interval optional by default, the automatic test interval is zero seconds, indicating no automatic test will be made. Configu...
Page 865
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-19 operation command description configure the automatic test interval frequency interval optional by default, the automatic test interval is zero seconds, indicating no automatic test will be made. Configu...
Page 867
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-21 ii. Network diagram figure 1-2 network diagram for the icmp test iii. Configuration procedure z configure hwping client (switch a): # enable hwping client. System-view [sysname] hwping-agent enable # cre...
Page 868
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-22 sd maximal delay: 0 ds maximal delay: 0 packet lost in test: 0% disconnect operation number: 0 operation timeout number: 0 system busy operation number: 0 connection fail number: 0 operation sequence err...
Page 869
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-23 # create a hwping test group, setting the administrator name to "administrator" and test tag to "dhcp". [sysname] hwping administrator dhcp # configure the test type as dhcp . [sysname-hwping-administrat...
Page 870
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-24 7 1018 1 0 2000-04-03 09:50:48.8 8 1020 1 0 2000-04-03 09:50:36.8 9 1020 1 0 2000-04-03 09:50:30.8 10 1028 1 0 2000-04-03 09:50:22.8 for detailed output description, see the corresponding command manual....
Page 871
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-25 [sysname-hwping-administrator-ftp] username admin # configure the ftp login password. [sysname-hwping-administrator-ftp] password admin # configure the type of ftp operation. [sysname-hwping-administrato...
Page 872
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-26 6 15653 1 0 2000-04-03 03:59:21.2 7 9792 1 0 2000-04-03 03:59:05.5 8 9794 1 0 2000-04-03 03:58:55.6 9 9891 1 0 2000-04-03 03:58:45.8 10 3245 1 0 2000-04-03 03:58:35.9 for detailed output description, see...
Page 873
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-27 [sysname] hwping administrator http # configure the test type as http . [sysname-hwping-administrator-http] test-type http # configure the ip address of the http server as 10.2.2.2. [sysname-hwping-admin...
Page 874
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-28 [sysname-hwping-administrator-http] display hwping history administrator http hwping entry(admin administrator, tag http) history record: index response status lastrc time 1 13 1 0 2000-04-02 15:15:52.5 ...
Page 875
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-29 iii. Configuration procedure z configure hwping server (switch b): # enable the hwping server and configure the ip address and port to listen on. System-view [sysname] hwping-server enable [sysname] hwpi...
Page 876
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-30 disconnect operation number: 0 operation timeout number: 0 system busy operation number: 0 connection fail number: 0 operation sequence errors: 0 drop operation number: 0 other operation errors: 0 jitter...
Page 877
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-31 switch a sends an snmp query message to switch b (snmp agent) to it receives a response from switch b. Ii. Network diagram figure 1-7 network diagram for the snmp test iii. Configuration procedure z conf...
Page 878
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-32 # configure the destination ip address as 10.2.2.2. [sysname-hwping-administrator-snmp] destination-ip 10.2.2.2 # configure to make 10 probes per test. [sysname-hwping-administrator-snmp] count 10 # set ...
Page 879
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-33 1.3.7 tcp test (tcpprivate test) on the specified ports i. Network requirements both the hwping client and the hwping server are h3c s3100 series ethernet switches. Perform a hwping tcpprivate test to te...
Page 880
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-34 [sysname-hwping-administrator-tcpprivate] timeout 5 # start the test. [sysname-hwping-administrator-tcpprivate] test-enable # display test results. [sysname-hwping-administrator-tcpprivate] display hwpin...
Page 881
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-35 switches to test the rtt of udp packets between this end (hwping client) and the specified destination end (hwping server), with the port number set to 8000. Ii. Network diagram figure 1-9 network diagra...
Page 882
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-36 [sysname-hwping-administrator-udpprivate] display hwping results administrator udpprivate hwping entry(admin administrator, tag udpprivate) test result: destination ip address:10.2.2.2 send operation tim...
Page 883
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-37 ii. Network diagram figure 1-10 network diagram for the dns test iii. Configuration procedure z configure dns server: use windows 2003 server as the dns server. For dns server configuration, refer to the...
Page 884
Operation manual – hwping h3c s3100 series ethernet switches chapter 1 hwping configuration 1-38 min/max/average round trip time: 6/10/8 square-sum of round trip time: 756 last complete test time: 2006-11-28 11:50:40.9 extend result: sd maximal delay: 0 ds maximal delay: 0 packet lost in test: 0% di...
Page 885: Table of Contents
Operation manual – ipv6 management h3c s3100 series ethernet switches table of contents i table of contents chapter 1 ipv6 configuration....................................................................................................... 1-1 1.1 ipv6 overview..........................................
Page 886
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-1 chapter 1 ipv6 configuration note: z h3c s3100 series ethernet switches support ipv6 management features, but do not support ipv6 forwarding and related features. Z the term “router” in this docume...
Page 887
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-2 figure 1-1 comparison between ipv4 header format and ipv6 header format ii. Adequate address space the source ipv6 address and the destination ipv6 address are both 128 bits (16 bytes) long.Ipv6 ca...
Page 888
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-3 vi. Support for qos the flow label field in the ipv6 header allows the device to label packets in a flow and provide special handling for these packets. Vii. Enhanced neighbor discovery mechanism t...
Page 889
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-4 caution: the double-colon :: can be used only once in an ipv6 address. Otherwise, the device is unable to determine how many zeros the double-colon represents when converting it to zeros to restore...
Page 890
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-5 table 1-1 mapping between address types and format prefixes type format prefix (binary) ipv6 prefix id unassigned address 00...0 (128 bits) ::/128 loopback address 00...1 (128 bits) ::1/128 link-lo...
Page 891
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-6 table 1-2 reserved ipv6 multicast addresses address application ff01::1 node-local scope all-nodes multicast address ff02::1 link-local scope all-nodes multicast address ff01::2 node-local scope al...
Page 892
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-7 1.1.3 introduction to ipv6 neighbor discovery protocol the ipv6 neighbor discovery protocol (ndp) uses five types of icmpv6 messages to implement the following functions: z address resolution z nei...
Page 893
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-8 note: z h3c s3100 series ethernet switches do not support rs, ra, or redirect message. Z of the above mentioned ipv6 ndp functions, h3c s3100 series ethernet switches support the following three fu...
Page 894
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-9 1) node a sends an ns message whose destination address is the ipv6 address of node b. 2) if node a receives an na message from node b, node a considers that node b is reachable. Otherwise, node b ...
Page 895
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-10 convert domain names into ipv4 addresses or ipv6 addresses. In this way, the dns server has the functions of both ipv6 dns and ipv4 dns. 1.1.5 protocols and standards protocol specifications relat...
Page 896
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-11 z to enable a host to access a public ipv6 network, you need to assign an ipv6 global unicast address to it. Ipv6 site-local addresses and global unicast addresses can be configured in either of t...
Page 897
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-12 note: z ipv6 unicast addresses can be configured for only one vlan interface of an h3c s3100 series ethernet switches. Only one global unicast address or one site-local address can be configured f...
Page 898
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-13 table 1-6 configure a static neighbor entry to do... Use the command... Remarks enter system view system-view — configure a static neighbor entry ipv6 neighbor ipv6-address mac-address { vlan-id p...
Page 899
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-14 to do… use the command… remarks configure the attempts to send an ns message for duplicate address detection ipv6 nd dad attempts value optional 1 by default. When the value argument is set to 0, ...
Page 900
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-15 1.2.3 configuring a static ipv6 route you can configure static ipv6 routes for network interconnection in a small sized ipv6 network. Table 1-11 configure a static ipv6 route to do… use the comman...
Page 901
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-16 1.2.5 configuring the maximum number of ipv6 icmp error packets sent within a specified time if too many ipv6 icmp error packets are sent within a short time in a network, network congestion may o...
Page 902
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-17 1.2.7 configuring ipv6 dns i. Configure a static host name to ipv6 address mapping you can directly use a host name when applying telnet applications and the system will resolve the host name into...
Page 903
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-18 note: the dns resolve and dns domain commands are the same as those of ipv4 dns. For details about the commands, refer to dns . 1.2.8 displaying and maintaining ipv6 table 1-17 display and maintai...
Page 905
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-20 # configure an automatically generated link-local address for the interface vlan-interface1. System-view [switcha] interface vlan-interface 1 [switcha-vlan-interface1] ipv6 address auto link-local...
Page 906
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-21 joined group address(es): ff02::1:ff00:2 ff02::1:ff00:2006 ff02::1 mtu is 1500 bytes nd dad is enabled, number of dad attempts: 1 nd reachable time is 30000 milliseconds nd retransmit interval is ...
Page 907
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 1 ipv6 configuration 1-22 bytes=56 sequence=1 hop limit=64 time = 79 ms reply from 3001::2 bytes=56 sequence=2 hop limit=64 time = 6 ms reply from 3001::2 bytes=56 sequence=3 hop limit=64 time = 6 ms reply from 3001::2 byt...
Page 908
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-1 chapter 2 ipv6 application configuration 2.1 introduction to ipv6 application ipv6 are supporting more and more applications. Most of ipv6 applications are the same as those of ipv4. Th...
Page 909
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-2 2.2.2 ipv6 traceroute the traceroute ipv6 command is used to record the route of ipv6 packets from source to destination, so as to check whether the link is available and determine the ...
Page 910
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-3 i. Configuration preparation enable tftp on the tftp server and specify the path to download or upload files. For specific operations, refer to tftp server configuration specifications....
Page 911
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-4 i. Configuration prerequisites enable telnet on the telnet server and configure the authentication method. For details, refer to login . Table 2-4 set up ipv6 telnet connections to do… ...
Page 912
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-5 ii. Network diagram swa swb swc 3003::2/64 3003::1/64 3002::2/64 3002::1/64 3001::2/64 3001::4/64 3001::3/64 telnet_server tftp_server figure 2-3 network diagram for ipv6 applications i...
Page 913
Operation manual – ipv6 management h3c s3100 series ethernet switches chapter 2 ipv6 application configuration 2-6 round-trip min/avg/max = 31/46/110 ms # on swa, configure static routes to swc, the telnet server, and the tftp server. System-view [swa] ipv6 route-static 3002:: 64 3003::1 [swa] ipv6 ...
Page 915: Table of Contents
Operation manual – dns h3c s3100 series ethernet switches table of contents i table of contents chapter 1 dns configuration....................................................................................................... 1-1 1.1 dns overview .......................................................
Page 916
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-1 chapter 1 dns configuration note: this chapter covers only ipv4 dns configuration. For details about ipv6 dns, refer to ipv6 management operation . 1.1 dns overview domain name system (dns) is a mechanism used ...
Page 917
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-2 1) a user program sends a name query to the resolver in the dns client. 2) the dns resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding ip address back. If ...
Page 918
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-3 z if there is a dot in the domain name, such as www.Aabbcc or aabbcc., it indicates that no dns suffix needs to be added and the resolver will use this domain name to do dns lookup first. If the lookup fails, t...
Page 919
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-4 note: you may configure up to six dns servers and ten dns suffixes. 1.3 displaying and maintaining dns after the above configuration, you can execute the display command and the nslookup type command in any vie...
Page 920
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-5 ii. Network diagram figure 1-2 network diagram for static dns configuration iii. Configuration procedure # configure a mapping between host name host.Com and ip address 10.1.1.2. System-view [sysname] ip host h...
Page 921
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-6 ii. Network diagram figure 1-3 network diagram for dynamic dns configuration iii. Configuration procedure note: before doing the following configuration, make sure that: z the routes between the dns server, swi...
Page 922
Operation manual - dns h3c s3100 series ethernet switches chapter 1 dns configuration 1-7 reply from 3.1.1.1: bytes=56 sequence=4 ttl=125 time=4 ms reply from 3.1.1.1: bytes=56 sequence=5 ttl=125 time=5 ms --- host.Com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet los...
Page 923: Table of Contents
Operation manual – smart link-monitor link h3c s3100 series ethernet switches table of contents i table of contents chapter 1 smart link configuration............................................................................................ 1-1 1.1 smart link overview.................................
Page 924
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-1 chapter 1 smart link configuration note: currently, only s3100-ei series ethernet switches support the smart link feature. 1.1 smart link overview as shown in figure 1-1 , dual-uplink...
Page 925
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-2 in figure 1-1 , ethernet1/0/1 and ethernet1/0/2 on switch a are two member ports of a smart link group. Ii. Master port the master port can be either an ethernet port or a manually-co...
Page 926
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-3 1.1.2 operating mechanism of smart link block switch a switch b eth1/0/1 eth1/0/2 switch c switch d switch e eth1/0/1 eth1/0/2 eth1/0/3 eth1/0/1 eth1/0/2 eth1/0/11 eth1/0/12 figure 1-...
Page 927
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-4 1.2 configuring smart link note: before configuring a member port of a smart link group, you must: z disable the port to avoid loops, thus preventing broadcast storm. Z disable stp on...
Page 928
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-5 operation command remarks enable the function of sending flush messages in the specified control vlan flush enable control-vlan vlan-id required by default, no control vlan for sendin...
Page 929
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-6 link device and the target device. As shown in figure 1-2 , you need to enable this function on ethernet 1/0/2 and ethernet 1/0/3 of switch c, ethernet 1/0/2 and ethernet 1/0/3 of swi...
Page 930
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-7 9) if the control vlan for receiving flush messages configured on an associated device is different than the one for sending flush messages configured on the corresponding smart link ...
Page 931
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-8 ii. Network diagram switch a eth1/0/1 eth1/0/2 switch c server eth1/0/1 eth1/0/2 eth1/0/2 pc switch d switch e eth1/0/3 eth1/0/2 eth1/0/1 figure 1-3 network diagram for smart link con...
Page 932
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 1 smart link configuration 1-9 # configure to send flush messages within vlan 1. [switcha-smlk-group1] flush enable control-vlan 1 2) enable the function of processing flush messages received from vlan 1 on switch ...
Page 933
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-1 chapter 2 monitor link configuration note: currently, only s3100-ei series ethernet switches support the monitor link feature. 2.1 introduction to monitor link monitor link is a col...
Page 934
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-2 2.1.1 how monitor link works block switch a switch b eth1/0/1 eth1/0/2 switch c switch d switch e eth1/0/1 eth1/0/2 eth1/0/3 eth1/0/1 eth1/0/2 eth1/0/11 eth1/0/12 figure 2-2 network...
Page 935
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-3 note: z currently, member ports of a monitor link group cannot be dynamic link aggregation groups. Z if the uplink or downlink port in the monitor link group is a link aggregation g...
Page 936
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-4 2.2.3 configuring the uplink port table 2-3 configure the uplink port operation command remarks enter system view system-view — enter the specified monitor link group view monitor-l...
Page 937
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-5 operation command remarks configure the specified link aggregation group as a downlink port of the monitor link group link-aggregation group group-id downlink monitor link group vie...
Page 938
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-6 2.4 monitor link configuration example 2.4.1 implementing collaboration between smart link and monitor link i. Network requirements as shown in figure 2-3 , the pcs access the serve...
Page 939
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-7 [switcha-ethernet1/0/1] quit [switcha] interface ethernet 1/0/2 [switcha-ethernet1/0/2] stp disable # return to system view. [switcha-ethernet1/0/2] quit # create smart link group 1...
Page 940
Operation manual – smart link-monitor link h3c s3100 series ethernet switches chapter 2 monitor link configuration 2-8 [switche] smart-link flush enable control-vlan 1 port ethernet 1/0/10 to ethernet 1/0/11.
Page 941: Table of Contents
Operation manual – appendix h3c s3100 series ethernet switches table of contents i table of contents appendix a acronyms ..................................................................................................................A-1.
Page 942: Appendix A Acronyms
Operation manual – appendix h3c s3100 series ethernet switches appendix a acronyms a-1 appendix a acronyms a aaa authentication, authorization and accounting abr area border router acl access control list arp address resolution protocol as autonomous system asbr autonomous system border router b bdr...
Page 943
Operation manual – appendix h3c s3100 series ethernet switches appendix a acronyms a-2 icmp internet control message protocol igmp internet group management protocol igp interior gateway protocol ip internet protocol l lsa link state advertisement lsdb link state database m mac medium access control...
Page 944
Operation manual – appendix h3c s3100 series ethernet switches appendix a acronyms a-3 tftp trivial file transfer protocol tos type of service ttl time to live u udp user datagram protocol v vlan virtual lan vod video on demand w wrr weighted round robin x xid exchange identification xrn expandable ...