- DL manuals
- 3Com
- Switch
- Switch 7700
- Configuration Manual
3Com Switch 7700 Configuration Manual
Summary of Switch 7700
Page 1
Http://www.3com.Com/ switch 7700 configuration guide published december 2003 part no.10014298.
Page 2
3com corporation 350 campus drive marlborough, ma 01752-3064 copyright © 2003, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written p...
Page 3: Ontents
C ontents a bout t his g uide conventions 1 s ystem a ccess product overview 3 function features 3 configuring the switch 7700 4 setting terminal parameters 5 configuring through telnet 8 configuring through a dial-up the modem 11 configuring the user interface 12 command line interface 20 command l...
Page 4
Subnet and mask 47 configure ip address 48 displaying and debugging an ip address 49 troubleshooting an ip address configuration 49 arp configuration 50 configure static arp 50 dhcp relay 51 configuring dhcp relay 52 displaying and debugging dhcp relay 53 troubleshooting a dhcp relay configuration 5...
Page 5
Routing policy fault diagnosis and troubleshooting 149 route capacity 150 route capacity limitation 150 route capacity configuration 150 displaying and debugging route capacity 153 m ulticast p rotocol ip multicast overview 155 multicast addresses 156 ip multicast protocols 158 ip multicast packet f...
Page 6
Traffic 194 configuring qos 197 displaying and debugging qos 200 user logonacl control configuration 201 configure acl control over the telnet user 201 configure acl control over snmp users 203 stp o peration stp overview 205 designated switch and designated port 205 calculating the stp algorithm 20...
Page 7
Configuring aaa 250 configuring the radius protocol 253 displaying and debugging the aaa and radius protocols 260 aaa and radius protocol fault diagnosis and troubleshooting 261 r eliability vrrp overview 263 configuring vrrp 264 enabling and disabling pinging the virtual ip address 264 setting the ...
Page 8
Rmon 31 configure rmon 32 displaying and debugging rmon 34 ntp 35 configuring ntp 36 displaying and debugging ntp 42 ntp configuration examples 43.
Page 9: Bout
A bout t his g uide this guide describes the 3com ® switch 7700 and how to configure it in version 2.0 of the software. Conventions table 1 and table 2 list conventions that are used throughout this guide. Table 1 notice icons table 2 text conventions icon notice type description information note in...
Page 10
2 a bout t his g uide.
Page 11: Ystem
1 s ystem a ccess ■ product overview ■ configuring the switch 7700 ■ setting terminal parameters ■ command line interface product overview the 3com switch 7700 is a large capacity, modularized wire speed layer 2/layer 3 ethernet switch. It is designed for ip metropolitan area networks (man), large-s...
Page 12
4 c hapter 1: s ystem a ccess configuring the switch 7700 on the switch 7700, you can set up the configuration environment through the console port. To set up the the local configuration environment: 1 plug the db-9 or db-25 female plug of the console cable into the serial port of the pc or the term...
Page 13
Setting terminal parameters 5 figure 1 setting up the local configuration environment through the console port setting terminal parameters to set terminal parameters: 1 start the pc and select start > programs > accessories > communications > hyperterminal. 2 the hyperterminal window displays the co...
Page 14
6 c hapter 1: s ystem a ccess figure 3 properties dialog box 5 click ok. The port settings tab, shown in figure 4, displays and you can set serial port parameters. Set the following parameters: ■ baud rate = 9600 ■ databit = 8 ■ parity check = none ■ stopbit = 1 ■ flow control = none.
Page 15
Setting terminal parameters 7 figure 4 set communication parameters 6 click ok. The hyperterminal dialogue box displays, as shown in figure 5. 7 select properties. Figure 5 hyperterminal window 8 in the properties dialog box, select the settings tab, as shown in figure 6. 9 select vt100 in the emula...
Page 16
8 c hapter 1: s ystem a ccess figure 6 settings tab configuring through telnet after you have correctly configured the ip address of a vlan interface for an ethernet switch through the console port (using the ip address command in vlan interface view), and added the port (that connects to a terminal...
Page 17
Setting terminal parameters 9 figure 7 setting up the configuration environment through telnet 4 run telnet on the pc by selecting start > run from the windows desktop and entering telnet in the open field, as shown in figure 8. Click ok. Figure 8 run telnet 5 on the connect dialog box, enter the ip...
Page 18
10 c hapter 1: s ystem a ccess note: when configuring the ethernet switch by telnet, do not modify the ip address of it unless necessary, for the modification might terminate the telnet connection. By default, after logging on, a telnet user can access the commands at level 0. Connecting two switch ...
Page 19
Setting terminal parameters 11 configuring through a dial-up the modem to configure your router through a dial-up modem: 1 authenticate the modem user through the console port of the switch 7700 before the user logs in to the switch through a dial-up modem. Note: by default, the password is required...
Page 20
12 c hapter 1: s ystem a ccess figure 12 set the dialed number figure 13 dial the remote pc 4 enter the preset login password on the remote terminal emulator and wait for the prompt. 5 use the appropriate commands to configure the switch 7700 or view its running state. Enter ? To get the immediate h...
Page 21
Setting terminal parameters 13 ■ remote configuration through a modem through the console port. There are two types of user interfaces: ■ aux user interface is used to log in the ethernet switch through a dial-up modem. A switch 7700 can only have one aux port. ■ vty user interface is used to telnet...
Page 22
14 c hapter 1: s ystem a ccess perform the following configurations in user interface (aux user interface only) view. Configure the terminal attributes the following commands can be used for configuring the terminal attributes, including enabling/disabling terminal service, disconnection upon timeou...
Page 23
Setting terminal parameters 15 through the user interface only when the terminal service is enabled again. Use the commands described in table 4 to enable or disable terminal service. By default, terminal service is enabled on all the user interfaces. Note the following points: ■ for the sake of sec...
Page 24
16 c hapter 1: s ystem a ccess set the history command buffer size table 8 describes the history-command max-size command. By default, the size of the history command buffer is 10. Manage users the management of users includes the setting of the user logon authentication method, the level of command...
Page 25
Setting terminal parameters 17 2 configure the local or remote authentication username and password. Use the authentication-mode scheme command to perform local or remote authentication of username and password. The type of the authentication depends on your configuration. For detailed information, ...
Page 26
18 c hapter 1: s ystem a ccess by default, a user can access the commands at level 3 after logging in through the aux user interface, and the commands at level 0 after logging in through the vty user interface. When a user logs in to the switch, the command level that the user can access depends on ...
Page 27
Setting terminal parameters 19 configure redirection the send command can be used for sending messages between user interfaces. See table 15. Perform the following configuration in user view. The auto-execute command is used to run a command automatically after you log in. The command is automatical...
Page 28
20 c hapter 1: s ystem a ccess command line interface the switch 7700 provides a series of configuration commands and command line interfaces for configuring and managing the switch 7700. The command line interface has the following features. ■ local configuration through the console port. ■ local o...
Page 29
Command line interface 21 this level involve file system commands, ftp commands, tftp commands, xmodem downloading commands, user management commands, and level setting commands. Login users are also classified into four levels that correspond to the four command levels. After users of different lev...
Page 30
22 c hapter 1: s ystem a ccess figure 14 relation diagram of the views the table 18 describes the function features of different views and the commands to enter or quit. Table 18 function feature of command view command view function prompt command to enter command to exit user view show the basic i...
Page 31
Command line interface 23 vlan interface view configure ip interface parameters for a vlan or a vlan aggregation [sw7700-vlan- interface1] key in interface vlan-interface 1 in system view quit returns to system view return returns to user view local-user view configure local user parameters [sw7700-...
Page 32
24 c hapter 1: s ystem a ccess feature and functions of the command line online help the command line interface provides full and partial online help modes. You can get the help information through these online help commands, which are described as follows. ■ enter ? In any view to get all the comma...
Page 33
Command line interface 25 -v verbose output. Icmp packets other than echo_response that are received are listed string ip address or hostname of a remote system ip ip protocol ■ enter a command with a ? , separated by a space. If this position is for parameters, all the parameters and their brief de...
Page 34
26 c hapter 1: s ystem a ccess note: cursor keys can be used to retrieve the history commands in windows 3.X terminal and telnet. However, in windows 9x hyperterminal, the cursor keys and do not work, because windows 9x hyperterminal defines the two keys differently. In this case, use the combinatio...
Page 35: Ort
2 p ort c onfiguration this chapter covers the following topics: ■ ethernet port overview ■ link aggregation configuration ethernet port overview a brief description of switch 7700 i/o modules are listed below: ■ 48-port 10/100base-t auto-sensing fast ethernet card ■ 8-port 1000base-x (gigabit inter...
Page 36
28 c hapter 2: p ort c onfiguration ■ setting link type for ethernet port ■ adding the ethernet port to a vlan ■ setting the default vlan id for ethernet port entering ethernet port view before configuring the ethernet port, enter ethernet port view first. Perform the following configuration in syst...
Page 37
Ethernet port overview 29 perform the following configuration in ethernet port view. Note: 100m electrical ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode. The gigabit electrical ethernet port can operate in full duplex, half duplex or auto-negotiation mode. When the p...
Page 38
30 c hapter 2: p ort c onfiguration note: the settings only take effect on 10/100base-t and 10/100/1000base-t ports. The switch 7700 only supports auto (auto-sensing). If you set some other type, you will see the prompt “not support this operation!”. The cable type is auto (auto-recognized) by defau...
Page 39
Ethernet port overview 31 setting the maximum mac addresses an ethernet port can learn use the following command to set an amount limit on mac addresses learned by the ethernet port. If the number of mac address learned by this port exceeds the value set by the user, this port will not learn mac add...
Page 40
32 c hapter 2: p ort c onfiguration adding the ethernet port to a vlan the following commands are used for adding an ethernet port to a specified vlan. The access port can only be added to one vlan, while the hybrid and trunk ports can be added to multiple vlans. Perform the following configuration ...
Page 41
Ethernet port overview 33 note: ■ the trunk port and isolate-user-vlan cannot be configured simultaneously, while the hybrid port and isolate-user-vlan can be thus configured. However, if the default vlan has been mapped in isolate-user-vlan, you cannot modify the default vlan id until the mapping r...
Page 42
34 c hapter 2: p ort c onfiguration forward the packets. The loop test will finish automatically after being executed for a while. Note: the loopback test cannot be performed on the port disabled by the shutdown command. During the loopback test, the system will disable speed, duplex, mdi and shutdo...
Page 43
Link aggregation configuration 35 ethernet port troubleshooting if the default vlan id configuration fails, take the following steps: 1 execute the display interface or display port command to check if the port is a trunk port or a hybrid port. If it is neither of them, configure it as a trunk port ...
Page 44
36 c hapter 2: p ort c onfiguration trunk port allows frames from several vlans to pass through, the heavy traffic needs balancing among all the ports. Ethernet switch (switch a) is connected to the ethernet switch (switch b) upstream by the aggregation of three ports, ethernet1/0/1 through ethernet...
Page 45: Vlan C
3 vlan c onfiguration ■ vlan overview ■ configuring garp/gvrp vlan overview a virtual local area network (vlan) groups the devices of a lan logically, but not physically, into segments to implement the virtual workgroups. Using vlan technology, network managers can logically divide the physical lan ...
Page 46
38 c hapter 3: vlan c onfiguration the vlan_id parameter specifies the vlan id. Note that the default vlan, namely vlan 1, cannot be deleted. Add ethernet ports to a vlan you can use the following command to add ethernet ports to a vlan. Perform the following configuration in vlan view. For the mean...
Page 47
Vlan overview 39 set or delete vlan description character string you can use the following command to set or delete vlan description character string. The description character strings, such as workgroup name and department name, are used to distinguish the different vlans. Perform the following con...
Page 48
40 c hapter 3: vlan c onfiguration perform the following configuration in vlan interface view. The operation of shutting down or enabling the vlan interface has no effect on the status of the ethernet ports on the local vlan. By default, when all the ethernet ports belonging to a vlan are down, this...
Page 49
Configuring garp/gvrp 41 [sw7700-vlan2] port ethernet 1/0/1 ethernet 2/0/1 3 create vlan 3 and enters its view. [sw7700-vlan2] vlan 3 4 add ethernet 1/0/2 and ethernet 2/0/2 to vlan3. [sw7700-vlan3] port ethernet 1/0/2 ethernet 2/0/2 configuring garp/gvrp generic attribute registration protocol (gar...
Page 50
42 c hapter 3: vlan c onfiguration setting the garp timer garp timers include the hold, join, leave, and leaveall timers. The garp participant sends join message regularly when join timer times out so that other garp participants can register its attribute values. When the garp participant wants to ...
Page 51
Configuring garp/gvrp 43 configuring gvrp garp vlan registration protocol (gvrp) is a garp application. Based on the garp operating mechanism, gvrp maintains the dynamic vlan registration information in the switch and distributes the information to other switches. All the gvrp-supporting switches ca...
Page 52
44 c hapter 3: vlan c onfiguration perform the following configurations in ethernet port view. Gvrp should be enabled globally before it is enabled on the port. Gvrp can only be enabled or disabled on a trunk port. By default, global gvrp is disabled. Set gvrp registration type the gvrp registration...
Page 53
Configuring garp/gvrp 45 example: gvrp configuration example the network requirement is to dynamically register and update vlan information among switches. Figure 2 gvrp configuration example configure switch a: 1 set ethernet1/0/1 as a trunk port and allows all the vlans to pass through. [sw7700] i...
Page 54
46 c hapter 3: vlan c onfiguration.
Page 55: Etwork
4 n etwork p rotocol o peration this chapter covers the following topics: ■ configure ip address ■ arp configuration ■ dhcp relay ■ ip performance configure ip address ip address is a 32-bit address represented by four octets. Ip addresses are divided into five classes: a, b, c, d and e. The octets ...
Page 56
48 c hapter 4: n etwork p rotocol o peration with the rapid development of the internet, ip addresses are depleting very fast. The traditional ip address allocation method uses up ip addresses with little efficiency. The concept of mask and subnet was proposed to make full use of the available ip ad...
Page 57
Configure ip address 49 generally, it is sufficient to configure one ip address for an interface. However, you can also configure more than one ip addresses for an interface, so that it can be connected to several subnets. Among these ip addresses, one is the primary ip address and all others are se...
Page 58
50 c hapter 4: n etwork p rotocol o peration but not receive the arp packets, there are probably errors on the ethernet physical layer. Arp configuration an ip address cannot be directly used for communication between network devices because devices can only identify mac addresses. An ip address is ...
Page 59
Dhcp relay 51 manually add/delete static arp mapping entries perform the following configuration in system view. Note: static arp mapping entries will not time out, however dynamic arp mapping entries time out after 20 minutes. The arp mapping table is empty and the address mapping is obtained throu...
Page 60
52 c hapter 4: n etwork p rotocol o peration the dhcp relay serves as conduit between the dhcp client and the server located on different subnets. The dhcp packets can be relayed to the destination dhcp server (or client) across network segments. The dhcp clients on different networks can use the sa...
Page 61
Dhcp relay 53 note: the backup server ip address cannot be configured independently, instead, it has to be configured together with the master server ip address. The corresponding ip address of the dhcp server is not configured by default. The dhcp server address must be configured before dhcp relay...
Page 62
54 c hapter 4: n etwork p rotocol o peration configuration. Execute debugging command in user view to debug dhcp relay configuration. Example: configuring dhcp relay configure the vlan interface corresponding to the user and the related dhcp server so as to use dhcp relay. Figure 3 networking diagra...
Page 63
Dhcp relay 55 [3com] vlan 3 [3com-vlan3] port ethernet 1/0/3 [3com] interface vlan 3 [3com-vlan-interface3] ip address 21.2.2.1 255.255.0.0 7 it is necessary to configure a vlan for the server. However, in order to implement the dhcp relay, the following example configures the servers with the same ...
Page 64
56 c hapter 4: n etwork p rotocol o peration ip performance tcp attributes to be configured include: ■ synwait timer : when sending the syn packets, tcp starts the synwait timer. If response packets are not received before synwait timeout, the tcp connection will be terminated. The timeout of synwai...
Page 65
Ip performance 57 troubleshooting ip performance if the ip layer protocol works normally but tcp and udp do work normally, you can enable the corresponding debugging information output to view the debugging information. ■ use the terminal debugging command to output the debugging information to the ...
Page 66
58 c hapter 4: n etwork p rotocol o peration.
Page 67: Outing
5 r outing p rotocol o peration this chapter covers the following topics: ■ ip routing protocol overview ■ static routes ■ rip ■ ospf ■ is-is ■ bgp ■ ip routing policy ■ route capacity ip routing protocol overview routers select an appropriate path through a network for an ip packet according to the...
Page 68
60 c hapter 5: r outing p rotocol o peration figure 1 about hops networks can have different sizes so the segment lengths connected between two different pairs of routers are also different. If a router in a network is regarded as a node and a route segment in the internet is regarded as a link, mes...
Page 69
Ip routing protocol overview 61 ■ the priority added to the ip routing table for a route — indicates the type of route that is selected. There may be multiple routes with different next hops to the same destination. These routes can be discovered by different routing protocols, or they can be the st...
Page 70
62 c hapter 5: r outing p rotocol o peration routing protocols (as well as the static configuration) can generate different routes to the same destination, but not all these routes are optimal. In fact, at a certain moment, only one routing protocol can determine a current route to a single destinat...
Page 71
Static routes 63 the following routes are static routes: ■ reachable route — the normal route in which the ip packet is sent to the next hop by the route marked by the destination. It is a common type of static route. ■ unreachable route — when a static route to a destination has the reject attribut...
Page 72
64 c hapter 5: r outing p rotocol o peration the ip address and mask use a decimal format. Because the 1s in the 32-bit mask must be consecutive, the dotted decimal mask can also be replaced by the mask-length which refers to the digits of the consecutive 1s in the mask. ■ transmitting interface or ...
Page 73
Static routes 65 perform the following configurations in system view. By default the value is 60 display and debug static route after you configure static and default routes, execute the display command in all views to display the running of the static route configuration, and to verify the effect o...
Page 74
66 c hapter 5: r outing p rotocol o peration figure 3 static route configuration 1 configure the static route for ethernet switch a: [switch a] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2 [switch a] ip route-static 1.1.4.0 255.255.255.0 1.1.2.2 [switch a] ip route-static 1.1.5.0 255.255.255.0 1.1....
Page 75
Rip 67 rip routing information protocol (rip) is a simple, dynamic routing protocol, that is distance-vector (d-v) algorithm-based. It uses hop counts to measure the distance to the destination host, which is called routing cost. In rip, the hop count from a router to its directly connected network ...
Page 76
68 c hapter 5: r outing p rotocol o peration validity of the routes. With these mechanisms, rip, an interior routing protocol, enables the router to learn the routing information of the entire network. Rip has become one of the most popular standards of transmitting router and host routes. It can be...
Page 77
Rip 69 perform the following configurations in rip view. Note that after the rip task is enabled, you should also specify its operating network segment, for rip only operates on the interface on the specified network. For an interface that is not on the specified network, rip does not receive or sen...
Page 78
70 c hapter 5: r outing p rotocol o peration rip-1 from incorrectly receiving and processing the routes with subnet mask in rip-2. When an interface is running rip-2, it can also receive rip-1 packets. Perform the following configuration in vlan interface view. By default, the interface receives and...
Page 79
Rip 71 the rip work command is functionally equivalent to both rip input and rip output commands. By default, all interfaces except loopback interfaces both receive and transmit rip update packets. Disable host route in some cases, the router can receive many host routes from the same segment, and t...
Page 80
72 c hapter 5: r outing p rotocol o peration set rip-2 packet authentication rip-1 does not support packet authentication. However, you can configure packet authentication on rip-2 interfaces. Rip-2 supports two authentication modes: ■ simple authentication — does not ensure security. The unencrypte...
Page 81
Rip 73 perform the following configurations in rip view. By default, rip does not import the route information of other protocols. Configure default cost for the imported route when you use the import-route command to import the routes of other protocols, you can specify their cost. If you do not sp...
Page 82
74 c hapter 5: r outing p rotocol o peration perform the following configuration in vlan interface view. By default, the additional routing metric added to the route when rip sends the packet is 1. The additional routing metric when rip receives the packet is 0 by default. Configure route filtering ...
Page 83
Rip 75 display and debug rip after configuring rip, execute the display command in all views to display the rip configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the rip module. Execute the reset command in rip view to reset the ssytem ...
Page 84
76 c hapter 5: r outing p rotocol o peration [switch b-rip] network 110.11.2.0 3 configure rip on switch c: [switch c] rip [switch c-rip] network 117.102.0.0 [switch c-rip] network 110.11.2.0 rip fault diagnosis and troubleshooting 1 the switch 7700 cannot receive update packets when the physical co...
Page 85
Ospf 77 ■ lsa describes the network topology around a router, so the lsdb describes the network topology of the entire network. Routers can easily transform the lsdb to a weighted directed graph, which actually reflects the topology of the whole network. Obviously, all the routers have a graph that ...
Page 86
78 c hapter 5: r outing p rotocol o peration in a broadcast network, in which all routers are directly connected, any two routers must establish adjacency to broadcast their local status information to the whole as. In this situation, every change that a router makes results in multiple transmission...
Page 87
Ospf 79 should be noted that after ospf is disabled, the ospf-related interface parameters also become invalid. Ospf configuration includes the tasks that are described in the following sections: ■ enable ospf and enter ospf view ■ enter ospf area view ■ specify interface ■ configure router id ■ con...
Page 88
80 c hapter 5: r outing p rotocol o peration by default, ospf is not enabled. Enter ospf area view perform the following configurations in ospf view. Specify interface ospf divides the as into different areas. You must configure each ospf interface to belong to a particular area, identified by an ar...
Page 89
Ospf 81 configure the network type on the ospf interface the route calculation of ospf is based on the topology of the adjacent network of the local router. Each router describes the topology of its adjacent network and transmits it to all the other routers. Ospf divides networks into four types by ...
Page 90
82 c hapter 5: r outing p rotocol o peration perform the following configuration in vlan interface view. After the interface has been configured with a new network type, the original network type of the interface is removed automatically. Configure the cost for sending packets on an interface the us...
Page 91
Ospf 83 note that: ■ the dr on the network is not necessarily the router with the highest priority. Likewise, the bdr is not necessarily the router with the second highest priority. If a new router is added after dr and bdr election, it is impossible for the router to become the dr even if it has th...
Page 92
84 c hapter 5: r outing p rotocol o peration perform the following configuration in vlan interface view. By default, p2p and broadcast interfaces send hello packets every 10 seconds, and p2mp and nbma interfaces send the packets every 30 seconds. Set a dead timer for the neighboring routers the dead...
Page 93
Ospf 85 by default, lsu packets are transmitted by seconds. Set an interval for lsa retransmission between neighboring routers if a router transmits an lsa to the peer, it requires the acknowledgement packet from the peer. If it does not receive the acknowledgement packet within the retransmission, ...
Page 94
86 c hapter 5: r outing p rotocol o peration to insure that routes to the destinations outside the as are still reachable, the abr in this area generates a default route (0.0.0.0) and advertises it to the non-abr routers in the area. Note the following items when you configure a stub area: ■ the bac...
Page 95
Ospf 87 figure 5 nssa perform the following configuration in ospf area view. All routers connected to the nssa must use the nssa command to configure the area with the nssa attribute. The default-route-advertise parameter is used to generate the default type-7 lsas. The default type-7 lsa route is g...
Page 96
88 c hapter 5: r outing p rotocol o peration transmitted separately. Therefore, the sizes of the lsdbs in other areas can be reduced. Once the aggregate segment of a certain network is added to the area, all the internal routes of the ip addresses in the range of the aggregate segment are no longer ...
Page 97
Ospf 89 type-3 lsas generated by the abrs, for which the synchronization mode of the routers in the area is not changed. Perform the following configuration in ospf area view. The area-id and router-id variables have no default value. By default, the hello timer is 10 seconds, retransmit is 5 second...
Page 98
90 c hapter 5: r outing p rotocol o peration perform the following configuration in ospf area view. By default, the area does not support packet authentication. Configure ospf packet authentication ospf supports simple authentication or md5 authentication between neighboring routers. Perform the fol...
Page 99
Ospf 91 is the same as the cost of routes within the as. Also, this route cost and the route cost of the ospf itself are comparable. That is, the cost to reach the external route type 1 equals the cost to reach the corresponding asbr from the local router plus the cost to reach the destination addre...
Page 100
92 c hapter 5: r outing p rotocol o peration by default, no default cost and tag are available when importing external routes, and the type of the imported route is type-2. The interval of importing the external route is 1 second. The upper limit to the external routes imported is 1000 per second. C...
Page 101
Ospf 93 configure ospf route filtering perform the following configuration in ospf view. By default, ospf does not filter the imported and distributed routing information. For a detailed description, see “ip routing policy”. Configure filling the mtu field when an interface transmits dd packets ospf...
Page 102
94 c hapter 5: r outing p rotocol o peration perform the following configuration in ospf view. By default, all the interfaces are allowed to transmit and receive ospf packets. After an ospf interface is set to silent status, the interface can still advertise its direct route. However, the ospf calli...
Page 103
Ospf 95 example: ospf configuration configuring dr election based on ospf priority in this example, four switch 7700 routers, switch a, switch b, switch c, and switch d, which can perform the router functions and run ospf, are located on the same segment, as shown in figure 6. Figure 6 configuring d...
Page 104
96 c hapter 5: r outing p rotocol o peration 3 configure switch c: [switch c] interface vlan-interface 1 [switch c-vlan-interface1] ip address 196.1.1.3 255.255.255.0 [switch c-vlan-interface1] ospf dr-priority 2 [switch c] router id 3.3.3.3 [switch c] ospf [switch c-ospf] area 0 [switch c-ospf-area...
Page 105
Ospf 97 figure 7 ospf virtual link configuration the commands listed below implement this configuration. 1 configure switch a: [switch a] interface vlan-interface 1 [switch a-vlan-interface1] ip address 196.1.1.1 255.255.255.0 [switch a] router id 1.1.1.1 [switch a] ospf [switch a-ospf] area 0 [swit...
Page 106
98 c hapter 5: r outing p rotocol o peration ospf fault diagnosis and troubleshooting 1 ospf has been configured according to the previous procedures, but ospf on the router does not run normally. ■ troubleshoot locally check whether the protocol between two directly connected routers is operating n...
Page 107
Is-is 99 areas. Rtb belongs to area0, which complies with the backbone area membership requirement. However, rtc does not belong to area0. Therefore, a virtual link must be set up between rtc and rtb to insure that area2 and area0 (the backbone area) are connected. Figure 8 ospf areas ■ the backbone...
Page 108
100 c hapter 5: r outing p rotocol o peration two-level structure of is-is routing protoco l is-is adopts the two-level structure including level-1 and level-2 in a routing domain (or the as) to support the routing network at a large scale. A large rd is divided into one or more areas. The level-1 r...
Page 109
Is-is 101 figure 9 is-is topology nsap structure of is-is routing protocol figure 10 illustrates the nsap structure. The whole address is of 8 to 20 bytes long. Figure 10 nsap structure nsap includes initial domain part (idp) and domain specific part (dsp). Idp and dsp are length-variable with total...
Page 110
102 c hapter 5: r outing p rotocol o peration and format identifier (afi) and initial domain identifier (idi). Afi defines the format of idi. Dsp has several bytes. Area address is composed of routing field and area identifier. The routing field includes afi and idi and may also includes the first b...
Page 111
Is-is 103 is-is configuration includes: ■ enabling is-is and entering the is-is view ■ setting the network entity title (net) ■ enabling is-is on the specified interface ■ setting is-is link state routing cost ■ setting the hello packet broadcast interval ■ setting the csnp packet broadcast interval...
Page 112
104 c hapter 5: r outing p rotocol o peration perform the following configurations in system view. The tag parameter identifies the is-is process. In present version, just one is-is process is allowed. By default, the is-is routing process is disabled. Setting the network entity title (net) network ...
Page 113
Is-is 105 if the level is not specified, the default setting is level-1 routing cost. The value parameter is configured according to the link state of the interface. By default, the routing cost of is-is on interface is 10. Setting the hello packet broadcast interval the is-is periodically sends the...
Page 114
106 c hapter 5: r outing p rotocol o peration if the level is not specified, it defaults to setting csnp packet broadcast interval for level-1. By default, the csnp packet is transmitted by interface every 10 second. Setting the lsp packet interval lsp carries the link state records for propagation ...
Page 115
Is-is 107 set priority for dis election in the broadcast network, the is-is needs to elect a dis from all the routers. When you need to select a dis from the is-is neighbors on the broadcast network, you should select level-1 dis and level-2 dis. The higher the priority is, the more possible it is s...
Page 116
108 c hapter 5: r outing p rotocol o peration perform the following configurations in vlan interface view.. By default, the interface is not configured with any authentication password or performs authentication. If the level is not specified, it defaults to setting the authentication password of le...
Page 117
Is-is 109 setting default route generation in the is-is route domain, the level-1 router only has the lsdb of the local area, so it can only generate the routes in the local areas. But the level-2 router has the backbone lsdb in the is-is route domains and generates the backbone network routes only....
Page 118
110 c hapter 5: r outing p rotocol o peration setting a summary route you can aggregate several different routes, which turns advertisement processes of several routes to the advertisement of single route so as to simplify the routing table. Perform the following configurations in is-is view.. By de...
Page 119
Is-is 111 s etting peer change logging after peer changes log is enabled, the is-is peer changes will be output on the configuration terminal until the log is disabled. Perform the following configurations in is-is view.. By default, the peer changes log is disabled. Setting the lsp refresh interval...
Page 120
112 c hapter 5: r outing p rotocol o peration perform the following configurations in is-is view.. By default, spf calculation does not divide into slices but runs to the end once, which can also be implemented by setting the parameter seconds to0. After slice calculation is set, the routes that are...
Page 121
Is-is 113 by default, spf calculation runs every 5 seconds. Enabling or disabling the interface to send packets to prevent the is-is routing information from obtaining by some router in a certain network, the silent-interface command can be used to prohibit sending is-is packets by the interface con...
Page 122
114 c hapter 5: r outing p rotocol o peration configuring is-is route filtering the is-is protocol can filter the received and distributed routes according to the access control list specified by acl-number. Perform the following configurations in is-is view. ■ configure filtering of the routes rece...
Page 123
Is-is 115 resetting all the is-is data structure when it is necessary to refresh some lsps immediately, perform the following configuration in user view.. Resetting the specified is-is peer when it is necessary to connect a specified peer again, perform the following configuration in user view.. Dis...
Page 124
116 c hapter 5: r outing p rotocol o peration figure 11 is-is configuration example 1 configure switch a [switch a] isis [switch a-isis] network-entity 86.0001.0000.0000.0005.00 [switch a] interface vlan-interface 100 [switch a-vlan-interface100] isis enable [switch a] interface vlan-interface 101 [...
Page 125
Bgp 117 [switch c-vlan-interface101] isis enable [switch c] interface vlan-interface 100 [switch c-vlan-interface100] isis enable 4 configure switch d [switch d] isis [switch d-isis] network-entity 86.0001.0000.0000.0008.00 [switch d] interface vlan-interface 102 [switch d-vlan-interface102] isis en...
Page 126: Configuring Bgp
118 c hapter 5: r outing p rotocol o peration abundant route policies to implement flexible filtering and selecting of routes, which can be extended easily to support new developments of the network. Bgp, as an upper-layer protocol, runs on a special router. On the first startup of the bgp system, t...
Page 127
Bgp 119 ■ configuring bgp route summarization ■ configuring an bgp route reflector ■ configuring bgp as confederation attributes ■ configuring bgp route dampening ■ configuring the repeating time for a local as ■ configuring the redistribution of bgp and igp ■ defining acl, as path list, and route p...
Page 128
120 c hapter 5: r outing p rotocol o peration perform the following configurations in bgp view. Configuring an as number to configure a bgp peer group as the neighbor of local router, the as to which the peer group belongs should be specified first. Exchange of routing information between two ends i...
Page 129
Bgp 121 by default, no bgp peer group description is set. Configuring to permit connections with ebgp peer groups on indirectly connected networks generally, ebgp peers must be connected physically. Otherwise the command below can be used to perform the configuration to make them communicate with ea...
Page 130
122 c hapter 5: r outing p rotocol o peration by default, the intervals at which route update messages are sent by an ibgp and ebgp peer group are 5 seconds and 30 seconds respectively. Configuring transmission of the community attributes to a peer group configuring a peer group to be a client of a ...
Page 131
Bgp 123 configuring a route map for a peer group by configuring the route map for a peer group, the routes coming from the peer group or advertised to the peer group can be controlled. The route map of advertised routes configured for each member of a peer group must be same with that of the peer gr...
Page 132
124 c hapter 5: r outing p rotocol o peration removing private as numbers while transmitting bgp update messages generally, the as numbers (public as numbers or private as numbers) are included in the as paths while transmitting bgp update messages. This command is used to configure certain outbound...
Page 133
Bgp 125 perform the following configurations in bgp view. By default, the interval of sending keepalive packet is 60 seconds. The interval of sending holdtime packet is 180 seconds. Configuring the local preference different local preferences can be configured to affect the bgp routing. When a route...
Page 134
126 c hapter 5: r outing p rotocol o peration by default, the med metric is 0. Comparing the med routing metrics from the peers in different ass this comparison is used to select the best route. The route with smaller med value will be selected. Perform the following configurations in bgp view. By d...
Page 135
Bgp 127 configuring bgp route summarization the cidr supports route summarization. There are two modes of bgp route summarization: summary automatic and aggregate. The summary automatic is the summary of the bgp subnet routes. After the configuration of the summary automatic, the bgp will not be abl...
Page 136
128 c hapter 5: r outing p rotocol o peration figure 12 the route reflector diagram the reflector is the router that can complete the route reflection function. The route reflector regards the ibgp peers as client and non-client. All peers that do not belong to such cluster in the autonomous system ...
Page 137
Bgp 129 two kinds of measures to avoid looping inside as as route reflector is imported, it is possible that path looping will be generated in as. Path update packets already left the cluster may attempt to return to the cluster. The conventional as path method can’t detect the internal as looping, ...
Page 138
130 c hapter 5: r outing p rotocol o peration perform the following configurations in bgp view. By default, no autonomous system is configured as a member of the confederation. Configuring the nonstandard as if it is necessary to perform the interconnection with the devices whose implementation mech...
Page 139
Bgp 131 by default, route dampening is disabled. Note that the parameters in the command are dependent on one another. If one parameter is configured, other parameters must be specified. Configuring the repeating time for a local as using peer allow-as-loop command, the repeating time of local as ca...
Page 140
132 c hapter 5: r outing p rotocol o peration defining the as path list the routing information packet of the bgp includes an as path domain. The as path-list can be used to match with the as path domain of the bgp routing information to filter the routing information, which does not conform to the ...
Page 141
Bgp 133 please perform the following configuration in the bgp view. By default, the bgp will not filter the received and distributed routes. For details, see “configuring filtering for the distributed routes ”. Clearing the bgp connection after the user changes bgp policy or protocol configuration, ...
Page 142
134 c hapter 5: r outing p rotocol o peration bgp configuration example configuring bgp as confederation attribute s divide the following as 100 into three sub-as: 1001, 1002, and 1003, and configure ebgp, confederation ebgp, and ibgp. Display route flapping statistics information display bgp routin...
Page 143
Bgp 135 figure 13 networking diagram of as confederation configuration 1 configure switch a: [switch a] bgp 1001 [switch a-bgp] confederation id 100 [switch a-bgp] confederation peer-as 1002 1003 [switch a-bgp] peer 172.68.10.2 as-number 1002 [switch a-bgp] peer 172.68.10.3 as-number 1003 2 configur...
Page 144
136 c hapter 5: r outing p rotocol o peration configuring bgp route reflector switch b receives an update packet passing ebgp and transmits it to switch c. Switch c is a reflector with two clients: switch b and switch d. When switch c receives a route update from switch b, it will transmit such info...
Page 145
Bgp 137 3 configure switch c: a configure vlan 3: [switch c] interface vlan-interface 3 [switch c-vlan-interface3] ip address 193.1.1.1 255.255.255.0 b configure vlan 4: [switch c] interface vlan-interface 4 [switch c-vlan-interface4] ip address 194.1.1.1 255.255.255.0 [switch c] ospf [switch c-ospf...
Page 146
138 c hapter 5: r outing p rotocol o peration using the display bgp routing-table command ,you can view the bgp routing table on switch d. Note: switch d also knows the existence of network 1.0.0.0. Display bgp routing-table flags: # - valid, ^ - best, d - damped, h - history, i - internal, s aggreg...
Page 147
Bgp 139 ■ add acl on switch a, enable network 1.0.0.0. [switch a] acl number 1 [switch a-acl-basic-1] rule permit source 1.0.0.0 0.255.255.255 ■ define two route policies, one is called apply_med_50 and the other is called apply_med_100. The first med attribute with the route policy as network 1.0.0...
Page 148
140 c hapter 5: r outing p rotocol o peration [switch c] interface vlan-interface 3 [switch c-vlan-interface3] ip address 193.1.1.2 255.255.255.0 [switch c] interface vlan-interface 5 [switch c-vlan-interface5] ip address 195.1.1.2 255.255.255.0 [switch c] ospf [switch c-ospf] area 0 [switch c-ospf-...
Page 149
Bgp 141 [switch c-acl-basic-1] rule permit source 1.0.0.0 0.255.255.255 ■ define the route policy with the name of localpref, of those, the local preference matching acl 1 is set as 200, and that of not matching is set as 100. [switch c] route-policy localpref permit node 10 [switch c-route-policy] ...
Page 150
142 c hapter 5: r outing p rotocol o peration ip routing policy when a router distributes or receives routing information, it needs to implement some policies to filter the routing information so it can receive or distribute the routing information that meets only the specified condition. A routing ...
Page 151
Ip routing policy 143 ip prefix the function of the ip-prefix is similar to that of the acl, but it is more flexible and easier for users to understand. When the ip-prefix is applied to routing information filtering, its matching objects are the destination address information, domain of the routing...
Page 152
144 c hapter 5: r outing p rotocol o peration the permit argument specifies that if a route satisfies all the if-match clauses of a node, the route passes the filtering of the node, and the apply clauses for the node are executed without taking the test of the next node. If a route does not satisfy ...
Page 153
Ip routing policy 145 by default, no matching is performed. Note that: ■ the if-match clauses for a node in the route policy require that the route satisfy all the clauses to match the node before the actions specified by the apply clauses can be executed. ■ if no if-match clauses are specified, all...
Page 154
146 c hapter 5: r outing p rotocol o peration by default, no apply clauses are defined. Note that if the routing information meets the match conditions specified in the route policy and also notifies the med value configured with apply cost-type internal when notifying the igp route to the ebgp peer...
Page 155
Ip routing policy 147 define ip prefix a prefix list is identified by the ip prefix name. Each ip prefix can include multiple items, and each item can independently specify the matching range of the network prefix forms. The index-number specifies the matching sequence in the prefix list. Perform th...
Page 156
148 c hapter 5: r outing p rotocol o peration configuring filtering for the distributed routes define a policy concerning route distribution that filters the routing information that does not satisfy the conditions and distributes routes with the help of an acl or address ip-prefix. Perform the foll...
Page 157
Ip routing policy 149 figure 16 filtering received routing information configure switch a: 1 configure the ip address of vlan interface. [switch a] interface vlan-interface 100 [switch a-vlan-interface100] ip address 10.0.0.1 255.0.0.0 [switch a] interface vlan-interface 200 [switch a-vlan-interface...
Page 158
150 c hapter 5: r outing p rotocol o peration ■ the if-match mode of at least one node of the route policy should be the permit mode. When a route-policy is used for the routing information filtering, if a piece of routing information does not pass the filtering of any node, then it means that the r...
Page 159
Route capacity 151 setting the lower limit for switch memory when the ethernet switch memory is equal to or lower than the lower limit, bgp and ospf will be disconnected. Perform the following configurations in system view. By default, the lower limit of the ethernet switch memory is 2mbytes, that i...
Page 160
152 c hapter 5: r outing p rotocol o peration perform the following configuration in the system view. The default values of the lower limit and the safety value of the ethernet switch memory are 2mbytes and 4mbytes, respectively. Note that the safety-value must be more than the limit-value during th...
Page 161
Route capacity 153 displaying and debugging route capacity after the above configuration, executethe display command in all views to display the running of the route capacity configuration. Table 135 display and debug route capacity operation command display the route capacity related memory setting...
Page 162
154 c hapter 5: r outing p rotocol o peration.
Page 163: Ulticast
6 m ulticast p rotocol this chapter includes information on the following: ■ ip multicast overview ■ gmrp ■ igmp snooping ■ common multicast configuration ■ igmp configuration ■ pim-dm configuration ■ pim-sm configuration ip multicast overview many transmission methods can be used when the destinati...
Page 164
156 c hapter 6: m ulticast p rotocol figure 1 comparison between the unicast and multicast transmission note: a multicast source does not necessarily belong to a multicast group. It only sends data to the multicast group and it is not necessarily a receiver. Multiple sources can send packets to a mu...
Page 165
Ip multicast overview 157 ranges and meanings of class d addresses are shown in table 1. Reserved multicast addresses that are commonly used are shown table 2: ethernet multicast mac addresses when unicast ip packets are transmitted in ethernet, the destination mac address is the mac address of the ...
Page 166
158 c hapter 6: m ulticast p rotocol figure 2 mapping between the multicast ip address and the ethernet mac address only 23 bits of the last 28 bits in the ip multicast address are mapped to the mac address. Therefore the 32 ip multicast addresses are mapped to the same mac address. Ip multicast pro...
Page 167
Ip multicast overview 159 resources related (such as bandwidth and cpu of routers) are consumed. In order to decrease the consumption of these precious network resources, branches that do not have members send prune messages toward the source to reduce the unwanted/unnecessary traffic. To enable the...
Page 168
160 c hapter 6: m ulticast p rotocol application of multicast ip multicast technology effectively solves the problem of packet forwarding from single-point to multi-point. It implements high-efficient data transmission from single-point to multi-point in ip networks and can save a large amount of ne...
Page 169
Gmrp 161 by default, gmrp is disabled. Enabling/disabling gmrp on the port perform the following configuration in ethernet port view. Gmrp should be enabled globally before being enabled on a port. By default, gmrp is disabled on the port. Displaying and debugging gmrp after the previous configurati...
Page 170
162 c hapter 6: m ulticast p rotocol [sw7700-ethernet1/0/1] gmrp igmp snooping igmp snooping (internet group management protocol snooping) is a multicast control mechanism running on layer 2. It is used for multicast group management and control. Igmp snooping runs on the link layer. When receiving ...
Page 171
Igmp snooping 163 figure 5 multicast packet transmission with igmp snooping implement igmp snooping this section introduces related switch concepts of igmp snooping: ■ router port: the port directly connected to the multicast router. ■ multicast member port: the port connected to the multicast membe...
Page 172
164 c hapter 6: m ulticast p rotocol figure 6 implementing igmp snooping 1 igmp general query message: transmitted by the multicast router to query which multicast group contains member. When a router port receives an igmp general query message, the switch 7700 will reset the aging timer of the port...
Page 173
Igmp snooping 165 any member, the switch will notify the multicast router to remove it from the multicast tree. Configure igmp snooping the main igmp snooping configuration includes: ■ enabling/disabling igmp snooping ■ configuring the aging time of router port ■ configuring maximum response time ■ ...
Page 174
166 c hapter 6: m ulticast p rotocol perform the following configuration in system view. By default, the maximum response time is 10 seconds. Configure aging time of multicast group member this task sets the aging time of the multicast group member port. If the switch receives no multicast group rep...
Page 175
Common multicast configuration 167 figure 7 igmp snooping configuration network 1 display the status of gmrp. Display gmrp status 2 display the current status of igmp snooping when gmrp is disabled. Display igmp-snooping configuration 3 enable igmp snooping if it is disabled. [sw7700] igmp-snooping ...
Page 176
168 c hapter 6: m ulticast p rotocol common multicast configuration common multicast configuration includes: ■ enabling multicast enabling multicast enable multicast first before enabling the multicast routing protocol. Enabling multicast will automatically enable igmp operation on all interfaces. P...
Page 177
Igmp configuration 169 igmp configuration igmp (internet group management protocol) is a protocol in the tcp/ip suite responsible for management of ip multicast members. It is used to establish and maintain multicast membership among ip hosts and their connected neighboring routers. Igmp excludes tr...
Page 178
170 c hapter 6: m ulticast p rotocol multicast group. This prevents the hosts of members of other multicast groups from sending response messages. ■ max response time the max response time is added in igmp version 2. It is used to dynamically adjust the allowed maximum time for a host to response to...
Page 179
Igmp configuration 171 limit ing access to ip multicast groups a multicast router learns whether there are members of a multicast group on the network by the received igmp membership message. A filter can be set on an interface to limit the range of allowed multicast groups. Perform the following co...
Page 180
172 c hapter 6: m ulticast p rotocol configuring the igmp querier present timer the igmp querier present timer defines the period of time before the router takes over as the querier. Perform the following configuration in vlan interface view. By default, the value is 120 seconds. If the router has r...
Page 181
Pim-dm configuration 173 pim-dm configuration pim-dm (protocol independent multicast, dense mode) belongs to dense mode multicast routing protocols. Pim-dm is suitable for small networks. Members of multicast groups are relatively dense in such network environments. The working procedures of pim-dm ...
Page 182
174 c hapter 6: m ulticast p rotocol independent of any specified unicast routing protocol such as the routing information learned by rip and ospf ■ assert mechanism as shown in the following figure, both routers a and b on the lan have their own receiving paths to multicast source s. In this case, ...
Page 183
Pim-dm configuration 175 perform the following configuration in vlan interface view. It’s recommended you configure pim-dm on all interfaces in non-special cases. This configuration is effective only after the multicast routing is enabled in system view. Once enabled pim-dm on an interface, pim-sm c...
Page 184
176 c hapter 6: m ulticast p rotocol pim-dm configuration example ls_a has a port carrying vlan 10 to connect multicast source, a port carrying vlan11 to connect ls_b and a port carrying vlan12 to connect ls_c. Configure to implement multicast between multicast source and receiver 1 and receiver 2. ...
Page 185
Pim-sm configuration 177 [sw7700-vlan-interface11] ip address 2.2.2.2 255.255.0.0 [sw7700-vlan-interface11] pim dm [sw7700-vlan-interface11] quit [sw7700] interface vlan-interface 12 [sw7700-vlan-interface12] ip address 3.3.3.3 255.255.0.0 [sw7700-vlan-interface12] pim dm pim-sm configuration pim-sm...
Page 186
178 c hapter 6: m ulticast p rotocol figure 10 rpt schematic diagram multicast source registration when multicast source s sends a multicast packet to the group g, the pim-sm multicast router is responsible for encapsulating the packet into a registration packet upon receipt. It then sends the packe...
Page 187
Pim-sm configuration 179 calculate the rps corresponding to multicast groups according to the same algorithm after receiving the c-rp messages that the bsr advertises. It should be noted that one rp can serve multiple multicast groups or all multicast groups. Each multicast group can only be uniquel...
Page 188
180 c hapter 6: m ulticast p rotocol once enabled , pim-dm cannot be enabled on the same interface. Configure the interface hello message interval generally, pim-sm advertises hello messages periodically on the interface enabled with it to detect pim neighbors and discover which router is the design...
Page 189
Pim-sm configuration 181 using undo pim command, you can clear the configuration in pim view, and back to system view. Configure candidate-bsrs in a pim domain, one or more candidate bsrs should be configured. A bsr (bootstrap router) is elected among candidate bsrs. The bsr takes charge of collecti...
Page 190
182 c hapter 6: m ulticast p rotocol multicast group in the specified range. It is suggested to configure candidate rp on the backbone router. Configure rp to filter the register messages sent by dr in the pim-sm network, the register message filtering mechanism can control which sources to send mes...
Page 191
Pim-sm configuration 183 example: configuring pim-sim in actual network, we assume that the switches can intercommunicate. Suppose that host a is the receiver of the multicast group at 225.0.0.1. Host b begins transmitting data destined to 225.0.0.1. Ls_a receives the multicast data from host b by l...
Page 192
184 c hapter 6: m ulticast p rotocol [sw7700] vlan 12 [sw7700-vlan12] port ethernet 1/0/6 to ethernet 1/0/7 [sw7700-vlan12] quit [sw7700] pim [sw7700-pim] interface vlan-interface 12 [sw7700-vlan-interface12] pim sm [sw7700-vlan-interface12] quit 2 configure the threshold for multicast group to swit...
Page 193
Pim-sm configuration 185 configure ls_c: 1 enable pim-sm. [sw7700] multicast routing-enable [sw7700] vlan 10 [sw7700-vlan10] port ethernet 1/0/2 to ethernet 1/0/3 [sw7700-vlan10] quit [sw7700] pim [sw7700-pim] interface vlan-interface 10 [sw7700-vlan-interface10] pim sm [sw7700-vlan-interface10] qui...
Page 194
186 c hapter 6: m ulticast p rotocol.
Page 195: S/acl O
7 q o s/acl o peration ■ acl overview ■ configuring acl ■ displaying and debugging acl ■ qos overview ■ user logonacl control configuration acl overview a series of matching rules are required for the network devices to identify the packets to be filtered. After identifying the packets, the switch c...
Page 196
188 c hapter 7: q o s/acl o peration this type of filtering includes: acl cited by route policy function, acl used for controlling user logons, and so on. Note: the depth-first principle puts the statement specifying the smallest range of packets on the top of the list. This can be implement, the fe...
Page 197
Configuring acl 189 configuring acl acl configuration includes the tasks described in the following sections: ■ configuring the time range ■ selecting the acl mode ■ defining acl ■ activating acl these steps must be done in sequence. Configure the time range first, then select the acl mode and defin...
Page 198
190 c hapter 7: q o s/acl o peration perform the following configuration in system view. The switch 7700 uses ip-based mode and the l3 traffic classification rule by default. Defining acl the switch 7700 supports several kinds of acls. To define the acl: 1 enter the corresponding acl view 2 add a ru...
Page 199
Configuring acl 191 the packet priority to process the data packets. The advanced acl supports the analyses of three kinds of packet priorities, tos (type of service), ip, and dscp priorities. Perform the following configuration in designated view. The advanced acl is identified with numbers ranging...
Page 200
192 c hapter 7: q o s/acl o peration the numbered interface acls can be identified with numbers ranging from 1000 to 1999. Notes: the switch 7700 does not have any layer-3 physical interface but has layer-3 vlan virtual interface. Therefore when the command line prompts for the input interface type,...
Page 201
Displaying and debugging acl 193 displaying and debugging acl after you configure acl, execute the display command in all views to display the running of the acl configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear the statistics of the acl mo...
Page 202
194 c hapter 7: q o s/acl o peration define the work time range: 1 set the time range from 8:00 to 18:00. [sw7700] time-range 3com 8:00 to 18:00 define the acl to access the payment server: 1 enter the name of the advanced acl. [sw7700] acl name traffic-of-payserver advanced match-order config 2 set...
Page 203
Qos overview 195 such as mac address, ip protocol, source ip address, destination ip address, and the port number of application can be used for traffic classification. Generally, the classification standards are encapsulated in the header of the packets. The packet content is seldom used as the cla...
Page 204
196 c hapter 7: q o s/acl o peration figure 2 sp the sp is designed for the key service application. A significant feature of the key service is required for priority to enjoy the service to reduce the responding delay when congestion occurs. Take 4 egress queues for each port as example, sp divides...
Page 205
Qos overview 197 this random number is compared with the discarding probability for the current queue. Any packet whose random number is greater than the probability is discarded. The longer the queue, the higher the discarding probability . However, there is a maximum discarding probability. Throug...
Page 206
198 c hapter 7: q o s/acl o peration perform the following configuration in ethernet port view. The switch 7700 supports a function to tag the packets with ip precedence (specified by ip-precedence in the traffic-priority command), or dscp (specified by dscp in the traffic-priority command). You can...
Page 207
Qos overview 199 configure the red operation the function of the red operation is to avoid congestion in advance. Perform the following configuration in ethernet port view. For details about the command, see the switch 7700 command reference guide. Configure bandwidth assurance bandwidth assurance g...
Page 208
200 c hapter 7: q o s/acl o peration displaying and debugging qos after you configure qos, execute the display command in all views to display the running of the qos configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear the statistics of the qo...
Page 209
User logonacl control configuration 201 figure 3 access control configuration example note: in the following configurations, only the commands related to qos/acl configurations are listed. Define the traffic accessing the payment query server: 1 enter the named advanced acl view, identified as traff...
Page 210
202 c hapter 7: q o s/acl o peration the steps to control telnet users with acl are described in the following sections: ■ define acl ■ call acl to control telnet users define acl to implement the acl control function, you can only call the numbered basic acl, ranging from 1 to 99. Perform the follo...
Page 211
User logonacl control configuration 203 figure 4 control telnet user with acl use the following commands to control telnet users with acl. 1 define the basic acls. [sw7700] acl number 20 match-order config [sw7700-acl-basic-20] rule 1 permit source 10.110.100.52 0 [sw7700-acl-basic-20] rule 2 permit...
Page 212
204 c hapter 7: q o s/acl o peration the snmp community-name attribute is a feature of snmp v1. Therefore, calling an acl for snmp community name configuration can filter the access to snmp v1 network management system. The snmp group-name and username attributes are features of snmp v2 and higher. ...
Page 213: Stp O
8 stp o peration this chapter covers the following topics: ■ stp overview ■ rstp ■ configuring rstp ■ mstp ■ configuring mstp stp overview spanning tree protocol (stp) is applied in a loop network to block some undesirable redundant paths with certain algorithms and prune the network into a loop-fre...
Page 214
206 c hapter 8: stp o peration figure 1 designated switch and designated port calculating the stp algorithm the following example illustrates the calculation process of stp. The figure1-2 below illustrates the network. Figure 2 switch 7700 networking to facilitate the descriptions, only the first fo...
Page 215
Stp overview 207 configuration bpdu of ethernet 1/0/7: {1, 0, 1, e1/0/7} configuration bpdu of ethernet 1/0/4: {1, 0, 1, e1/0/4} ■ switch c configuration bpdu of ethernet 1/0/1: {2, 0, 2, e1/0/1} configuration bpdu of ethernet 1/0/5: {2, 0, 2, e1/0/5} selecting the optimum configuration bpdu every s...
Page 216
208 c hapter 8: stp o peration configuration bpdu of ethernet 1/0/1: {0, 0, 0, e1/0/1} configuration bpdu of ethernet 1/0/2: {0, 0, 0, e1/0/2} ■ switch b ethernet 1/0/7 receives the configuration bpdu from switch a and finds that the received bpdu has a higher priority than the local one, so it upda...
Page 217
Rstp 209 receive the data forwarded from switch a until spanning tree calculation is triggered again by changes, for example, the link from switch b to c is down. Thus the spanning tree is stabilized. The tree with the root switch a is illustrated in figure 3. Figure 3 the final stabilized spanning ...
Page 218
210 c hapter 8: stp o peration to achieve the rapid transition of the root port state, the following requirement should be met: the old root port on this switch has stopped data forwarding and the designated port in the upstream has begun forwarding data. The conditions for rapid state transition of...
Page 219
Rstp 211 among the above-mentioned tasks, only the steps of enabling stp on the switch and enabling stp on the port are required. For other tasks, if you do not configure them, the system will use the default settings. Before enabling spanning tree, relative parameters of ethernet port or the device...
Page 220
212 c hapter 8: stp o peration perform the following configurations in system view. The diameter of the switching network should not exceed 7. Users can configure this parameter according to the actual networking. By default, the parameter is configured to 7. Configuring rstp operating mode rstp is ...
Page 221
Rstp 213 is enabled, an assignment of a priority to the bridge will lead to recalculation of the spanning tree. By default, the priority of the bridge is 32768. Specifying the switch as a primary or secondary root switch rstp can determine the spanning tree root through calculation. You can also spe...
Page 222
214 c hapter 8: stp o peration state and resume data frame forwarding. This delay ensures that the new configuration bpdu has been propagated throughout the network before the data frame forwarding is resumed. Perform the following configurations in system view. The forward delay of the bridge is re...
Page 223
Rstp 215 if the max age is too short, it results in frequent calculation of spanning tree or misjudging the network congestion as a link fault. On the other hand, a max age that is too long may make the bridge unable to find link failure in time and weaken the network auto-sensing ability. The defau...
Page 224
216 c hapter 8: stp o peration bridge is configured as an edge port, rstp will automatically detect and reconfigure it as a non-edgeport. After the network topology changes, if a configured non-edgeport changes to an edgeport and is not connected to any other port, you should configure it as an edge...
Page 225
Rstp 217 tree. If all the ethernet ports of the bridge adopt the same priority parameter value, then the priority of these ports depends on the ethernet port index number. Note that changing the priority of an ethernet port causes recalculation of the spanning tree. You can set the port priority at ...
Page 226
218 c hapter 8: stp o peration perform the following configurations in ethernet port view. This command can be used when the bridge runs rstp in rstp mode, but it cannot be used when the bridge runs rstp in stp-compatible mode. Configuring the switch security function an rstp switch provides bpdu pr...
Page 227
Rstp 219 after being configured with bpdu protection, the switch disables the edge port through rstp, which receives a bpdu, and notifies the network manager at same time. Only the network manager can resume these. The port configured with root protection only plays a role of a designated port. When...
Page 228
220 c hapter 8: stp o peration figure 4 rstp configuration example only the configurations related to rstp are listed in the following procedure. Switch a serves as the root. Switch d through switch f are configured in basically the same way so only the rstp configuration on switch d is introduced. ...
Page 229
Rstp 221 and do not disable those involved. (the following configuration takes ethernet 0/4 as an example.) [sw7700] interface ethernet 0/4 [sw7700-ethernet0/4] stp disable 3 configure switch c and switch b to serve as standby of each other and sets the bridge priority of switch b to 4069. [sw7700] ...
Page 230
222 c hapter 8: stp o peration 3 configure the ports (ethernet 0/1 through ethernet 0/24) directly connected to users as edge ports and enable bpdu protection function. (take ethernet 0/1 as an example.) [sw7700] interface ethernet 0/1 [sw7700-ethernet0/1] stp edged-port enable [sw7700] stp bpdu-pro...
Page 231
Mstp 223 group several switches into a mst region, using mstp configuration commands. For example, in figure 5, in mst region a0, the 4 switches are configured with the same region name, vlan mapping table (vlan1 map to instance 1, vlan 2 map to instance 2, other vlan map to instance 0), and revisio...
Page 232: Configuring
224 c hapter 8: stp o peration ■ the designated port is the one through which the data is forwarded to the downstream network segment or switch. ■ master port is the port connecting the entire region to the common root bridge and located on the shortest path between them. ■ an alternate port is the ...
Page 233
Configuring mstp 225 ■ configuring the bridge priority for a switch ■ configuring the max hops in an mst region ■ configuring the switching network diameter ■ configuring the time parameters of a switch ■ configuring the max transmission speed on a port ■ configuring a port as an edge port ■ configu...
Page 234
226 c hapter 8: stp o peration configuring the mst region perform the following configuration in mst region view. An mst region can contain up to 49 spanning tree instances, among which instance 0 is an ist and instances 1 through 48 are mstis. Upon the completion of this configurations, the current...
Page 235
Configuring mstp 227 perform the following configuration in system view. After a switch is configured as primary root switch or secondary root switch, you cannot modify the bridge priority of the switch. You can configure the current switch as the primary or secondary root switch of the sti (specifi...
Page 236
228 c hapter 8: stp o peration connected to the stp switch) and the switch provides multiple spanning tree function. You can use the following command to configure mstp running mode. Mstp can intercommunicate with stp. If there is stp switch in the switching network, you can use the command to confi...
Page 237
Configuring mstp 229 switch discards the configuration bpdu with 0 hops left. This makes it impossible for the switch beyond the max hops to take part in the spanning tree calculation, thereby limiting the scale of the mst region. You can use the following command to configure the max hops in an mst...
Page 238
230 c hapter 8: stp o peration forward delay is the switch state transition mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the configuration bpdu recalculated cannot be immediately propagated throughout the network. Temporary lo...
Page 239
Configuring mstp 231 recalculate the spanning tree in time, which weakens the auto-adaptation capacity of the network. The default value is recommended. To avoid frequent network flapping, the values of hello time, forward delay and maximum age should guarantee the following formulas equal. 2 * (for...
Page 240
232 c hapter 8: stp o peration configuring a port as an edge port an edge port refers to the port not directly connected to any switch or indirectly connected to a switch over the connected network. You can configure a port as an edge port or non-edge port in the following ways. Configuring in syste...
Page 241
Configuring mstp 233 configuring in system view perform the following configuration in system view. Configuring in ethernet port view perform the following configuration in ethernet port view. For more about the commands, see the switch 7700 command reference guide. Upon the change of path cost of a...
Page 242
234 c hapter 8: stp o peration for more about the commands, see the switch 7700 command reference guide. After the change of port priority, mstp will recalculate the port role and transit the state. A smaller value represents a higher priority. If all the ethernet ports of a switch are configured wi...
Page 243
Configuring mstp 235 for the ports connected with the point-to-point link, upon some port role conditions met, they can transit to forwarding state fast through transmitting synchronization packet, thereby reducing the unnecessary forwarding delay. If the parameter is configured as auto mode, mstp w...
Page 244
236 c hapter 8: stp o peration transition. When such port receives bpdu packet, the system will automatically set it as a non-edge port and recalculate the spanning tree, which causes the network topology flapping. In normal case, these ports will not receive stp bpdu. If someone forges bpdu to atta...
Page 245
Configuring mstp 237 the port configured with root protection only plays a role of designated port on every instance. Whenever such port receives a higher-priority bpdu, that is, it is about to turn into non-designated port, it will be set to listening state and not forward packets any more (as if t...
Page 246
238 c hapter 8: stp o peration configuring in ethernet port view perform the following configuration in ethernet port view. For more information about the commands, see the switch 7700 command reference guide. Note that redundant route may be generated after mstp is disabled. By default, mstp is ena...
Page 247: Aaa
9 aaa and radius o peration this chapter covers the following topics: ■ ieee 802.1x ■ configuring the aaa and radius protocols ieee 802.1x ieee 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for lan user access authentication. I...
Page 248
240 c hapter 9: aaa and radius o peration there are two types of ports for the authenticator. One is the uncontrolled port, and the other is the controlled port. The uncontrolled port is always in a bi-directional connection state. The user can access and share the network resources any time through...
Page 249
Ieee 802.1x 241 implement 802.1x on ethernet switch the 3com switch 7700 not only supports the port access authentication method regulated by 802.1x, but also extends and optimizes it in the following way: ■ support to connect several end stations in the downstream by a physical port. ■ the access c...
Page 250
242 c hapter 9: aaa and radius o peration by default, 802.1x authentication has not been enabled globally and on any port. Setting the port access control mode the following commands can be used for setting 802.1x access control mode on the specified port. When no port is specified, the access contr...
Page 251
Ieee 802.1x 243 setting number of users on a port the following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of users. Perform the following configurations in system view or ethernet port view. By d...
Page 252
244 c hapter 9: aaa and radius o peration setting the maximum retransmission times the following commands are used for setting the maximum authenticator-to-supplicant frame-retransmission times. Perform the following configurations in system view. By default, the max-retry-value is 3. That is, the s...
Page 253
Ieee 802.1x 245 quiet-period-value: specify how long the quiet period is. The value ranges from 10 to 120 in units of second. Server-timeout: specify the timeout timer of an authentication server. If an authentication server has not responded before the specified period expires, the authenticator wi...
Page 254
246 c hapter 9: aaa and radius o peration example: 802.1x configuration as shown in the following figure, the workstation is connected to the 1/0/2 of the switch 7700. The switch administrator will enable 802.1x on all the ports to authenticate the supplicants to control their access to the internet...
Page 255
Ieee 802.1x 247 figure 2 enabling 802.1x and radius to perform aaa on the requester the following examples concern most of the aaa/radius configuration commands. The configurations for accessing user workstation and the radius server are omitted. 1 enable the 802.1x performance on the specified port...
Page 256
248 c hapter 9: aaa and radius o peration 10 configure the system to transmit the user name to the radius server after removing the domain name. [sw7700-radius-radius1] user-name-format without-domain [sw7700-radius-radius1] quit 11 create the user domain 3com163.Net and enters isp configuration mod...
Page 257
Configuring the aaa and radius protocols 249 as mentioned above, aaa is a management framework, so it can be implemented by some protocols. Radius is frequently used. Remote authentication dial-in user service, radius for short, is distributed information switching protocol in client/server architec...
Page 258
250 c hapter 9: aaa and radius o peration figure 3 networking with switch 7700 applying radius authentication configuring aaa aaa configuration includes tasks that are described in the following sections: ■ creating/deleting an isp domain ■ configuring relevant attributes of an isp domain ■ creating...
Page 259
Configuring the aaa and radius protocols 251 perform the following configurations in system view. By default, there is no isp domain in the system. Configuring relevant attributes of an isp domain the relevant attributes of isp domain include the adopted radius server group, state, and maximum numbe...
Page 260
252 c hapter 9: aaa and radius o peration perform the following configurations in system view. By default, there is no local user in the system. Setting attributes of a local user the attributes of a local user include its password, state, service type and some other settings. Perform the following ...
Page 261
Configuring the aaa and radius protocols 253 disconnecting a user by force sometimes it is necessary to disconnect a user or a category of users by force. The system provides the following command to serve for this purpose. Perform the following configurations in system view. By default, no online u...
Page 262
254 c hapter 9: aaa and radius o peration creating/deleting a radius server group as mentioned above, radius protocol configurations are performed on the per radius server group basis. Therefore, before performing other radius protocol configurations, it is compulsory to create the radius server gro...
Page 263
Configuring the aaa and radius protocols 255 in real networking environments, the above parameters should be set according to the specific requirements. For example, you may specify 4 groups of different data to map 4 radius servers, or specify one of the two servers as primary authentication/author...
Page 264
256 c hapter 9: aaa and radius o peration setting the response timeout timer of radius server radius (authentication/authorization or accounting) request packet is transmitted for a period of time. If nas has not received the response from radius server, it has to retransmit the request to guarantee...
Page 265
Configuring the aaa and radius protocols 257 perform the following configurations in radius server group view. The minute variable pecifies the real-time accounting interval in minutes. The value must be a multiple of 3. The value of minute is related to the performance of nas and radius server. The...
Page 266
258 c hapter 9: aaa and radius o peration enabling/disabling stopping accounting request buffer because the stopping accounting request concerns account balance and affects the amount to charge a customer, nas makes its best effort to send the message to radius accounting server. Accordingly, if the...
Page 267
Configuring the aaa and radius protocols 259 perform the following configurations in radius server group view. By default, the radius server type is standard. Setting radius server state for the primary and second servers, if the primary is disconnected to nas for some fault, nas will automatically ...
Page 268
260 c hapter 9: aaa and radius o peration by default, radius server group acknowledges that the username sent to it includes isp domain name. Setting the unit of data flow that transmitted to radius server the following command defines the unit of the data flow sent to radius server. By default, the...
Page 269
Configuring the aaa and radius protocols 261 example: aaa and radius protocol configuration aaa/radius protocol configuration commands are generally used together with 802.1x configuration commands. Refer to the typical configuration examples provided in “configuring 802.1x”. Aaa and radius protocol...
Page 270
262 c hapter 9: aaa and radius o peration radius packet cannot be transmitted to radius server. 1 the communication lines (on physical layer or link layer) connecting nas and radius server may not work well. 2 the ip address of the corresponding radius server may not have been set on nas. Set a prop...
Page 271: Eliability
10 r eliability this chapter covers the following topics: ■ vrrp overview ■ configuring vrrp vrrp overview virtual router redundancy protocol (vrrp) is a fault-tolerant protocol. In general, a default route, for example, 10.100.10.1 in figure 1, is configured for every host on a network, so that pac...
Page 272
264 c hapter 10: r eliability figure 2 virtual router this virtual router has its own ip address: 10.100.10.1, which can be the interface address of a switch within the virtual router. The switches within the virtual router have their own ip addresses, such as 10.100.10.2 for the master switch and 1...
Page 273
Configuring vrrp 265 perform the following commands in system view. By default, the ping function for the virtual ip address is disabled. Setting the correspondence between virtual ip and mac addresses this operation sets the correspondence between the virtual ip address and the real or virtual mac ...
Page 274
266 c hapter 10: r eliability perform the following configuration in vlan interface view. Configuring the priority of switches the status of each switch in the virtual router is determined by its priority in vrrp. The switch with the highest priority becomes the master. The priority ranges from 0 to...
Page 275
Configuring vrrp 267 the delay ranges from 0 to 255, measured in seconds. The default mode is preemption with a delay of 0 second. Note: if the preemption mode is cancelled, the delay time automatically becomes 0 seconds. Configuring authentication type and authentication key vrrp provides following...
Page 276
268 c hapter 10: r eliability perform the following configuration in vlan interface view. By default, adver-interval is configured to be 3. Configuring a switch to track an interface vrrp interface track function expands the backup function. Backup is provided not only to the interface where the vir...
Page 277
Configuring vrrp 269 vrrp virtual router information includes virtual router id1, virtual ip address 202.38.160.111, switch a as the master and switch b as the backup allowed preemption. Figure 3 vrrp configuration configure switch a: [lsw_a-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 [ls...
Page 278
270 c hapter 10: r eliability configure switch a 1 create a virtual router. [lsw_a-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 set the priority for the virtual router. [lsw_a-vlan-interface2] vrrp vrid 1 priority 110 3 set the authentication key for the virtual router. [lsw_a-vlan-inter...
Page 279
Configuring vrrp 271 configure switch b: 1 create virtual router 1. [lsw_b-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 create virtual router 2. [lsw_b-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 3 set the priority for the virtual router. [lsw_b-vlan-interface2] vrrp vrid 2 pr...
Page 280
272 c hapter 10: r eliability.
Page 281: Ystem
11 s ystem m anagement this chapter covers the following topics: ■ file system management ■ mac address table management ■ device management ■ system maintenance and debugging ■ snmp ■ rmon ■ ntp file system management the ethernet switch provides a file system module for efficient management with s...
Page 282
2 c hapter 11: s ystem m anagement file operation the file system can be used to delete or undelete a file or permanently delete a file. It can also be used to display file contents, rename, copy and move a file and display the information about a specified file. You can use the commands in table 2 ...
Page 283
File system management 3 all sectors will be erased, proceed? [confirm]y format flash: completed 2 display the working directory in the flash. Cd flash:/ pwd flash:/ 3 create a directory named test. Mkdir test 4 display the flash directory information after creating the test directory. Dir directory...
Page 284
4 c hapter 11: s ystem m anagement perform the following configuration in all views. The configuration files are displayed in their corresponding saving formats. Save the current-configuration use the save command to retain the current-configuration in the flash memory. The configurations are saved ...
Page 285
File system management 5 the ethernet switch provides the following ftp services: ■ ftp server: you can run ftp client program to log in the server and access the files on it. ■ ftp client: after connected to the server through running the terminal emulator or telnet on a pc, you can access the file...
Page 286
6 c hapter 11: s ystem m anagement only clients who have passed the authentication and authorization successfully can access the ftp server. Configure the running parameters of ftp server you can use the following commands to configure the connection timeout of the ftp server. If the ftp server rece...
Page 287
Mac address table management 7 server and then transmits data to it and receives the acknowledgement from it. Tftp transmits files in two modes, binary mode for program files and ascii mode for text files. Tftp configuration tasks include: ■ configure the file transmission mode ■ download files by m...
Page 288
8 c hapter 11: s ystem m anagement way: after receiving a data frame from a port (assumed as port a), the switch analyzes its source mac address (assumed as mac_source) and considers that the packets destined at mac_source can be forwarded through port a. If the mac address table contains the mac_so...
Page 289
Mac address table management 9 set mac address table entries administrators can manually add, modify, or delete the entries in mac address table according to the actual needs. They can also delete all (unicast) mac address table entries related to a specified port or delete a specified type of entri...
Page 290
10 c hapter 11: s ystem m anagement perform the following configurations in the ethernet port view. By default, the mac address learning function is enabled. Set mac address aging time setting an appropriate aging time implements mac address aging. Too long or too short an aging time set by subscrib...
Page 291
Mac address table management 11 perform the following configuration in ethernet port view. Note: if the count parameter takes 0, the port is no permitted to learn mac address. There is no limit to the amount of the mac addresses that an ethernet port can learn by default. However how many mac addres...
Page 292
12 c hapter 11: s ystem m anagement figure 2 typical configuration of address table management configuration procedure 1 enter the system view of the switch. System-view 2 add a mac address (specify the native vlan, port and state). [sw7700] mac-address static 00e0-fc35-dc71 interface ethernet 1/0/2...
Page 293
Device management 13 designate the app adopted when booting the ethernet switch next time in the case that there are several operational images in the flash memory, you can use this command to designate the operational file (*.App) file to use when the switch 7700 is booted. Perform the following co...
Page 294
14 c hapter 11: s ystem m anagement set backboard view the backboard view command determines the backplane bandwidth allocated to each slot in the switch 7700. Currently, the switch fabric has the capability of 32gbpos full duplex yet the chassis has a maximum capability of 48 gbps full duplex. This...
Page 295
System maintenance and debugging 15 ■ setting the system clock ■ set the time zone ■ setting daylight saving time setting the system name perform the following commands in system view. Setting the system clock perform the following command in user view. Set the time zone you can configure the name o...
Page 296
16 c hapter 11: s ystem m anagement ■ commands for displaying the system statistics information for the display commands related to each protocols and different ports, refer to the relevant chapters. The following display commands are used for displaying the system state and the statistics informati...
Page 297
System maintenance and debugging 17 figure 3 debug output you can use the following commands to control the above-mentioned debugging. Perform the following operations in user view. For more about the usage and format of the debugging commands, refer to the relevant chapters. Since the debugging out...
Page 298
18 c hapter 11: s ystem m anagement you can perform the following operations in all views. Testing tools for network connection ping the ping command can be used to check the network connection and to verify if the host is reachable. Perform the following operation in user view. The output of the co...
Page 299
System maintenance and debugging 19 information efficiently. Coupled with the debugging program, the syslog provides powerful support for the network administrators and the r&d personnel to monitor the operating state of networks and diagnose network failures. The syslog of the switch 7700 has the f...
Page 300
20 c hapter 11: s ystem m anagement perform the following configuration in system view. The system assigns a channel in each output direction by default. See table 39. The settings in the six directions are independent from each other. The settings will take effect only after enabling the informatio...
Page 301
System maintenance and debugging 21 you can use the following commands to define the filtering rules of the channels. Perform the following operation in system view. Modu-name specifies the module name. Level refers to the severity levels and severity specifies the severity level of information. The...
Page 302
22 c hapter 11: s ystem m anagement this configuration is performed on the info-center loghost. The following configuration example is implemented on sunos 4.0. The configurations on the unix operating systems of other vendors are basically the same. A perform the following commands with the identit...
Page 303
Snmp 23 configure the info-center loghost as follows: 1 enable the logging system. [sw7700] info-center enable 2 set the host at 202.38.1.10 as info-center loghost, sets the severity threshold to informational, the output language to english and allows the rstp and ip modules to output information. ...
Page 304
24 c hapter 11: s ystem m anagement in terms of structure, snmp can be divided into two parts, namely, nms and agent. Nms (network management station) is the workstation for running the client program. At present, the commonly used nm platforms include sun netmanager and ibm netview. Agent is the se...
Page 305
Snmp 25 the current snmp agent of ethernet switch supports snmp v1, v2c and v3. The mibs supported are listed in the following table. Configure snmp the main configuration of snmp includes: ■ setting the community name ■ setting the method of identifying and contacting the administrator ■ enabling a...
Page 306
26 c hapter 11: s ystem m anagement you can use the following commands to set the community name. Perform the following configuration in system view. Setting the method of identifying and contacting the administrator the syscontact is a management viable of the system group in mib ii. The content is...
Page 307
Snmp 27 perform the following configuration in system view. The authentication parameter specifies that the packet is authenticated without encryption. This parameter is supported only in snmp v3. The privacy parameter specifies that the packet is authenticated and encrypted. This parameter is suppo...
Page 308
28 c hapter 11: s ystem m anagement perform the following configuration in system view. By default, the engine id is expressed as enterprise no. + device information. The device information can be ip address, mac address, or user-defined text. Setting and deleting an snmp group you can use the follo...
Page 309
Snmp 29 perform the following configuration in system view. The authentication-mode parameter specifies the use of authentication. The privacy-mode parameter specifies the use of authentication and encryption. This parameter is supported only in snmp v3. For details, see the switch 7700 command refe...
Page 310
30 c hapter 11: s ystem m anagement disabling the snmp agent to disable snmp agent, please perform the following configuration in system view. If user disable nmp agent, it will be enabled whatever snmp-agent command is configured thereafter. Displaying and debugging snmp after the above configurati...
Page 311
Rmon 31 figure 5 snmp configuration example 1 enter the system view. System-view 2 set the community name and the access authority. [sw7700] snmp-agent community read public 3 set the administrator id, contact and the physical location of the ethernet switch. [sw7700] snmp-agent sys-info contact mr....
Page 312
32 c hapter 11: s ystem m anagement exchange data information with snmp agent and collect nm information. However, not all the data of rmon mib can be obtained with this method, depending on resources. In most cases, only four groups of information can be collected. The four groups include trap info...
Page 313
Rmon 33 perform the following configuration in system view. Adding and deleting an entry to or from the history control table the history data management helps you set the history data collection, periodical data collection and storage of the specified ports. The sampling information includes the ut...
Page 314
34 c hapter 11: s ystem m anagement perform the following configuration in ethernet port view. Displaying and debugging rmon after the above configuration, execute display command in all views to display the running of the rmon configuration, and to verify the effect of the configuration. Example: r...
Page 315
Ntp 35 gathers statistics of interface ethernet2/0/1. Received: octets : 270149,packets : 1954 broadcast packets :1570 ,multicast packets:365 undersized packets :0 ,oversized packets:0 fragments packets :0 ,jabbers packets :0 crc alignment errors:0 ,collisions :0 dropped packet events (due to lack o...
Page 316
36 c hapter 11: s ystem m anagement in the figure above, ethernet switch a and ethernet switch b are connected the ethernet port. They have independent system clocks. Before implement automatic clock synchronization on both switches, we assume that: ■ before synchronizing the system clocks on ethern...
Page 317
Ntp 37 configuring ntp operating mode s3026 and s2403h ethernet switches can only serve as ntp client but not ntp server. You can set the ntp operating mode of an ethernet switch according to its location in the network and the network structure. For example, you can set a remote server as the time ...
Page 318
38 c hapter 11: s ystem m anagement a broadcast, multicast or reference clock ip address. In this mode, both the local switch and the remote server can synchronize their clocks with the clock of opposite end. Perform the following configurations in system view. Ntp version number number ranges from ...
Page 319
Ntp 39 perform the following configurations in vlan interface view. This command can only be configured on the interface where the ntp broadcast packets are received. Configuring ntp multicast server mode designate an interface on the local switch to transmit ntp multicast packets. In this case, the...
Page 320
40 c hapter 11: s ystem m anagement configuring ntp id authentication enable ntp authentication, set the md5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key. Perform the following configurations in system vie...
Page 321
Ntp 41 perform the following configurations in system view. An interface is specified by interface-name or interface-type interface-number. The source address of the packets will be taken from the ip address of the interface. If the ntp-service unicast-server or ntp-service unicast-peer command also...
Page 322
42 c hapter 11: s ystem m anagement with peer, serve, serve only, and query only in an ascending order of the limitation. The first matched authority will be given. Perform the following configurations in system view. Ip address acl number is specified through the acl-number parameter and ranges fro...
Page 323
Ntp 43 ntp configuration examples configuring ntp servers on sw77001, set the local clock as the ntp master clock at stratum 2. On sw77002, configure sw77001 as the time server in server mode and set the local equipment as in client mode. Figure 8 typical ntp configuration networking diagram configu...
Page 324
44 c hapter 11: s ystem m anagement peer dispersion: 0.00 ms reference time: 00:00:00.000 utc jan 1 1900(00000000.00000000) after the synchronization, sw77002 turns into the following status: [sw77002] display ntp-service status clock status: synchronized clock stratum: 8 reference clock id: local(0...
Page 325
Ntp 45 configure ntp peers on sw77003, set local clock as the ntp master clock at stratum 2. On sw77002, configure sw77001 as the time server in server mode and set the local equipment as in client mode. At the same time, sw77005 sets sw77004 as its peer. See figure 3-3. Configure ethernet switch sw...
Page 326
46 c hapter 11: s ystem m anagement root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms reference time: 20:54:25.156 utc mar 7 2002(c0325201.2811a112) by this time, sw77004 has been synchronized by sw77005 and it is at stratum 2, or higher than sw77005 by 1. Display the sessions ...
Page 327
Ntp 47 2 enter vlan-interface2 view. [sw77004] interface vlan-interface 2 [sw77004-vlan-interface2] ntp-service broadcast-client configure ethernet switch sw77001: 1 enter system view. System-view 2 enter vlan-interface2 view. [sw77001] interface vlan-interface 2 [sw77001-vlan-interface2] ntp-servic...
Page 328
48 c hapter 11: s ystem m anagement [5]1.0.1.11 0.0.0.0 16 0 64 - 0.0 0.0 0.0 [5]128.108.22.44 0.0.0.0 16 0 64 - 0.0 0.0 0.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured configure ntp multicast mode sw77003 sets the local clock as the master clock at stratum 2 and multic...
Page 329
Ntp 49 configure authentication-enabled ntp server mode sw77001 sets the local clock as the ntp master clock at stratum 2. Sw77002 sets sw77001 as its time server in server mode and itself in client mode and enables authentication. See figure 1-2. Configure ethernet switch sw77001: 1 enter system vi...
Page 330
50 c hapter 11: s ystem m anagement.