3Com Switch 8807 Configuration Manual

Page 1

3com ® switch 8800 family configuration guide switch 8807 switch 8810 switch 8814 www.3com.Com part no. 10015594, rev. Aa published: january 2007.

Page 3: Ontents

C ontents a bout t his g uide conventions 15 related documentation 16 1 p roduct o verview product overview 17 function features 18 2 c ommand l ine i nterface command line interface 21 command line view 21 features and functions of command line 29 3 l ogging in to s witch setting up configuration e...

Page 5

15 p ort i solation c onfiguration port isolation overview 111 configuration tasks 111 port isolation configuration example 113 16 mac a ddress t able m anagement mac address table management overview 115 mac address table management configuration 116 maximum mac address number learned by ethernet p...

Page 7

30 rip c onfiguration introduction to rip 291 configuring rip 292 displaying and debugging rip 300 typical rip configuration example 300 troubleshooting rip faults 301 31 ospf c onfiguration ospf overview 303 ospf gr overview 307 configuring ospf 311 displaying and debugging ospf 330 typical ospf co...

Page 9

Pim-sm configuration example 469 45 msdp c onfiguration msdp overview 473 msdp configuration 476 displaying and debugging msdp 482 msdp configuration examples 483 46 mbgp m ulticast e xtension c onfiguration mbgp multicast extension overview 493 mbgp multicast extension configuration 494 displaying ...

Page 11

58 dns c onfiguration introduction to dns 709 configuring static domain name resolution 710 configuring dynamic domain name resolution 710 displaying and debugging domain name resolution 711 dns configuration example 711 troubleshooting domain name resolution configuration 712 59 n etstream c onfigu...

Page 13

74 p acket s tatistics c onfiguration introduction to egress packet statistics 843 75 e thernet p ort l oopback d etection ethernet port loopback detection function 845 configuring the loopback detection function 845 displaying and maintaining the loopback detection function 845 76 q in q c onfigura...

Page 16

16 a bout t his g uide related documentation the following manuals offer additional information necessary for managing your switch 8800: ■ switch 8800 command reference guide — provides detailed descriptions of command line interface (cli) commands, that you require to manage your switch 8800. ■ swi...

Page 18

18 c hapter 1: p roduct o verview function features table 1 function features features implementation vlan vlan compliant with ieee 802.1q standard port-based, protocol-based, and ip subnet-based vlan garp vlan registration protocol (gvrp) super vlan vlan isolation guest vlan dynamic vlan stp protoc...

Page 20

20 c hapter 1: p roduct o verview management and maintenance command line interface configuration local configuration through the console port and the aux port local and remote configuration through telnet on an ethernet port remote configuration through modem dialup through the aux port. Snmp manag...

Page 22

22 c hapter 2: c ommand l ine i nterface ■ configuration level: service configuration commands, including routing command and commands on each network layer, are used to provide direct network service to the user. ■ management level: they are commands that influence basis operation of the system and...

Page 24

24 c hapter 2: c ommand l ine i nterface port view ethernet port view: configure ethernet port parameters [3com-ethernet2/1/1 ] 100m ethernet port view key in interface ethernet 2/1/1 in system view use quit to return to system view use return to return to user view [3com-gigabitether net2/1/1] giga...

Page 26

26 c hapter 2: c ommand l ine i nterface bgp view configure bgp parameters [3com-bgp] key in bgp 100 in system view use quit to return to system view use return to return to user view is-is view configure is-is parameters [3com-isis] key in isis in system view use quit to return to system view use r...

Page 29

Features and functions of command line 29 features and functions of command line online help of command line the command line interface provides the following online help modes. ■ full help ■ partial help you can get the help information through these online help commands, which are described as fol...

Page 31

Features and functions of command line 31 editing characteristics of command line command line interface provides the basic command editing function and supports to edit multiple lines. A command cannot longer than 256 characters. See the table below. Incomplete command the input command is incomple...

Page 33: Ogging

3 l ogging in to s witch setting up configuration environment through the console port step 1: as shown in the figure below, to set up the local configuration environment, connect the serial port of a pc (or a terminal) to the console port of the switch with the console cable. Figure 1 set up the lo...

Page 35

Setting up configuration environment through telnet 35 step 1: before logging into the switch through telnet, you need to configure the telnet user name and password on the switch through the console port. N by default, the password is required for authenticating the telnet user to log in to the swi...

Page 37

Setting up configuration environment through modem dial-up 37 setting up configuration environment through modem dial-up step 1: the modem user is authenticated via the console port of the switch before he or she logs in to the switch through a dial-up modem. N by default, the password is required f...

Page 39: Ser

4 u ser i nterface c onfiguration user interface overview to facilitate system management, the switches support user interface based configuration for the configuration and management of port attributes. Presently, the switch 8800 family series switches support the following user interface based con...

Page 41

User interface configuration 41 note that if you press after typing any of the three keywords shell, login and incoming in the command, then what you type after the word header is the contents of the login information, instead of identifying header type. Configuring asynchronous port attributes the ...

Page 43

User interface configuration 43 by default, idle-timeout is enabled and set to 10 minutes on all the user interfaces. That is, the user interface will be disconnected automatically after 10 minutes without any operation. Idle-timeout 0 means disabling idle-timeout. Locking user interface this config...

Page 45

User interface configuration 45 # perform username and password authentication when a user logs in through vty 0 user interface and set the username and password to zbr and 3com respectively. [3com-ui-vty0] authentication-mode scheme [3com-ui-vty0] quit [sw8800] local-user zbr [3com-luser-zbr] passw...

Page 47

User interface configuration 47 configuring redirection send command the following command can be used for sending messages between user interfaces. Perform the following configuration in user view. Auto-execute command the following command is used to automatically run a command after you log in. A...

Page 49: Anagement

5 m anagement i nterface c onfiguration management interface overview switch 8800 family series provides a 10/100base-tx management interface on the fabric. The management interface can connect a background pc for software loading and system debugging, or a remote network management station for remo...

Page 51: Onfiguration

6 c onfiguration f ile m anagement configuration file management configuration file management overview the management module of configuration file provides a user-friendly operation interface. It saves the configuration of the switch in the text format of command line to record the whole configurat...

Page 53

Configuration file management 53 cfgfile is the name of the configuration file and its extension name can be ".Cfg". The file is stored in the root directory of the storage devices. After the above configuration, execute display command in any view to display the running of the configuration files, ...

Page 55: Vlan C

7 vlan c onfiguration vlan overview virtual local area network (vlan) groups the devices in a lan logically, not physically, into segments to form virtual workgroups. Ieee issued the ieee 802.1q in 1999 to standardize the vlan implementations. The vlan technology allows network administrators to log...

Page 57

Configuring protocol-based vlan 57 configuring port-based vlan you can use the following commands to specify ethernet ports for a vlan. Perform the following configuration in vlan view. By default, the system adds all the ports to a default vlan whose id is 1. Note that you can add/remove the trunk ...

Page 59

Displaying and debugging a vlan 59 you can also move the cpu ports out of/into all the vlans at a time. Perform the following configuration in system view. Displaying and debugging a vlan after the above configuration, execute the display command in any view to display the running of the vlan config...

Page 61: Uper

8 s uper vlan c onfiguration super vlan overview super vlan is also called vlan aggregation. The following is the fundamental principle: a super vlan contains multiple sub vlans. A super vlan can be configured with an ip address of the virtual port, while a sub vlan cannot be configured with the ip ...

Page 63

Configuring a super vlan 63 these sub vlans are isolated at layer 2. It is required that these sub vlans communicate with one another at layer 3. Network diagram omitted configuration procedure system-view system view: return to user view with ctrl+z. [sw8800] vlan 10 [3com-vlan10] supervlan [3com-v...

Page 65: Solate

9 i solate - user -vlan c onfiguration isolate-user-vlan overview isolate-user-vlan can save the vlan resource in a network. It adopts the two-level vlan architecture. One level is isolate-user-vlan level, and the other is secondary vlan level, as shown in figure 12. ■ an isolate-user-vlan correspon...

Page 67

Displaying and debugging an isolate-user-vlan 67 note the following when mapping an isolate-user-vlan to secondary vlans 1 if the isolate-user-vlan contains ports ■ for hybrid ports, if the default port vlan id is the same as the isolate-user-vlan id, and the port joins the isolate-user-vlan in the ...

Page 69

Isolate-user-vlan configuration example 69 # configure the mapping relationship between the isolate-user-vlan and the secondary vlans. [3com-vlan2] quit [sw8800] isolate-user-vlan 5 secondary 2 to 3 2 configuration on switch c # configure an isolate-user-vlan. System-view [sw8800] vlan 6 [3com-vlan6...

Page 71: Ip A

10 ip a ddress c onfiguration introduction to ip addresses ip address classification and representation an ip address is a 32-bit address allocated to a device that accesses the internet. It consists of two fields: net-id field and host-id field. Ip addresses are allocated by network information cen...

Page 73

Configuring ip address 73 a mask is a 32-bit number corresponding to an ip address. The number consists of 1s and 0s. Principally, these 1s and 0s can be combined randomly. However, the first consecutive bits are set to 1s when you design a mask. The mask divides the ip address into two parts: subne...

Page 75

Configuring ip address 75 configure static arp entries that have only ip addresses. The switch will automatically fill the mac address in the arp mapping entries so that only users configured with static arp entries can have access to the network. Ip address protection configuration the tasks of ip ...

Page 77

Troubleshooting ip address configuration 77 troubleshooting ip address configuration fault 1: the switch cannot ping through a certain host in the lan. Troubleshooting can be performed as follows: 1 check the configuration of the switch. Use the display arp command to view the arp entry table that t...

Page 79: Ip P

11 ip p erformance c onfiguration configuring ip performance ip performance configuration includes: ■ “configuring tcp attributes” configuring tcp attributes tcp attributes that can be configured include: ■ synwait timer: when sending the syn packets, tcp starts the synwait timer. If response packet...

Page 81

Troubleshooting ip performance 81 troubleshooting ip performance fault: ip layer protocol works normally but tcp and udp cannot work normally. Troubleshoot: in the event of such a fault, you can enable the corresponding debugging information output to view the debugging information. ■ use the displa...

Page 83: Garp&gvrp C

12 garp&gvrp c onfiguration configuring garp garp overview generic attribute registration protocol (garp) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as vlan and multicast addresses. Garp dose not exist in a swit...

Page 85

Configuring gvrp 85 ■ the lower limit of hold timer is 10 centiseconds. You can change its upper limit by changing the value of join timer. ■ you can change the lower limit and upper limit of join timer by changing the value of hold timer and leave timer respectively. ■ you can change the lower limi...

Page 87

Configuring gvrp 87 ■ when a trunk port is set as fixed, the port is not allowed to dynamically register/deregister a vlan, it only propagates information about static vlans that are manually configured instead of that of dynamic vlans. That is, a trunk port that is of fixed type only permits manual...

Page 89: Thernet

13 e thernet p ort c onfiguration ethernet port overview switch 8800 family series can provide conventional ethernet ports, fast ethernet ports, 1000 mbps ethernet ports and 10 gbps ethernet ports. The configurations of these ethernet ports are basically the same, which will be described in the foll...

Page 91

Ethernet port configuration 91 setting speed on the ethernet port you can use the following command to set the speed on the ethernet port. If the speed is set to auto-negotiation mode, the local and peer ports will automatically negotiate about the port speed. Perform the following configuration in ...

Page 93

Setting the interval of performing statistics on ports 93 effective jumbo frame value for the 1536-1552 section is 1552, that for the 1553-9022 section is 9022, that for the 9023-9192 section is 9192, and that for the 9193-10240 section is 10240. Setting broadcast/multicast suppression on ethernet p...

Page 95

Setting the interval of performing statistics on ports 95 note that the access port shall be added to an existing vlan other than vlan 1. The vlan to which hybrid port is added must have been existed. After adding the ethernet port to specified vlans, the local port can forward packets of these vlan...

Page 97

Setting the interval of performing statistics on ports 97 n ■ using copy configuration command will clear protocol vlan attributes of the destination port, but it can not copy protocol vlan attributes of source port to the destination port. ■ using the copy configuration command, you can only copy t...

Page 99

Ethernet port troubleshooting 99 [sw8800] interface gigabitethernet2/1/1 # set the gigabitethernet2/1/1 as a trunk port and allows vlans 2, 6 through 50, and 100 to pass. [3com-gigabitethernet2/1/1] port link-type trunk [3com-gigabitethernet2/1/1] port trunk permit vlan 2 6 to 50 100 # create the vl...

Page 101: Ink

14 l ink a ggregation c onfiguration overview introduction to link aggregation link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability. Link aggregation may be manual aggregation, dynam...

Page 103

Overview 103 ■ the system sets to inactive state the ports which cannot be aggregated with the port, due to hardware limit (for example, trans-module aggregation is forbidden). ■ the system sets to inactive state the ports with basic configurations different from the active port. Since only a define...

Page 105

Link aggregation configuration 105 ■ “configuring/deleting aggregation group description” ■ “configuring system priority” ■ “configuring port priority” n ■ the active state and inactive state correspond to selected and standby respectively. ■ when configuring an aggregation group, the status of gvrp...

Page 107

Link aggregation configuration 107 ■ when a port is added into an aggregation group, the original arp information of the port will be lost. Configuring/deleting aggregation group description you can use the following command to create/delete aggregation group description (for manual aggregation and ...

Page 109

Link aggregation configuration example 109 network diagram figure 19 network diagram for link aggregation configuration configuration procedure the following only lists the configuration for switch a, and that on switch b is similar. 1 manual aggregation # create aggregation group 1. [sw8800] link-a...

Page 111: Ort

15 p ort i solation c onfiguration port isolation overview using the port isolation feature, you can place different user ports into the same vlan. As these users cannot communicate with each other, network security improved, a flexible networking scheme is provided, and vlan resources are conserved...

Page 113

Port isolation configuration example 113 port isolation configuration example network requirements users in a community connect to a switch. The switch communicates with the external network through port ethernt2/1/1. These users are in vlan 1 and cannot communicate with each other. Network diagram ...

Page 115: Mac A

16 mac a ddress t able m anagement mac address table management overview a switch maintains a mac address table for fast forwarding packets. A table entry includes the mac address of a device and the port id of the switch connected to the device. The dynamic entries (not configured manually) are lea...

Page 117

Maximum mac address number learned by ethernet port and forwarding option configuration 117 in addition, this command takes effect on all the ports. However the address aging only functions on the dynamic addresses (the learned or configured as age entries by the user). By default, the aging-time is...

Page 119

Displaying and debugging mac address tables 119 displaying and debugging mac address tables after the above configuration, execute the display command in any view to display the running of the mac address table configuration, and to verify the effect of the configuration. Resetting mac addresses aft...

Page 121: Mstp R

17 mstp r egion - configuration introduction to mstp mstp stands for multiple spanning tree protocol, which is compatible with spanning tree protocol (stp) and rapid spanning tree protocol (rstp). Stp is not fast in state transition. Even on a point-to-point link or an edge port, it has to take an i...

Page 123

Introduction to mstp 123 cst common spanning tree (cst): a lan has only one cst. Cst connects the spanning trees of all mst regions. Regard every mst region as a "switch", and the cst is generated by the computing of "switches" through stp/rstp. For example, the red line in figure 23 indicates the c...

Page 125

Introduction to mstp 125 figure 25 bpdu packet format figure 26 msti information format of the last part in bpdu packets besides field root bridge priority, root path cost, local bridge priority and port priority, the field flags which takes one byte in an instance is also used for role selection. T...

Page 127

Introduction to mstp 127 figure 28 designated bridge and designated port for a switch, the designated bridge is a switch in charge of forwarding bpdu to the local switch via a port called the designated port accordingly. For a lan, the designated bridge is a switch that is in charge of forwarding bp...

Page 129

Introduction to mstp 129 the message and keep the local bpdu unchanged. When the port receives a higher-priority configuration bpdu, the switch uses the content in the received configuration bpdu to change the content of the local bpdu of this port. Then the switch compare the configuration bpdu of ...

Page 131

Introduction to mstp 131 for example, the link from switch b to switch c is down or the port receives any better configuration bpdu thus, the spanning tree is stabilized. The tree with the root bridge a is illustrated in the figure 30. Figure 30 the final stabilized spanning tree to facilitate the d...

Page 133

Configuring mstp 133 display commands. For detailed information, refer to the "display and debug mstp" section. N when gvrp and mstp start on the switch simultaneously, gvrp packets will propagate along cist which is a spanning tree instance. In this case, if you want to issue a certain vlan through...

Page 135

Configuring mstp 135 perform the following configuration in system view. After a switch is configured as the primary root bridge or the secondary root bridge, users cannot modify the bridge priority of the switch. You can configure the current switch as the primary or secondary root bridge of the st...

Page 137

Configuring mstp 137 each time when it is forwarded by a switch, the max hops is reduced by 1. The switch discards the configuration bpdu with 0 hops left. This makes it impossible for the switch beyond the max hops to take part in the spanning tree calculation, thereby limiting the scale of the mst...

Page 139

Configuring mstp 139 too short a max age may cause the network device frequently calculate the spanning tree and mistake the congestion as a link fault. However, if the max age is too long, the network device may not be able to discover the link fault and recalculate the spanning tree in time, which...

Page 141

Configuring mstp 141 you can configure a port as an edge port or a non-edge port with either of the earlier-mentioned measures. After configured as an edge port, the port can fast transit from blocking state to forwarding state without any delay. You can only set the port connecting with the termina...

Page 143

Configuring mstp 143 the actual rate counts. 2 calculating the path cost table 121 details the correspondence between the rate range and the path cost values of the ports. 3com’s legacy calculation standard 1 calculating the rate ■ aggregation port the rate of the primary port in an aggregation grou...

Page 145

Configuring mstp 145 configuration in system view perform the following configuration in system view. Configuration in ethernet port view perform the following configuration in ethernet port view. You can configure the port (not) to connect with the point-to-point link with either of the earlier-men...

Page 147

Configuring mstp 147 clearing dynamic arp entries in port view, the function takes effect only on the specified port. Configuring the switch protection function an mstp switch provides bpdu protection, root protection functions, loop protection and tc-protection. Bpdu protection for an access device...

Page 149

Configuring mstp 149 upstream port, some instances of the upstream port will be congested for a long time. By default, only the protection from tc-bpdu packet attack is enabled on the switch. Bpdu protection, root protection and loop protection are disabled. After configured with bpdu protection, th...

Page 152

152 c hapter 17: mstp r egion - configuration typical mstp configuration example network requirements mstp provides different forwarding paths for packets of different vlans. The configurations are as follows: all the switches in the network belong to the same mst region, packets of vlan 10 travels ...

Page 154

154 c hapter 17: mstp r egion - configuration 4 configurations on switch d # mst region [sw8800] stp region-configuration [3com-mst-region] region-name example [3com-mst-region] instance 1 vlan 10 [3com-mst-region] instance 3 vlan 30 [3com-mst-region] instance 4 vlan 40 [3com-mst-region] revision-le...

Page 156

156 c hapter 18: d igest s nooping c onfiguration prerequisites switches of different manufacturers are interconnected in a network and have mstp employed. The network operates properly. Configuration procedure n ■ you must enable digest snooping on an port first before enabling it globally. ■ diges...

Page 158

158 c hapter 18: d igest s nooping c onfiguration.

Page 160

160 c hapter 19: f ast t ransition figure 34 designated port fast transition mechanism of mstp there is a certain limit on fast transition cooperation of rstp and mstp. For example, the upstream switch runs rstp and the downstream switch runs mstp, and the downstream mstp does not support the compat...

Page 162

162 c hapter 19: f ast t ransition.

Page 164

164 c hapter 20: bpdu t unnel c onfiguration by default, bpdu tunnel is disabled. Enabling/disabling vlan vpn on ethernet port perform the following configuration in ethernet port view. By default, the vlan vpn is disabled on all the ports. Vlan vpn is not compatible with stp, dot1x, gvrp, and ntdp....

Page 166

166 c hapter 20: bpdu t unnel c onfiguration # enable mstp on the device. [switch_d] stp enable # enable bpdu tunnel on the device. [switch_d] vlan-vpn tunnel # add the port ethernet 3/1/2 into vlan 20. [switch_d] vlan 20 [switch_d- vlan 20 ]port ethernet 3/1/2 # first disable the stp protocol and t...

Page 168

168 c hapter 21: acl c onfiguration configured with any are put to the end and other rules follow config order; for advanced acl rules, first compare the wildcards of source addresses, then the wildcards of destination addresses if those of source addresses are equal, then the port ids if the wildca...

Page 170

170 c hapter 21: acl c onfiguration the following table describes the configuration tasks for service processor cards. Configuring time range you may set such items in time range configuration: the defined time range includes absolute time range and periodic time range. The absolute time range is in...

Page 172

172 c hapter 21: acl c onfiguration tcp ports, and then only those traffic rules including all these elements can be sent to target hardware and referenced for such qos functions as packet filtering, traffic policing, priority re-labeling. Otherwise, the rules cannot be activated on the hardware and...

Page 174

174 c hapter 21: acl c onfiguration ■ if the time-range keyword is not selected, the acl will be effective at any time after being activated. ■ you can define multiple sub rules for the acl by using the rule command several times. ■ when the qos/acl action is configured under the port, if the qos/ac...

Page 176

176 c hapter 21: acl c onfiguration for service processor cards, perform the following configurations in vlan view. System-index index here is the system index for an acl rule. When delivering a rule, the system assigns a globally unique index to it, for convenience of later retrieval. You can also ...

Page 178

178 c hapter 21: acl c onfiguration 2 define inbound traffic to the wage server. # create a name-based advanced acl "traffic-of-payserver" and enter it. [sw8800] acl name traffic-of-payserver advanced # define acl rule for the wage server. [3com-acl-adv-traffic-of-payserver] rule 1 deny ip source an...

Page 180

180 c hapter 21: acl c onfiguration [3com-ethernet2/1/1] packet-filter inbound link-group traffic-of-link example of bt traffic control configuration network requirements bittorrent (bt) is a kind of shared software for file download. Its feature is as follows: the more people are using it to downlo...

Page 182

182 c hapter 22: q o s c onfiguration step 2: run filtering operation (deny or permit) to the identified traffic. By default, permit operation is selected. Traffic policing qos can police traffic at the ingress port, to provide better services with the limited network resources. Redirection you can ...

Page 184

184 c hapter 22: q o s c onfiguration sent can those in lower priority queue be sent. This manner of putting key-service packets into high priority queue and non-key service packets into low priority queue does ensure that key-service packets are sent first, while non-key service packets are sent du...

Page 186

186 c hapter 22: q o s c onfiguration when you configure the port group of the common interface card except for the xp4 card, notice that: ■ do not add the ports of different cards to the same port group. Do not add the same port to multiple port groups. ■ after a port is added to the port group, th...

Page 188

188 c hapter 22: q o s c onfiguration [3com-port-group1] port gigabitethernet 7/1/1 gigabitethernet 7/1/2 4 redirect the packet forwarded to the port group. # set the next hop of the packet forwarded to the port in port group 1 to 3.0.0.1. [3com-port-group1] traffic-redirect inbound ip-group 2000 ru...

Page 190

190 c hapter 22: q o s c onfiguration by default, the switch obtains local precedence and drop precedence according to the default mapping values. Configuring default local precedence perform the following configurations in ethernet port view. Perform the following configuration in port group view. ...

Page 192

192 c hapter 22: q o s c onfiguration n it is required that cir is less than or equal to pir and cbs is less than or equal to ebs. You are recommended to configure cbs and ebs to numbers that are 100 to 150 times of cir. For service processor cards, perform the following configurations in vlan view....

Page 194

194 c hapter 22: q o s c onfiguration for service processor cards, perform the following configurations in vlan view. C caution: ■ before executing the traffic-priority command on a service processor card, you must first configure traffic redirection in ethernet port view to redirect the packets of ...

Page 196

196 c hapter 22: q o s c onfiguration for service processor cards, perform the following configurations in vlan view. System-index index here is the system index for an acl rule. When delivering a rule, the system assigns a globally unique index to it, for convenience of later retrieval. You can als...

Page 198

198 c hapter 22: q o s c onfiguration configuring wred parameters the switch provides four sets of default wred parameters, respectively numbered as 0 to 3. Each set includes 80 parameters, 10 parameters for each of the eight queues. The ten parameters are green-min-threshold, yellow-min-threshold, ...

Page 200

200 c hapter 22: q o s c onfiguration perform the following configurations in system view. You can implement port mirroring configuration by setting mirroring groups at the port. Up to 20 mirroring groups can be configured at a port, with each group including one monitoring port and multiple monitor...

Page 202

202 c hapter 22: q o s c onfiguration see the corresponding command manual for description of display information and parameters. Qos configuration example traffic shaping configuration example network requirements set traffic shaping for the outbound queue 2 at the port ge7/1/8, with the maximum ra...

Page 204

204 c hapter 22: q o s c onfiguration traffic priority configuration example network requirements re-allocate service parameters according to the mapping table for dscp 63 for the packets from pc1 (ip 1.0.0.1) during the time range 8:00 to 18:00 everyday. Network diagram figure 49 network diagram fo...

Page 206

206 c hapter 22: q o s c onfiguration [sw8800] time-range 3com 8:00 to 18:00 daily 2 define the traffic from pc1. # create a number-based basic acl 2000 and enter it. [sw8800] acl number 2000 # define acl rule for the traffic from pc1. [3com-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range ...

Page 208

208 c hapter 22: q o s c onfiguration 2 set drop algorithm and thresholds. # define the port ge7/1/1 in wred drop mode, set the parameters of wred 0. [3com-gigabitethernet7/1/1] drop-mode wred 0 traffic statistics configuration example network requirements suppose the ip address of pc1 is 1.0.0.1 an...

Page 211

Configuring acl for telnet/ssh users 211 n ■ you can only use number-based acls to implement the acl control to telnet or ssh users. ■ when you use the basic or advanced acl to implement the acl control to telnet or ssh users, the incoming/outgoing requests are restricted based on the source or dest...

Page 213

Configuring acl for snmp users 213 configuration tasks n ■ you can apply different acls in the snmp-agent community, snmp-agent group and snmp-agent usm-use commands. ■ you can only apply number-based basic acls to implement acl control over snmp users. For the detailed description of these commands...

Page 215: Vlan-Acl C

24 vlan-acl c onfiguration vlan-acl overview vlan-acl is vlan-based acl. You can configure qacl for a vlan to control accesses made to all ports in the vlan. Vlan-acl enables you to manage a network in an easier way. After you configure qacl for a vlan, the system synchronizes the configuration to a...

Page 217

Vlan-acl configuration 217 newly added one. However, if the port delete the self-defined flow template, the system will apply qacl rules in the vlan to the new port automatically. ■ you will fail to change the flow template applied to a port with a vlan-acl already applied to a customized flow templ...

Page 220

220 c hapter 24: vlan-acl c onfiguration.

Page 222

222 c hapter 25: 802.1 x c onfiguration there are two types of ports for the authenticator. One is the uncontrolled port, and the other is the controlled port. The uncontrolled port is always in bi-directional connection state. The user can access and share the network resources any time through the...

Page 224

224 c hapter 25: 802.1 x c onfiguration by default, 802.1x authentication has not been enabled globally and on any port. You cannot enable 802.1x on a port before you enable it globally. And you must disable 802.1x on each port before you disable 802,1x globally. Setting the port access control mode...

Page 226

226 c hapter 25: 802.1 x c onfiguration by default, 802.1x allows up to 1024 supplicants on each port for 3com switch 8800 family series routing switches (hereinafter referred to as switch 8800 family series), and an switch 8800 family series routing switch can accommodate total of 2048 supplicants....

Page 228

228 c hapter 25: 802.1 x c onfiguration handshake-period: this timer begins after the user has passed the authentication. After setting handshake-period, system will send the handshake packet by the period. Suppose the dot1x retry time is configured as n, the system will consider the user having log...

Page 230

230 c hapter 25: 802.1 x c onfiguration packet attack prevention configuration with the expansion of internet scale and the increase of internet users, the possibility that networking equipment gets attacked is increasing. Specific to some typical attack modes, the switch 8800 family series switches...

Page 232

232 c hapter 25: 802.1 x c onfiguration # enable the 802.1x performance on the specified port ethernet 3/1/1. [sw8800] dot1x interface ethernet 3/1/1 # set the access control mode. (this command could not be configured, when it is configured as mac-based by default.) [sw8800] dot1x port-method macba...

Page 234

234 c hapter 25: 802.1 x c onfiguration.

Page 236

236 c hapter 26: aaa and radius/hwtacacs p rotocol c onfiguration request to the radius server. Radius server has a user database recording all the information of user authentication and network service access. When receiving user’s request from nas, radius server performs aaa through user database ...

Page 238

238 c hapter 26: aaa and radius/hwtacacs p rotocol c onfiguration figure 61 illustrates the basic message exchange procedures. Figure 61 basic message exchange procedures implementing aaa/radius on a switch by now, we understand that in the above-mentioned aaa/radius framework, 3com series switches,...

Page 240

240 c hapter 26: aaa and radius/hwtacacs p rotocol c onfiguration for 3com series switches, each supplicant belongs to an isp domain. Up to 16 domains can be configured in the system. If a user has not reported its isp domain name, the system will put it into the default domain. Perform the followin...

Page 243

Aaa configuration 243 following table for reference), and cipher-force means that the password display mode of all the accessing users must be in cipher text. Setting/removing the attributes of a local user perform the following configuration in local user view. By default, users are not authorized ...

Page 245

Configuring radius protocol 245 by default, the integer mode is used. That is, the switch supports the radius server delivering vlan ids in integer form. Configuring name of a delivered vlan perform the following configuration in vlan view. By default, the delivered vlan does not have a name. Config...

Page 247

Configuring radius protocol 247 by default, as for the "system" radius scheme created by the system: the ip address of the primary authentication server is 127.0.0.1, and the udp port number is 1645. The ip address of the secondary authentication server is 0.0.0.0, and the udp port number is 1812. T...

Page 249

Configuring radius protocol 249 the radius server does not belong to any vpn by default. Setting the port state of the local radius server the local radius server uses the switch itself as the radius server, with port 1645 as authentication port and port 1646 as accounting port. The two ports are en...

Page 251

Configuring radius protocol 251 perform the following configuration in radius scheme view. By default, selection of radius accounting option is disabled. Setting a real-time accounting interval to implement real-time accounting, it is necessary to set a real-time accounting interval. After the attri...

Page 253

Configuring radius protocol 253 by default, the stopping accounting request can be retransmitted for up to 500 times. Setting the supported type of radius server 3com series switches support the standard radius protocol and the extended radius service platforms, such as ip hotel, 201+ and portal, in...

Page 255

Configuring radius protocol 255 configuring the source address used by nas in radius packets perform the following configuration in the corresponding view. The effect of the two commands is the same. However, the configuration done in radius scheme view has a higher priority than the configuration d...

Page 257

Configuring hwtacacs protocol 257 by default, no hwtacacs scheme exists. If the hwtacacs scheme you specify does not exist, the system creates it and enters hwtacacs view. In hwtacacs view, you can configure the hwtacacs scheme specifically. The system supports up to 16 hwtacacs schemes. You can onl...

Page 259

Configuring hwtacacs protocol 259 configuring the source address for hwtacacs packets sent by nas perform the following configuration in the corresponding view. The hwtacacs view takes precedence over the system view when configuring the source address for hwtacacs packets sent from the nas. By defa...

Page 261

Displaying and debugging aaa and radius protocol 261 the interval is in minutes and must be a multiple of 3. The setting of real-time accounting interval somewhat depends on the performance of the nas and the tacacs server: a shorter interval requires higher device performance. You are therefore rec...

Page 263

Aaa and radius/hwtacacs protocol configuration examples 263 configuring authentication at remote radius server n configuring telnet user authentication at the remote server is similar to configuring ftp users. The following description is based on telnet users. Network requirements in the environmen...

Page 265

Troubleshooting aaa and radius/hwtacacs 265 n the configuration of the ftp and telnet users can refer to user interface configuration of getting started operation part in switch 8800 family series routing switches operation manual. # configure a hwtacacs scheme. [sw8800] hwtacacs scheme hwtac [3com-...

Page 267: Ortal

27 p ortal c onfiguration portal overview introduction portal is also known as portal website, and portal authentication is also known as the web authentication. Its major advantages are: ■ users need not install any client software; ■ it is powerful in its ability to support new services. With the ...

Page 269

Portal overview 269 accesses. That is to say, layer-3-protocol-enabled network devices cannot exist between the user and the access devices. ■ the layer 3 portal authentication method does not check mac addresses of the user, so the security performance is reduced. . You are not recommended to use t...

Page 271

Basic portal configuration 271 c caution: ■ when a portal server is first configured, you must configure the ip address for it. ■ if a portal server has been enabled on a vlan interface, you must disable this portal server on the vlan interface before modifying its parameters. ■ when portal authenti...

Page 273

Basic portal configuration 273 3 configure portal authentication # configure the portal server. Its name is newp, ip address is 192.168.1.200, key is 3com, port is 50100, and url is http://192.168.1.200:81/portal/index_page.Jsp [sw8800] portal server newp ip 192.168.1.200 key 3com port 50100 url htt...

Page 275

Basic portal configuration 275 network diagram figure 67 network diagram for layer 3 portal authentication method configuration procedure n only the configurations related to the layer 3 portal authentication method are listed below. Refer to “portal direct authentication method configuration exampl...

Page 277

Portal authentication-free user and free ip address configuration 277 ■ server2 can access internet without passing the authentication. Network diagram figure 68 network diagram for authentication-free user and free ip address configuration configuration procedure n the following configurations are ...

Page 279: Ip R

28 ip r outing p rotocol o verview n a router that is referred to in the following or its icon represents a generalized router or an switch 8800 family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the config...

Page 281

Introduction to ip route and routing table 281 ■ next hop address: it indicates the ip address of the next router that an ip packet will pass through. ■ priority added to the ip routing table for a route: there may be different next hops to the same destination. These routes may be discovered by dif...

Page 283

Routing management policy 283 precedence, the multiple routes will be adopted. Thus, the router will forward the packets to the destination through these paths according to a certain algorithm so as to implement load sharing. For the same destination, a specified routing protocol may find multiple d...

Page 285: Tatic

29 s tatic r oute c onfiguration introduction to static route static route a static route is a special route configured manually by an administrator. You can set up an interconnecting network with the static route configuration. The problem for such configuration is when a fault occurs to the networ...

Page 287

Displaying and debugging static route 287 ■ other parameters the attributes reject and blackhole respectively indicate the unreachable route and the blackhole route. Configuring a default route perform the following configurations in system view. The meanings of parameters in the command are the sam...

Page 289

Troubleshooting static route faults 289 then, all the hosts or switches in the figure can be interconnected in pairs. Troubleshooting static route faults symptom: the switch is configured with the static routing protocol and both the physical status and the link layer protocol status of the interfac...

Page 291: Rip C

30 rip c onfiguration introduction to rip routing information protocol (rip) is a relatively simple interior gateway protocol (igp), which is mainly applied to small scale networks. It is easy to implement rip. You can configure and maintain rip more easily than ospf and is-is, so rip still has a wi...

Page 293

Configuring rip 293 you can make the following configurations for rip to advertise and receive routing information: ■ setting additional routing metric ■ configuring rip to import routers of other protocols ■ configuring rip route filtering ■ enabling/disabling host route receiving by the router ■ c...

Page 295

Configuring rip 295 by default, the additional routing metric added to the route when rip sends a packet is 1. The additional routing metric when rip receives the packet is 0 by default. N the metricout configuration takes effect only on the rip routes learnt by the router and rip routes generated b...

Page 297

Configuring rip 297 rip-1 only sends the route with natural mask, that is, it always sends routes in the route summary form. Rip-2 supports subnet mask and classless interdomain routing. To advertise all the subnet routes, the route summary function of rip-2 can be disabled. Perform the following co...

Page 299

Configuring rip 299 specifying the operating state of the interface in interface view, you can specify the operating state of rip on the interface. For example, whether rip operates on the interface, namely, whether rip update packets are sent and received on the interface. In addition, whether an i...

Page 301

Troubleshooting rip faults 301 network diagram figure 72 network diagram for rip configuration configuration procedure n the following configuration only shows the operations related to rip. Before performing the following configuration, make sure the ethernet link layer can work normally. 1 configu...

Page 303: Ospf C

31 ospf c onfiguration ospf overview introduction to ospf open shortest path first (ospf) is an interior gateway protocol based on the link state developed by ietf. At present, ospf version 2 (rfc2328) is used, which is available with the following features: ■ applicable scope: it can support networ...

Page 305

Ospf overview 305 ■ router-lsas: type-1. Each router generates router-lsas, which describe the link state and cost of the local router. Router-lsas are broadcast within the area where the router is located. ■ network-lsas: type-2. Drs on the broadcast network generate network-lsas, which describe th...

Page 307

Ospf gr overview 307 figure 73 area and route summary ospf features supported by switch 8800 family series the switch 8800 family series support the following ospf features: ■ support stub areas: ospf defines stub areas to decrease the overhead when the routers within the area receive ase routes. ■ ...

Page 309

Ospf gr overview 309 the neighbor will keep the neighbor relationship and set the restartstat-flag after receiving hello packets of the rs_bit set. When both neighbors exit from the oob process, the standard ospf algorithm is performed. N the gr method on both ospf neighbors must be the same. Differ...

Page 311

Configuring ospf 311 the authlen field refers to the length of ca_tlv, and the length of ca_tlv is 20; the sequence number and authdata fields are determined by the ospf check information. N lls data can be included in only hello packets and dd packets. Only one lls data can be included in a packet....

Page 313

Configuring ospf 313 perform the following configuration in system view. To ensure stability of ospf, the user should determine the division of router ids and manually configure them when planning the network. Enabling ospf perform the following configuration in system view. By default, ospf is disa...

Page 315

Configuring ospf 315 by default, ospf will not import the routing information of other protocols. For an imported route, type is 2, cost is 1, and tag is 1 by default. The routes that can be imported include direct, static, rip, is-is, and bgp. In addition, the routes of other ospf processes can als...

Page 317

Configuring ospf 317 ■ for an asbr, the system generates the corresponding type-5 lsa or type-7 lsa by default when a default route existed in the routing table. ■ for an abr, the system will generate a type-5 lsa or type-7 lsa no matter whether there is a default route in the routing table. ■ the b...

Page 319

Configuring ospf 319 configuring the route summary of ospf configuring the route summary of ospf area route summary means that abr can aggregate information of the routes of the same prefix and advertise only one route to other areas. An area can be configured with multiple aggregate segments, there...

Page 321

Configuring ospf 321 by default, the dead interval for the neighboring routers of p2p or broadcast interfaces is 40 seconds and that for the neighboring routers of p2mp interfaces is 120 seconds. Note that both hello and dead timer will restore to the default values after the user modify the network...

Page 323

Configuring ospf 323 use the ospf dr-priority and peer commands to set priorities with different usages: ■ use the ospf dr-priority command to set priority for dr selection. ■ the priority you use the peer command to set indicates whether the adjacent router is eligible for election. If you specify ...

Page 325

Configuring ospf 325 configuring ospf authentication configuring the ospf area to support packet authentication all the routers in one area must use the same authentication mode (no authentication, simple text authentication or md5 cipher text authentication). If the mode of supporting authenticatio...

Page 327

Configuring ospf 327 ■ no asbr can exist in a stub area. In other words, the external routes of the as cannot be propagated in the stub area. Perform the following configuration in ospf area view. By default, the stub area is not configured, and the cost of the default route to the stub area is 1. C...

Page 329

Configuring ospf 329 perform the following configuration in system view. By default, mib is bound to the first enabled ospf process. Configuring ospf trap the ospf trap function enables the switch to send multiple types of snmp trap packets in case of ospf process exceptions. In addition, you can sp...

Page 331

Typical ospf configuration example 331 typical ospf configuration example configuring dr election based on ospf priority network requirements four switch 8800 family series, switch a, switch b, switch c and switch d, which can perform the router functions and run ospf, are located on the same segmen...

Page 333

Typical ospf configuration example 333 on switch a, execute the display ospf peer command to display the ospf peers. Note that switch a has three peers. The state of each peer is full, which means that adjacency is set up between switch a and each peer. (switch a and switch c should set up adjacenci...

Page 335

Typical ospf configuration example 335 network diagram figure 85 network diagram configuration procedure # configure the switch switch 8800 familya system-view [switch 8800 familya] vlan 192 [switch 8800 familya-vlan192] port gigabitethernet 3/1/1 [switch 8800 familya-vlan192] interface vlan 192 [sw...

Page 337

Troubleshooting ospf faults 337 figure 86 ospf areas ■ the backbone area (area 0) cannot be configured as the stub area and the virtual link cannot pass through the stub area. That is, if a virtual link has been set up between rtb and rtc, neither area1 nor area0 can be configured as a stub area. In...

Page 339: Ntegrated

32 i ntegrated is-is c onfiguration introduction to integrated is-is intermediate system-to-intermediate system (is-is) intra-domain routing information exchange protocol is designed by the international organization for standardization (iso) for connection-less network protocol (clnp). This protoco...

Page 341

Introduction to integrated is-is 341 figure 87 is-is topology nsap structure of is-is routing protocol address structure figure 88 nsap structure es routing domain boundary is-is area end system subnetwork path level 1 is-is routing level 2 is-is routing interdomain routing intermediate system es is...

Page 343

Configuring integrated is-is 343 net network entity title (net) indicates the network layer information, which contains no transfer layer information (sel=0). You can regard it as a special nsap. In general, you can configure a net for a router. If you will redivide an area (combine multiple areas o...

Page 345

Configuring integrated is-is 345 the tag argument identifies the is-is process. In the present version, just one is-is process is allowed. By default, the is-is routing process is disabled. Setting network entity title network entity titles (hereafter referred to as nets) defines the current is-is a...

Page 347

Configuring integrated is-is 347 perform the following configuration in is-is view. If the level is not specified in the command for importing the route, it defaults to importing the routes into level-2. Protocol specifies the routing protocol sources that can be imported, which can be direct, stati...

Page 349

Configuring integrated is-is 349 the default route generated by this command will only be imported to the router at the same level. Setting the preference of is-is protocol in a router on which several routing protocols are concurrently operating, there is an issue of sharing and selecting the routi...

Page 351

Configuring integrated is-is 351 if the level is not specified, it defaults to setting csnp packet broadcast interval for level-1. By default, the csnp packet is transmitted via interface every 10 seconds. Setting lsp packet generation interval as specified in the is-is protocol, when an event takes...

Page 353

Configuring integrated is-is 353 setting is-is area or is-is routing domain authentication password users can configure the is-is area or the is-is routing domain with authentication password. If area authentication is needed, the area authentication password will be encapsulated into the level-1 ls...

Page 355

Configuring integrated is-is 355 by default, lsp is refreshed every 900 seconds (15 minutes). Setting lifetime of lsp when a router generates the lsp of the system, it will fill in the maximum lifetime of this lsp. When other routers receive this lsp, its life time will be reduced continuously as th...

Page 357

Configuring integrated is-is 357 interfaces. On a switch, this command can disable/enable the specified vlan interface to send is-is packets. Configuring is-is gr the network is interrupted temporarily when an is-is router is restarted because the neighbor relationship of this router with other neig...

Page 359

Typical integrated is-is configuration example 359 typical integrated is-is configuration example network requirements as is shown in figure 89, switches a, b, c and d belong to the same autonomous system. The is-is routing protocol is running in these four switches so as to implement route intercon...

Page 361: Bgp C

33 bgp c onfiguration bgp/mbgp overview introduction to bgp border gateway protocol (bgp) is an inter-autonomous system (inter-as) dynamic route discovery protocol. Three early versions of bgp are bgp-1 (rfc1105), bgp-2 (rfc1163) and bgp-3 (rfc1267). The current version is bgp-4 (rfc1771) that is ap...

Page 363

Bgp/mbgp overview 363 route selection policy in the implementation of switch 8800 family series, these policies are adopted for bgp to select routes: ■ first discard the routes unreachable to the next hop. ■ first select the routes with the highest local preference. ■ first select the routes rooted ...

Page 365

Configuring bgp 365 ■ “configuring bgp timer” ■ “configuring the local preference” ■ “configuring med for as” 5 bgp application configuration ■ “comparing the med routing metrics from the peers in different ass” 6 bgp networking configuration ■ “configuring bgp route reflector” ■ “configuring bgp as...

Page 367

Configuring bgp 367 when exchanging routing information between bgp speakers, the peer group must be enabled first and then the peer should be added to the enabled peer group. Configuring the graceful-restart ability of a peer or peer group configuring graceful-restart restart-time of a peer or peer...

Page 369

Configuring bgp 369 this configuration can be applied to ibgp peer groups only. By default, all ibgp peers in the autonomous system must be fully connected. Moreover, neighbors do not notify the learned ibgp routes. Configuring to send default route to a peer group if you only need to notify a defau...

Page 371

Configuring bgp 371 interior bgp session can be configured to specify the source interface. This command is usually used on the loopback interface. By default, bgp uses the interface to establish bgp links for the source interface of a route update packet. Configuring bgp md5 authentication password...

Page 373

Configuring bgp 373 configuring network routes for bgp distribution perform the following configuration in bgp view. By default, no network route is configured for bgp distribution. Configuring the interaction between bgp and igp (importing igp routes) bgp can transmit the internal network informati...

Page 375

Configuring bgp 375 by default, bgp does not receive the routing information advertised by other routing protocols. N ■ the filter-policy import command filters bgp route received from the neighbors. The routes that cannot pass the filter will not be added to the routing table, and will not be adver...

Page 377

Configuring bgp 377 the local preference is transmitted only when the ibgp peers exchange the update packets and it will not be transmitted beyond the local as. By default, the local preference is 100. Configuring med for as multi-exit discriminators (med) attribute is the external metric for a rout...

Page 379

Configuring bgp 379 configuring the route reflection between clients perform the following configuration in bgp view. By default, the route reflection between clients is allowed. If the clients are fully connected, for the purpose of overhead reduction, it is recommended to use the undo reflect betw...

Page 381

Configuring bgp 381 configuring bgp load balancing as bgp is a routing protocol for route selection only, it does not provide a route calculation method. Therefore, it is not possible to determine whether to enable load balancing based on a definite metric value. However, the bgp owns a variety of r...

Page 383

Displaying and debugging bgp 383 displaying and debugging bgp after the above configuration, execute the display command in any view to display the running of the bgp configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear the statistics of the c...

Page 385

Typical bgp configuration examples 385 [switch a] bgp 1001 [switch a-bgp] confederation id 100 [switch a-bgp] confederation peer-as 1002 1003 [switch a-bgp] group confed1002 external [switch a-bgp] peer confed1002 as-number 1002 [switch a-bgp] group confed1003 external [switch a-bgp] peer confed1003...

Page 387

Typical bgp configuration examples 387 [switch c] interface vlan-interface 4 [switch c-vlan-interface4] ip address 194.1.1.1 255.255.255.0 # configure bgp peers and route reflector. [switch c] bgp 200 [switch c-bgp] group rr internal [switch c-bgp] peer rr reflect-client [switch c-bgp] peer 193.1.1....

Page 389

Typical bgp configuration examples 389 [switch b-vlan-interface4] ip address 194.1.1.2 255.255.255.0 [switch b] ospf [switch b-ospf-1] area 0 [switch b-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [switch b-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [switch b] bgp 200 [switch b-bgp] group ...

Page 391

Troubleshooting bgp 391 symptom 2: bgp route cannot be advertised correctly after route of igp is imported with the network command. Solution: route imported by the network command should be same as a route in the current routing table, which should include destination segment and mask. Route coveri...

Page 393: Ip R

34 ip r outing p olicy c onfiguration introduction to ip routing policy when a router advertises or receives routing information, it possibly needs to implement some policies to filter the routing information, so as to receive or advertise the routing information which can meet the specified conditi...

Page 395

Configuring ip routing policy 395 each node consists of a group of if-match clauses and apply clauses. The if-match clauses define the matching rules. The different if-match clauses for a node have the relationship of "and". That is, the route must satisfy all the if-match clauses for the node to ma...

Page 397

Configuring ip routing policy 397 defining apply clauses for a route-policy the apply clauses specify actions, which are the configuration commands executed after a route satisfies the filtering conditions specified by the if-match clauses. Thereby, some attributes of the route can be modified. Perf...

Page 399

Configuring ip routing policy 399 configuring a community attribute list in bgp, community attribute is optional and transitive. Some community attributes known globally are called standard community attributes. Some community attributes are for special purpose. You can also define expanded communit...

Page 401

Displaying and debugging the routing policy 401 bgp: route acquired by bgp by default, the filtering of the received and advertised routes will not be performed. Displaying and debugging the routing policy after the above configuration, execute the display command in any view to display the running ...

Page 403

Troubleshooting routing policy 403 the if-match mode of at least one list item of the ip-prefix should be the permit mode. The list items of the deny mode can be defined first to rapidly filter the routing information not satisfying the requirement, but if all the items are in the deny mode, any rou...

Page 405: Oute

35 r oute c apacity c onfiguration route capacity configuration introduction to route capacity in an actual network application, a routing table may contain a large quantity of route entries (especially ospf routes and bgp routes). Generally, the routing information is stored in the memory of the sw...

Page 407: Ecursive

36 r ecursive r outing c onfiguration recursive routing configuration recursive routing overview every route entry must have its next hop address. For a common route, its next hop address is within the network segment to which the router is directly connected; for a route requiring recursion, its ne...

Page 409: Ip M

37 ip m ulticast o verview n an ethernet switch functions as a router when it runs ip multicast protocol. A router that is referred to in the following represents a generalized router or a layer 3 ethernet switch running ip multicast protocol. Ip multicast overview problems with unicast/broadcast th...

Page 411

Implementation of ip multicast 411 distribution of these users in the group. Finally, the information is transmitted to the intended receivers b,d and e properly and correctly. In multicast mode, the information sender is called the "multicast source", the receiver is called the "multicast group", a...

Page 413

Implementation of ip multicast 413 ethernet multicast mac addresses when a unicast ip packet is transmitted on the ethernet, the destination mac address is the mac address of the receiver. However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific m...

Page 415

Rpf mechanism for ip multicast packets 415 address is the rp address of the shared tree. A multicast packet arriving at the router will be forwarded according to the multicast forwarding entry if it passes the rpf check, or else, it will be discarded..

Page 417: Tatic

38 s tatic m ulticast mac a ddress c onfiguration static multicast mac address overview the concept of "static multicast mac address" is proposed to fulfill the feature of static layer 2 multicast. When some network users need some specific information, the multicast information sender (the multicas...

Page 419: Igmp S

39 igmp s nooping c onfiguration igmp snooping overview igmp snooping principle running on the link layer, igmp snooping is a multicast control mechanism on the layer 2 ethernet switch and it is used for multicast group management and control. When receiving the igmp messages transmitted between the...

Page 421

Igmp snooping overview 421 figure 104 implement igmp snooping ■ igmp general query message: transmitted by the multicast router to the multicast group members to query which multicast group contains member. When an igmp general query message arrives at a router port, the ethernet switch will reset t...

Page 423

Igmp snooping configuration 423 ■ isolate-user-vlan supports the igmp-snooping function. After igmp-snooping is enabled under isolate-user-vlan, all secondary vlans are igmp-snooping enabled. It makes no sense to enable igmp-snooping for a secondary vlan. ■ in a secondary vlan, igmp packets will be ...

Page 425

Igmp snooping configuration 425 c caution: ■ if an inexistent acl-number is bound to the vlan, or if the bound acl-number is not configured with a rule, a host is still allowed to join any multicast group. ■ if no acl-number exists, you can also configure the filtering rule of multicast groups in vl...

Page 427

Displaying and maintaining igmp snooping 427 ■ you will fail to configure a port to be a static routing port if the vlan identified by the vlan-id argument does not exist or the port does not belong to the vlan. ■ you can configure multiple ports in a vlan to be static routing ports by performing th...

Page 429

Troubleshooting igmp snooping 429 ■ if igmp snooping is not enabled, carry out the igmp-snooping enable command in system view to enable igmp snooping. Then, use the same command in vlan view to enable igmp snooping in the corresponding vlan. 2 multicast forwarding table set up by igmp snooping is i...

Page 431: Ulticast

40 m ulticast vlan c onfiguration multicast vlan overview based on the current multicast on demand, when users in different vlans request the service, multicast flow is duplicated in each vlan and thus a great deal of bandwidth is wasted. To solve this problem, we provide the multicast vlan feature....

Page 433