- DL manuals
- H3C
- Switch
- S3610-28F
- Operation Manual
H3C S3610-28F Operation Manual - 1.4 Service Loop Group
Operation Manual – Link Aggregation
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 Link Aggregation Overview
1-6
z
For a known Layer 2 unicast packet, the switch selects the forwarding port based
on the least significant six bits in the source MAC address and the least significant
six bits in the destination MAC address.
z
For a unicast IP packet with the destination MAC address being known, the switch
selects the forwarding port based on the lower order 6 bits in the source MAC
address, the lower order 6 bits in the destination MAC address, the lower order 6
bits in the source IP address, the lower order bits 16 through 21 in the source IP
address, the lower order 6 bits in the destination IP address, and the lower order
bits 16 through 21 in the destination IP address.
z
For a broadcast/multicast/unknown unicast packet, the switch selects the
forwarding port based on its VLAN ID, source port ID, and source device ID.
Caution:
The arrived broadcasts/multicasts/unknown unicasts may be distributed over different
selected ports if they have different VLAN IDs, source ports, or source devices; if they
are only different in source MAC address, they are forwarded out the same port.
1.4 Service Loop Group
You can create a service loop group by creating a manual aggregation group of
service-loop ports first and then specifying which services can be redirected for the
group. At present, you may specify to redirect four types of services, IPv6 (IPv6 unicast),
IPv6mc (IPv6 multicast), tunnel, and MPLS.
Note:
Currently, the S3610&S5510 series Ethernet switches support to redirect tunnel
services only.
After creating a service-loop group, assign ports that support its service type to the
group considering the following:
z
These ports can be configured only with the physical configuration such as speed
and duplex mode, QoS, and ACL. Other conflicting configurations, such as STP
cannot be configured.
z
These ports must belong to VLAN 1.
After assigning a port to a service-loop group, you may configure it with other
non-conflicting settings, such as QoS.
Summary of S3610-28F
Page 1
H3c s3610&s5510 series ethernet switches operation manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: 20081229-c-1.01 product version: release 5303.
Page 2
Copyright © 2006-2008, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , i...
Page 3: About This Manual
About this manual related documentation in addition to this manual, each h3c s3610&s5510 series ethernet switches documentation set includes the following: manual description h3c s3610&s5510 series ethernet switches command manual-release 5303 it is used for assisting the users in using various comm...
Page 4
Part contents 7 mac address table management introduces mac address forwarding table and the related configuration. 8 ip source guard introduces ip source guard configuration. 9 mstp introduces stp, brdu tunnel and the related configurations. 10 ipv6 introduces ipv6 basic configuration and applicati...
Page 5
Part contents 28 file system management introduces basic configuration for file system management. 29 information center introduces the configuration to analyze and diagnose networks using the information center. 30 system maintaining and debugging introduces daily system maintenance and debugging. ...
Page 7: Table of Contents
Operation manual – product overview h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 obtaining the documentation .................................................................................... 1-1 1.1 cd-rom ..................................................
Page 8: 1.1 Cd-Rom
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 1 obtaining the documentation 1-1 chapter 1 obtaining the documentation h3c technology co., ltd. Provides various ways for you to obtain documentation, through which you can obtain the product documentations and tho...
Page 9: 1.3 Software Release Notes
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 1 obtaining the documentation 1-2 1.3 software release notes with software upgrade, new software features may be added. You can acquire the information about the newly added software features through software releas...
Page 10: 2.2 Document List
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 2 documentation and software version 2-1 chapter 2 documentation and software version 2.1 software version for the manual h3c s3610&s5510 series ethernet switches operation manual release 5303 and h3c s3610&s5510 se...
Page 11: Chapter 3 Product Overview
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-1 chapter 3 product overview 3.1 preface h3c s3610&s5510 series ethernet switches are wire speed l2/l3 ethernet switches developed by h3c technology. They are intelligent network management swit...
Page 12
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-2 model power supply unit (psu) number service ports number of 100 mbps ports number of 1,000 mbps uplink ports console port s3610-52m -ac ac-input 1 s3610-52m -dc dc-input up to 48×10/100 mbps ...
Page 13: 3.3 Software Features
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-3 ethernet switch is shipped with a power supply module installed in the power supply slot pwr1 only. The power supply slot pwr2 is covered by a blank panel. You can optionally install an ac/dc ...
Page 14
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-4 part feature 06-link aggregation z static link aggregation using lacp (link aggregation control protocol) z manually created link aggregation group 07-mac address table management z configurin...
Page 15
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-5 part feature 15-multicast protocol z internet group management protocol (igmp) snooping z multicast listener discovery (mld)-snooping z internet group management protocol (igmp) z protocol-ind...
Page 16
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 3 product overview 3-6 part feature 25- snmp-rmon z simple network management protocol (snmp) v3, compatible with snmp v1/v2 z remote monitoring (rmon) 26-ntp z network time protocol (ntp) 27-dns z static dns z dyna...
Page 17: Applications
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-1 chapter 4 networking applications 4.1 h3c s3610 series ethernet switches networking applications 4.1.1 broadband ethernet access for residential communities on the broadband access netw...
Page 18
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-2 figure 4-2 h3c s3610 series application in branch network of midsize/large enterprise 4.1.3 application in large enterprise and campus networks in a large enterprise or campus network, ...
Page 19
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-3 pc intranet backbone s3100 series s3100 series fe 100m s3610 series department server s9500/7500 series ge 1000m s3610 series server cluster pc pc figure 4-3 h3c s3610 series applicatio...
Page 20: Applications
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-4 ipv4 backbone layer 3 switch 6to4 tunnel 6to4 tunnel ipv4 server ipv6 server s3610 series s3610 series s3100 series s3100 series ipv4 host ipv4 host ipv6 host ipv4 host ipv6 host figure...
Page 21
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-5 man backbone building network building network building network building network s3100 series s3100 series s5510 series s5510 series ge/ge aggregation ge/ge aggregation ge ge ge ge ge l...
Page 22
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-6 figure 4-6 network diagram for using h3c s5510 series ethernet switches in networks of small-/medium-sized and large enterprises 4.2.3 application in large enterprise and campus network...
Page 23
Operation manual – product overview h3c s3610&s5510 series ethernet switches chapter 4 networking applications 4-7 4.2.4 ipv4/ipv6 hybrid networking full ipv4 networking and full ipv6 networking are similar. At the early stage of ipv6 implementation, however, ipv4/ipv6 hybrid networks are common. Th...
Page 24: Table of Contents
Operation manual – login h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 logging into an ethernet switch ............................................................................... 1-1 1.1 logging into an ethernet switch .....................................
Page 25
Operation manual – login h3c s3610&s5510 series ethernet switches table of contents ii chapter 4 logging in using modem............................................................................................ 4-1 4.1 introduction ......................................................................
Page 26
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 1 logging into an ethernet switch 1-1 chapter 1 logging into an ethernet switch 1.1 logging into an ethernet switch you can log into an s3610&s5510 series ethernet switch in one of the following ways: z logging in locally thro...
Page 27
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 1 logging into an ethernet switch 1-2 z vty user interfaces: numbered after aux user interfaces and increases in the step of 1 2) a relative user interface index can be obtained by appending a number to the identifier of a use...
Page 28
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 1 logging into an ethernet switch 1-3 to do… use the command… remarks set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the t...
Page 29: 2.1 Introduction
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-1 chapter 2 logging in through the console port note: the default system name of s3610&s5510 series ethernet switches is h3c, that is, the command line prompt is h3c. All the following e...
Page 30
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-2 figure 2-1 diagram for setting the connection to the console port z if you use a pc to connect to the console port, launch a terminal emulation utility (such as terminal in windows 3.X...
Page 31
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-3 figure 2-4 set port parameters terminal window z turn on the switch. The user will be prompted to press the enter key if the switch successfully completes post (power-on self test). Th...
Page 32
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-4 table 2-2 common configuration of console port login configuration description baud rate optional the default baud rate is 9,600 bps. Check mode optional by default, the check mode of ...
Page 33
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-5 caution: changing of console port configuration terminates the connection to the console port. To establish the connection again, you need to modify the configuration of the terminatio...
Page 34: Mode Being None
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-6 authenticatio n mode console port login configuration description specify to perform local authentication or radius authentication aaa configuration specifies whether to perform local ...
Page 35
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-7 to do… use the command… remarks configure not to authenticate users authentication-mode none required by default, users logging in through the console port are not authenticated. Set t...
Page 36
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-8 to do… use the command… remarks set the history command buffer size history-command max-size value optional the default history command buffer size is 10. That is, a history command bu...
Page 37
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-9 z the screen can contain up to 30 lines. Z the history command buffer can contain up to 20 commands. Z the timeout time of the aux user interface is 6 minutes. Ii. Network diagram figu...
Page 38: Mode Being Password
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-10 the pc, to make the configuration consistent with that on the switch. Refer to section 2.2 “ setting up the connection to the console port ” for more. 2.5 console port login configura...
Page 40
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-12 scenario authentication mode user type command command level the user privilege level level command already executed determined by the level argument 2.5.2 configuration example i. Ne...
Page 41
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-13 # enter aux user interface view. [h3c] user-interface aux 0 # specify to authenticate the user logging in through the console port using the local password. [h3c-ui-aux0] authenticati...
Page 42: Mode Being Scheme
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-14 2.6 console port login configuration with authentication mode being scheme 2.6.1 configuration procedure to do… use the command… remarks enter system view system-view — enter the defa...
Page 43
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-15 to do… use the command… remarks set the baud rate speed speed-value optional the default baud rate of the aux port (also the console port) is 9,600 bps. Set the check mode parity { ev...
Page 44
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-16 to do… use the command… remarks set history command buffer size history-command max-size value optional the default history command buffer size is 10. That is, a history command buffe...
Page 45
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-17 table 2-6 determine the command level scenario authentication mode user type command command level the user privilege level level command is not executed, and the service-type termina...
Page 46
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-18 z the history command buffer can store up to 20 commands. Z the timeout time of the aux user interface is 6 minutes. Ii. Network diagram figure 2-7 network diagram for aux user interf...
Page 47
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 2 logging in through the console port 2-19 [h3c-ui-aux0] history-command max-size 20 # set the timeout time of the aux user interface to 6 minutes. [h3c-ui-aux0] idle-timeout 6 after the above configuration, to ensure a succes...
Page 48: 3.1 Introduction
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-1 chapter 3 logging in through telnet 3.1 introduction you can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the telnet te...
Page 49
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-2 table 3-2 common telnet configuration configuration description configure the command level available to users logging into the vty user interface optional by default, commands of level 0 are av...
Page 50
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-3 table 3-3 telnet configurations for different authentication modes authentication mode telnet configuration description none perform common configuration perform common telnet configuration opti...
Page 51: None
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-4 3.2 telnet configuration with authentication mode being none 3.2.1 configuration procedure to do… use the command… remarks enter system view system-view — enter one or more vty user interface vi...
Page 52
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-5 to do… use the command… remarks set the history command buffer size history-command max-size value optional the default history command buffer size is 10. That is, a history command buffer can s...
Page 53
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-6 z do not authenticate users logging into vty 0. Z commands of level 2 are available to users logging into vty 0. Z telnet protocol is supported. Z the screen can contain up to 30 lines. Z the hi...
Page 54: Password
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-7 3.3 telnet configuration with authentication mode being password 3.3.1 configuration procedure to do… use the command… remarks enter system view system-view — enter one or more vty user interfac...
Page 55
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-8 to do… use the command… remarks set the maximum number of lines the screen can contain screen-length screen-length optional by default, the screen can contain up to 24 lines. You can use the scr...
Page 56
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-9 3.3.2 configuration example i. Network requirements assume that you are a level 3 aux user and want to perform the following configuration for telnet users logging into vty 0: z authenticate use...
Page 57: Scheme
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-10 [h3c-ui-vty0] history-command max-size 20 # set the timeout time to 6 minutes. [h3c-ui-vty0] idle-timeout 6 3.4 telnet configuration with authentication mode being scheme 3.4.1 configuration pr...
Page 58
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-11 to do… use the command… remarks configure to authenticate users locally or remotely authentication-mode scheme required the specified aaa scheme determines whether to authenticate users locally...
Page 59
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-12 to do… use the command… remarks set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the timeou...
Page 60
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-13 table 3-6 determine the command level when users logging into switches are authenticated in the scheme mode scenario authenticat ion mode user type command command level the user privilege leve...
Page 61
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-14 scenario authenticat ion mode user type command command level the user privilege level level command is executed, and the service-type command does not specify the available command level. Leve...
Page 62
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-15 iii. Configuration procedure # enter system view, and enable the telnet service. System-view [h3c] telnet server enable # create a local user named “guest” and enter local user view. [h3c] loca...
Page 63
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-16 z execute the following commands in the terminal window to assign an ip address to the management vlan interface of the switch. # configure the ip address of the management vlan interface to be...
Page 64
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-17 figure 3-5 launch telnet step 5: enter the password when the telnet window displays “login authentication” and prompts for login password. The cli prompt (such as ) appears if the password is c...
Page 65
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 3 logging in through telnet 3-18 figure 3-6 network diagram for telnetting to another switch from the current switch step 1: configure the user name and password for telnet on the switch operating as the telnet server. Refer t...
Page 66: 4.1 Introduction
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 4 logging in using modem 4-1 chapter 4 logging in using modem 4.1 introduction the administrator can log into the console port of a remote switch using a modem through pstn (public switched telephone network) if the remote swi...
Page 67
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 4 logging in using modem 4-2 at&k0 ----------------------- disable flow control at&r1 ----------------------- ignore rts signal at&s0 ----------------------- set dsr to high level by force ateq1&w ----------------------- disab...
Page 68
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 4 logging in using modem 4-3 iii. Configuration on switch when the authentication mode is scheme refer to section 2.6 " console port login configuration with authentication mode being scheme ”. 4.4 modem connection establishme...
Page 69
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 4 logging in using modem 4-4 figure 4-1 establish the connection by using modems step 4: launch a terminal emulation utility on the pc and set the telephone number to call the modem directly connected to the switch, as shown i...
Page 70
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 4 logging in using modem 4-5 figure 4-3 call the modem step 5: provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the ...
Page 71: Network Management System
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 5 logging in through web-based network management system 5-1 chapter 5 logging in through web-based network management system 5.1 introduction an s3610&s5510 series switch has a web server built in. You can log into an s3610&s...
Page 72
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 5 logging in through web-based network management system 5-2 system-view [h3c] interface vlan-interface 1 [h3c-vlan-interface1] ip address 10.153.17.82 255.255.255.0 step 2: configure the user name and the password for the web...
Page 73: 5.4 Displaying Web Users
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 5 logging in through web-based network management system 5-3 to do… use the command… remarks enter system view system-view — shut down the web server undo ip http enable required execute this command in system view. The web se...
Page 74: 6.1 Introduction
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 6 logging in through nms 6-1 chapter 6 logging in through nms 6.1 introduction you can also log into a switch through an nms (network management station), and then configure and manage the switch through the agent module on th...
Page 75: Telnet Service Packets
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 7 configuring source ip address for telnet service packets 7-1 chapter 7 configuring source ip address for telnet service packets go to these sections for information you are interested in: z overview z configuring source ip a...
Page 76: Telnet Packets
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 7 configuring source ip address for telnet service packets 7-2 ii. Configuration in system view table 7-2 configure a source ip address for service packets in system view to do… use the command… remarks enter system view syste...
Page 77: 8.1 Introduction
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-1 chapter 8 controlling login users 8.1 introduction a switch provides ways to control different types of login users, as listed in table 8-1 . Table 8-1 ways to control different types of login use...
Page 79
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-3 to do… use the command… remarks quit to system view quit — enter user interface view user-interface [ type ] first-number [ last-number ] — apply the acl to control telnet users by specified sourc...
Page 80: Addresses
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-4 8.2.5 configuration example i. Network requirements only the telnet users sourced from the ip address of 10.110.100.52 and 10.110.100.46 are permitted to log into the switch. Ii. Network diagram f...
Page 81
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-5 8.3.1 prerequisites the controlling policy against network management users is determined, including the source ip addresses to be controlled and the controlling actions (permitting or denying). 8...
Page 83
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-7 ii. Network diagram figure 8-2 network diagram for controlling snmp users using acls iii. Configuration procedure # define a basic acl. System-view [h3c] acl number 2000 match-order config [h3c-ac...
Page 84
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-8 8.4.2 controlling web users by source ip addresses controlling web users by source ip addresses is achieved by applying basic acls, which are numbered from 2000 to 2999. To do… use the command… re...
Page 85
Operation manual – login h3c s3610&s5510 series ethernet switches chapter 8 controlling login users 8-9 ii. Network diagram figure 8-3 network diagram for controlling web users using acls iii. Configuration procedure # define a basic acl. System-view [h3c] acl number 2030 match-order config [h3c-acl...
Page 86: Table of Contents
Operation manual – vlan h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 vlan configuration .................................................................................................... 1-1 1.1 introduction to vlan..........................................
Page 87
Operation manual – vlan h3c s3610&s5510 series ethernet switches table of contents ii 3.1.3 protocols and standards......................................................................................... 3-5 3.2 gvrp configuration task list..............................................................
Page 88: 1.1 Introduction to Vlan
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-1 chapter 1 vlan configuration when configuring vlan, go to these sections for information you are interested in: z introduction to vlan z configuring basic vlan attributes z basic vlan interface z port-b...
Page 89
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-2 a vlan is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same vlan, users in a vlan can be connected to the same switch, or span ac...
Page 90
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-3 the vlan tag comprises four fields: the tag protocol identifier (tpid) field, the priority field, the canonical format indicator (cfi) field, and the vlan id field. Z the tpid field, 16 bits in length a...
Page 91
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-4 1.2 configuring basic vlan attributes follow these steps to configure basic vlan attributes: to do… use the command… remarks enter system view system-view — create vlans vlan { vlan-id1 [ to vlan-id2 ] ...
Page 92
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-5 be an ip network segment and the vlan interface can be the gateway to enable ip address-based layer 3 forwarding. Follow these steps to configure vlan interface basic attributes: to do… use the command…...
Page 93
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-6 1.4 port-based vlan configuration 1.4.1 introduction to port-based vlan this is the simplest and yet the most effective way of classifying vlans. It groups vlan members by port. After added to a vlan, a...
Page 94
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-7 table 1-1 how a port handles inbound/outbound packets inbound packets handling port type if no tag is carried in the packet if a tag is carried in the packet outbound packets handling access port z rece...
Page 95
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-8 unnecessary. Thus, you can disable vlan check on the port to have it receive packets directly and handle them as configured. Note: disabling vlan check on a port only affects incoming packets. When the ...
Page 96
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-9 to do… use the command… remarks add the current access port to a specified vlan port access vlan vlan-id optional by default, all access ports belong to vlan 1. Note: to add an access port to a vlan, ma...
Page 97
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-10 note: z to convert a trunk port into a hybrid port (or vice versa), you need to use the access port as a medium. For example, the trunk port has to be configured as an access port first and then a hybr...
Page 98
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-11 note: z to change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Z ensure that the vlans already exist before configuring them to pass through a...
Page 99
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-12 z if the packet matches a protocol template, the packet will be tagged with the vlan id of the protocol-based vlan defined by the protocol template. Z if the packet matches no protocol template, the pa...
Page 100
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-13 to do… use the command… remarks allow the packets of protocol-based vlans to pass through the current hybrid port in untagged way (with the tags of the packets stripped) port hybrid vlan vlan-id-list u...
Page 101
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-14 note: this feature is only applicable to hybrid ports. Follow these steps to configure an ip-subnet-based vlan: to do… use the command… remarks enter system view system-view — enter vlan view vlan vlan...
Page 103
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-16 [devicea-vlan2] quit [devicea] vlan 100 [devicea-vlan100] vlan 6 to 50 please wait... Done. # enter ethernet 1/0/1 port view. [devicea] interface ethernet 1/0/1 # configure ethernet 1/0/1 as a trunk po...
Page 104
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 1 vlan configuration 1-17 port priority: 0 last 300 seconds input: 0 packets/sec 0 bytes/sec last 300 seconds output: 0 packets/sec 0 bytes/sec input (total): - packets, - bytes - broadcasts, - multicasts input (normal): 0 pack...
Page 105
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-1 chapter 2 voice vlan configuration when configuring voice vlan, go to these sections for information you are interested in: z introduction to voice vlan z configuring voice vlan z displaying and m...
Page 106
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-2 note: z as the first 24 bits of a mac address (in binary format), an oui address is a globally unique identifier assigned to a vendor by ieee (institute of electrical and electronics engineers). Z...
Page 107
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-3 table 2-2 voice vlan operating mode and the corresponding voice traffic types port voice vlan mode voice traffic type port link type access: not supported trunk: supported provided that the defaul...
Page 108: 2.2 Configuring Voice Vlan
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-4 caution: z if the voice traffic sent by an ip phone is tagged and that the access port has 802.1x authentication and guest vlan enabled, assign different vlan ids for the voice vlan, the default v...
Page 109
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-5 2.2.2 configuring voice vlan mode on a port to automatic mode follow these steps to set the port voice vlan mode to automatic: to do... Use the command... Remarks enter system view system-view — c...
Page 110
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-6 2.2.3 configuring voice vlan mode on a port to manual mode follow these steps to set the port voice vlan mode to manual: to do... Use the command... Remarks enter system view system-view — enable ...
Page 111
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-7 note: z only one vlan of a device can have the voice vlan function enabled at a time, and the vlan must be an exsiting static vlan. Z a port that has the link aggregation control protocol (lacp) e...
Page 112
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-8 ii. Network diagram internet device a eth1/0/1 vlan2 vlan2 010-1001 oui:0011-2200-0000 mask:ffff-ff00-0000 device b figure 2-1 network diagram for automatic voice vlan mode configuration iii. Conf...
Page 113
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-9 # enable the voice vlan feature on the port. [devicea-ethernet1/0/1] voice vlan enable [devicea-ethernet1/0/1] return iv. Verification # display information about the oui addresses, oui address ma...
Page 114
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-10 ii. Network diagram internet device a eth1/0/1 vlan2 vlan2 010-1001 oui:0011-2200-0000 mask:ffff-ff00-0000 device b figure 2-2 network diagram for manual voice vlan mode configuration iii. Config...
Page 115
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 2 voice vlan configuration 2-11 iv. Verification # display information about the oui addresses, oui address masks, and descriptive strings. Display voice vlan oui oui address mask description 0001-e300-0000 ffff-ff00-0000 sieme...
Page 116: 3.1 Introduction to Gvrp
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-1 chapter 3 gvrp configuration garp vlan registration protocol (gvrp) is a garp application. It functions based on the operating mechanism of garp to maintain and propagate dynamic vlan registration infor...
Page 117
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-2 participant sends leaveall messages upon the expiration of the leaveall timer, which is triggered when the garp participant is created. Join messages, leave messages, and leaveall message make sure the ...
Page 118
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-3 attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals, handles attributes of other participants. When...
Page 119
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-4 field description value attribute consists of an attribute length, an attribute event, and an attribute value –– attribute length number of octets occupied by an attribute, inclusive of the attribute le...
Page 120: 3.3 Configuring Gvrp
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-5 forbidden registration type thus allows only vlan 1 to pass through even though it is configured to carry all vlans. 3.1.3 protocols and standards gvrp is described in ieee 802.1q. 3.2 gvrp configuratio...
Page 122
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-7 table 3-2 dependencies of garp timers timer lower limit upper limit hold 10 centiseconds not greater than half of the join timer setting join not less than two times the hold timer setting less than hal...
Page 123
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-8 3.5 gvrp configuration examples 3.5.1 gvrp configuration example i i. Network requirements configure gvrp for dynamic vlan information registration and update among devices, adopting the normal registra...
Page 124
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-9 [deviceb-ethernet1/0/1] quit # create vlan 3 (a static vlan). [deviceb] vlan 3 3) verify the configuration # display dynamic vlan information on device a. [devicea] display vlan dynamic now, the followi...
Page 125
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-10 [devicea-ethernet1/0/1] gvrp registration fixed [devicea-ethernet1/0/1] quit # create vlan 2 (a static vlan). [devicea] vlan 2 2) configure device b # enable gvrp globally. System-view [deviceb] gvrp #...
Page 126
Operation manual – vlan h3c s3610&s5510 series ethernet switches chapter 3 gvrp configuration 3-11 iii. Configuration procedure 1) configure device a # enable gvrp globally. System-view [devicea] gvrp # configure port ethernet 1/0/1 as a trunk port, allowing all vlans to pass. [devicea] interface et...
Page 127: Table of Contents
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ip addressing configuration ...................................................................................... 1-1 1.1 ip addressing overview ...................
Page 128: 1.1 Ip Addressing Overview
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-1 chapter 1 ip addressing configuration when assigning ip addresses to interfaces on your device, go to these sections for information you are interested in: z ip address...
Page 129
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-2 table 1-1 describes the address ranges of these five classes. Currently, the first three classes of ip addresses are used in quantity. Table 1-1 ip address classes and ...
Page 130
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-3 each subnet mask comprises 32 bits related to the corresponding bits in an ip address. In a subnet mask, the part containing consecutive ones identifies the combination...
Page 131
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-4 note: this chapter only covers how to assign an ip address manually. For other approaches, refer to dhcp configuration. This section includes: z assigning an ip address...
Page 132
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-5 1.2.2 ip addressing configuration example i. Network requirements as shown in figure 1-3 , vlan-interface 1 on switch is connected to a lan comprising two segments: 172...
Page 133
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-6 ping 172.16.1.2: 56 data bytes, press ctrl_c to break reply from 172.16.1.2: bytes=56 sequence=1 ttl=255 time=25 ms reply from 172.16.1.2: bytes=56 sequence=2 ttl=255 t...
Page 134
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 1 ip addressing configuration 1-7 1.3 displaying and maintaining ip addressing to do… use the command… remarks display information about a specified or all layer 3 interfaces display ip interface [ inte...
Page 135
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-1 chapter 2 ip performance configuration when configuring ip performance, go to these sections for information you are interested in: z ip performance overview z enablin...
Page 136
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-2 2.2.1 enabling reception of directed broadcasts to a directly connected network if a device is enabled to receive directed broadcasts, the device will determine whethe...
Page 137
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-3 2.2.3 configuration example i. Network requirements as shown in figure 2-1 , the host’s interface and vlan-interface 3 of switch a are on the same network segment (1.1...
Page 138
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-4 after the above configurations, if you ping the subnet broadcast address (2.2.2.255) of vlan-interface 2 of switch a on the host, the ping packets can be received by v...
Page 139
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-5 note: z if the md5 authentication is enabled, the syn cookie feature will not function. After the md5 authentication is disabled, the configured syn cookie feature wil...
Page 140
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-6 note: z with the protection against naptha attack enabled, the device will periodically check and record the number of tcp connections in each state. Z with the protec...
Page 141
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-7 caution: the actual length of the finwait timer is determined by the following formula: actual length of the finwait timer = (configured length of the finwait timer – ...
Page 142
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-8 3) sending icmp destination unreachable packets if the device receives an ip packet with the destination unreachable, it will drop the packet and send an icmp destinat...
Page 143
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-9 to do… use the command… remarks disable sending icmp destination unreachable packets undo ip unreachables required enabled by default. Note: z the device stops sending...
Page 144
Operation manual – ip addressing and performance h3c s3610&s5510 series ethernet switches chapter 2 ip performance configuration 2-10 to do… use the command… remarks clear statistics of ip packets reset ip statistics clear statistics of tcp connections reset tcp statistics clear statistics of udp fl...
Page 145: Table of Contents
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 qinq configuration ..................................................................................................... 1-1 1.1 introduction to qinq..........................
Page 146: 1.1 Introduction to Qinq
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-1 chapter 1 qinq configuration when configuring qinq, go to these sections for information you are interested in: z introduction to qinq z configuring basic qinq z configuring selective qin...
Page 147
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-2 advantages of qinq: z addresses the shortage of public vlan id resource. Z enables customers to plan their own vlan ids, without running into conflicts with public network vlan ids. Z pro...
Page 148: 1.2 Configuring Basic Qinq
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-3 the systems of different vendors may set the tpid of the outer vlan tag of qinq frames to different values. For compatibility with these systems, the s3600 and s5510 series switches allow...
Page 149
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-4 to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type interface-number enter ethernet port view or port group view enter in...
Page 150
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-5 caution: z an inner vlan tag corresponds to only one outer vlan tag. If you want to change an outer vlan tag, you must delete the old outer vlan tag configuration and configure a new oute...
Page 151
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-6 note: z you cannot modify an existing mac address synchronization rule. To do that, you must remove the rule and then create a new one. Z if you synchronize mac addresses of the same sour...
Page 152
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-7 z frames of vlan 10 of customer a and frames of vlan 10 of customer b can be forwarded to each other through vlan 1000 of the provider network; frames of vlan 20 of customer a and frames ...
Page 153
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-8 # configure ethernet 1/0/1 as a hybrid port that permits frames of vlan 1000 and vlan 2000 to pass, and configure the port to remove the outer tag of the fames when sending them out. [pro...
Page 154
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 1 qinq configuration 1-9 [providerb] interface ethernet 1/0/1 [providerb-ethernet1/0/1] port link-type trunk [providerb-ethernet1/0/1] port trunk permit vlan 1000 2000 # to enable interoperability with the third-...
Page 155
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-1 chapter 2 bpdu tunneling configuration when configuring bpdu tunneling, go to these sections for information you are interested in: z introduction to bpdu tunneling z configurin...
Page 156
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-2 ii. Bpdu transparent transmission as shown in figure 2-1 , the upper part is the service provider network, and the lower part represents the customer networks. The customer netw...
Page 157
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-3 2.2 configuring bpdu isolation perform the following tasks to configure bpdu isolation: to do... Use the command... Remarks enter system view system-view — enable bpdu tunneling...
Page 158: Bpdu Tunnel Frames
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-4 to do... Use the command... Remarks enter ethernet port view interface interface-type interface-number enter ethernet port view or port group view enter port group view port-gro...
Page 159
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-5 follow these steps to configure destination multicast mac address for bpdu tunnel frames: to do… use the command… remarks enter system view system-view — configure the destinati...
Page 160
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-6 iii. Configuration procedure 1) configuration on provider a # configure bpdu transparent transmission on ethernet 1/0/1. System-view [providera] interface ethernet 1/0/1 [provid...
Page 161
Operation manual – qinq-bpdu tunneling h3c s3610&s5510 series ethernet switches chapter 2 bpdu tunneling configuration 2-7 note: when stp works stably on the customer network, if customer a acts as the root bridge, the ports of customer c and customer d connected with provider c can receive bpdus fr...
Page 162: Table of Contents
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ethernet port configuration ....................................................................................... 1-1 1.1 ethernet port configuration ............
Page 163
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-1 chapter 1 ethernet port configuration 1.1 ethernet port configuration complete the following tasks to perform ethernet port configuration: task remarks configuring a c...
Page 164
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-2 note: currently, only dual-combo ports are supported on s3610/s5510 series switches. Ii. Configuring combo port state follow these steps to configure the state for a d...
Page 165
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-3 to do... Use the command... Remarks set the description string description text optional by default, the description string is “interface index + interface”. Set the d...
Page 166
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-4 to do... Use the command... Remarks enter ethernet port view interface interface-type interface-number — enable flow control flow-control required turned off by defaul...
Page 167
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-5 1.1.5 configuring a port group to make the configuration task easier for users, certain devices allow users to configure on a single port as well as on multiple ports ...
Page 168
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-6 1.1.6 configuring the broadcast storm suppression ratio for an ethernet port you can suppress broadcast traffic by performing the configuration described in this secti...
Page 169
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-7 1.1.8 enabling the forwarding of jumbo frames due to tremendous amount of traffic occurring in ethernet, it is likely that some frames might have a frame size greater ...
Page 170
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-8 to do... Use the command... Remarks enable loopback detection on a port loopback-detection enable required disabled by default enable loopback detection control on a t...
Page 171
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 1 ethernet port configuration 1-9 note: the mdi command is not supported on a combo optical port. 1.1.11 testing the cable on an ethernet port note: z the optical ports of a combo ports do not support ...
Page 173
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 2 port isolation configuration 2-1 chapter 2 port isolation configuration 2.1 introduction to port isolation to implement layer 2 isolation, you can add different ports to different vlans. However, thi...
Page 174
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 2 port isolation configuration 2-2 isolated ports outside the isolation group uplink ports in the same isolation group ordinary ports in the same isolation group ports outside the isolation group ordin...
Page 175
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 2 port isolation configuration 2-3 to do… use the command… remarks add the port(s) to the isolation group as ordinary port(s) port-isolate enable required by default, an isolation group contains no por...
Page 176
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 2 port isolation configuration 2-4 z ethernet 1/0/1, ethernet 1/0/2, ethernet 1/0/3, and ethernet 1/0/4 belong to the same vlan. It is desired that host a, host b, and host c cannot communicate with ea...
Page 177
Operation manual – port correlation configuration h3c s3610&s5510 series ethernet switches chapter 2 port isolation configuration 2-5 group id: 1 uplink port: ethernet1/0/4 ethernet1/0/1 ethernet1/0/2 ethernet1/0/3.
Page 178: Table of Contents
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 link aggregation overview ........................................................................................ 1-1 1.1 link aggregation ......................................
Page 179: 1.1 Link Aggregation
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-1 chapter 1 link aggregation overview this chapter covers these topics: z link aggregation z approaches to link aggregation z load sharing in a link aggregation group z service loop gro...
Page 180
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-2 table 1-1 consistency considerations for ports in an aggregation category considerations stp state of port-level stp (enabled or disabled) attribute of the link (point-to-point or oth...
Page 181
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-3 category considerations mac address learning mac address learning capability setting of maximum number of mac addresses that can be learned on the port forwarding of frames with unkno...
Page 182
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-4 in addition, unless the master port should be selected, a port that joins the group after the limit is reached will not be placed in selected state even if it should be in normal case...
Page 183
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-5 z if two ports with the same port lacp priority are present, compare their port numbers. The one with the smaller port id wins out to become the reference port. 3) select the candidat...
Page 184: 1.4 Service Loop Group
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-6 z for a known layer 2 unicast packet, the switch selects the forwarding port based on the least significant six bits in the source mac address and the least significant six bits in th...
Page 185: 1.5 Aggregation Port Group
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 1 link aggregation overview 1-7 if this group is performing load sharing, it continues to function in this way even after all selected ports but one are removed to ensure ongoing service. 1.5 aggregation port group ...
Page 186
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-1 chapter 2 link aggregation configuration when configuring link aggregation, go to these sections for information you are interested in: z configuring link aggregation z displayin...
Page 187
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-2 addresses or black hole mac addresses configured, voice vlan-enabled ports, or 802.1x-enabled ports. Z after you remove a manual aggregation group, all the ports in the group are...
Page 188
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-3 z for a static lacp aggregation group containing only one port, the only way to remove the port from the aggregation group is to remove the aggregation group. Note: when making c...
Page 189
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-4 note: z you can remove any service loop group except those that are currently referenced by modules. Z for a service loop group containing only one port, the only way to remove t...
Page 190
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-5 to do… use the command… remarks display detailed information about specified or all link aggregation groups display link-aggregation verbose [ agg-id ] available in any view clea...
Page 191
Operation manual – link aggregation h3c s3610&s5510 series ethernet switches chapter 2 link aggregation configuration 2-6 [devicea] interface ethernet 1/0/1 [devicea-ethernet1/0/1] port link-aggregation group 1 [devicea-ethernet1/0/1] interface ethernet 1/0/2 [devicea-ethernet1/0/2] port link-aggreg...
Page 192: Table of Contents
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 mac address table management configuration ..................................................... 1-1 1.1 introduction to mac address table............................
Page 193: Configuration
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches chapter 1 mac address table management configuration 1-1 chapter 1 mac address table management configuration when configuring mac address table management, go to these sections for information you are intereste...
Page 194
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches chapter 1 mac address table management configuration 1-2 note: dynamically learned mac addresses cannot overwrite static mac address entries, but the latter can overwrite the former. As shown in figure 1-1 , whe...
Page 195
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches chapter 1 mac address table management configuration 1-3 to do… use the command… remarks enter system view system-view — mac-address blackhole mac-address vlan vlan-id add/modify a mac address entry mac-address ...
Page 196: Management
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches chapter 1 mac address table management configuration 1-4 1.2.3 configuring the maximum number of mac addresses an ethernet port or a port group can learn to prevent a mac address table from getting so large that...
Page 197
Operation manual – mac address table management h3c s3610&s5510 series ethernet switches chapter 1 mac address table management configuration 1-5 1.4 mac address table management configuration example i. Network requirements log onto your device from the console port to configure mac address table m...
Page 198: Table of Contents
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ip source guard configuration .................................................................................. 1-1 1.1 ip source guard overview .................................
Page 199
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-1 chapter 1 ip source guard configuration when configuring ip source guard, go to these sections for information you are interested in: z ip source guard overview z configuring a sta...
Page 200
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-2 to do… use the command… remarks configure a static binding entry user-bind ip-address ip-address [ mac-address mac-address required no static binding entry exists by default. Note:...
Page 201
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-3 1.5 ip source guard configuration examples 1.5.1 static binding entry configuration example i. Network requirements as shown in figure 1-1 , switches a and b and hosts a, b and c a...
Page 202
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-4 [switcha] interface ethernet 1/0/2 [switcha-ethernet1/0/2] user-bind ip-address 192.168.0.3 mac-address 0001-0203-0405 [switcha-ethernet1/0/2] quit # configure port ethernet 1/0/1 ...
Page 203
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-5 1.5.2 port filtering configuration example i. Network requirements switch a connects to client a and the dhcp server through ethernet 1/0/1 and ethernet 1/0/2 respectively. Dhcp sn...
Page 204: 1.6 Troubleshooting
Operation manual – ip source guard h3c s3610&s5510 series ethernet switches chapter 1 ip source guard configuration 1-6 # port filtering is configured successfully on port ethernet 1/0/1. [switcha] interface ethernet1/0/1 [switcha-ethernet1/0/1] display this # interface ethernet1/0/1 ip check source...
Page 205: Table of Contents
Operation manual – mstp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 mstp configuration .................................................................................................... 1-1 1.1 mstp overview ................................................
Page 206
Operation manual – mstp h3c s3610&s5510 series ethernet switches table of contents ii 1.6.1 configuration procedure ....................................................................................... 1-40 1.6.2 configuration example...................................................................
Page 207: 1.1 Mstp Overview
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-1 chapter 1 mstp configuration when configuring mstp, go to these sections for information you are interested in: z mstp overview z configuring the root bridge z configuring leaf nodes z performing mcheck...
Page 208
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-2 iii. Basic concepts in stp 1) root bridge a tree network must have a root; hence the concept of “root bridge” has been introduced in stp. There is one and only one root bridge in the entire network, and...
Page 209
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-3 lan device a device b device c ap 2 bp 1 bp 2 cp 1 cp 2 ap 1 figure 1-1 a schematic diagram of designated bridges and designated ports iv. Path cost path cost is a reference value used for link selectio...
Page 210
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-4 z forward delay: forward delay of the port. Note: for the convenience of description, the description and examples below involve only four parts of a configuration bpdu: z root bridge id (in the form of...
Page 211
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-5 note: principle for configuration bpdu comparison: z the configuration bpdu that has the lowest root bridge id has the highest priority. Z if all the configuration bpdus have the same root bridge id, th...
Page 212
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-6 step description 3 the device compares the calculated configuration bpdu with the configuration bpdu on the port of which the port role is to be defined, and does different things according to the compa...
Page 213
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-7 table 1-4 initial state of each device device port name bpdu of port ap1 {0, 0, 0, ap1} device a ap2 {0, 0, 0, ap2} bp1 {1, 0, 1, bp1} device b bp2 {1, 0, 1, bp2} cp1 {2, 0, 2, cp1} device c cp2 {2, 0, ...
Page 214
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-8 device comparison process bpdu of port after comparison z port bp1 receives the configuration bpdu of device a {0, 0, 0, ap1}. Device b finds that the received configuration bpdu is superior to the conf...
Page 215
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-9 device comparison process bpdu of port after comparison z port cp1 receives the configuration bpdu of device a {0, 0, 0, ap2}. Device c finds that the received configuration bpdu is superior to the conf...
Page 216
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-10 figure 1-3 the final calculated spanning tree note: to facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated. 2) the ...
Page 217
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-11 3) stp timers stp calculations need three important timing parameters: forward delay, hello time, and max age. Z forward delay is the delay time for device state transition. A path failure will cause r...
Page 218
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-12 note: z in rstp, a newly elected root port can enter the forwarding state rapidly if this condition is met: the old root port on the device has stopped forwarding data and the upstream designated port ...
Page 219
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-13 figure 1-4 basic concepts in mstp 1) mst region a multiple spanning tree region (mst region) is composed of multiple devices in a switched network and network segments among them. These devices have th...
Page 220
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-14 2) vlan-to-instance mapping table as an attribute of an mst region, the vlan-to-instance mapping table describes the mapping relationships between vlans and mst instances. In figure 1-4 , for example, ...
Page 221
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-15 in figure 1-4 , for example, the common root bridge is a device in region a0. 9) boundary port a boundary port is a port that connects an mst region to another mst configuration, or to a single spannin...
Page 222
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-16 connecting to the common root bridge edge ports port 1 port 2 master port alternate port designated port port 3 port 4 port 5 a b c d port 6 backup port mst region figure 1-5 port roles figure 1-5 help...
Page 223
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-17 table 1-6 ports states supported by different port roles role state root port/master port designated port alternate port backup port forwarding √ √ — — learning √ √ — — discarding √ √ √ √ iii. How mstp...
Page 224
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-18 z root guard z bpdu guard z loop guard z tc-bpdu guard 1.1.3 protocols and standards mstp is documented in: z ieee 802.1d: spanning tree protocol z ieee 802.1w: rapid spanning tree protocol z ieee 802....
Page 225
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-19 task remarks configuring an mst region required configuring the work mode of mstp device optional configuring the timeout factor optional configuring the maximum transmission rate of ports optional con...
Page 226
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-20 1.3 configuring the root bridge 1.3.1 configuring an mst region i. Configuration procedure follow these steps to configure an mst region: to do... Use the command... Remarks enter system view system-vi...
Page 227
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-21 the configuration of mst region–related parameters, especially the vlan-to-instance mapping table, will cause mstp to launch a new spanning tree calculation process, which may result in network topolog...
Page 228
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-22 ii. Specifying the current device as a secondary root bridge of a specific spanning tree follow these steps to specify the current device as a secondary root bridge of a specific spanning tree: to do.....
Page 229
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-23 actually work. For the description of network diameter and hello time, refer to configuring the network diameter of a switched network and configuring timers of mstp . Z alternatively, you can also spe...
Page 230
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-24 1.3.4 configuring the priority of the current device the priority of a device determines whether it can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. By s...
Page 231
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-25 when a device becomes the root bridge of the cist or msti of an mst region , the maximum hop in the configuration bpdus generated by this device defines the network diameter of the spanning tree to def...
Page 232
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-26 note: z network diameter is a parameter that indicates network size. A bigger network diameter represents a larger network size. Z based on the network diameter you configured, mstp automatically sets ...
Page 233
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-27 caution: z the length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. N...
Page 234
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-28 1.3.8 configuring the timeout factor after the network topology is stabilized, each non-root-bridge device forwards configuration bpdus to the surrounding devices at the interval of hello time to check...
Page 235
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-29 to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface view or port group view enter port g...
Page 236
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-30 to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface view or port group view enter port g...
Page 237
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-31 to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface view or port group view enter port g...
Page 238
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-32 by default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two mstp packet formats, and determines the format of packets it will send based on the...
Page 239
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-33 [sysname-ethernet1/0/1] stp compliance dot1s 1.3.13 enabling the output of port state transition information in a large-scale, mstp-enabled network, there are a large number of mstp instances, so ports...
Page 240: 1.4 Configuring Leaf Nodes
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-34 note: z you must enable mstp for the device before any other mstp-related configuration can take effect. Z to control mstp flexibly, you can use the stp disable or undo stp command to disable the mstp ...
Page 241
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-35 setting an appropriate path cost allows vlan traffic flows to be forwarded along different physical links, thus to enable per-vlan load balancing. The device can automatically calculate the default pat...
Page 242
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-36 link speed duplex state 802.1d-1998 802.1t private standard 10 gbps single port aggregated link 2 ports aggregated link 3 ports aggregated link 4 ports 2 2 2 2 2,000 1,000 666 500 2 1 1 1 note: in the ...
Page 243
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-37 caution: z if you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be out of effect. Z when the path cost of...
Page 244: 1.5 Performing McHeck
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-38 note: z when the priority of a port is changed, mstp will re-calculate the role of the port and initiate a state transition. Z generally, a lower configured value priority indicates a higher priority o...
Page 245
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-39 stp-compatible mode. In this case, you can perform an mcheck operation to force the port to migrate to the mstp (or rstp) mode. You can perform mcheck on a port through two approaches, which lead to th...
Page 246
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-40 2) method 2: perform mcheck in ethernet interface view. System-view [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] stp mcheck 1.6 configuring the vlan ignore feature traffic on a vlan in a ...
Page 247
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-41 z ethernet 1/1 on switch a and ethernet 1/2 on switch b allow the traffic of vlan 1 to pass through. Ethernet 1/3 on switch a and ethernet 1/4 on switch b allow the traffic of vlan 2 to pass through. Z...
Page 248
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-42 1.7.1 configuration prerequisites associated devices of different vendors are interconnected and run mstp. 1.7.2 configuration procedure follow these steps to configure digest snooping: to do... Use th...
Page 249
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-43 caution: z you can only enable the digest snooping feature on the device connected to another vendor’s device that uses a private key to calculate the configuration digest. Z with the digest snooping f...
Page 250
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-44 iii. Configuration procedure 1) enable digest snooping on device a # enable digest snooping on ethernet 1/0/1. System-view [devicea] interface ethernet 1/0/1 [devicea-ethernet1/0/1] stp config-digest-s...
Page 251
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-45 root port designated port root port blocks other non-edge ports , changes to forwarding state and sends agreement to upstream switch downstream switch upstream switch proposal for rapid transition desi...
Page 252
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-46 to do... Use the command... Remarks enable no agreement check stp no-agreement-check required not enabled by default note: the no agreement check feature can only take effect on the root port or altern...
Page 253
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-47 z root guard z loop guard z tc-bpdu attack guard note: z the support for the bpdu guard, root guard and loop guard functions depends on the specific device model. Z among loop guard, root guard and edg...
Page 254
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-48 follow these steps to enable bpdu guard: to do... Use the command... Remarks enter system view system-view — enable the bpdu guard function for the device stp bpdu-protection required disabled by defau...
Page 255
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-49 to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface view or port group view enter port g...
Page 256
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-50 follow these steps to enable loop guard: to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet inter...
Page 257: Transparently
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-51 note: we recommend that you keep this feature enabled. 1.10 configuring the function of transmitting bpdus transparently in a specific network, spanning tree calculations of the specific vlans are not ...
Page 258
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-52 1.11 configuring the function of tagging bpdus when switches at both ends of a vpn are engaged in stp calculations, you must enable the function of tagging bpdus on these switches, because only tagged ...
Page 259
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-53 to do... Use the command... Remarks view the statistics of tc/tcn bpdus sent and received by all ports in the specified mstp instance or all mstp instances display stp [ instance instance-id ] tc avail...
Page 260
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-54 ii. Network diagram device a device b device d device c permit:all vlan permit:vlan 20,40 permit: vlan 10,20 permit: vlan 10,20 permit: vlan 20,30 permit: vlan 20,30 figure 1-12 network diagram for mst...
Page 261
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-55 format selector :0 region name :example revision level :0 instance vlans mapped 0 1 to 9, 11 to 29, 31 to 39, 41 to 4094 1 10 3 30 4 40 2) configuration on device b # enter mst region view. System-view...
Page 262
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-56 system-view [devicec] stp region-configuration [devicec-mst-region] region-name example # configure the region name, vlan-to-instance mappings and revision level of the mst region. [devicec-mst-region]...
Page 263
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-57 [deviced-mst-region] quit # view the mst region configuration information that has taken effect. [deviced] display stp region-configuration oper configuration format selector :0 region name :example re...
Page 264
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-58 [switch a-mst-region] region-name abc [switch a-mst-region] instance 1 vlan 10 [switch a-mst-region] active region-configuration [switch a-mst-region] quit # enable the function of tagging bpdus on eth...
Page 265
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-59 ii. Network diagram vpn eth 1/0/1 eth 1/0/2 eth 1/0/3 eth 1/0/4 switch a switch b figure 1-14 network diagram for tagging bpdus iii. Configuration procedure 1) configuration on switch a # configure an ...
Page 266
Operation manual – mstp h3c s3610&s5510 series ethernet switches chapter 1 mstp configuration 1-60 # enable the function of tagging bpdus on ethernet 1/0/3 and ethernet 1/0/4 of switch b. [switch b] interface ethernet1/0/3 [switch b-ethernet1/0/3] stp bpdu-tagged [switch b-ethernet1/0/3] quit [switc...
Page 267: Table of Contents
Z operation manual – ipv6 z h3c s3610&s5510 series ethernet switches z table of contents i table of contents chapter 1 ipv6 basics configuration .......................................................................................... 1-1 1.1 ipv6 overview..............................................
Page 268
Z operation manual – ipv6 z h3c s3610&s5510 series ethernet switches z table of contents ii chapter 3 tunneling configuration ............................................................................................. 3-1 3.1 introduction to tunneling .................................................
Page 269: 1.1 Ipv6 Overview
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-1 chapter 1 ipv6 basics configuration when configuring ipv6 basics, go to these sections for information you are interested in: z ipv6 overview z ipv6 basics configuration task list z configuring b...
Page 270
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-2 1.1.1 ipv6 features i. Header format simplification ipv6 cuts down some ipv4 header fields or move them to the ipv6 extension headers to reduce the length of the basic ipv6 header. Ipv6 uses the ...
Page 271
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-3 z stateless address configuration means that a host automatically configures an ipv6 address and related information on basis of its own link-layer address and the prefix information advertised b...
Page 272
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-4 z if an ipv6 address contains two or more consecutive groups of zeros, they can be replaced by the double-colon :: option. For example, the above-mentioned address can be represented in the short...
Page 273
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-5 the type of an ipv6 address is designated by the first several bits called format prefix. Table 1-1 lists the mappings between address types and format prefixes. Table 1-1 mapping between address...
Page 274
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-6 table 1-2 reserved ipv6 multicast addresses address application ff01::1 node-local scope all-nodes multicast address ff02::1 link-local scope all-nodes multicast address ff01::2 node-local scope ...
Page 275
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-7 1.1.3 introduction to ipv6 neighbor discovery protocol ipv6 neighbor discovery protocol (ndp) uses five types of icmpv6 messages to implement the following functions: z address resolution z neigh...
Page 276
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-8 figure 1-3 address resolution the address resolution procedure is as follows: 1) node a multicasts an ns message. The source address of the ns message is the ipv6 address of an interface of node ...
Page 277
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-9 figure 1-4 duplicate address detection the dad procedure is as follows: 1) node a sends an ns message whose source address is the unassigned address :: and destination address is the correspondin...
Page 278
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-10 note: z in addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix. After receiving a periodic ra message, the ...
Page 279
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-11 figure 1-5 working procedure of the pmtu discovery the working procedure of the pmtu discovery is as follows: 1) the source host uses its mtu to fragment packets and then sends them to the desti...
Page 280
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-12 z rfc 2375: ipv6 multicast address assignments z rfc 2460: internet protocol, version 6 (ipv6) specification. Z rfc 2461: neighbor discovery for ip version 6 (ipv6) z rfc 2462: ipv6 stateless ad...
Page 281
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-13 1.3.2 configuring an ipv6 unicast address ipv6 site-local addresses and aggregatable global unicast addresses can be configured in the following ways: z eui-64 format: when the eui-64 format is ...
Page 282: 1.4 Configuring Ipv6 Ndp
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-14 note: z after an ipv6 site-local address or aggregatable global unicast address is configured for an interface, a link-local address will be generated automatically. The automatically generated ...
Page 283
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-15 follow these steps to configure a static neighbor entry: to do... Use the command... Remarks enter system view system-view — configure a static neighbor entry ipv6 neighbor ipv6-address mac-addr...
Page 284
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-16 to do… use the command… remarks configure the maximum number of neighbors dynamically learned by an interface ipv6 neighbors max-learning-num number optional 1.4.3 configuring parameters related...
Page 285
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-17 parameters description reachable time after the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor is reachable within the reachable time. If t...
Page 287
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-19 1.4.4 configuring the number of attempts to send an ns message for dad an interface sends a neighbor solicitation (ns) message for dad after acquiring an ipv6 address. If the interface does not ...
Page 288
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-20 dynamically determined pmtu is removed and the source host re-determines an mtu to send packets through the pmtu mechanism. The aging time is invalid for static pmtu. Follow these steps to confi...
Page 289
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-21 1.7 configuring ipv6 fib-based forwarding with the caching function of ipv6 fib enabled, the device searches the fib cache when forwarding packets, thus reducing the time in searching ip packets...
Page 290: 1.9 Configuring Ipv6 Dns
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-22 icmpv6 error packets cannot be sent out until the number of tokens in the token bucket is updated and new tokens are added to the bucket. Follow these steps to configure the capacity and update ...
Page 291
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-23 follow these steps to configure static ipv6 domain name resolution: to do… use the command… remarks enter system view system-view — configure a host name and the corresponding ipv6 address ipv6 ...
Page 292
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-24 1.10 displaying and maintaining ipv6 basics configuration to do… use the command… remarks display dns suffix information display dns domain [ dynamic ] display ipv6 dynamic domain name cache inf...
Page 293
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-25 to do… use the command… remarks clear ipv6 dynamic domain name cache information reset dns ipv6 dynamic-host clear fib cache entries reset ipv6 fibcache clear ipv6 neighbor information reset ipv...
Page 294
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-26 iii. Configuration procedure z configuration on switch a # enable the ipv6 packet forwarding function. System-view [switcha] ipv6 # configure vlan-interface 2 to automatically generate a link-lo...
Page 295
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-27 ff02::1:ff49:8048 ff02::2 ff02::1 mtu is 1500 bytes nd dad is enabled, number of dad attempts: 1 nd reachable time is 30000 milliseconds nd retransmit interval is 1000 milliseconds hosts use sta...
Page 296
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-28 reply from fe80::20f:e2ff:fe00:1 bytes=56 sequence=2 hop limit=255 time = 60 ms reply from fe80::20f:e2ff:fe00:1 bytes=56 sequence=3 hop limit=255 time = 60 ms reply from fe80::20f:e2ff:fe00:1 b...
Page 297
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 1 ipv6 basics configuration 1-29 reply from 3001::2 bytes=56 sequence=5 hop limit=255 time = 60 ms --- 3001::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/60/70...
Page 298: 2.1 Dual Stack Overview
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 2 dual stack configuration 2-1 chapter 2 dual stack configuration when configuring dual stack, go to these sections for information you are interested in: z dual stack overview z configuring dual stack 2.1 dual stack overview d...
Page 299: 2.2 Configuring Dual Stack
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 2 dual stack configuration 2-2 2.2 configuring dual stack 2.2.1 enabling ipv4/ipv6 dual-stack supporting table 2-1 enable ipv4/ipv6 dual-stack supporting operation command remarks enter system view system-view — configure the p...
Page 301
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-1 chapter 3 tunneling configuration when configuring tunneling, go to these sections for information you are interested in: z introduction to tunneling z tunneling configuration task list z configuri...
Page 302
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-2 caution: the devices at both ends of an ipv6 over ipv4 tunnel must support ipv4/ipv6 dual stack. Figure 3-1 principle of ipv6 over ipv4 tunnel the ipv6 over ipv4 tunnel processes packets in the fol...
Page 303
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-3 z if the ipv4 address is embedded into the ipv6 address, the ipv4 address of the tunnel destination can automatically be acquired from the destination address of the ipv6 packet. Such a tunnel is c...
Page 304
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-4 can be forwarded by the tunnel. A 6to4 tunnel interconnects ipv6 networks and overcomes the limitations of an automatic ipv4-compatible ipv6 tunnel. 4) isatap tunnel with the application of the ipv...
Page 305
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-5 3.2 tunneling configuration task list complete the following tasks to configure the tunneling feature: task remarks configuring ipv6 manual tunnel optional configuring automatic ipv4-compatible ipv...
Page 307
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-7 caution: z after a tunnel interface is deleted, all the above features configured on the tunnel interface will be deleted. Z if the addresses of the tunnel interfaces at the two ends of a tunnel ar...
Page 308
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-8 iii. Configuration procedure z configuration on switch a # enable ipv6. System-view [switcha] ipv6 # configure a link aggregation group. Disable stp on the port before adding it into the link aggre...
Page 309
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-9 [switchb-ethernet1/0/1] port link-aggregation group 1 [switchb-ethernet1/0/1] quit # configure an ipv4 address for vlan-interface 100. [switchb] vlan 100 [switchb-vlan100] port ethernet 1/0/2 [swit...
Page 310
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-10 global unicast address(es): 3001::2, subnet is 3001::/64 joined group address(es): ff02::1:ffa8:3201 ff02::1:ff00:2 ff02::2 ff02::1 mtu is 1500 bytes nd reachable time is 30000 milliseconds nd ret...
Page 311
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-11 3.4.2 configuration procedure table 3-1 follow these steps to configure an automatic ipv4-compatible ipv6 tunnel to do… use the command… remarks enter system view system-view — enable the ipv6 pac...
Page 313
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-13 caution: z only one tunnel can automatically be configured at the same tunnel source. Z no destination address needs to be configured for an automatic ipv4-compatible ipv6 tunnel. Z if the address...
Page 314
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-14 # configure an ipv4 address for vlan-interface100. [switcha] vlan 100 [switcha-vlan100] port ethernet 1/0/1 [switcha-vlan100] quit [switcha] interface vlan-interface 100 [switcha-vlan-interface100...
Page 315
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-15 [switchb-ethernet1/0/2] quit # configure an automatic ipv4-comptabile ipv6 tunnel. [switchb] interface tunnel 0 [switchb-tunnel0] ipv6 address ::2.1.1.2/96 [switchb-tunnel0] source vlan-interface ...
Page 316
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-16 3.5.2 configuration procedure follow these steps to configure a 6to4 tunnel: to do… use the command… remarks enter system view system-view — enable ipv6 ipv6 required by default, the ipv6 packet f...
Page 317
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-17 to do… use the command… remarks reference a link aggregation group aggregation-group aggregation-group-id required by default, no link aggregation group id is referenced. Enable the expedite termi...
Page 318
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-18 3.5.3 configuration example i. Network requirements isolated ipv6 networks are interconnected through a 6to4 tunnel over the ipv4 network. Ii. Network diagram vlan-int100 2.1.1.1/24 vlan-int100 5....
Page 319
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-19 # configure a route to vlan-interface 100 of switch b. (here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address accor...
Page 320
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-20 [switchb] interface vlan-interface 100 [switchb-vlan-interface100] ip address 5.1.1.1 24 [switchb-vlan-interface100] quit # configure a route to vlan-interface 100 of switch a. (here the next-hop ...
Page 321
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-21 packets: sent = 4, received = 4, lost = 0 (0% loss), approximate round trip times in milli-seconds: minimum = 0ms, maximum = 13ms, average = 3ms 3.6 configuring isatap tunnel 3.6.1 configuration p...
Page 322
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-22 to do… use the command… remarks set an isatap tunnel tunnel-protocol ipv6-ipv4 isatap required by default, the tunnel mode is manual. The same tunnel type should be configured at both ends of the ...
Page 323
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-23 caution: z if the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that t...
Page 324
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-24 [switch] link-aggregation group 1 mode manual [switch] link-aggregation group 1 service-type tunnel [switch] interface ethernet 1/0/1 [switch-ethernet1/0/1] stp disable [switch-ethernet1/0/1] port...
Page 325
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-25 routing preference 1 eui-64 embedded ipv4 address: 0.0.0.0 router link-layer address: 0.0.0.0 preferred link-local fe80::5efe:2.1.1.2, life infinite link mtu 1280 (true link mtu 65515) current hop...
Page 326
Operation manual – ipv6 h3c s3610&s5510 series ethernet switches chapter 3 tunneling configuration 3-26 iv. Configuration verification after the above configurations, the isatap host can access the host in the ipv6 network. 3.7 displaying and maintaining tunneling configuration to do… use the comman...
Page 327: Table of Contents
Operation manual – routing overview h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ip routing overview.................................................................................................... 1-1 1.1 ip routing and routing table......................
Page 328
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-1 chapter 1 ip routing overview go to these sections for information you are interested in: z ip routing and routing table z routing protocol overview z displaying and maintaining a routing t...
Page 329
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-2 ii. Contents of a routing table a routing table includes the following key items: z destination address: destination ip address or destination network. Z network mask: specifies, in company...
Page 330
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-3 destination network next hop interface 11.0.0.0 11.0.0.1 2 12.0.0.0 12.0.0.1 1 13.0.0.0 12.0.0.2 1 14.0.0.0 14.0.0.4 3 15.0.0.0 14.0.0.2 3 16.0.0.0 14.0.0.2 3 17.0.0.0 11.0.0.2 2 figure 1-1...
Page 331
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-4 i. Operational scope z interior gateway protocols (igps): work within an autonomous system, including rip, ospf, and is-is. Z exterior gateway protocols (egps): work between autonomous syst...
Page 332
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-5 the following table lists some routing protocols and the default priorities for routes found by them: routing approach priority direct 0 ospf 10 is-is 15 static 60 rip 100 ospf ase 150 ospf...
Page 333
Operation manual – routing overview h3c s3610&s5510 series ethernet switches chapter 1 ip routing overview 1-6 ii. Route backup route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority...
Page 335: Table of Contents
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 static routing configuration...................................................................................... 1-1 1.1 introduction ..............................................
Page 336
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents ii 2.4.8 configuring rip-to-mib binding ............................................................................ 2-17 2.5 displaying and maintaining rip........................................................
Page 337
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents iii 3.7.3 specifying an lsa transmission delay ................................................................ 3-35 3.7.4 specifying spf calculation interval .....................................................
Page 338
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents iv 4.4.2 specifying a priority for is-is ................................................................................ 4-20 4.4.3 configuring is-is link cost....................................................
Page 339
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents v 5.4.1 prerequisites ......................................................................................................... 5-22 5.4.2 configuring bgp route redistribution.....................................
Page 340
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches table of contents vi 6.3.1 prerequisites ........................................................................................................... 6-4 6.3.2 defining an ipv4 prefix list ..........................................
Page 341: 1.1 Introduction
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 1 static routing configuration 1-1 chapter 1 static routing configuration when configuring a static route, go to these sections for information you are interested in: z introduction z configuring a static route z displa...
Page 342
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 1 static routing configuration 1-2 you can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing protocols, such as ospf, rip and is-is, can also generate the default route. 1.1...
Page 344: 1.4 Configuration Example
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 1 static routing configuration 1-4 note: z when configuring a static route, the static route does not take effect if you specify the next hop address first and then configure it as the ip address of a local interface, s...
Page 345
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 1 static routing configuration 1-5 ii. Network diagram figure 1-1 network diagram for static route configuration iii. Configuration procedure 1) configuring ip addresses for interfaces (omitted) 2) configuring static ro...
Page 346
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 1 static routing configuration 1-6 1.1.2.0/24 direct 0 0 1.1.2.3 vlan300 1.1.2.3/32 direct 0 0 127.0.0.1 inloop0 1.1.4.0/30 direct 0 0 1.1.4.1 vlan500 1.1.4.1/32 direct 0 0 127.0.0.1 inloop0 127.0.0.0/8 direct 0 0 127.0...
Page 347: 2.1 Rip Overview
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-1 chapter 2 rip configuration note: the term “router” in this document refers to a router in a generic sense or a layer 3 switch. When configuring rip, go to these sections for information you are ...
Page 348
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-2 ii. Rip routing table a rip router has a routing table containing routing entries of all reachable destinations, and each routing entry contains: z destination address: ip address of a host or a ...
Page 349
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-3 2.1.2 operation of rip the following procedure describes how rip works. 1) after rip is enabled, the router sends request messages to neighboring routers. Neighboring routers return response mess...
Page 350
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-4 figure 2-1 shows the format of ripv1 message. Figure 2-1 ripv1 message format z command: type of message. 1 indicates request, and 2 indicates response. Z version: version of rip, 0x01 for ripv1....
Page 351
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-5 iii. Ripv2 authentication ripv2 sets the afi field of the first route entry to 0xffff to identify authentication information. See figure 2-3 . Figure 2-3 ripv2 authentication message z authentica...
Page 352
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-6 2.2 configuring rip basic functions 2.2.1 configuration prerequisites before configuring rip basic functions, configure an ip address on each interface, and make sure all adjacent routers are rea...
Page 353
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-7 to do… use the command… remarks return to system view quit — enter interface view interface interface-type interface-number — enable the interface to receive rip messages rip input optional enabl...
Page 355
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-9 to do… use the command… remarks define an inbound additional routing metric rip metricin value optional 0 by default define an outbound additional routing metric rip metricout value optional 1 by...
Page 357
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-11 to do… use the command… remarks enable rip to advertise a default route default-route originate cost value required not enabled by default note: the router enabled to advertise a default route d...
Page 358
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-12 2.3.6 configuring a priority for rip multiple igp protocols may run in a router. If you want rip routes to have a higher priority than those learned by other routing protocols, you can assign ri...
Page 359
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-13 2.4.1 configuring rip timers follow these steps to configure rip timers: to do… use the command… remarks enter system view system-view –– enter rip view rip [ process-id ] [ vpn-instance vpn-ins...
Page 360
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-14 to do… use the command… remarks enable split horizon rip split-horizon optional enabled by default note: disabling the split horizon function on a point-to-point link does not take effect. Ii. E...
Page 361
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-15 follow these steps to enable zero field check on incoming ripv1 messages: to do… use the command… remarks enter system view system-view –– enter rip view rip [ process-id ] [ vpn-instance vpn-in...
Page 362
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-16 follow these steps to configure ripv2 message authentication: to do… use the command… remarks enter system view system-view –– enter interface view interface interface-type interface-number –– c...
Page 363
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-17 2.4.8 configuring rip-to-mib binding follow these steps to bind rip to mib: to do… use the command… remarks enter system view system-view –– bind rip to mib rip mib-binding process-id optional b...
Page 364
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-18 iii. Configuration procedure 1) configure an ip address for each interface (omitted) 2) configure basic rip functions # configure switch a. System-view [switcha] rip [switcha-rip-1] network 192....
Page 365
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-19 -------------------------------------------------------------------------- peer 192.168.1.2 on vlan-interface100 destination/mask nexthop cost tag flags sec 10.2.1.0/24 192.168.1.2 1 0 ra 16 10....
Page 366
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-20 [switcha-rip-100] version 2 [switcha-rip-100] undo summary [switcha-rip-100] quit # enable rip 100 and rip 200 and specify rip version 2 on switch b. System-view [switchb] rip 100 [switchb-rip-1...
Page 367
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-21 [switchb-rip-100] import-route rip 200 [switchb-rip-100] quit [switchb] rip 200 [switchb-rip-200] import-route rip 100 [switchb-rip-200] quit # display the routing table of switch a. [switcha] d...
Page 368: 2.7 Troubleshooting Rip
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 2 rip configuration 2-22 2.7 troubleshooting rip 2.7.1 no rip updates received symptom: no rip updates are received when the links work well. Analysis: after enabling rip, you must use the network command to enable corr...
Page 369: 3.1 Introduction to Ospf
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-1 chapter 3 ospf configuration open shortest path first (ospf) is a link state interior gateway protocol developed by the ospf working group of the internet engineering task force (ietf). At prese...
Page 370
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-2 z wide scope: supports networks of various sizes and up to several hundred routers in an ospf routing domain. Z fast convergence: transmits updates instantly after network topology changes for r...
Page 371
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-3 z if the loopback interfaces are configured, select the highest ip address among them. Z if no loopback interface is configured, select the highest ip address among addresses of active interface...
Page 372
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-4 z nssa lsa: type-7 lsa, as defined in rfc 1587, originated by asbrs in nssas (not-so-stubby areas) and flooded throughout a single nssa. Nssa lsas describe routes to other ass. Z opaque lsa: a p...
Page 373
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-5 figure 3-1 ospf area partition after area partition, area border routers perform route summarization to reduce the number of lsas advertised to other areas and minimize the effect of topology ch...
Page 374
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-6 figure 3-2 ospf router types iii. Backbone area and virtual links each as has a backbone area, which is responsible for distributing routing information between none-backbone areas. Routing info...
Page 375
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-7 another application of virtual links is to provide redundant links. If the backbone area cannot maintain internal connectivity due to a physical link failure, configuring a virtual link can guar...
Page 376
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-8 nssa area. When traveling to the nssa abr, type-7 lsas are translated into type-5 lsas by the abr for advertisement to other areas. In the following figure, the ospf as contains three areas: are...
Page 377
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-9 segment. The abr in the area distributes only the summary lsa to reduce the scale of lsdbs on routers in other areas. 2) asbr route summarization if summarization for redistributed routes is con...
Page 378
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-10 z p2mp (point-to-multipoint): by default, ospf considers no link layer protocol as p2mp, which is a conversion from other network types such as nbma in general. On p2mp networks, packets are se...
Page 379
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-11 the new dr in a very short period by avoiding adjacency establishment and dr reelection. Meanwhile, other routers elect another bdr, which requires a relatively long period but has no influence...
Page 380
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-12 3.1.5 ospf packet formats ospf packets are directly encapsulated into ip packets. Ospf has the ip protocol number 89. The ospf packet format is shown below (taking a lsu packet as an example). ...
Page 381
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-13 ii. Hello packet a router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the dr/bdr, including information about values of timers, dr, bd...
Page 382
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-14 reduce traffic between routers. The recipient checks whether the lsa is available using the lsa header. The dd packet format: figure 3-11 dd packet format major fields: z interface mtu: size in...
Page 383
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-15 figure 3-12 lsr packet format major fields: z ls type: type number of the lsa to be requested. Type 1 for example indicates the router lsa. Z link state id: determined by lsa type. Z advertisin...
Page 384
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-16 lsas can be acknowledged in a single link state acknowledgment packet. The following figure gives its format. Figure 3-14 lsack packet format vii. Lsa header format all lsas have the same heade...
Page 385
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-17 viii. Formats of lsas 1) router lsa figure 3-16 router lsa format major fields: z link state id: id of the router that originated the lsa. Z v (virtual link): set to 1 if the router that origin...
Page 386
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-18 figure 3-17 network lsa format major fields: z link state id: the interface address of the dr z network mask: the mask of the network (a broadcast or nbma network) z attached router: the ids of...
Page 387
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-19 note: a type-3 lsa can be used to advertise a default route, having the link state id and network mask set to 0.0.0.0. 4) as external lsa an as external lsa originates from an asbr, describing ...
Page 388
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-20 an nssa external lsa originates from the asbr in a nssa and is flooded in the nssa area only. It has the same format as the as external lsa. Figure 3-20 nssa external lsa format 3.1.6 supported...
Page 389
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-21 after an ospf gr restarter restarts ospf, it needs to perform the following two tasks in order to re-synchronize its lsdb with its neighbors. Z to obtain once again effective ospf neighbor info...
Page 390
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-22 task remarks configuring ospf route summarization optional configuring ospf inbound route filtering optional configuring abr type-3 lsa filtering optional configuring an ospf cost for an interf...
Page 391
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-23 3.3.1 prerequisites before configuring ospf, you have configured ip addresses for interfaces, making neighboring nodes accessible with each other at the network layer. 3.3.2 configuration proce...
Page 392
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-24 note: z an ospf process id is unique, including the process id for ospf multi-instance, which cannot be the same as any previously configured id. Z a network segment can only belong to one area...
Page 394
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-26 virtual link in between. In most cases, however, the requirement cannot be satisfied, so you need to change the network type using commands. For routers having no direct link in between, you ca...
Page 396
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-28 3.6.1 prerequisites before configuring this task, you have configured: z ip addresses for interfaces z ospf basic functions z corresponding filters if routing information filtering is needed. 3...
Page 397
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-29 3.6.3 configuring ospf inbound route filtering follow these steps to configure inbound route filtering: to do… use the command… remarks enter system view system-view — enter ospf view ospf [pro...
Page 398
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-30 3.6.5 configuring an ospf cost for an interface follow these steps to configure an ospf cost for an interface: to do… use the command… remarks enter system view system-view — enter interface vi...
Page 400
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-32 3.6.9 configuring ospf route redistribution follow these steps to configure ospf route redistribution: to do… use the command… remarks enter system view system-view — enter ospf view ospf [proc...
Page 401
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-33 note: z using the import-route command cannot redistribute a default external route. To do so, you need to use the default-route-advertise command. Z the default-route-advertise summary cost co...
Page 402
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-34 z dead timer: interval within which if the interface receives no hello packet from the neighbor, it declares the neighbor is down. Z lsa retransmission timer: interval within which if the inter...
Page 403
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-35 3.7.3 specifying an lsa transmission delay since ospf packets need time for traveling on links, extending lsa age time with a delay is necessary, especially for low speed links. Follow these st...
Page 404
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-36 3.7.5 specifying the lsa minimum repeat arrival interval after receiving the same lsa as the previously received lsa within the lsa minimum repeat arrival interval, an interface discards the ls...
Page 405
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-37 note: with this command configured, when network changes are not frequent, lsas are generated at the minimum-interval. If network changes become frequent, lsa generation interval is incremented...
Page 406
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-38 the stub router have such big costs, they will not send packets to the stub router for forwarding as long as there is a route with a smaller cost. Follow these steps to configure a router as a ...
Page 408
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-40 to do… use the command… remarks specify the maximum number of external lsas in the lsdb lsdb-overflow-limit number optional no limitation by default 3.7.12 making external route selection rules...
Page 409
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-41 to do… use the command… remarks enter system view system-view — bind ospf mib to an ospf process ospf mib-binding process-id optional the first ospf process is bound with ospf mib by default. E...
Page 410
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-42 3.8 configuring ospf graceful restart 3.8.1 configuring the ospf gr capability you can configure the ietf standard or non ietf standard ospf graceful restart capability. I. Configure the ietf s...
Page 411
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-43 to do… use the command… remarks enable the use of link-local signaling enable link-local-signaling required disabled by default enable out-of-band re-synchronization enable out-of-band-resynchr...
Page 412
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-44 3.8.3 triggering ospf graceful restart performing the following configuration on an ospf router will trigger ospf graceful restart. Ensure that these routers are enabled with the following capa...
Page 413
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-45 3.9 displaying and maintaining ospf to do… use the command… remarks display ospf brief information display ospf [ process-id ] brief display ospf statistics display ospf [ process-id ] cumulati...
Page 414
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-46 to do… use the command… remarks reset ospf counters reset ospf [ process-id ] counters [ neighbor[ interface-type interface-number ] [ router-id ] ] reset an ospf process reset ospf [ process-i...
Page 415
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-47 iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ospf basic functions # configure switch a. System-view [switcha] ospf [switcha-ospf-1] area 0 [switc...
Page 416
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-48 # display information about neighbors on switch a. [switcha] display ospf peer ospf process 1 with router id 192.168.0.1 neighbors area 0.0.0.0 interface 192.168.0.1(vlan-interface 100)'s neigh...
Page 417
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-49 area: 0.0.0.0 type linkstate id advrouter age len sequence metric router 192.168.2.1 192.168.2.1 874 48 80000006 1562 router 192.168.0.1 192.168.0.1 976 48 80000005 1562 sum-net 192.168.1.0 192...
Page 418
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-50 reply from 172.16.1.1: bytes=56 sequence=5 ttl=253 time=63 ms --- 172.16.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/59/94...
Page 419
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-51 routing table to abr and asbr type destination area cost nexthop rttype intra-area 192.168.0.1 0.0.0.1 1562 192.168.1.1 abr inter-area 172.17.1.1 0.0.0.1 4686 192.168.1.1 asbr # display ospf ro...
Page 420
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-52 # configure switch c. [switchc] ospf [switchc-ospf-1] stub-router [switchc-ospf-1] area 1 [switchc-ospf-1-area-0.0.0.1] stub [switchc-ospf-1-area-0.0.0.1] quit [switchc-ospf-1] quit # display o...
Page 421
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-53 destination cost type nexthop advrouter area 0.0.0.0/0 1563 inter-area 192.168.1.1 192.168.0.1 0.0.0.1 172.16.1.0/24 1 stub 172.16.1.1 172.16.1.1 0.0.0.1 192.168.1.0/24 1562 stub 192.168.1.2 17...
Page 422
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-54 3) configure switch d to import external static routes (refer to configuring an ospf stub area ) 4) configure area 1 as an nssa area. # configure switch a. [switcha] ospf [switcha-ospf-1] area ...
Page 423
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-55 # display ospf routing information on switch d.[switchd-ospf-1] display ospf routing ospf process 1 with router id 172.17.1.1 routing tables routing for network destination cost type nexthop ad...
Page 424
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-56 ii. Network diagram switch a switch d switch b switch c vlan-int1 196.1.1.1/24 vlan-int1 196.1.1.4/24 vlan-int1 196.1.1.2/24 vlan-int1 196.1.1.3/24 dr bdr figure 3-24 network diagram for ospf d...
Page 425
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-57 # configure switch d. System-view [switchd] router id 4.4.4.4 [switchd] ospf [switchd-ospf-1] area 0 [switchd-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] quit...
Page 426
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-58 # configure switch b. [switchb] interface vlan-interface 1 [switchb-vlan-interface1] ospf dr-priority 0 [switchb-vlan-interface1] quit # configure switch c. [switchc] interface vlan-interface 1...
Page 427
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-59 note: in the above output, you can find the priority configuration does not take effect immediately. 4) restart ospf process (omitted) # display neighbor information on switch d. [switchd] disp...
Page 428
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-60 # display ospf interface information. [switcha] display ospf interface ospf process 1 with router id 1.1.1.1 interfaces area: 0.0.0.0 ip address type state cost pri dr bdr 192.168.1.1 broadcast...
Page 429
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-61 ii. Network diagram figure 3-25 network diagram for ospf virtual link configuration iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ospf basic funct...
Page 430
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-62 total nets: 2 intra area: 2 inter area: 0 ase: 0 nssa: 0 note: since area 2 has no direct connection to area 0, the ospf routing table of router a has no route to area 2. 3) configure a virtual...
Page 431
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-63 3.10.6 ospf graceful restart configuration example i. Network requirements z switch a, switch b and switch c that belong to the same autonomous system and the same ospf routing domain are gr ca...
Page 432
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-64 [switchb-vlan-interface100] ip address 192.1.1.2 255.255.255.0 [switchb-vlan-interface100] ospf dr-priority 0 [switchb-vlan-interface100] quit [switchb] router id 2.2.2.2 [switchb] ospf 100 [sw...
Page 433
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 3 ospf configuration 3-65 iii. Processing steps 1) display ospf neighbor information using the display ospf peer command. 2) display ospf interface information using the display ospf interface command. 3) ping the neigh...
Page 434: 4.1 Is-Is Overview
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-1 chapter 4 is-is configuration when configuring is-is, go to these sections for information you are interested in: z is-is overview z is-is configuration task list z configuring is-is basic func...
Page 435
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-2 4.1.1 basic concepts i. Is-is terminology z intermediate system (is). An is, similar to a router in tcp/ip, is the basic unit in is-is protocol to generate and propagate routing information. In...
Page 436
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-3 figure 4-1 nsap address structure 2) area address the area address is composed of the idp and the hodsp of the dsp, which identify the area and the routing domain. Different routing domains can...
Page 437
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-4 iii. Net a network entity title (net) is an nsap with sel being 0. It indicates the network layer information of the is itself, with no transport layer information. Therefore, the length of net...
Page 438
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-5 note: z the level-1 routers in different areas can not establish the neighbor relationship. Z the neighbor relationship establishment of level-2 routers has nothing to do with area. Figure 4-2 ...
Page 439
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-6 area 1 l2 area 3 area 2 l1 l1 l1/l2 l2 l1/l2 l1 area 4 figure 4-3 is-is topology note: the is-is backbone does not need to be a specific area. Both the is-is level-1 and level-2 routers use the...
Page 440
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-7 since the level-1 router simply sends the routing information for destinations outside the area to the nearest level-1-2 router, this may cause a problem that the best path cannot be selected. ...
Page 441
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-8 figure 4-4 dis in the is-is broadcast network the dis creates and updates pseudonodes as well as their lsp to describe all routers on the network. The pseudonode emulates a virtual node on the ...
Page 442
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-9 ii. Common header format figure 4-6 shows the common header format. Intradomain routing protocol discriminator reserved version r id length version/protocol id extension length indicator maximu...
Page 443
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-10 iii. Hello the hello packet is used by routers to establish and maintain the neighbor relationship. It is also called is-to-is hello pdu (iih). For broadcast network, the level-1 router uses t...
Page 444
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-11 intradomain routing protocol discriminator reserved version r id length version/protocol id extension length indicator maximum area address r r pdu type no. Of octets 1 1 1 1 1 1 1 1 reserved/...
Page 445
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-12 figure 4-9 l1/l2 lsp format z pdu length: total length of the pdu in bytes. Z remaining lifetime: lsp remaining lifetime in seconds. Z lsp id: consists of the system id, the pseudonode id (one...
Page 446
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-13 figure 4-10 lsdb overload z is type: type of the router generating the lsp. V. Snp format the sequence number pdu (snp) confirms the latest received lsps. It is similar to the acknowledge pack...
Page 447
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-14 psnp only contains the sequence numbers of one or multiple latest received lsps. It can acknowledge multiple lsps at one time. When lsdbs are not synchronized, a psnp is used to request new ls...
Page 448
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-15 clv code name pdu type 9 lsp entries snp 10 authentication information iih, lsp, snp 128 ip internal reachability information lsp 129 protocols supported iih, lsp 130 ip external reachability ...
Page 449
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-16 after reestablishing a neighbor relationship, the gr restarter will synchronize the lsdb and exchange routing information with all adjacent gr capable neighbors. After that, the gr restarter w...
Page 450
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-17 z extended lsp it is the lsp generated by a virtual system. The system id in its lsp id field is the virtual system id. After additional system ids are configured, an is-is router can advertis...
Page 451
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-18 a host name is intuitionally easier to remember than a system id. After enabling this feature on the router, you can see the host names instead of system ids using the display command. 4.1.6 p...
Page 452
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-19 task remarks configuring a dis priority for an interface optional configuring is-is timers optional disabling an interface from sending/receiving is-is hello packets optional configuring lsp p...
Page 454
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-21 you can reference a routing policy to specify a priority for specific routes. For information about routing policy, refer to routing policy configuration. Follow these steps to configure the i...
Page 455
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-22 ii. Configure a global is-is cost follow these steps to configure global is-is cost: to do… use the command… remarks enter system view system-view — enter is-is view isis [ process-id ] [ vpn-...
Page 456
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-23 note: in the case no interface cost is specified in interface view or system view and automatic cost calculation is enabled: z when the cost style is wide or wide-compatible, is-is automatical...
Page 457
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-24 follow these steps to configure route summarization: to do… use the command... Remarks enter system view system-view — enter is-is view isis [ process-id ] [ vpn-instance vpn-instance-name ] –...
Page 458
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-25 4.4.7 configuring inbound route filtering follow these steps to configure inbound route filtering: to do… use the command… remarks enter system view system-view –– enter is-is view isis [ proc...
Page 459
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-26 follow these steps to configure is-is route leaking: to do… use the command… remarks enter system view system-view –– enter is-is view isis [ process-id ] [ vpn-instance vpn-instance-name ] ––...
Page 461
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-28 note: z on the broadcast link, you can specify different intervals for level-1 and level-2 hello packets; if no level is specified, the interval applies to both level-1 and level-2 hello packe...
Page 462
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-29 the router will discard a lsp with incorrect checksum. You can configure the router to ignore the incorrect checksum, which means a lsp will be processed even with an incorrect lsp checksum. O...
Page 464
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-31 to do… use the command... Remarks configure the spf calculation intervals timer spf maximum-interval [ minimum-interval [ incremental-interval ] ] optional the default spf calculation interval...
Page 465
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-32 note: the local host name on the local is overwrites the remote host name on the remote is. 4.5.8 configuring is-is authentication for area authentication, the area authentication password is ...
Page 466
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-33 note: the level-1 and level-2 keywords in the isis authentication-mode command are only supported on the vlan interface of a switch, and the interface must be configured with the isis enable c...
Page 467: 4.6 Configuring Is-Is Gr
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-34 4.5.11 enabling an interface to send small hello packets follow these steps to enable an interface to send small hello packets (without the padding field): to do… use the command… remarks ente...
Page 468
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-35 the graceful restart interval on a router is used as the holdtime in the is-is hello pdus so that its neighbors can maintain the adjacencies within the interval after the router restarts. By s...
Page 470
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-37 4.8 is-is configuration example 4.8.1 is-is basic configuration i. Network requirements as shown in figure 4-14 , switch a, b, c and switch d reside in an is-is as. Switch a and b are level-1 ...
Page 471
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-38 [switchb] interface vlan-interface 200 [switchb-vlan-interface200] isis enable 1 [switchb-vlan-interface200] quit # configure switch c. System-view [switchc] isis 1 [switchc-isis-1] network-en...
Page 472
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-39 0000.0000.0002.00-00 0x00000004 0xee4d 1102 68 0/0/0 0000.0000.0002.01-00 0x00000001 0xdaaf 1102 55 0/0/0 0000.0000.0003.00-00 0x00000009 0xcaa3 1161 111 1/0/0 0000.0000.0003.01-00 0x00000001 ...
Page 473
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-40 level-2 link state database lspid seq num checksum holdtime length att/p/ol -------------------------------------------------------------------------- 0000.0000.0003.00-00* 0x00000012 0xc93c 8...
Page 474
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-41 0.0.0.0/0 10 null vlan100 10.1.1.1 r/-/- flags: d-direct, r-added to rm, l-advertised in lsps, u-up/down bit set [switchc] display isis route route information for isis(1) --------------------...
Page 475
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-42 192.168.0.0/24 10 null vlan300 direct d/l/- 10.1.1.0/24 20 null vlan300 192.168.0.1 r/-/- 10.1.2.0/24 20 null vlan300 192.168.0.1 r/-/- 172.16.0.0/16 10 null vlan100 direct d/l/- flags: d-dire...
Page 476
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-43 system-view [switchb] isis 1 [switchb-isis-1] network-entity 10.0000.0000.0002.00 [switchb-isis-1] quit [switchb] interface vlan-interface 100 [switchb-vlan-interface100] isis enable 1 [switch...
Page 477
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-44 state: up holdtime: 28s type: l2(l1l2) pri: 64 system id: 0000.0000.0004 interface: vlan-interface100 circuit id: 0000.0000.0004.01 state: up holdtime: 30s type: l2 pri: 64 # display informati...
Page 478
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-45 [switcha-vlan-interface100] quit # display is-is neighbors of switch a. [switcha] display isis peer peer information for isis(1) ---------------------------- system id: 0000.0000.0002 interfac...
Page 479
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-46 peer information for isis(1) ---------------------------- system id: 0000.0000.0002 interface: vlan-interface100 circuit id: 0000.0000.0001.01 state: up holdtime: 25s type: l1 pri: 64 system i...
Page 480
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-47 4.8.3 is-is-based graceful restart configuration example i. Network requirements switch a, switch b, and switch c belong to the same is-is routing domain, as illustrated in figure 4-16 . Ii. N...
Page 481
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 4 is-is configuration 4-48 # restart switch a. Reset isis all 1 warning : reset isis process? [y/n]:y # check the graceful restart status of is-is on switch a. Display isis graceful-restart status restart information fo...
Page 482: 5.1 Bgp Overview
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-1 chapter 5 bgp configuration the border gateway protocol (bgp) is a dynamic inter-as route discovery protocol. When configuring bgp, go to these sections for information you are interested in: z b...
Page 483
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-2 z supporting cidr z substantially reducing bandwidth occupation by advertising updating routes only and applicable to advertising a great amount of routing information on the internet z eliminati...
Page 484
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-3 z length: the 2-byte unsigned integer indicates the total length of the message. Z type: this 1-byte unsigned integer indicates the type code of the message. The following type codes are defined:...
Page 485
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-4 figure 5-3 bgp update message format each update message can advertise a group of feasible routes with similar attributes, which are contained in the network layer reachable information (nlri) fi...
Page 486
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-5 v. Keepalive keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Vi. Route-refresh a route-refresh message is sent to a peer to reques...
Page 487
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-6 name category aggregator optional transitive community optional transitive multi_exit_disc (med) optional non-transitive originator_id optional non-transitive cluster_list optional non-transitive...
Page 488
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-7 figure 5-6 as_path attribute in general, a bgp router does not receive routes containing the local as number to avoid routing loops. Note: to meet special requirements, use the peer allow-as-loop...
Page 489
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-8 z when sending a received route to an ebgp peer, a bgp speaker sets the next_hop for the route to the address of the sending interface. Z when sending a route received from an ebgp peer to an ibg...
Page 490
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-9 in general, bgp compares meds of routes to the same as only. Note: the current implementation supports using the compare-different-as-med command to force bgp to compare med values of routes to d...
Page 491
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-10 z no_advertise: after received, routes with this attribute cannot be advertised to other bgp peers. Z no_export_subconfed: after received, routes with this attribute cannot be advertised out the...
Page 492
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-11 bgp differs from igp in the implementation of load balancing in the following: z igp routing protocols such as rip, ospf compute metrics of routes, and then implement load balancing on routes wi...
Page 493
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-12 iii. Bgp route advertisement rules bgp uses the following route advertisement rules: z when multiple feasible routes exist, a bgp speaker advertises only the best route to its peers. Z a bgp spe...
Page 494
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-13 you can disable the synchronization feature in the following cases: z the local as is not a transitive as (as20 is a transitive as in the above figure). Z ibgp routers in the local as are fully ...
Page 495
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-14 figure 5-12 bgp route dampening iii. Peer group a peer group is a collection of peers with the same attributes. When a peer joins the peer group, the peer obtains the same configuration as the p...
Page 496
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-15 besides using the well-known community attribute, you can define the extended community attribute using a community list to help define a routing policy. V. Route reflector ibgp peers should be ...
Page 497
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-16 figure 5-14 network diagram for route reflectors when clients of a route reflector are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. You can use rel...
Page 498
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-17 as 100 ebgp ibgp ibgp ibgp ebgp ebgp as 65002 as 65003 as 65004 as 200 figure 5-15 confederation network diagram from the perspective of a non-confederation speaker, it needs not know sub-ass in...
Page 499
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-18 4) after the restart, the gr restarter will reestablish a gr session with its peer and send a new gr message notifying the completion of restart. Routing information is exchanged between them fo...
Page 500
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-19 note: z for information about the vpn extension application, refer to the part discussing mce configuration. Z for information about the ipv6 extension application, refer to ipv6 bgp configurati...
Page 501
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-20 task remarks tuning and optimizing bgp networks required configuring bgp peer groups optional configuring bgp community optional configuring a bgp route reflector optional configuring a large sc...
Page 503
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-22 note: z it is required to specify for a bgp router a router id, a 32-bit unsigned integer and the unique identifier of the router in the as. Z you can specify a router id manually. If not, the s...
Page 504
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-23 5.4.2 configuring bgp route redistribution bgp can advertise the routing information of the local as to peering ass, but it redistributes routing information from igp into bgp rather than self-f...
Page 505
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-24 follow these steps to configure bgp route summarization: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — configure automatic route summarization su...
Page 506
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-25 5.4.5 configuring bgp route distribution filtering policies follow these steps to configure bgp route distribution filtering policies: to do… use the command… remarks enter system view system-vi...
Page 508
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-27 follow these steps to configure bgp and igp synchronization: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — enable synchronization between bgp and...
Page 509
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-28 to do… use the command… remarks configure the default local preference default local-preference value optional 100 by default configure the default med value default med med-value optional 0 by ...
Page 511
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-30 note: z using a routing policy can set preferences for routes matching it. Routes not matching it use the default preferences. Z if other conditions are identical, the route with the smallest me...
Page 512
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-31 bgp command to soft-reset bgp connections, to refresh the bgp routing table and apply the new policy without tearing down bgp connections. 3) configure bgp authentication bgp employs tcp as the ...
Page 514
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-33 note: z the maximum keepalive interval should be one third of the holdtime and no less than 1 second. The holdtime is no less than 3 seconds unless it is set to 0. Z the intervals set with the p...
Page 515
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-34 5.7.2 configuring bgp peer groups follow these steps to configure bgp peer groups: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — create an ibgp p...
Page 516
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-35 5.7.3 configuring bgp community follow these steps to configure bgp community: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — advertise the commun...
Page 517
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-36 to do… use the command… remarks configure the cluster id of the route reflector reflector cluster-id cluster-id optional by default, a route reflector uses its router id as the cluster id. Note:...
Page 518: 5.8 Configuring Bgp Gr
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-37 note: z a confederation contains 32 sub-ass at most. The as-number of a sub-as takes effect in the confederation only. Z if routers not compliant with rfc 3065 exist in the confederation, you ca...
Page 519
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-38 5.9 displaying and maintaining bgp 5.9.1 displaying bgp to do… use the command… remarks display peer group information display bgp group [group-name ] display advertised bgp routing information ...
Page 521
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-40 5.10 bgp configuration examples 5.10.1 bgp basic configuration i. Network requirements in the following figure are all bgp switches. Between switch a and switch b is an ebgp connection. Ibgp spe...
Page 522
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-41 [switchc-bgp] quit # configure switch d. System-view [switchd] bgp 65009 [switchd-bgp] router-id 4.4.4.4 [switchd-bgp] peer 9.1.1.1 as-number 65009 [switchd-bgp] peer 9.1.2.1 as-number 65009 [sw...
Page 523
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-42 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med l...
Page 524
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-43 [switchb-bgp] import-route direct # display bgp routing table information on switch a. [switcha] display bgp routing-table total number of routes: 7 bgp local router id is 1.1.1.1 status codes: ...
Page 525
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-44 0.00% packet loss round-trip min/avg/max = 16/31/47 ms 5.10.2 bgp and igp synchronization configuration i. Network requirements as shown below, ospf is used as the igp protocol in as65009, where...
Page 526
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-45 [switchb-bgp] import-route ospf 1 [switchb-bgp] quit # display routing table information on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1...
Page 527
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-46 total number of routes: 2 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomp...
Page 528
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-47 ii. Network diagram figure 5-18 network diagram for bgp load balancing configuration iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure bgp connections ...
Page 529
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-48 [switchc-bgp] quit # display the routing table on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - da...
Page 530
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-49 [switchb] bgp 65009 [switchb-bgp] default med 100 # display the routing table on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1 status cod...
Page 531
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-50 iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ebgp # configure switch a. System-view [switcha] bgp 10 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp]...
Page 532
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-51 # display the routing table on switch c. [switchc] display bgp routing-table total number of routes: 1 bgp local router id is 3.3.3.3 status codes: * - valid, > - best, d - damped, h - history, ...
Page 533
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-52 5.10.5 bgp route reflector configuration i. Network requirements in the following figure, all switches run bgp. Z between switch a and switch b is an ebgp connection, between switch c and switch...
Page 534
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-53 # configure switch c. System-view [switchc] bgp 200 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] peer 193.1.1.2 as-number 200 [switchc-bgp] peer 194.1.1.2 as-number 200 [switchc-bgp] quit # con...
Page 535
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-54 origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn i 1.0.0.0 193.1.1.2 0 100 0 100i switch d learned route 1.0.0.0/8 from switch c. 5.10.6 bgp confederation co...
Page 536
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-55 [switcha-bgp] confederation peer-as 65002 65003 [switcha-bgp] peer 10.1.1.2 as-number 65002 [switcha-bgp] peer 10.1.1.2 next-hop-local [switcha-bgp] peer 10.1.2.2 as-number 65003 [switcha-bgp] p...
Page 537
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-56 [switche] bgp 65001 [switche-bgp] router-id 5.5.5.5 [switche-bgp] confederation id 200 [switche-bgp] peer 10.1.4.1 as-number 65001 [switche-bgp] peer 10.1.5.1 as-number 65001 [switche-bgp] quit ...
Page 538
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-57 as-path : (65001) 100 origin : igp attribute value : med 0, localpref 100, pref-val 0, pre 255 state : valid, external-confed, best, not advertised to any peers yet # display the bgp routing tab...
Page 539
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-58 ii. Network diagram device interface ip address device interface ip address switch a vlan-int101 1.0.0.1/8 switch d vlan-int400 195.1.1.1/24 vlan-int100 192.1.1.1/24 vlan-int300 194.1.1.1/24 vla...
Page 540
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-59 [switchd-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] quit [switchd-ospf-1] quit 3) configure bgp conn...
Page 541
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-60 [switcha-route-policy] if-match acl 2000 [switcha-route-policy] apply cost 50 [switcha-route-policy] quit [switcha] route-policy apply_med_100 permit node 10 [switcha-route-policy] if-match acl ...
Page 542: 5.11 Troubleshooting Bgp
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-61 [switchc] bgp 200 [switchc-bgp] peer 193.1.1.1 route-policy localpref import [switchc-bgp] quit # display the routing table on switch d. [switchd] display bgp routing-table total number of route...
Page 543
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 5 bgp configuration 5-62 7) use the display tcp status command to check the tcp connection. 8) check whether an acl disabling tcp port 179 is configured..
Page 544
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-1 chapter 6 routing policy configuration a routing policy is used on a router for route inspection, filtering, attributes modification when routes are received, advertised, or redistribu...
Page 545
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-2 address and so on. The match criteria can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution. 6.1.2 filters routing protocol...
Page 546
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-3 vi. Routing policy a routing policy is used to match against some attributes in given routing information and modify the attributes of the information if match conditions are satisfied...
Page 547
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-4 6.3 defining filtering lists 6.3.1 prerequisites before configuring this task, you need to decide on: z ip-prefix list name z matching address range z extcommunity list sequence number...
Page 548
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-5 6.3.3 defining an as path list you can define multiple items for an as path acl that is identified by number. During matching, the relation between items is logical or, that is, if the...
Page 549
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-6 follow these steps to define an extended community list: to do… use the command… remarks enter system view system-view — define an extended community list ip extcommunity-list ext-comm...
Page 550
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-7 note: z if a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match aga...
Page 552
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-9 6.4.4 defining apply clauses for the routing policy follow these steps to define apply clauses for a route-policy: to do… use the command… remarks enter system view system-view — creat...
Page 553
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-10 to do… use the command… remarks set a preference for the matched routing protocol apply preference preference optional not set by default set a preferred value for bgp routes apply pr...
Page 554
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-11 z on switch b, configure route redistribution from is-is to ospf and apply a routing policy to set attributes of redistributed routes, setting the cost of route 172.17.1.0/24 to 100, ...
Page 555
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-12 [switchb] isis [switchb-isis-1] is-level level-2 [switchb-isis-1] network-entity 10.0000.0000.0002.00 [switchb-isis-1] quit [switchb] interface vlan-interface 200 [switchb-vlan-interf...
Page 556
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-13 4) configure filtering lists # configure an acl with the number of 2002, letting pass route 172.17.2.0/24. [switchb] acl number 2002 [switchb-acl-basic-2002] rule permit source 172.17...
Page 557
Operation manual – ipv4 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-14 192.168.2.0/24 1 type2 1 192.168.1.2 192.168.2.2 total nets: 5 intra area: 1 inter area: 0 ase: 4 nssa: 0 6.7 troubleshooting routing policy configuration 6.7.1 ipv4 routing informati...
Page 558: Table of Contents
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 bfd configuration....................................................................................................... 1-1 1.1 introduction to bfd .......................................
Page 559: 1.1 Introduction to Bfd
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-1 chapter 1 bfd configuration when configuring bfd, go to these sections for information you are interested in: z introduction to bfd z bfd configuration task list z displaying and maintaining bfd note: ...
Page 560
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-2 routers to which it needs to establish sessions. After a session is established, if no bfd control packet is received from the peer within the negotiated bfd interval, bfd notifies a failure to the upp...
Page 561
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-3 during session initialization, at least one end of the two in communication must operate in the active mode for a session to be established. After a bfd session is established, there are two bfd operat...
Page 562
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-4 figure 1-1 bfd control packet format z vers: protocol version. The protocol version is 1. Z diag: this bit indicates the reason for the last transition of the local protocol from up to some other state...
Page 563
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-5 z control plane independent(c): if set to 1, it means the bfd implementation for the transmitting protocol is independent of its control plane. That is, bfd is implemented at the forwarding plane and t...
Page 564
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-6 complete the following tasks to configure bfd: task remarks configuring bfd basic functions optional bfd basic configurations provide basis for other configuration tasks. Configuring bfd for static rou...
Page 566: 1.5 Enabling Bfd Trap
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-8 caution: z if route flaps occur, enabling bfd may worsen the route flaps. Therefore, enable bfd with care in such cases. Z bfd cannot be used for a static route with the outbound interface having the s...
Page 567
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 1 bfd configuration 1-9 1.7 bfd configuration examples 1.7.1 configuring bfd for static routing i. Network requirements switch a, switch b, and switch c are interconnected and reachable to one another. Configure a static rout...
Page 568: Chapter 2 Gr
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 2 gr 2-1 chapter 2 gr go to these sections for information you are interested in: z introduction to graceful restart z basic concepts in graceful restart z graceful restart communication procedure z graceful restart mechanism...
Page 569
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 2 gr 2-2 z gr session: a graceful restart session, which is the negotiation between the gr restarter and the gr helper. A gr session includes restart notification and communications across restart. Through this session, gr re...
Page 570
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 2 gr 2-3 as illustrated in figure 2-1 , router a works as gr restarter, router b, router c and router d are the gr helpers of router a. A gr session is established between the gr restarter and the gr helper. 2) gr restarter r...
Page 571: Protocols
Operation manual – bfd-gr h3c s3610&s5510 series ethernet switches chapter 2 gr 2-4 as illustrated in figure 2-3 , after the gr restarter has recovered, it will signal to all its neighbors and will reestablish gr session. 4) the gr restarter obtaining topology and routing information from the gr hel...
Page 572: Table of Contents
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ipv6 static routing configuration ............................................................................. 1-1 1.1 introduction to ipv6 static routing ..........................
Page 573
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches table of contents ii 3.1.4 timers of ospfv3................................................................................................... 3-3 3.1.5 ospfv3 features supported....................................................
Page 574
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches table of contents iii 4.5 ipv6 is-is configuration example ..................................................................................... 4-5 chapter 5 ipv6 bgp configuration ................................................
Page 575
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches table of contents iv 5.9 ipv6 bgp configuration examples.................................................................................. 5-24 5.9.1 ipv6 bgp basic configuration ...................................................
Page 576
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 1 ipv6 static routing configuration 1-1 chapter 1 ipv6 static routing configuration note: z the term “router” in this document refers to a layer 3 switch running routing protocols. Z verify that the system already opera...
Page 577
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 1 ipv6 static routing configuration 1-2 does not match any entry in the routing table, this default route will be used to forward the packet. 1.2 configuring an ipv6 static route in small ipv6 networks, ipv6 static rout...
Page 578
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 1 ipv6 static routing configuration 1-3 1.4 ipv6 static routing configuration example i. Network requirements with ipv6 static routes configured, all hosts and switches can interact with each other. Ii. Network diagram ...
Page 579
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 1 ipv6 static routing configuration 1-4 4) display configuration information # display the ipv6 routing table of switch a. [switcha] display ipv6 routing-table routing table : destinations : 7 routes : 7 destination: ::...
Page 580
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 1 ipv6 static routing configuration 1-5 bytes=56 sequence=3 hop limit=254 time = 62 ms reply from 3::1 bytes=56 sequence=4 hop limit=254 time = 63 ms reply from 3::1 bytes=56 sequence=5 hop limit=254 time = 63 ms --- 3:...
Page 581: 2.1 Introduction to Ripng
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-1 chapter 2 ipv6 ripng configuration note: z the term “router” in this document refers to a layer 3 switch running routing protocols. Z verify that the system already operates in ipv4/ipv6 d...
Page 582
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-2 ripng supports split horizon and poison reverse to prevent routing loops, and route redistribution. Each ripng router maintains a routing database, including route entries of all reachable...
Page 583
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-3 figure 2-2 next hop rte format ipv6 next hop address is the ipv6 address of the next hop. Figure 2-3 shows the format of the ipv6 prefix rte. Figure 2-3 ipv6 prefix rte format z ipv6 prefi...
Page 584
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-4 address, whether the port number is correct. The response packet failed the check will be discarded. 2.1.4 protocols and standards z rfc2080: ripng for ipv6 z rfc2081: ripng protocol appli...
Page 585
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-5 2.3 configuring ripng route control before the configuration, accomplish the following tasks first: z configure an ipv6 address on each interface, and make sure all nodes are reachable. Z ...
Page 586
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-6 2.3.3 advertising a default route follow these steps to advertise a default route: to do... Use the command... Remarks enter system view system-view –– enter interface view interface inter...
Page 587
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-7 follow these steps to configure a ripng priority: to do... Use the command... Remarks enter system view system-view — enter ripng view ripng [ process-id ] — configure a ripng priority pre...
Page 588
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-8 2.4.1 configuring ripng timers you can adjust ripng timers to optimize the performance of the ripng network. Follow these steps to configure ripng timers: to do... Use the command... Remar...
Page 589
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-9 follow these steps to configure the split horizon: to do... Use the command... Remarks enter system view system-view –– enter interface view interface interface-type interface-number –– en...
Page 590
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-10 to do... Use the command... Remarks enable the zero field check checkzero optional enabled by default 2.4.4 configuring the maximum number of equal cost routes for load balancing follow t...
Page 591
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-11 ii. Network diagram figure 2-4 network diagram for ripng configuration iii. Configuration procedure 1) configure the ipv6 address for each interface (omitted) 2) configure basic ripng fun...
Page 592
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-12 [switchc-vlan-interface200] quit [switchc] interface vlan-interface 500 [switchc-vlan-interface500] ripng 1 enable [switchc-vlan-interface500] quit [switchc] interface vlan-interface 600 ...
Page 593
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 2 ipv6 ripng configuration 2-13 [switchb-acl6-basic-2000] rule deny source 3::/64 [switchb-acl6-basic-2000] rule permit [switchb-acl6-basic-2000] quit [switchb] ripng 1 [switchb-ripng-1] filter-policy 2000 import [switc...
Page 594: 3.1 Introduction to Ospfv3
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-1 chapter 3 ipv6 ospfv3 configuration note: z the term “router” in this document refers to a layer 3 switch running routing protocols. Z verify that the system already operates in ipv4/ipv6...
Page 595
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-2 figure 3-1 ospfv3 packet header major fields: z version #: version of ospf, which is 3 for ospfv3. Z type: type of ospf packet, from 1 to 5 are hello, dd, lsr, lsu, and lsack respectively...
Page 596
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-3 3.1.4 timers of ospfv3 timers in ospfv3 include: z ospfv3 packet timer z lsa delay timer z spf timer i. Ospfv3 packet timer hello packets are sent periodically between neighboring routers...
Page 597
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-4 3.2 ipv6 ospfv3 configuration task list complete the following tasks to configure ospfv3: task remarks configuring ospfv3 basic functions required configuring an ospfv3 stub area optional...
Page 598
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-5 3.3.2 configuring ospfv3 basic functions follow these steps to configure ospfv3 basic functions: to do... Use the command... Remarks enter system view system-view — enable ospfv3 and ente...
Page 599
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-6 3.4.2 configuring an ospfv3 stub area follow these steps to configure an ospfv3 stub area: to do... Use the command... Remarks enter system view system-view — enter ospfv3 view ospfv3 [ p...
Page 601
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-8 3.5.3 configuring ospfv3 inbound route filtering you can configure ospfv3 to filter routes that are computed from received lsas according to some rules. Follow these steps to configure in...
Page 602
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-9 to do... Use the command... Remarks specify the maximum number of load-balanced routes maximum load-balancing maximum optional 4 by default 3.5.6 configuring a priority for ospfv3 a route...
Page 604
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-11 to do... Use the command... Remarks enter system view system-view — enter interface view interface interface-type interface-number — configure the hello interval ospfv3 timer hello secon...
Page 605
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-12 to do... Use the command... Remarks configure the dr priority ospfv3 dr-priority priority [ instance instance-id ] optional defaults to 1 note: the dr priority of an interface determines...
Page 606
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-13 note: z multiple processes can disable the same interface from sending ospfv3 packets. Using the silent-interface command disables only the interfaces associated with the current process...
Page 607
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-14 3.7 displaying and maintaining ospfv3 to do... Use the command... Remarks display ospfv3 debugging state information display debugging ospfv3 display ospfv3 process brief information dis...
Page 608
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-15 3.8 ospfv3 configuration examples 3.8.1 configuring ospfv3 areas i. Network requirements in the following figure, all switches run ospfv3. The as is split into three areas, in which, swi...
Page 609
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-16 system-view [switchb] ipv6 [switchb] ospfv3 [switchb-ospf-1] router-id 2.2.2.2 [switchb-ospf-1] quit [switchb] interface vlan-interface 100 [switchb-vlan-interface100] ospfv3 1 area 0 [s...
Page 610
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-17 ---------------------------------------------------------------------- neighbor id pri state dead time interface instance id 1.1.1.1 1 full/backup 00:00:38 vlan200 0 # display ospfv3 nei...
Page 611
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-18 [switchd-ospfv3-1-area-0.0.0.2] stub # configure switch c, and specify the cost of the default route sent to the stub area as 10. [switchc] ospfv3 [switchc-ospfv3-1] area 2 [switchc-ospf...
Page 612
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-19 e1 - type 1 external route, ia - inter area route, i - intra area route e2 - type 2 external route, * - seleted route ospfv3 router with id (4.4.4.4) (process 1) ------------------------...
Page 613
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-20 # configure switch a system-view [switcha] ipv6 [switcha] ospfv3 [switcha-ospfv3-1] router-id 1.1.1.1 [switcha-ospfv3-1] quit [switcha] interface vlan-interface 100 [switcha-vlan-interfa...
Page 614
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-21 ospfv3 area id 0.0.0.0 (process 1) ---------------------------------------------------------------------- neighbor id pri state dead time interface instance id 2.2.2.2 1 2-way/drother 00...
Page 615
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-22 ospfv3 area id 0.0.0.0 (process 1) ---------------------------------------------------------------------- neighbor id pri state dead time interface instance id 1.1.1.1 100 full/drother 0...
Page 616
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-23 2) display ospfv3 interface information using the display ospfv3 interface command. 3) ping the neighbor router’s ip address to check connectivity. 4) check ospf timers. The dead interva...
Page 617
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 4 ipv6 is-is configuration 4-1 chapter 4 ipv6 is-is configuration note: z ipv6 is-is supports all the features of ipv4 is-is except that it advertises ipv6 routing information instead. This document describes only ipv6 ...
Page 618
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 4 ipv6 is-is configuration 4-2 nlpid is an 8-bit field with a value of 142 (0x8e), which indicates the network layer protocol packet. If the is-is router supports ipv6, the advertised routing information must be marked ...
Page 619
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 4 ipv6 is-is configuration 4-3 4.3 configuring ipv6 is-is routing information control 4.3.1 configuration prerequisites you need to complete the ipv6 is-is basic function configuration before configuring this task. 4.3....
Page 622
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 4 ipv6 is-is configuration 4-6 switch a and switch b are level-1 switches, switch d is a level-2 switch, and switch c is a level-1-2 switch. Switch a, switch b, and switch c are in area 10, while switch d is in area 20....
Page 623
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 4 ipv6 is-is configuration 4-7 # configure switch c. System-view [switchc] isis 1 [switchc-isis-1] network-entity 10.0000.0000.0003.00 [switchc-isis-1] ipv6 enable [switchc-isis-1] quit [switchc] interface vlan-interfac...
Page 624: 5.1 Ipv6 Bgp Overview
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-1 chapter 5 ipv6 bgp configuration note: z this chapter describes only configuration for ipv6 bgp. For other related information, refer to the part discussing ipv4 routing. Z verify that the s...
Page 625
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-2 the next_hop attribute of ipv6 bgp is identified by an ipv6 unicast address or ipv6 local link address. Ipv6 bgp utilizes bgp multiprotocol extensions for application in ipv6 networks. The o...
Page 626
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-3 task remarks configuring ipv6 bgp timers optional configuring ipv6 bgp soft reset optional tuning and optimizing ipv6 bgp networks configuring the maximum number of load-balanced routes opti...
Page 627
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-4 to do... Use the command... Remarks specify an ipv6 peer and its as number peer ipv6-address as-number as-number required not configured by default 5.3.3 advertising a local ipv6 route follo...
Page 629
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-6 note: z to improve stability and reliability, you can specify a loopback interface as the source interface for establishing tcp connections to a bgp peer. By doing so, a connection failure u...
Page 630
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-7 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required enter ipv6 address family view ipv6-family — configure a description for a peer/peer...
Page 632
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-9 note: if the default-route imported command is not configured, using the import-route command cannot redistribute any igp default route. 5.4.3 advertising a default route to a peer/peer grou...
Page 635
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-12 to do... Use the command... Remarks enter ipv6 address family view ipv6-family — enable route synchronization between ipv6 bgp and igp synchronization required not enabled by default 5.4.7 ...
Page 636
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-13 5.5.2 configuring ipv6 bgp preference and default local_pref and next_hop attributes follow these steps to perform this configuration: to do... Use the command... Remarks enter system view ...
Page 637
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-14 5.5.3 configuring the med attribute follow these steps to configure the med attribute: to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number requi...
Page 639
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-16 5.6.2 configuring ipv6 bgp timers follow these steps to configure ipv6 bgp timers: to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required ...
Page 641
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-18 to do... Use the command... Remarks configure the maximum number of load balanced routes balance number required by default, no load balancing is enabled. 5.7 configuring a large scale ipv6...
Page 642
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-19 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required not enabled by default enter ipv6 address family view ipv6-family — create an ibgp ...
Page 643
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-20 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required not enabled by default enter ipv6 address family view ipv6-family — create an ebgp ...
Page 644
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-21 ii. Apply a routing policy to routes advertised to a peer/peer group follow these steps to apply a routing policy to routes advertised to a peer/peer group: to do... Use the command... Rema...
Page 645
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-22 note: z in general, since the route reflector forwards routing information between clients, it is not required to make clients of a route reflector fully meshed. If clients are fully meshed...
Page 646
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-23 to do... Use the command... Remarks display ipv6 bgp dampening parameter information display bgp ipv6 routing-table dampening parameter display ipv6 bgp routing information originated from ...
Page 647
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-24 5.9 ipv6 bgp configuration examples note: some examples for ipv6 bgp configuration are similar to those of bgp-4, so refer to the sections covering bgpin the ipv4 routing part for related i...
Page 648
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-25 # configure switch c. System-view [switchc] ipv6 [switchc] bgp 65009 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] ipv6-family [switchc-bgp-af-ipv6] peer 9:3::1 as-number 65009 [switchc-bgp...
Page 649
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-26 peer v as msgrcvd msgsent outq prefrcv up/down state 10::2 4 65008 3 3 0 0 00:01:16 established 9:3::2 4 65009 2 3 0 0 00:00:40 established 9:1::2 4 65009 2 4 0 0 00:00:19 established # dis...
Page 650
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-27 iii. Configuration procedure 1) configure ipv6 addresses for vlan interfaces (omitted) 2) configure ipv6 bgp basic functions # configure switch a. System-view [switcha] ipv6 [switcha] bgp 1...
Page 651
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 5 ipv6 bgp configuration 5-28 use the display bgp ipv6 routing-table command on switch b and switch d respectively, you can find both of them have learned the network 1::/64. 5.10 troubleshooting ipv6 bgp configuration ...
Page 652
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-1 chapter 6 routing policy configuration note: z verify that the system already operates in ipv4/ipv6 dual-stack mode before configuring ipv6 routing policy. Z all the ipv6 routing polic...
Page 653
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-2 ii. Ip prefix list ip prefix list plays a role similar to acl, but it is more flexible than acl and easier to understand. When an ip prefix list is applied to filtering routing informa...
Page 654
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-3 6.1.3 routing policy application a routing policy is applied in two ways: z when redistributing routes from other routing protocols, a routing protocol accepts only routes passing the ...
Page 655
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-4 for example, the following configuration filters routes 2000:1::/48, 2000:2::/48 and 2000:3::/48, but allows other routes to pass. System-view [sysname] ip ipv6-prefix abc index 10 den...
Page 656
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-5 6.2.5 defining an extended community list you can define multiple items for an extended community list that is identified by number. During matching, the relation between items is logi...
Page 657
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-6 6.3.2 creating a routing policy follow these steps to create a routing policy: to do... Use the command... Remarks enter system view system-view — create a routing policy and enter its...
Page 658
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-7 to do... Use the command... Remarks match ipv6 bgp routes having as path attributes specified in the as path list (s) if-match as-path as-path-number& optional not configured by defaul...
Page 659
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-8 6.3.4 defining apply clauses for the routing policy follow these steps to define apply clauses for a route-policy: to do... Use the command... Remarks enter system view system-view — c...
Page 660
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-9 to do... Use the command... Remarks set a preference for the matched routing protocol apply preference preference optional not set by default set a preferred value for ipv6 bgp routes ...
Page 661
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-10 z configure three static routes on switch a and apply a routing policy when redistributing static routes, making routes 20::0/32 and 40::0/32 pass, routes in 30::0/32 filtered out. Z ...
Page 662
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-11 # enable ripng and redistribute static routes. [switcha] ripng [switcha-ripng-1] import-route static route-policy static2ripng 2) configure switch b. # configure the ipv6 address for ...
Page 663
Operation manual – ipv6 routing h3c s3610&s5510 series ethernet switches chapter 6 routing policy configuration 6-12 6.6.2 ipv6 routing information filtering failure i. Symptom filtering routing information failed, while routing protocol runs normally. Ii. Analysis at least one item of the ipv6 pref...
Page 664: Table of Contents
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 multicast overview ...................................................................................................... 1-1 1.1 introduction to multicast.....................
Page 665
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents ii 2.6.4 configuring igmp report suppression................................................................. 2-18 2.6.5 configuring maximum multicast groups that can be joined on a port................ ...
Page 666
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents iii 3.8.1 simulated joining .................................................................................................. 3-21 3.8.2 static router port configuration ...................................
Page 667
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents iv 6.1.5 introduction to bsr admin-scope regions in pim-sm......................................... 6-11 6.1.6 ssm model implementation in pim................................................................
Page 668
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents v 7.1.1 introduction to msdp .............................................................................................. 7-1 7.1.2 how msdp works..........................................................
Page 669
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches table of contents vi 8.3.6 configuring a multicast forwarding range............................................................. 8-9 8.3.7 configuring the multicast forwarding table size .....................................
Page 670
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-1 chapter 1 multicast overview note: this manual chiefly focuses on the ip multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers t...
Page 671
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-2 figure 1-1 unicast transmission assume that hosts b, d and e need this information. The information source establishes a separate transmission channel for each of these hosts. In unicast t...
Page 672
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-3 figure 1-2 broadcast transmission assume that only hosts b, d, and e need the information. If the information source broadcasts the information, hosts a and c also receive it. In addition ...
Page 673
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-4 figure 1-3 multicast transmission assume that hosts b, d and e need the information. To receive the information correctly, these hosts need to join a receiver set, which is known as a mult...
Page 674
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-5 for a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of tv programs, as shown in table 1-1 . Table 1-1 an analogy between tv t...
Page 675: 1.2 Multicast Models
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-6 z any other point-to-multiple-point data distribution application. 1.2 multicast models based on how the receivers treat the multicast sources, there are two multicast models: i. Asm model...
Page 676
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-7 hosts, and the tcp/ip stack must support reception and transmission of multicast data. 1.3.1 multicast addresses to allow communication between multicast sources and multicast group member...
Page 677
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-8 table 1-3 some reserved multicast addresses address description 224.0.0.1 all systems on this subnet, including hosts and routers 224.0.0.2 all multicast routers on this subnet 224.0.0.3 u...
Page 678
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-9 assigned by iana; when set to 1, the t flag indicates a transient, or dynamically assigned multicast address. Z scope: 4 bits, indicating the scope of the ipv6 internetwork for which the m...
Page 679
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-10 figure 1-5 ipv4-to-mac address mapping the high-order four bits of a multicast ipv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remainin...
Page 680
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-11 1.3.2 multicast protocols note: z generally, we refer to ip multicast working at the network layer as layer 3 multicast and the corresponding multicast protocols as layer 3 multicast prot...
Page 681
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-12 connected with the hosts. These protocols define the mechanism of establishing and maintaining group memberships between hosts and layer 3 multicast devices. 2) multicast routing protocol...
Page 682
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 1 multicast overview 1-13 1) igmp snooping/mld snooping running on layer 2 devices, internet group management protocol snooping (igmp snooping) and multicast listener discovery snooping (mld snooping) are multicas...
Page 683: 2.1 Igmp Snooping Overview
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-1 chapter 2 igmp snooping configuration when configuring igmp snooping, go to the following sections for information you are interested in: z igmp snooping overview z igmp snooping ...
Page 684
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-2 2.1.2 basic concepts in igmp snooping i. Igmp snooping related ports as shown in figure 2-2 , router a connects to the multicast source, igmp snooping runs on switch a and switch ...
Page 685
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-3 note: z whenever mentioned in this document, a router port is a port on the switch that leads the switch to a layer 3 multicast device, rather than a port on a router. Z an igmp-s...
Page 686
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-4 i. When receiving a general query the igmp querier periodically sends igmp general queries to all hosts and routers (224.0.0.1) on the local subnet to find out whether active mult...
Page 687
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-5 note: a switch does not forward an igmp report through a non-router port. The reason is as follows: due to the igmp report suppression mechanism, if the switch forwards a report m...
Page 688
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-6 is receiving or expecting to receive multicast data for that multicast group. The switch resets the aging timer of the member port. Z if no igmp report in response to the group-sp...
Page 689
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-7 task remarks configuring aging timers for dynamic ports optional configuring static ports optional configuring simulated joining optional configuring igmp snooping port functions ...
Page 690
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-8 2.3 configuring basic functions of igmp snooping 2.3.1 configuration prerequisites before configuring the basic functions of igmp snooping, complete the following task: z configur...
Page 691
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-9 follow these steps to configure the version of igmp snooping: to do... Use the command... Remarks enter system view system-view — enter vlan view vlan vlan-id — configure the vers...
Page 692
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-10 if multicast group memberships change frequently, you can set a relatively small value for the member port aging timer, and vice versa. I. Configuring aging timers for dynamic po...
Page 693
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-11 follow these steps to configure static ports: to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type interface-numb...
Page 694
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-12 z after a port is configured as a simulated member host, the switch responds to igmp general queries by sending igmp reports through that port. Z when the simulated joining funct...
Page 695
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-13 i. Configuring fast leave processing globally follow these steps to configure fast leave processing globally: to do... Use the command... Remarks enter system view system-view — ...
Page 696
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-14 z igmp last-member query interval, z maximum response time to igmp general queries, z source address of igmp general queries, and z source address of igmp group-specific queries....
Page 697
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-15 received). When the timer value comes down to 0, the host sends an igmp report to the corresponding multicast group. An appropriate setting of the maximum response time for igmp ...
Page 698
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-16 to do... Use the command... Remarks configure the igmp last-member query interval igmp-snooping last-member-query-interval interval optional 1 second by default caution: in the c...
Page 699
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-17 2.6 configuring an igmp snooping policy 2.6.1 configuration prerequisites before configuring an igmp snooping policy, complete the following task: z enable igmp snooping in the v...
Page 700
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-18 ii. Configuring a multicast group filter on a port or a group of ports follow these steps to configuring a multicast group filter on a port or a group of ports: to do... Use the ...
Page 701
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-19 layer 3 device directly connected with it will receive duplicate igmp reports from these members. With the igmp report suppression function enabled, within each query cycle, the ...
Page 702
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-20 note: z when the number of multicast groups a port has joined reaches the maximum number configured, the system deletes all the forwarding entries persistent to that port from th...
Page 703
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-21 ii. Configuring multicast group replacement on a port or a group of ports follow these steps to configure multicast group replacement on a port or a group of ports: to do... Use ...
Page 704
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-22 note: z the reset igmp-snooping group command works only on an igmp snooping–enabled vlan, but not on a vlan with igmp enabled on its vlan interface. Z the reset igmp-snooping gr...
Page 705
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-23 iii. Configuration procedure 1) configure the ip address of each interface configure an ip address and subnet mask for each interface as per figure 2-3 . The detailed configurati...
Page 706
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-24 [switcha] display igmp-snooping group vlan 100 verbose total 1 ip group(s). Total 1 ip source(s). Total 1 mac group(s). Port flags: d-dynamic port, s-static port, a-aggregation p...
Page 707
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-25 uninterruptedly along the path of switch a—switch c in the case that the path of switch a—switch b—switch c gets blocked. Note: if no static router port is configured, when the p...
Page 708
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-26 [routera-ethernet1/0/1] pim dm [routera-ethernet1/0/1] quit [routera] interface ethernet 1/0/2 [routera-ethernet1/0/2] pim dm [routera-ethernet1/0/2] quit 3) configure switch a #...
Page 709
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-27 [switchc-vlan100] port ethernet 1/0/1 to ethernet 1/0/5 [switchc-vlan100] igmp-snooping enable [switchc-vlan100] quit 6) verify the configuration # view the detailed information ...
Page 710
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-28 ii. Network diagram source 1.1.1.1/24 host a receiver switch c switch a switch b host b receiver host c receiver querier eth1/0/1 eth1/0/2 eth1/0/1 eth1/0/1 eth1/0/2 eth1/0/3 eth...
Page 711
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-29 # create vlan 100, add ethernet 1/0/1 through ethernet 1/0/3 to vlan 100, and enable igmp snooping in this vlan. [switchb] vlan 100 [switchb-vlan100] port ethernet 1/0/1 to ether...
Page 712
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-30 2.9 troubleshooting igmp snooping configuration 2.9.1 switch fails in layer 2 multicast forwarding i. Symptom a switch fails to implement layer 2 multicast forwarding. Ii. Analys...
Page 713
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 2 igmp snooping configuration 2-31 whether this configuration conflicts with the configured multicast group policy. If any conflict exists, remove the port as a static member of the multicast group..
Page 714: 3.1 Mld Snooping Overview
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-1 chapter 3 mld snooping configuration when configuring mld snooping, go to these sections for information you are interested in: z mld snooping overview z mld snooping configuration...
Page 715
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-2 3.1.2 basic concepts in mld snooping i. Mld snooping related ports as shown in figure 2-2 , router a connects to the multicast source, mld snooping runs on switch a and switch b, h...
Page 716
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-3 note: z whenever mentioned in this document, a router port is a router-connecting port on the switch, rather than a port on a router. Z on an mld-snooping-enabled switch, the ports...
Page 717
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-4 i. General queries the mld querier periodically sends mld general queries to all hosts and routers (ff02::1) on the local subnet to find out whether ipv6 multicast group members ex...
Page 718
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-5 note: a switch does not forward an mld report through a non-router port. The reason is as follows: due to the mld report suppression mechanism, if the switch forwards a report mess...
Page 719
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-6 3.1.4 protocols and standards mld snooping is documented in: rfc 4541: considerations for internet group management protocol (igmp) and multicast listener discovery (mld) snooping ...
Page 720
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-7 note: z configurations made in mld snooping view are effective for all vlans, while configurations made in vlan view are effective only for ports belonging to the current vlan. For...
Page 721
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-8 note: z mld snooping must be enabled globally before it can be enabled in a vlan. Z after enabling mld snooping in a vlan, you cannot enable mld and/or ipv6 pim on the correspondin...
Page 722
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-9 z configure the corresponding port groups before configuring mld snooping port functions, prepare the following data: z aging time of router ports z aging timer of member ports z i...
Page 723
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-10 3.4.3 configuring static ports if all the hosts attached to a port is interested in the ipv6 multicast data addressed to a particular ipv6 multicast group, you can configure that ...
Page 724
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-11 to avoid this situation from happening, you can enable simulated joining on a port of the switch, namely configure the port as a simulated member host for an ipv6 multicast group....
Page 725
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-12 receiving mld done multicast-address-specific queries for that ipv6 multicast group, the switch will not forward them to that port. In vlans where only one host is attached to eac...
Page 726
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-13 3.5 configuring mld snooping querier 3.5.1 configuration prerequisites before configuring mld snooping querier, complete the following task: z enable mld snooping in the vlan. Bef...
Page 727
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-14 caution: it is meaningless to configure an mld snooping querier in an ipv6 multicast network running mld. Although an mld snooping querier does not take part in mld querier electi...
Page 728
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-15 ii. Configuring mld queries and responses in a vlan follow these steps to configure mld queries and responses in a vlan to do... Use the command... Remarks enter system view syste...
Page 729
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-16 caution: the source ipv6 address of mld query messages may affect mld querier election within the segment. 3.6 configuring an mld snooping policy 3.6.1 configuration prerequisites...
Page 730
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-17 ii. Configuring an ipv6 multicast group filter on a port or a group of ports follow these steps to configure an ipv6 multicast group filer on a port or a group of ports: to do... ...
Page 731
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-18 3.6.4 configuring mld report suppression when a layer 2 device receives an mld report from an ipv6 multicast group member, the layer 2 device forwards the message to the layer 3 d...
Page 732
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-19 note: z when the number of ipv6 multicast groups that can be joined on a port reaches the maximum number configured, the system deletes all the forwarding entries persistent to th...
Page 733
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-20 ii. Configuring ipv6 multicast group replacement on a port or a group of ports follow these steps to configure ipv6 multicast group replacement on a port or a group of ports: to d...
Page 734
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-21 note: z the reset mld-snooping group command works only on an mld snooping–enabled vlan, but not on a vlan with mld enabled on its vlan interface. Z the reset mld-snooping group c...
Page 735
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-22 2) configure router a # enable ipv6 multicast routing, enable ipv6 pim-dm on each interface, and enable mld on ethernet 1/0/1. System-view [routera] multicast ipv6 routing-enable ...
Page 736
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-23 vlan(id):100. Total 1 ip group(s). Total 1 ip source(s). Total 1 mac group(s). Router port(s):total 1 port. Eth1/0/1 (d) ( 00:01:30 ) ip group(s):the following ip group(s) match t...
Page 737
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-24 note: if no static router port is configured, when the path of switch a—switch b—switch c gets blocked, at least one mld query-response cycle must be completed before the ipv6 mul...
Page 738
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-25 [routera-ethernet1/0/2] quit 3) configure switch a # enable mld snooping globally. System-view [switcha] mld-snooping [switcha-mld-snooping] quit # create vlan 100, assign etherne...
Page 739
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-26 # view the detailed information about mld snooping forwarding table entries in vlan 100 on switch a. [switcha] display mld-snooping group vlan 100 verbose total 1 ip group(s). Tot...
Page 740
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-27 ii. Network diagram figure 3-5 network diagram for mld snooping querier configuration iii. Configuration procedure 1) configure switch a # enable mld snooping globally. System-vie...
Page 741
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-28 3) configuration on switch c # enable mld snooping globally. System-view [switchc] mld-snooping [switchc-mld-snooping] quit # create vlan 100, add ethernet 1/0/1 through ethernet ...
Page 742
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 3 mld snooping configuration 3-29 2) if mld snooping is not enabled, use the mld-snooping command to enable mld snooping globally, and then use mld-snooping enable command to enable mld snooping in vlan view. 3) i...
Page 743
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 4 multicast vlan configuration 4-1 chapter 4 multicast vlan configuration 4.1 introduction to multicast vlan as shown in figure 4-1 , in the traditional multicast programs-on-demand mode, when hosts that belong to...
Page 744
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 4 multicast vlan configuration 4-2 4.2 configuring multicast vlan follow these steps to configure a multicast vlan: to do… use the command… remarks enter system view system-view — configure a specific vlan as a mu...
Page 745
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 4 multicast vlan configuration 4-3 4.3 displaying and maintaining multicast vlan to do… use the command… remarks display information about a multicast vlan and its sub-vlans display multicast-vlan [ vlan-id ] avai...
Page 746
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 4 multicast vlan configuration 4-4 iii. Configuration procedure 1) configure an ip address for each interconnecting interface configure an ip address and subnet mask for each interface as per figure 4-2 . The deta...
Page 747
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 4 multicast vlan configuration 4-5 [switcha] display multicast-vlan multicast vlan 1024's subvlan list: vlan 11-13.
Page 748: 5.1 Igmp Overview
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-1 chapter 5 igmp configuration when configuring igmp, go to the following sections for the information you are interested in: z igmp overview z igmp configuration task list z igmp configurat...
Page 749
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-2 5.1.2 work mechanism of igmpv1 igmpv1 manages multicast group memberships mainly based on the query and response mechanism. Of multiple multicast routers on the same subnet, all the router...
Page 750
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-3 2) upon receiving a query message, host b or host c (the delay timer of whichever expires first) sends an igmp report to the multicast group address of g1, to announce its interest in g1. ...
Page 751
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-4 the router with the lowest ip address wins the querier election and all other igmpv2 routers become non-queriers. 3) all the non-queriers start a timer, known as “other querier present tim...
Page 752
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-5 is interested only in the multicast data that source 1 sends to g but not in the data from source 2. Source 2 receiver host a host b host c packets (s1,g) packets (s2,g) source 1 figure 5-...
Page 753
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-6 list. If the specified multicast source list is empty, this means that the report sender has left the reported multicast group. Z is_ex: the source filtering mode is exclude, namely, the r...
Page 754
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-7 note: z configurations performed in igmp view are effective on all interfaces, while configurations performed in ethernet port view are effective on the current interface only. Z if a feat...
Page 755
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-8 5.3.3 configuring igmp versions because messages vary with different igmp versions, the same igmp version should be configured for all routers on the same subnet before igmp can work prope...
Page 756
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-9 to do... Use the command... Description configure the interface as a static member of a multicast group igmp static-group group-address [ source source-address ] required an interface is n...
Page 757
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-10 5.4.2 configuring igmp message options as igmpv2 and igmpv3 involve group-specific and group-and-source-specific queries, and multicast groups change dynamically, a device cannot join all...
Page 758
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-11 to do... Use the command... Description configure the interface to discard any igmp message that does not carry the router-alert option igmp require-router-alert optional by default, the ...
Page 759
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-12 have expired and a new querier election process is launched; otherwise, the non-querier router will reset its “other querier present timer”. I. Configuring igmp query and response paramet...
Page 760
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-13 to do... Use the command... Description configure the other querier present interval igmp timer other-querier-present interval optional for the system default, see “note” below. Note: z i...
Page 761
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-14 to do... Use the command... Remarks view igmp configuration and running information display igmp interface [ interface-type interface-number ] [ verbose ] available in any view view routi...
Page 762
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-15 ii. Network diagram ether net ethe rnet figure 5-3 network diagram for igmp configuration iii. Configuration procedure 1) configure the ip addresses of the switch interfaces and configure...
Page 763: 5.7 Troubleshooting Igmp
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-16 system-view [switchb] multicast routing-enable [switchb] interface vlan-interface 200 [switchb-vlan-interface200] igmp enable [switchb-vlan-interface200] igmp version 2 [switchb-vlan-inte...
Page 764
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-17 z if the igmp group-policy command has been configured on the interface, the interface cannot receive report messages that fail to pass filtering. Iii. Solution 1) check that the networki...
Page 765
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 5 igmp configuration 5-18 iii. Solution 1) check the igmp configuration. Carry out the display current-configuration command to view the igmp configuration information on the interfaces. 2) carry out the display i...
Page 766: 6.1 Pim Overview
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-1 chapter 6 pim configuration when configuring pim, go to these sections for information you are interested in: z pim overview z configuring pim-dm z configuring pim-sm z configuring pim-ssm ...
Page 767
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-2 note: to facilitate description, a network comprising pim-capable routers is referred to as a “pim domain” in this document. 6.1.1 introduction to pim-dm pim-dm is a type of dense mode mult...
Page 768
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-3 note: every activated interface on a router sends hello messages periodically, and thus learns the pim neighboring information pertinent to the interface. Ii. Spt establishment the process ...
Page 769
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-4 figure 6-1 spt establishment the “flood and prune” process takes place periodically. A pruned state timeout mechanism is provided. A pruned branch restarts multicast forwarding when the pru...
Page 770
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-5 iv. Assert if multiple multicast routers exist on a multi-access subnet, duplicate packets may flow to the same subnet. To shut off duplicate flows, the assert mechanism is used for electio...
Page 771
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-6 pim-sm is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distribut...
Page 772
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-7 i. Neighbor discovery pim-sm uses exactly the same neighbor discovery mechanism as pim-dm does. Refer to neighbor discovery . Ii. Dr election pim-sm also uses hello messages to elect a desi...
Page 773
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-8 1) routers on the multi-access network send hello messages to one another. The hello messages contain the router priority for dr election. The router with the highest dr priority will becom...
Page 774
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-9 figure 6-4 bsr and c-rps iv. Rpt establishment figure 6-5 rpt establishment in a pim-sm domain as shown in figure 6-5 , the process of building an rpt is as follows: 1) when a receiver join...
Page 775
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-10 the multicast data addressed to the multicast group g flows through the rp, reaches the corresponding dr along the established rpt, and finally is delivered to the receiver. When a receive...
Page 776
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-11 3) the subsequent multicast data from the multicast source travels along the established spt to the rp, and then the rp forwards the data along the rpt to the receivers. When the multicast...
Page 777
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-12 ii. Relationship between bsr admin-scope regions and the global scope zone a better understanding of the global scope zone and bsr admin-scope regions should be based on two aspects: geogr...
Page 778
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-13 bsr 3 g3 address bsr 2 g2 address bsr 1 g1 address global g-g1-g2 address figure 6-8 relationship between bsr admin-scope regions and the global scope zone in group address ranges in figur...
Page 779
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-14 the ssm model provides a solution for source-specific multicast. It maintains the relationships between hosts and routers through igmpv3. In actual application, part of the pim-sm techniqu...
Page 780
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-15 as shown in figure 6-9 , host b and host c are multicast information receivers. They send igmpv3 report messages denoted as (include s, g) to the respective drs to express their interest i...
Page 781: 6.2 Configuring Pim-Dm
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-16 6.2 configuring pim-dm 6.2.1 pim-dm configuration task list complete these tasks to configure pim-dm: task remarks enabling pim-dm required enabling state refresh optional configuring stat...
Page 782
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-17 to do... Use the command... Remarks enable pim-dm pim dm required disabled by default caution: z all the interfaces of the same router must work in the same pim mode. Z pim-dm cannot be us...
Page 783
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-18 control the propagation scope of state refresh messages, you need to configure an appropriate ttl value based on the network size. Follow these steps to configure state refresh parameters:...
Page 784: 6.3 Configuring Pim-Sm
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-19 6.3 configuring pim-sm note: a device can serve as a c-rp and a c-bsr at the same time. 6.3.1 pim-sm configuration task list complete these tasks to configure pim-sm: task remarks configur...
Page 785
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-20 z bootstrap timeout time z an acl rule defining a legal c-rp address range and the range of multicast groups to be served z c-rp-adv interval z c-rp timeout time z the ip address of a stat...
Page 786
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-21 6.3.4 configuring a bsr note: the bsr is dynamically elected from a number of c-bsrs. Because it is unpredictable which router will finally win a bsr election, the commands introduced in t...
Page 787
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-22 perform neighbor check and rpf check on bsr messages and discard unwanted messages. 2) when a router in the network is controlled by an attacker or when an illegal router is present in the...
Page 789
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-24 follow these steps to configure a bsr admin-scope region boundary: to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type int...
Page 790
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-25 note: about the bootstrap timeout time: z by default, the bootstrap timeout time is determined by this formula: bootstrap timeout = bootstrap interval × 2 + 10. The default bootstrap inter...
Page 791
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-26 follow these steps to configure a static rp to do… use the command… remarks enter system view system-view — enter pim view pim — configure a static rp static-rp rp-address [ acl-number ] [...
Page 792
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-27 note: z when configuring a c-rp, ensure a relatively large bandwidth between this c-rp and the other devices in the pim-sm domain. Z an rp can serve multiple multicast groups or all multic...
Page 793
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-28 to do... Use the command... Remarks configure c-rp timeout time c-rp holdtime interval optional 150 seconds by default note: z the commands introduced in this section are to be configured ...
Page 794
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-29 follow these steps to configure pim-sm register-related parameters: to do... Use the command... Remarks enter system view system-view — enter pim view pim — configure a filtering rule for ...
Page 795: 6.4 Configuring Pim-Ssm
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-30 to do... Use the command... Remarks disable rpt-to-spt switchover spt-switch-threshold infinity [ group-policy acl-number [ order order-value] ] optional by default, the device switches to...
Page 796
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-31 z the ssm group range 6.4.3 enabling pim-sm the ssm model is implemented based on some subsets of pim-sm. Therefore, a router is pim-ssm capable after you enable pim-sm on it. When deployi...
Page 797
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-32 to do... Use the command... Remarks configure the ssm group range ssm-policy acl-number optional 232.0.0.0/8 by default note: the commands introduced in this section are to be configured o...
Page 798
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-33 task remarks configuring a pim filter optional configuring pim hello options optional configuring pim common timers optional configuring join/prune message limits optional 6.5.2 configurat...
Page 799
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-34 follow these steps to configure a pim filter: to do... Use the command... Remarks enter system view system-view — enter pim view pim — configure a multicast group filter source-policy acl-...
Page 800
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-35 maintains the current forwarding state for a period of time defined by lan-delay. If the downstream router needs to continue receiving multicast data, it must send a prune override message...
Page 801
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-36 to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type interface-number — configure the priority for dr election pim hello-op...
Page 802
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-37 maintains (s, g) entries for a period of time, namely the multicast source lifetime, before deleting the (s, g) entries. I. Configuring pim common timers globally follow these steps to con...
Page 803
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-38 note: if there are no special networking requirements, we recommend that you use the default settings. 6.5.6 configuring join/prune message limits a larger join/prune message size will res...
Page 804
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-39 to do... Use the command... Remarks view the information about unacknowledged graft messages display pim grafts available in any view view the pim information on an interface or all interf...
Page 805
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-40 z switch a connects to stub network n1 through vlan-interface 100, and to switch d through vlan-interface 103. Z switch b and switch c connect to stub network n2 through their respective v...
Page 806
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-41 among the switches through a unicast routing protocol. Detailed configuration steps are omitted here. 2) enable ip multicast routing, and enable pim-dm on each interface # enable ip multic...
Page 807
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-42 carry out the display pim neighbor command to view the pim neighboring relationships among the switches. For example: # view the pim neighboring relationships on switch d. [switchd] displa...
Page 808
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-43 the information on switch b and switch c is similar to that on switch a. # view the pim routing table information on switch d. [switchd] display pim routing-table total 0 (*, g) entry; 1 (...
Page 809
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-44 ii. Network diagram ether net ethe rnet etherne t n1 n2 vl an- int 101 vl an- int1 01 device interface ip address device interface ip address switch a vlan-int100 10.110.1.1/24 switch d vl...
Page 810
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-45 system-view [switcha] multicast routing-enable [switcha] interface vlan-interface 100 [switcha-vlan-interface100] igmp enable [switcha-vlan-interface100] pim sm [switcha-vlan-interface100]...
Page 811
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-46 [switcha] display pim bsr-info elected bsr address: 192.168.9.2 priority: 0 hash mask length: 30 state: accept preferred scope: not scoped uptime: 01:40:40 next bsr message scheduled at: 0...
Page 812
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-47 assume that host a needs to receive information addressed to the multicast group g (225.1.1.1/24). An rpt will be built between switch a and switch e. When the multicast source s (10.110.5...
Page 813
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-48 protocol: pim-sm, flag: spt loc uptime: 00:00:42 upstream interface: vlan-interface300 upstream neighbor: null rpf prime neighbor: null downstream interface(s) information: total number of...
Page 814
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-49 z igmpv3 is to run between switch a and n1, and between switch b/switch c and n2. Ii. Network diagram ether net ethe rnet etherne t n1 n2 vl an- int 101 vl an- int1 01 device interface ip ...
Page 815
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-50 # enable ip multicast routing on switch a, enable pim-sm on each interface, and enable igmpv3 on vlan-interface 100, which connects switch a to the stub network. System-view [switcha] mult...
Page 816
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-51 toward the multicast source. Switches on the spt path (switch a and switch d) have generated an (s, g) entry, while switch e, which is not on the spt path, does not have multicast routing ...
Page 817
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-52 6.8 troubleshooting pim configuration 6.8.1 failure of building a multicast distribution tree correctly i. Symptom none of the routers in the network (including routers directly connected ...
Page 818
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-53 2) check that pim is enabled on the interfaces, especially on the rpf interface. Use the display pim interface command to view the pim information on each interface. If pim is not enabled ...
Page 819
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-54 6.8.3 rps unable to join spt in pim-sm i. Symptom an rpt cannot be established correctly, or the rps cannot join the spt to the multicast source. Ii. Analysis z as the core of a pim-sm dom...
Page 820
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 6 pim configuration 6-55 z the rp is the core of a pim-sm domain. Make sure that the rp information on all routers is exactly the same, a specific group g is mapped to the same rp, and unicast routes are available...
Page 821: 7.1 Msdp Overview
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-1 chapter 7 msdp configuration when configuring msdp, go to these sections for information you are interested in: z msdp overview z msdp configuration task list z displaying and maintaining ...
Page 822
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-2 caution: z msdp is applicable only if the intra-domain multicast protocol is pim-sm. Z msdp is meaningful only for the any-source multicast (asm) model. 7.1.2 how msdp works i. Msdp peers ...
Page 823
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-3 data from the multicast source arrives, the receiver-side msdp peer forwards the data to the receivers along the rpt. Z intermediate msdp peer: an msdp peer with multicast remote msdp peer...
Page 824
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-4 rp 1 dr 1 source pim-sm 1 pim-sm 3 pim-sm 2 pim-sm 4 rp 3 rp 2 dr 2 msdp peers sa message join message multicast packets register message receiver figure 7-2 msdp peering relationships the...
Page 825
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-5 hop towards dr 1 at the multicast source side, so that it can directly join the spt rooted at the source over other pim-sm domains. Then, the multicast data can flow along the spt to rp 2 ...
Page 826
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-6 sa message msdp peers as 1 as 2 as 3 as 4 as 5 rp 1 rp 2 rp 3 rp 4 rp 5 rp 6 rp 7 rp 8 rp 9 mesh group source (1) (2) (3) (3) (4) (7) (6) (5) (4) static rpf peers figure 7-3 diagram for rp...
Page 827
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-7 an ebgp route exists between two msdp peers in different ass. Because the sa message is from an msdp peer (rp 7) in a different as, and the msdp peer is the next hop on the ebgp route to t...
Page 828
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-8 1) the multicast source registers with the nearest rp. In this example, source registers with rp 1, with its multicast data encapsulated in the register message. When the register message ...
Page 829
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-9 7.2 msdp configuration task list complete these tasks to configure msdp: task remarks enabling msdp required creating an msdp peer connection required configuring basic functions of msdp c...
Page 830
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-10 7.3.2 enabling msdp follow these steps to enable msdp: to do... Use the command... Remarks enter system view system-view — enable ip multicast routing multicast routing-enable required di...
Page 831
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-11 follow these steps to configure a static rpf peer: to do... Use the command... Remarks enter system view system-view — enter msdp view msdp — configure a static rpf peer static-rpf-peer p...
Page 832
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-12 7.4.3 configuring an msdp mesh group an as may contain multiple msdp peers. You can use the msdp mesh group mechanism to avoid sa message flooding among these msdp peers and optimize the ...
Page 833
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-13 when a new msdp peer is created, or when a previously deactivated msdp peer connection is reactivated, or when a previously failed msdp peer attempts to resume operation, a tcp connection...
Page 834
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-14 message containing the multicast packet in an sa message and sends it out. After receiving the sa message, the remote rp decapsulates the sa message and delivers the multicast data contai...
Page 835
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-15 to do... Use the command... Remarks configure a filtering rule for sa request messages peer peer-address sa-request-policy [ acl acl-number ] optional sa request messages are not filtered...
Page 836
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-16 to do... Use the command... Remarks configure the minimum ttl value of multicast packets to be encapsulated in sa messages peer peer-address minimum-ttl ttl-value optional 0 by default 7....
Page 838
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-18 ii. Network diagram vlan-int101 vlan-int102 switch a switch c switch b source 1 as 100 pim-sm 1 pim-sm 3 pim-sm 2 as 200 loop0 switch d switch e switch f switch g source 2 vlan-int200 vl ...
Page 839
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-19 [switchc] multicast routing-enable [switchc] interface vlan-interface 100 [switchc-vlan-interface100] pim sm [switchc-vlan-interface100] quit [switchc] interface vlan-interface 200 [switc...
Page 840
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-20 [switchd-bgp] quit # configure ebgp on switch f, and inject ospf routes. [switchf] bgp 200 [switchf-bgp] router-id 3.3.3.3 [switchf-bgp] peer 192.168.3.1 as-number 200 [switchf-bgp] impor...
Page 841
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-21 peer v as msgrcvd msgsent outq prefrcv up/down state 192.168.3.1 4 200 16 14 0 1 00:10:58 established to view the bgp routing table information on the switches, use the display bgp routin...
Page 842
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-22 when the multicast source (source 1) in pim-sm 1 sends multicast information, receivers in pim-sm 2 and pim-sm 3 can receive the multicast data. You can use the display msdp brief command...
Page 843
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-23 elapsed time since last connection or counters clear: 00:17:51 information about (source, group)-based sa filtering policy: import policy: none export policy: none information about sa-re...
Page 844
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-24 ii. Network diagram loop0 lo op1 lo op1 loop0 vlan- in t100 vl an- int100 v lan-int103 vlan- int1 03 vlan- int10 2 vlan-in t102 device interface ip address device interface ip address swi...
Page 845
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-25 [switchc-vlan-interface100] pim sm [switchc-vlan-interface100] quit [switchc] interface vlan-interface 101 [switchc-vlan-interface101] pim sm [switchc-vlan-interface101] quit the configur...
Page 846
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-26 rpf prime neighbor: 10.110.1.2 downstream interface(s) information: total number of downstreams: 1 1: vlan-interface101 protocol: pim-sm, uptime: 00:10:20, expires: 00:03:10 # view the pi...
Page 847
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-27 # view the brief msdp peer information on switch c. [switchc] display msdp brief msdp peer brief information configured up listen connect shutdown down 1 1 0 0 0 0 peer's address state up...
Page 848
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-28 ii. Network diagram static rpf peers source 1 receiver switch a switch b switch c pim-sm 3 pim-sm 2 loop0 switch d switch e switch f switch g source 2 loop0 receiver receiver loop0 pim-sm...
Page 849
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-29 # enable ip multicast routing on switch c, and enable pim-sm on each interface. System-view [switchc] multicast routing-enable [switchc] interface vlan-interface 101 [switchc-vlan-interfa...
Page 850
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-30 # configure switch c as a static rpf peer of switch d. [switchd] ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32 [switchd] msdp [switchd-msdp] peer 192.168.3.2 co...
Page 851: 7.8 Troubleshooting Msdp
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-31 [switchf] display msdp brief msdp peer brief information configured up listen connect shutdown down 1 1 0 0 0 0 peer's address state up/down time as sa count reset count 192.168.3.2 up 00...
Page 852
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-32 argument, all the (s, g) entries will be filtered off, namely no (s, g) entries of the local domain will be advertised. Z if the import-source command is not executed, the system will adv...
Page 853
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 7 msdp configuration 7-33 4) verify that the c-bsr address is different from the anycast rp address..
Page 854: Configuration
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-1 chapter 8 multicast routing and forwarding configuration when configuring multicast routing and forwarding, go to these sections for information you are interes...
Page 855
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-2 8.1.2 rpf mechanism when creating multicast routing table entries, a multicast routing protocol uses the reverse path forwarding (rpf) mechanism to ensure multi...
Page 856
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-3 unicast route; instead, it relies on the existing unicast routing information or multicast static routes in creating multicast routing entries. When performing ...
Page 857
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-4 figure 8-1 rpf check process z a multicast packet from source arrives on vlan-int1 of switch c, and the corresponding forwarding entry does not exist in the mul...
Page 858
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-5 unicast rpf route and the optimal multicast static route respectively from the routing tables, and uses one of them as the rpf route after comparison. Figure 8-...
Page 859
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-6 z request, with the igmp type field set to 0x1f, and z response, with the igmp type field set to 0x1e. Iii. Process of multicast traceroute 1) the querier sends...
Page 860
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-7 z the maximum number of routing entries in a multicast forwarding table 8.3.2 enabling ip multicast routing before configuring any layer 3 multicast functionali...
Page 861
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-8 follow these steps to configure a multicast static route: to do... Use the command... Remarks enter system view system-view — configure a multicast static route...
Page 862
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-9 follow these steps to configure multicast load splitting: to do... Use the command... Remarks enter system view system-view — configuring multicast load splitti...
Page 863
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-10 routing protocol. In addition, newly added downstream nodes cannot be installed to the routing entry into the forwarding table. If the configured maximum numbe...
Page 864: Forwarding
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-11 8.4 displaying and maintaining multicast routing and forwarding to do... Use the command... Remarks view the multicast boundary information display multicast b...
Page 865: 8.5 Configuration Examples
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-12 caution: z the reset command clears the information in the multicast routing table or the multicast forwarding table, and thus may cause failure of multicast t...
Page 866
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-13 ii. Network diagram switch b switch a switch c switch d source 1 source 2 receiver vlan-int100 10.110.1.1/24 vlan-int100 10.110.1.2/24 vlan-int300 192.168.3.1/...
Page 867
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-14 [switchc-vlan-interface300] pim dm [switchc-vlan-interface300] quit the configuration on switch a, switch b and switch d is similar to the configuration on swi...
Page 868
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-15 ii. Analysis z if the multicast static route is not configured or updated correctly to match the current network conditions, the route entry does not exist in ...
Page 869
Operation manual – multicast protocol h3c s3610&s5510 series ethernet switches chapter 8 multicast routing and forwarding configuration 8-16 3) in the case of pim-sm, use the display current-configuration command to check the bsr and rp information..
Page 870: Table of Contents
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 802.1x configuration ................................................................................................... 1-1 1.1 802.1x overview ...................
Page 871
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches table of contents ii chapter 4 mac authentication configuration............................................................................ 4-1 4.1 mac authentication overview ....................................
Page 872: 1.1 802.1X Overview
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-1 chapter 1 802.1x configuration when configuring 802.1x, go to these sections for information you are interested in: z 802.1x overview z configuring 802.1x z configuring a gue...
Page 873
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-2 figure 1-1 architecture of 802.1x z supplicant system: a system at one end of the lan segment, which is authenticated by the authenticator system at the other end. A supplica...
Page 874
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-3 ii. Controlled port and uncontrolled port an authenticator provides ports for supplicants to access the lan. Each of the ports can be regarded as two logical ports: a control...
Page 875
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-4 z after a user passes the authentication, the authentication server passes information about the user to the authenticator, which then controls the status of the controlled p...
Page 876
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-5 type description eapol-encapsulated-asf-alert (a value of 0x04) frame for carrying alerting information compliant to alert standard forum (asf). A frame of this type carries ...
Page 877
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-6 z length: length of the eap packet, including the code, identifier, length, and data fields, in bytes. Z data: content of the eap packet. This field is zero or more bytes and...
Page 878
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-7 an 802.1x authenticator system communicates with a remotely located radius server in two modes: eap relay and eap termination. The following description takes the first case ...
Page 879
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-8 supplicant system pae raduis server eapol eapor eapol-start eap -request / identity eap - response / identity eap -request / md5 challenge eap-success eap -response / md5 cha...
Page 880
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-9 6) after receiving the radius access-challenge packet, the authenticator relays the contained eap-request/md5 challenge packet to the supplicant. 7) when receiving the eap-re...
Page 881
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-10 eapol radius eapol- start eap- resquest / identity eap- response / identity eap - request / md 5 challenge eap- response / md5 challenge radius access - request (chap- respo...
Page 882
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-11 when an authenticator multicasts an eap-request/identity frame. Once an authenticator sends an eap-request/identity frame to a supplicant, it starts this timer. If this time...
Page 883
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-12 note: after an 802.1x supplicant passes authentication, the authentication server sends authorization information to the authenticator. If the authorization information cont...
Page 884
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-13 ii. Guest vlan guest vlan allows unauthenticated users to access some special resources. Guest vlan is the default vlan that a supplicant on a port can access without authen...
Page 885: 1.2 Configuring 802.1X
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-14 1.2 configuring 802.1x 1.2.1 configuration prerequisites 802.1x provides a user identity authentication scheme. However, 802.1x cannot implement the authentication scheme so...
Page 886
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-15 to do… use the command… remarks set the maximum number of attempts to send an authentication request to a supplicant dot1x retry max-retry-value optional 2 by default set ti...
Page 887
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-16 1.2.3 configuring 802.1x for a port i. Enabling 802.1x for a port follow these steps to enable 802.1x for a port: to do… use the command… remarks enter system view system-vi...
Page 888
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-17 note that: z the 802.1x proxy detection function depends on the online user handshake function. Be sure to enable handshake before enabling proxy detection and to disable pr...
Page 889
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-18 note: z you can specify a tagged vlan as the guest vlan for a hybrid port, but the guest vlan does not take effect. Similarly, if a guest vlan for a hybrid port is in operat...
Page 890
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-19 z a server group with two radius servers is connected to the switch. The ip addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary au...
Page 891
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-20 system-view [sysname] local-user localuser [sysname-luser-localuser] service-type lan-access [sysname-luser-localuser] password simple localpass [sysname-luser-localuser] at...
Page 892
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-21 [sysname-isp-aabbcc.Net] authorization default radius-scheme radius1 local [sysname-isp-aabbcc.Net] accounting default radius-scheme radius1 local # set the maximum number o...
Page 893
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-22 ii. Network diagrams figure 1-11 network diagram for guest vlan configuration figure 1-12 network diagram with vlan 10 as the guest vlan.
Page 894
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-23 figure 1-13 network diagram when the supplicant passes authentication iii. Configuration procedure # configure radius scheme 2000. System-view [sysname] radius scheme 2000 [...
Page 895
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-24 [sysname-ethernet1/0/1] dot1x port-method portbased # set the port access control mode to auto. [sysname-ethernet1/0/1] dot1x port-control auto [sysname-ethernet1/0/1] quit ...
Page 896
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-25 iii. Configuration procedure # configure the ip addresses of the interfaces. (omitted) # configure the radius scheme. System-view [sysname] radius scheme 2000 [sysname-radiu...
Page 897
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 1 802.1x configuration 1-26.
Page 898
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 2 ead fast deployment configuration 2-1 chapter 2 ead fast deployment configuration when configuring ead fast deployment, go to these sections for information you are interested in: z ead fast deployme...
Page 899
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 2 ead fast deployment configuration 2-2 2.2.2 configuration procedure i. Configuring a freely accessible network segment a freely accessible network segment, also called a free ip, is a network segment...
Page 900
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 2 ead fast deployment configuration 2-3 iii. Setting the ead rule timeout time with the ead fast deployment function, a user is authorized by an ead rule (generally an acl rule) to access the freely ac...
Page 901
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 2 ead fast deployment configuration 2-4 ii. Network diagram figure 2-1 network diagram for ead fast deployment iii. Configuration procedure 1) configure the web server before using the ead fast deploym...
Page 902
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 2 ead fast deployment configuration 2-5 reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time ping stat...
Page 903: 3.1 Introduction to Habp
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 3 habp configuration 3-1 chapter 3 habp configuration when configuring habp, go to these sections for the information you are interested in: z introduction to habp z configuring habp z displaying and m...
Page 904
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 3 habp configuration 3-2 follow these steps to configure an habp server: to do… use the command… remarks enter system view system-view — enable habp habp enable optional enabled by default configure ha...
Page 905
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-1 chapter 4 mac authentication configuration when configuring mac authentication, go to these sections for information you are interested in: z mac authentication o...
Page 906: 4.2 Related Concepts
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-2 if the authentication succeeds, the user will be granted permission to access the network resources. 4.1.2 local mac authentication in local mac authentication, t...
Page 907
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-3 caution: if the quiet mac is the same as the static mac configured or an authentication-passed mac, then the quiet function is not effective. 4.2.3 vlan assigning...
Page 908
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-4 caution: for local authentication: z the type of username and password of a local user must be consistent with that used for mac authentication. Z all the letters...
Page 909
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-5 to do… use the command… remarks configure the username and password for mac authentication mac-authentication user-name-format { fixed [ account name ] [ password...
Page 910
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-6 z a local user uses aaa as the username and 123456 as the password for authentication. Z set the offline detect timer to 180 seconds and the quiet timer to 3 minu...
Page 911
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-7 user name format is fixed account fixed username:aaa fixed password:123456 offline detect period is 180s quiet period is 60s. Server response timeout value is 100...
Page 912
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-8 # configure a radius scheme. System-view [device] radius scheme 2000 [device-radius-2000] primary authentication 10.1.1.1 1812 [device-radius-2000] primary accoun...
Page 913
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-9 silent mac user info: mac addr from port port index ethernet1/0/1 is link-up mac address authentication is enabled authenticate success: 1, failed: 0 current onli...
Page 914
Operation manual – 802.1x-habp-mac authentication h3c s3610&s5510 series ethernet switches chapter 4 mac authentication configuration 4-10 [sysname-radius-2000] key accounting abc [sysname-radius-2000] user-name-format without-domain [sysname-radius-2000] quit # create an isp domain and specify the ...
Page 915: Table of Contents
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 aaa/radius/hwtacacs configuration ................................................................. 1-1 1.1 aaa/radius/hwtacacs configuration overview.........................
Page 916
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches table of contents ii 1.6.1 displaying and maintaining aaa ........................................................................... 1-39 1.6.2 displaying and maintaining radius.............................................
Page 917: Configuration
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-1 chapter 1 aaa/radius/hwtacacs configuration when configuring aaa/radius/hwtacacs, go to these sections for information you are interested in: z aaa/radius/hwtacacs configur...
Page 918
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-2 z local authentication: user information (including username, password, and attributes) is configured on the device. Local authentication features high speed and low cost, ...
Page 919
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-3 is the isp domain name. The access device considers the userid part the username for authentication and the isp-name part the domain name. In a networking scenario with mul...
Page 920
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-4 figure 1-1 components of the radius server in addition, a radius server can act as the client of another aaa server to provide the proxy authentication or accounting servic...
Page 921
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-5 2) having received the username and password, the radius client sends an authentication request (access-request) to the radius server. 3) the radius server compares the rec...
Page 922
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-6 table 1-1 main values of the code field code packet type description 1 access-request from the client to the server. A packet of this type carries user information for the ...
Page 923
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-7 z length: one byte for indicating the length of the attribute in bytes, including the type, length, and value fields. Z value: value of the attribute, up to 253 bytes. Its ...
Page 924
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-8 figure 1-4 segment of a radius packet containing an extended attribute 1.1.4 introduction to hwtacacs i. What is hwtacacs huawei terminal access controller access control s...
Page 925
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-9 figure 1-5 network diagram for a typical hwtacacs application ii. Basic message exchange process of hwtacacs the following takes telnet user as an example to describe how h...
Page 926
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-10 figure 1-6 basic message exchange process of hwtacacs for a telnet user 1) a user requests to access the nas. Upon receiving the request, the hwtacacs client sends a start...
Page 927
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-11 5) after receiving the login password, the hwtacacs client sends to the hwtacacs server an authentication continuance packet carrying the login password. 6) the hwtacacs s...
Page 928: 1.3 Configuring Aaa
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-12 ii. Radius configuration task list task remarks creating a radius scheme required specifying the radius authentication/authorization servers required configuring the radiu...
Page 929
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-13 in aaa, users are divided into lan-access users, login users, and command line users. Except for command line users, you can configure separate authentication/authorizatio...
Page 930
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-14 1.3.3 configuring isp domain attributes follow these steps to configure isp domain attributes: to do… use the command… remarks enter system view system-view — create an is...
Page 931
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-15 before configuring an authentication scheme, complete these three tasks: z for radius or hwtacacs authentication, configure the radius or hwtacacs scheme to be referenced ...
Page 932
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-16 note: z the authentication scheme specified with the authentication default command is for all types of users and has a priority lower than that for a specific access mode...
Page 933
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-17 follow these steps to configure an aaa authorization scheme for an isp domain: to do… use the command… remarks enter system view system-view — create an isp domain and ent...
Page 934
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-18 note: z the authorization scheme specified with the authorization default command is for all types of users and has a priority lower than that for a specific access mode. ...
Page 935
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-19 follow these steps to configure an aaa accounting scheme for an isp domain: to do… use the command… remarks enter system view system-view — create an isp domain and enter ...
Page 936
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-20 1.3.7 configuring local user attributes for local authentication, you must create a local user and configure the attributes. A local user represents a set of users configu...
Page 937
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-21 to do… use the command… remarks set the priority level of the user level level optional 0 by default set attributes for a lan access user attribute { access-limit max-user...
Page 938
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-22 note: z with the local-user password-display-mode cipher-force command configured, a local user password is always displayed in cipher text, regardless of the configuratio...
Page 940
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-24 to do… use the command… remarks enter system view system-view — create a radius scheme and enter radius scheme view radius scheme radius-scheme-name required not defined b...
Page 941
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-25 to do… use the command… remarks configure the ip address and udp port of the primary radius accounting server primary accounting ip-address [ port-number ] required the de...
Page 942
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-26 note: z in practice, you can specify two radius servers as the primary and secondary accounting servers respectively; or specify one server to function as both. Besides, b...
Page 943
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-27 1.4.5 setting the maximum number of radius request retransmission attempts because radius uses udp packets to carry data, the communication process is not reliable. If a n...
Page 944
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-28 note: z if you change the type of radius server, the data stream destined to the original radius server will be restored to the default unit. Z when a third-party radius i...
Page 947
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-31 server with an ip address configured. If the secondary server is reachable, the primary server will resume active after the period specified by this timer, and the seconda...
Page 948
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-32 device can be configured with 16 schemes at most) fail to respond to the accounting-on packets, the number of accounting-on packet retransmission attempts is too big, or t...
Page 949: 1.5 Configuring Hwtacacs
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-33 caution: z if the radius server and the security policy server reside on the same physical device, you do not need to configure the ip address of the security policy serve...
Page 950
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-34 1.5.2 specifying the hwtacacs authentication servers follow these steps to specify the hwtacacs authentication servers: to do… use the command… remarks enter system view s...
Page 951
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-35 to do… use the command… remarks configure the ip address and port of the primary hwtacacs authorization server primary authorization ip-address [ port-number ] required th...
Page 952
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-36 to do… use the command… remarks configure the ip address and port of the secondary hwtacacs accounting server secondary accounting ip-address [ port-number ] required the ...
Page 954
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-38 note: z if a hwtacacs server does not support a username with the domain name, you can configure the device to remove the domain name before sending the username to the se...
Page 955
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-39 1.6 displaying and maintaining aaa/radius/hwtacacs 1.6.1 displaying and maintaining aaa to do… use the command… remarks display the configuration information of a specifie...
Page 957
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-41 on the switch, set the shared keys for authentication, authorization, and accounting packets to expert. Configure the switch to remove the domain name from a user name bef...
Page 958
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-42 [switch-isp-1] authentication login hwtacacs-scheme hwtac [switch-isp-1] authorization login hwtacacs-scheme hwtac [switch-isp-1] accounting login hwtacacs-scheme hwtac [s...
Page 959
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-43 ii. Network diagram figure 1-8 configure aaa by separate servers for telnet users iii. Configuration procedure # configure the ip addresses of various interfaces (omitted)...
Page 960
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-44 # configure the aaa schemes of the isp domain. [switch] domain 1 [switch-isp-1] authentication login local [switch-isp-1] authorization login hwtacacs-scheme hwtac [switch...
Page 961
Operation manual – aaa-radius-hwtacacs h3c s3610&s5510 series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-45 solution: check that: 1) the communication links between the nas and the radius server work well at both physical and link layers. 2) the ip address of the radius server i...
Page 962: Table of Contents
Operation manual – arp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 arp configuration....................................................................................................... 1-1 1.1 arp overview..................................................
Page 963: 1.1 Arp Overview
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-1 chapter 1 arp configuration when configuring arp, go to these sections for information you are interested in: z arp overview z configuring arp z configuring gratuitous arp z configuring arp source suppres...
Page 964
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-2 the following explains the fields in figure 1-1 . Z hardware type: this field specifies the hardware address type. The value “1” represents ethernet. Z protocol type: this field specifies the type of the ...
Page 965
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-3 figure 1-2 arp address resolution process when host a and host b are not on the same subnet, host a first sends an arp request to the gateway. The destination ip address in the arp request is the ip addre...
Page 966: 1.2 Configuring Arp
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-4 receiving the arp reply into the static arp entry. Now the entry can be used for forwarding ip packets. Note: usually arp dynamically implements and automatically seeks mappings from ip addresses to mac a...
Page 967
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-5 1.2.2 configuring the maximum number of arp entries for a vlan interface follow these steps to set the maximum number of dynamic arp entries that a vlan interface can learn: to do… use the command… remark...
Page 968
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-6 follow these steps to enable the arp entry check: to do… use the command… remarks enter system view system-view — enable the arp entry check arp check enable optional enabled by default. 1.2.5 arp configu...
Page 969
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-7 z informing other devices of its mac address change so that they can update their arp entries. A device receiving a gratuitous arp packet can add the information carried in the packet to its own dynamic a...
Page 970
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 1 arp configuration 1-8 to do… use the command… remarks enter system view system-view — enable arp source suppression arp source-suppression enable required disabled by default. Set the maximum number of packets with the same so...
Page 971: 2.1 Proxy Arp Overview
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 2 proxy arp configuration 2-1 chapter 2 proxy arp configuration when configuring proxy arp, go to these sections for information you are interested in: z proxy arp overview z enabling proxy arp z displaying and maintaining proxy...
Page 972
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 2 proxy arp configuration 2-2 2.3 displaying and maintaining proxy arp to do… use the command… remarks display whether proxy arp is enabled display proxy-arp [ interface vlan-interface vlan-id ] available in any view display whe...
Page 973
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 2 proxy arp configuration 2-3 iii. Configuration procedure # configure proxy arp on the device to enable the communication between host a and host d. System-view [switch] vlan 2 [switch-vlan2] quit [switch] interface vlan-interf...
Page 974
Operation manual – arp h3c s3610&s5510 series ethernet switches chapter 2 proxy arp configuration 2-4 [switch-vlan2] port ethernet 1/0/3 [switch-vlan2] quit [switch] interface ethernet 1/0/2 [switch-ethernet1/0/2] port-isolate enable [switch-ethernet1/0/2] quit [switch] interface ethernet 1/0/3 [swi...
Page 975: Table of Contents
Operation manual – dhcp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 dhcp overview............................................................................................................ 1-1 1.1 introduction to dhcp .......................................
Page 976
Operation manual – dhcp h3c s3610&s5510 series ethernet switches table of contents ii 2.8 displaying and maintaining the dhcp server................................................................. 2-16 2.9 dhcp server configuration examples..............................................................
Page 977
Operation manual – dhcp h3c s3610&s5510 series ethernet switches table of contents iii 6.4 bootp client configuration example .............................................................................. 6-3.
Page 978: Chapter 1 Dhcp Overview
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-1 chapter 1 dhcp overview when configuring arp, go to these sections for information you are interested in: z introduction to dhcp z dhcp address allocation z dhcp message format z dhcp options z protocols and...
Page 979
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-2 note: when residing in a different subnet from the dhcp server, the dhcp client can get the ip address and other configuration parameters from the server via a dhcp relay agent. For information about the dhc...
Page 980: 1.3 Dhcp Message Format
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-3 3) if several dhcp servers send offers to the client, the client accepts the first received offer, and broadcasts it in a dhcp-request message to formally request the ip address. 4) all dhcp servers receive ...
Page 981
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-4 figure 1-3 dhcp message format z op: message type defined in option field. 1 = request, 2 = reply z htype,hlen: hardware address type and length of a dhcp client. Z hops: number of relay agents a request mes...
Page 982: 1.4 Dhcp Options
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-5 1.4 dhcp options 1.4.1 dhcp options overview the dhcp message adopts the same format as the bootstrap protocol (bootp) message for compatibility, but differs from it in the option field, which identifies new...
Page 983
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-6 i. Relay agent option (option 82) option 82 is the relay agent option in the option field of the dhcp message. It records the location information of the dhcp client. When a dhcp relay agent receives a clien...
Page 984
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-7 figure 1-7 sub-option 1 in verbose padding format note: in the above figure, except that the vlan id field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable. Z...
Page 985
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 1 dhcp overview 1-8 1.5 protocols and standards z rfc2131: dynamic host configuration protocol z rfc2132: dhcp options and bootp vendor extensions z rfc1542: clarifications and extensions for the bootstrap protocol z rfc 3046: ...
Page 986
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-1 chapter 2 dhcp server configuration when configuring the dhcp server, go to these sections for information you are interested in: z introduction to dhcp server z dhcp server configuration task li...
Page 987
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-2 2.1.2 dhcp address pool i. Address pool structure in response to a client’s request, the dhcp server selects an idle ip address from an address pool and sends it together with other parameters su...
Page 988: 2.3 Enabling Dhcp
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-3 for example, two address pools are configured on the dhcp server. The ranges of ip addresses that can be dynamically assigned are 1.1.1.0/24 and 1.1.1.0/25 respectively. If the ip address of the ...
Page 989
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-4 follow these steps to enable dhcp: to do… use the command… remarks enter system view system-view — enable dhcp dhcp enable required disabled by default. 2.4 enabling the dhcp server on an interfa...
Page 990
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-5 2.5 configuring an address pool for the dhcp server 2.5.1 configuration task list complete the following tasks to configure an address pool: task remarks creating a dhcp address pool required con...
Page 991
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-6 2.5.3 configuring an address allocation mode caution: you can configure either the static binding or dynamic address allocation for an address pool as needed. It is required to specify an address...
Page 992
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-7 note: z use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration. Z in a dhcp address poo...
Page 993
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-8 to do… use the command… remarks exclude ip addresses from automatic allocation dhcp server forbidden-ip low-ip-address [ high-ip-address ] optional except ip addresses of the dhcp server interfac...
Page 994
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-9 follow these steps to configure dns servers in the dhcp address pool: to do… use the command… remarks enter system view system-view — enter dhcp address pool view dhcp server ip-pool pool-name — ...
Page 996
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-11 to do… use the command… remarks specify gateways gateway-list ip-address& required no gateway is specified by default. 2.5.9 configuring option 184 parameters for the client with voice service t...
Page 997
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-12 2.5.10 configuring the tftp server and bootfile name for the client this task is to specify the ip address and name of a tftp server and the bootfile name in the dhcp address pool. The dhcp clie...
Page 998
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-13 z define existing dhcp options. Some options have no unified definitions in rfc 2132; however, vendors can define such options as needed. The self-defined dhcp option enables dhcp clients to obt...
Page 999
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-14 caution: z be cautious when configuring self-defined dhcp options because such configuration may affect the dhcp operation process. Z when you use self-defined option (option 51) to configure th...
Page 1000
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-15 2.6.3 configuring ip address conflict detection to avoid ip address conflicts, the dhcp server checks whether the address to be assigned is in use via sending ping packets. The dhcp server pings...
Page 1001
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-16 ii. Configuring the handling mode for option 82 follow these steps to enable the dhcp server to handle option 82: to do… use the command… remarks enter system view system-view — enable the serve...
Page 1003
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-18 z the domain name and dns server address on the subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and dns server address can be configured only for the subnet...
Page 1004
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 2 dhcp server configuration 2-19 [switcha-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [switcha-dhcp-pool-0] domain-name aabbcc.Com [switcha-dhcp-pool-0] dns-list 10.1.1.2 [switcha-dhcp-pool-0] quit # configure dhcp address...
Page 1005
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-1 chapter 3 dhcp relay agent configuration when configuring the dhcp relay agent, go to these sections for information you are interested in: z introduction to dhcp relay agent z configuration...
Page 1006
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-2 ip network dhcp server dhcp relay agent dhcp client dhcp client dhcp client dhcp client figure 3-1 dhcp relay agent application no matter whether a relay agent exists or not, the dhcp server...
Page 1007
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-3 3.1.3 dhcp relay agent support for option 82 option 82 records the location information of the dhcp client. The administrator can locate the dhcp client to further implement security control...
Page 1008
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-4 3.3 configuring the dhcp relay agent 3.3.1 enabling dhcp enable dhcp before performing other dhcp-related configurations. Follow these steps to enable dhcp: to do… use the command… remarks e...
Page 1009
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-5 follow these steps to correlate a dhcp server group with a relay agent interface: to do… use the command… remarks enter system view system-view — create a dhcp server group and add a server ...
Page 1010
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-6 follow these steps to configure the dhcp relay agent in system view to send a dhcp-release request: to do… use the command… remarks enter system view system-view — configure the dhcp relay a...
Page 1011
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-7 note: z the dhcp relay address-check enable command is independent of other commands of the dhcp relay agent. That is, the invalid address check takes effect when this command is executed, r...
Page 1012
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-8 dhcp relay agent will record the value of the siaddr field and the information on the interface receiving the dhcp message. The administrator can use this information to check out any dhcp u...
Page 1015
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 3 dhcp relay agent configuration 3-11 # configure dhcp server group 1 with the dhcp server 10.1.1.1, and correlate the dhcp server group 1 with vlan-interface 1. [switcha] dhcp relay server-group 1 ip 10.1.1.1 [switcha] interfa...
Page 1016
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 4 dhcp client configuration 4-1 chapter 4 dhcp client configuration when configuring the dhcp client, go to these sections for information you are interested in: z introduction to dhcp client z enabling the dhcp client on an in...
Page 1017
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 4 dhcp client configuration 4-2 device model vendor and device information s5510-24p h3c. H3c s5510-24p 4.2 enabling the dhcp client on an interface follow these steps to enable the dhcp client on an interface: to do… use the c...
Page 1018
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 4 dhcp client configuration 4-3 4.4 dhcp client configuration example i. Network requirements on a lan, switch b contacts the dhcp server via vlan-interface 1 to obtain an ip address. Ii. Network diagram see figure 2-1 . Iii. C...
Page 1019: 5.1 Dhcp Snooping Overview
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 5 dhcp snooping configuration 5-1 chapter 5 dhcp snooping configuration when configuring dhcp snooping, go to these sections for information you are interested in: z dhcp snooping overview z configuring dhcp snooping basic func...
Page 1020
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 5 dhcp snooping configuration 5-2 ii. Ensuring dhcp clients to obtain ip addresses from valid dhcp servers if there is an unauthorized dhcp server on a network, the dhcp clients may obtain invalid ip addresses. With dhcp snoopi...
Page 1021
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 5 dhcp snooping configuration 5-3 note: the handling strategy and padding format for option 82 on the dhcp-snooping device are the same as those on the relay agent. 5.2 configuring dhcp snooping basic functions follow these ste...
Page 1022
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 5 dhcp snooping configuration 5-4 5.3.2 configuring dhcp snooping to support option 82 follow these steps to configure dhcp snooping to support option 82: to do… use the command… remarks enter system view system-view — enter et...
Page 1024
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 5 dhcp snooping configuration 5-6 [switchb] interface ethernet 1/0/2 [switchb-ethernet1/0/2] dhcp-snooping information enable # configure the padding format to verbose for option 82 on ethernet 1/0/2. [switchb-ethernet1/0/2] dh...
Page 1025
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 6 bootp client configuration 6-1 chapter 6 bootp client configuration while configuring a bootp client, go to these sections for information you are interested in: z introduction to bootp client z configuring an interface to dy...
Page 1026: Address Through Bootp
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 6 bootp client configuration 6-2 note: because a dhcp server can interact with a bootp client, you can use the dhcp server to configure an ip address for the bootp client, without any bootp server. 6.1.2 obtaining an ip address...
Page 1027
Operation manual – dhcp h3c s3610&s5510 series ethernet switches chapter 6 bootp client configuration 6-3 to do… use the command… remarks configure an interface to dynamically obtain ip address through bootp ip address bootp-alloc required by default, an interface does not use bootp to obtain an ip ...
Page 1028: Table of Contents
Operation manual – acl h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 acl overview .............................................................................................................. 1-1 1.1 introduction to acl .......................................
Page 1029
Operation manual – acl h3c s3610&s5510 series ethernet switches table of contents ii 2.8 ipv4 acl configuration example .................................................................................... 2-12 2.8.1 network requirements...................................................................
Page 1030: Chapter 1 Acl Overview
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-1 chapter 1 acl overview in order to filter traffic, network devices use sets of rules, called access control lists (acls), to identify and handle packets. When configuring acls, go to these chapters for informa...
Page 1031: 1.2 Ipv4 Acl
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-2 z software-based application: an acl is referenced by a piece of upper layer software. For example, an acl can be referenced to configure login user control behavior, thus controlling telnet, snmp and web user...
Page 1032
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-3 1.2.2 ipv4 acl naming when creating an ipv4 acl, you can specify a unique name for it. Afterwards, you can identify the acl by its name. An ipv4 acl can have only one name. Whether to specify a name for an acl...
Page 1033
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-4 3) if the protocol ranges are the same, look at source ip address wildcard. Then, compare packets against the rule configured with more zeros in the source ip address wildcard prior to the other. 4) if the num...
Page 1034: 1.3 Ipv6 Acl
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-5 acl rules configured with the fragment keyword apply to non-tail fragments only, and they do not apply to non-fragmented packets and tail fragments, while those configured without the keyword apply to both fra...
Page 1035
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 1 acl overview 1-6 z auto: where depth-first match is performed. I. Depth-first match for a basic ipv6 acl the following shows how your device performs depth-first match in a basic ipv6 acl: 1) sort rules by source ipv6 address ...
Page 1036: 2.1 Creating A Time Range
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-1 chapter 2 ipv4 acl configuration when configuring an ipv4 acl, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv4 acl z configuring an adva...
Page 1037
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-2 note that: z periodic time range created using the time-range time-name start-time to end-time days command. A time range thus created recurs periodically on the day or days of the week. Z absolute t...
Page 1038
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-3 time-range : test ( inactive ) from 15:00 1/28/2006 to 15:00 1/28/2008 2.2 configuring a basic ipv4 acl basic ipv4 acls filter packets based on source ip address. They are numbered in the range 2000 ...
Page 1039
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-4 note that: z you will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule. In addition, if the acl match order is set to auto rather than config, you cann...
Page 1040
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-5 in addition, advanced ipv4 acls allow you to filter packets based on three priority criteria: type of service (tos), ip precedence, and differentiated services codepoint (dscp) priority. Advanced ipv...
Page 1041
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-6 to do… use the command… remarks create an ipv4 acl description description text optional by default, no ipv4 acl description is present. Create a rule description rule rule-id comment text optional b...
Page 1042
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-7 [sysname-acl-adv-3000] display acl 3000 advanced acl 3000, named -none-, 1 rule, acl's step is 5 rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq ...
Page 1043
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-8 to do… use the command… remarks create a rule description rule rule-id comment text optional by default, no rule description is present. Note that: z you will fail to create or modify a rule if its p...
Page 1044
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-9 2.5 configuring a user-defined acl user-defined acls allow you to customize rules based on information of protocol headers such as ip. When defining a user-defined acl rule, you need to specify an of...
Page 1045
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-10 note: a user-defined acl requires the cooperation of a user-defined extended flow template. The offset range of a user-defined acl must be within the offset range of the cooperating extended flow te...
Page 1046: 2.6 Copying An Ipv4 Acl
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-11 2.6 copying an ipv4 acl this feature allows you to copy an existent ipv4 acl to generate a new one, which is of the same type and has the same match order, match rules, rule numbering step and descr...
Page 1047
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-12 2.8 ipv4 acl configuration example 2.8.1 network requirements as shown in figure 2-1 , a company interconnects its departments through the switch. Configure an acl to deny access of all departments ...
Page 1048
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 2 ipv4 acl configuration 2-13 [switch-acl-adv-3001] rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.1 0.0.0.0 time-range trname [switch-acl-adv-3001] quit 3) apply the ipv4 acl # configure class c_rd for packets ...
Page 1049: 3.1 Creating A Time Range
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 3 ipv6 acl configuration 3-1 chapter 3 ipv6 acl configuration when configuring ipv6 acls, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv6 acl z configuring an advanc...
Page 1051
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 3 ipv6 acl configuration 3-3 3.2.3 configuration examples # create ipv6 acl 2000 to permit ipv6 packets with source address 2030:5060::9050/64 to pass while denying ipv6 packets with source address fe80:5060::8050/96. System-vie...
Page 1053: 3.4 Copying An Ipv6 Acl
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 3 ipv6 acl configuration 3-5 z you may use the display acl command to verify rules configured in an acl. If the match order for this acl is auto, rules are displayed in the depth-first match order rather than by rule number. Cau...
Page 1054
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 3 ipv6 acl configuration 3-6 3.4.2 configuration procedure follow these steps to copy an ipv6 acl: to do… use the command… remarks enter system view system-view — copy an existing ipv6 acl to generate a new one of the same type ...
Page 1055
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 3 ipv6 acl configuration 3-7 3.6.2 network diagram figure 3-1 network diagram for ipv6 acl configuration 3.6.3 configuration procedure # create an ipv6 acl 2000. System-view [switch] acl ipv6 number 2000 [switch-acl6-basic-2000]...
Page 1056: 4.1 Flow Template Overview
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 4 flow template configuration 4-1 chapter 4 flow template configuration 4.1 flow template overview flow templates are mainly used to limit the information included in the acl rules. For an acl rule to be successfully applied on ...
Page 1058
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 4 flow template configuration 4-3 note: z the user-defined acls are used in conjunction with the extended user-defined flow template. When a port applies the extended flow template, you cannot apply policies including the basic ...
Page 1059
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 4 flow template configuration 4-4 element description length (in bytes) icmp-type icmp type field 2 icmpv6-code icmpv6 code field 2 icmpv6-type icmpv6 type field 2 ip-protocol the protocol type field in ip packet head 0 ipv6-dsc...
Page 1060
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 4 flow template configuration 4-5 4.3 displaying flow templates to do… use the command… remarks display the configuration information of a specified or all user-defined flow templates display flow-template user-defined [ flow-te...
Page 1061
Operation manual – acl h3c s3610&s5510 series ethernet switches chapter 4 flow template configuration 4-6 user-defined flow template: basic name:aaa, index:2, total reference counts:0 fields: smac customer-vlan-id customer-cos # display information about the user-defined flow templates referenced to...
Page 1062: Table of Contents
Operation manual – qos h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 qos overview .............................................................................................................. 1-1 1.1 introduction ..............................................
Page 1063
Operation manual – qos h3c s3610&s5510 series ethernet switches table of contents ii 4.2 congestion management policy ........................................................................................ 4-1 4.3 configuring an sp queue.................................................................
Page 1064
Operation manual – qos h3c s3610&s5510 series ethernet switches table of contents iii 7.3.1 applying aggregation car to a port or a port group............................................. 7-2 7.3.2 referencing aggregation car in a traffic behavior............................................... 7-3 7...
Page 1065: Chapter 1 Qos Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 1 qos overview 1-1 chapter 1 qos overview 1.1 introduction quality of service (qos) is a concept generally existing in occasions where service supply-demand relations exist. Qos measures the ability to meet the service needs of ...
Page 1066: Countermeasures
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 1 qos overview 1-2 the new services have one thing in common: they all have special requirements for delivery performances such as bandwidth, delay, and delay jitter. For example, video conferencing and vod require the guarantee...
Page 1067
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 1 qos overview 1-3 within a certain period of time is improperly controlled and the traffic goes beyond the assignable network resources. 1.4.2 influence of congestion congestion may cause a series of negative influences: z cong...
Page 1068
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 1 qos overview 1-4 z congestion management: congestion management is necessary for solving resource competition. Congestion management is generally to cache packets in the queues and arrange the forwarding sequence of the packet...
Page 1069: Configuration
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-1 chapter 2 traffic classification, tp, and ts configuration when configuring traffic classification, tp, and ts, go to these section for information you are interested in: z ...
Page 1070
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-2 scheduling is performed on the packets; when congestion get worse, congestion avoidance is performed on the packets. 2.1.2 priority the following describes several types of ...
Page 1071
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-3 services with low delay, low packet loss ratio, low jitter, and assured bandwidth (such as virtual leased line); z assured forwarding (af) class: this class is further divid...
Page 1072
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-4 2) 802.1p priority 802.1p priority lies in layer 2 packet headers and is applicable to occasions where the layer 3 packet header does not need analysis but qos must be assur...
Page 1073: 2.2 Tp and Ts Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-5 802.1p priority (decimal) 802.1p priority (binary) description 7 111 network-management the precedence is called 802.1p priority because the related applications of this pre...
Page 1074
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-6 2.3.2 evaluating the traffic with the token bucket the evaluation for the traffic specification is based on whether the number of tokens in the bucket can meet the need of p...
Page 1075
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-7 traffic of a certain connection is excess, tp can choose to drop the packets or to reset the priority of the packets. Tp is widely used in policing the traffic into the netw...
Page 1076
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-8 to decrease the number of the packets dropped, you can employ ts on the port of switch a through which the packets are sent to switch b. So, packets are cached on switch a w...
Page 1077
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-9 to do… use the command… remarks apply tp policies qos car inbound acl [ ipv6 ] acl-number cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ]...
Page 1078
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-10 to do… use the command… remarks configure ts qos gts queue queue-number cir committed-information-rate required cir must be a multiple of 650. Ii. Configure ts for all traf...
Page 1079: 2.5 Displaying Tp&ts
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 2 traffic classification, tp, and ts configuration 2-11 2.5 displaying tp&ts to do… use the command… remarks display the configuration and statistics about tp on a port display qos car interface [ interface-type interface-number...
Page 1080: 3.1 Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-1 chapter 3 qos policy configuration when configuring qos policy, go to these sections for information that you are interested in: z overview z configuring qos policy z introduction to qos policies z...
Page 1081: 3.2 Configuring Qos Policy
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-2 3.2 configuring qos policy the procedure for configuring qos policy is as follows: 1) define a class and define a group of traffic classification rules in class view. 2) define a traffic behavior a...
Page 1082
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-3 z the policy name is determined. Z apply the qos policy in ethernet port view/port group view. 3.4.2 defining a class to define a class, you need to create a class and then define rules in the corr...
Page 1083
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-4 form description destination-mac mac-address specifies to match the packets with a specified destination mac address. Dot1p 8021p specifies to match packets by 802.1p priority. The 8021p argument i...
Page 1084
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-5 3.4.3 defining a traffic behavior to define a traffic behavior, you need to create a traffic behavior and then configure attributes for it in traffic behavior view. If you want to define a primap b...
Page 1085
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-6 to do… use the command… remarks configure accounting action accounting configure tp action car { cir committed-information-rate[ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-info...
Page 1086
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-7 note: a policy cannot be applied successfully if traffic behaviors do not conform to the following rules: z the accounting command is mutually exclusive with the aggregation car. Z the filter deny ...
Page 1087
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-8 to do… use the command… remarks specify the traffic behavior for a class classifier classifier-name behavior behavior-name required 3.4.5 applying a policy i. Configuration procedure follow these s...
Page 1088: 3.5 Displaying Qos Policy
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 3 qos policy configuration 3-9 [sysname-ethernet1/0/1] # apply the policy to the port. [sysname-ethernet1/0/1] qos apply policy test inbound 3.5 displaying qos policy to do… use the command… remarks display the information about...
Page 1089: 4.1 Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-1 chapter 4 congestion management when configuring congestion management, go to these section for information that you are interested in: z overview z congestion management policy z configuring an sp qu...
Page 1090
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-2 queue 7 queue 6 queue 1 queue 0 …… packets to be sent through this port packet classification high priority low priority sent packets interface sending queue queue scheduling figure 4-1 diagram for sp...
Page 1091
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-3 queue 1 weight 1 …… queue 2 weight 2 queue n-1 weight n-1 queue n weight n packets to be sent through this port sent packets interface queue scheduling sending queue packet classification figure 4-2 d...
Page 1092
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-4 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual p...
Page 1093
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-5 caution: with wrr queue scheduling algorithm adopted, the queues assigned to the same queue scheduling group must be with consecutive queue numbers. 4.4.2 configuration examples i. Network requirement...
Page 1094
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-6 group 2 firstly. If no packet is to be sent in wrr group 2, round robin is performed in wrr group 1. At last, packets in the sp queue scheduling group are processed. 4.5.1 configuration procedure foll...
Page 1095
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 4 congestion management 4-7 ii. Configuration procedure # enter system view. System-view # enable the sp+wrr queue scheduling algorithm on ethernet1/0/1. [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] qos wrr 0 group...
Page 1096: Chapter 5 Priority Mapping
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-1 chapter 5 priority mapping when configuring priority mapping, go to these sections for information you are interested in: z priority mapping overview z configuring a priority mapping table z configuring th...
Page 1097
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-2 table 5-1 the default values of dot1p-lp mapping table and dot1p-dp mapping table imported priority value dot1p-lp mapping dot1p-dp mapping 802.1p priority (dot1p) local precedence (lp) drop precedence (dp...
Page 1098
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-3 imported priority value dscp-lp mapping dscp-dp mapping dscp-dot1p mapping dscp-dscp mapping 40 to 47 5 0 5 40 48 to 55 6 0 6 48 56 to 63 7 0 7 56 note that: z the 802.1p priority mapping table is associat...
Page 1099
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-4 to do… use the command… remarks configure priority mapping parameters import import-value-list export export-value required the newly configured mapping entries overwrite the corresponding previous entries...
Page 1100
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-5 5.3 configuring the port priority by default, the switch uses the priority of the receiving port as the 802.1p precedence of the received packets, looks up the 802.1p precedence in the 802.1p-precedence-to...
Page 1101
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 5 priority mapping 5-6 5.4 configuring port priority trust mode you can configure the switch to trust the 802.1p precedence carried in the received packets instead of using the priority of the receiving port as the 802.1p preced...
Page 1103: 6.1 Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 6 congestion avoidance 6-1 chapter 6 congestion avoidance 6.1 overview serious congestion will bring great impact to the network resources, so some measures must be taken to avoid congestion. As a type of flow control mechanism,...
Page 1104: 6.2 Configuring Wred
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 6 congestion avoidance 6-2 z when the queue length is in the range of the upper limit and the lower limit, the inbound packets are dropped at random. In this case, a number is assigned to each inbound packet and then compared wi...
Page 1105
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 6 congestion avoidance 6-3 6.2.2 configuration procedure follow these steps to configure wred: to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port ...
Page 1107
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 7 aggregation car configuration 7-1 chapter 7 aggregation car configuration 7.1 aggregation car overview aggregation car enables traffic policing on multiple ports using the same car. If an aggregation car is applied to multiple...
Page 1108
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 7 aggregation car configuration 7-2 7.3 applying aggregation car 7.3.1 applying aggregation car to a port or a port group i. Configuration prerequisites z aggregation car-related parameters are determined. Z the port or port gro...
Page 1109
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 7 aggregation car configuration 7-3 [sysname-ethernet1/0/1] quit [sysname] interface ethernet 1/0/2 [sysname-ethernet1/0/2] qos car inbound acl 2001 name aggcar-1 7.3.2 referencing aggregation car in a traffic behavior i. Config...
Page 1110
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 7 aggregation car configuration 7-4 7.4 displaying and maintaining aggregation car to do… use the command… remarks clear the statistics information of the specified aggregation car reset qos car name [ global-car-name ] availabl...
Page 1111: 8.1 Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 8 vlan policy configuration 8-1 chapter 8 vlan policy configuration when configuring vlan policy, go to these sections for information that you are interested in: z overview z applying vlan policy z displaying and maintaining vl...
Page 1112
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 8 vlan policy configuration 8-2 8.2.2 configuration procedure follow these steps to apply vlan policies: to do… use the command… remarks enter system view system-view — apply the vlan policy to specified vlans qos vlan-policy po...
Page 1113
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 8 vlan policy configuration 8-3 # create a class and enter class view. [sysname] traffic classifier cl1 # define a classification rule. [sysname-classifier-cl1] if-match acl 2000 [sysname-classifier-cl1] quit # create a traffic ...
Page 1114: 9.1 Overview
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 9 traffic mirroring configuration 9-1 chapter 9 traffic mirroring configuration when configuring traffic mirroring, go to these sections for information that you are interested in: z overview z configuring traffic mirroring z di...
Page 1115
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 9 traffic mirroring configuration 9-2 to do… use the command… remarks enter system view system-view — enter traffic behavior view traffic behavior behavior-name required mirror traffic to a port mirror-to interface interface-typ...
Page 1116
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 9 traffic mirroring configuration 9-3 9.4 traffic mirroring configuration examples 9.4.1 network requirements the user's network is as described below: z host a (with the ip address 192.168.0.1) and host b are connected to ether...
Page 1117
Operation manual – qos h3c s3610&s5510 series ethernet switches chapter 9 traffic mirroring configuration 9-4 [sysname] qos policy 1 [sysname-policy-1] classifier 1 behavior 1 [sysname-policy-1] quit # apply the policyin the inbound direction of ethernet1/0/1. [sysname] interface ethernet 1/0/1 [sys...
Page 1118: Table of Contents
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 port mirroring configuration ...................................................................................... 1-1 1.1 introduction to port mirroring .........................
Page 1119
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-1 chapter 1 port mirroring configuration when configuring port mirroring, go to these sections for information you are interested in: z introduction to port mirroring z configuring loc...
Page 1120
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-2 z remote port mirroring implements port mirroring between multiple devices. That is, the source ports and the destination port can be located on different devices in a network. Curre...
Page 1121
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-3 the destination device. If the source device is directly connected to the destination device, no intermediate device is needed. In a remote mirroring vlan, the source devices and the...
Page 1123
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-5 1.3 configuring remote port mirroring 1.3.1 configuring a remote source mirroring group follow these steps to configure a remote port mirroring group to do… use the command… remarks ...
Page 1124
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-6 note: z all the ports of a remote source mirroring group belong to a single device. A remote source mirroring group can contain only one reflector mirroring port. Z a reflector port ...
Page 1125
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-7 to do… use the command… remarks in system view mirroring-group group-id monitor-port monitor-port-id interface interface-type interface-number [ mirroring-group group-id ] monitor-po...
Page 1126
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-8 1.5 port mirroring configuration examples 1.5.1 local port mirroring configuration example i. Network requirements the departments of a company connect to each other through ethernet...
Page 1127
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-9 [switchc] mirroring-group 1 monitor-port ethernet 1/0/3 # display the configuration of all the port mirroring groups. [switchc] display mirroring-group all mirroring-group 1: type: l...
Page 1128
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-10 ii. Network diagram switch a eth1/0/3 data monitoring device department 1 department 2 eth1/0/1 switch b switch c eth1/0/1 eth1/0/2 eth1/0/1 eth1/0/2 reflector port eth1/0/4 eth1/0/...
Page 1129
Operation manual – port mirroring h3c s3610&s5510 series ethernet switches chapter 1 port mirroring configuration 1-11 [switchb-ethernet1/0/1] port trunk permit vlan 2 [switchb-ethernet1/0/1] quit # configure port ethernet 1/0/2 as a trunk port and configure the port to permit the packets of vlan 2....
Page 1130: Table of Contents
Operation manual – cluster management h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 cluster management configuration........................................................................... 1-1 1.1 cluster management overview ................................
Page 1131
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-1 chapter 1 cluster management configuration when configuring cluster management, go to these sections for information you are interested in: z cluster management overview z cl...
Page 1132
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-2 network 69.110.1.100 network management device 69.110.1.1 management device member device member device member device cluster candidate device figure 1-1 network diagram for ...
Page 1133
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-3 z candidate device: a device that does not belong to any cluster but can be added to a cluster. Different from a member device, its topology information has been collected by...
Page 1134
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-4 z the management device adds or deletes a member device and modifies cluster management configuration according to the candidate device information collected through ntdp. I....
Page 1135
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-5 z the management device periodically sends ntdp topology collection request from the ntdp-enabled ports. Z upon receiving the request, the device sends ntdp topology collecti...
Page 1136
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-6 receives the handshake or management packets fails to receive handshake packets in three consecutive intervals state holdtime exceeds the specified value disconnect state is ...
Page 1137
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-7 iv. Management vlan the management vlan limits the cluster management range. Through configuration of the management vlan, the following functions can be implemented: z manag...
Page 1138
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-8 complete these tasks to configure a cluster: tasks remarks enabling ndp globally and for specific ports optional configuring ndp parameters optional enabling ntdp globally an...
Page 1139
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-9 1.3 configuring the management device 1.3.1 enabling ndp globally and for specific ports follow these steps to enable ndp globally and for specific ports: to do… use the comm...
Page 1140
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-10 to do… use the command… remarks configure the interval to send ndp packets ndp timer hello hello-time optional 60 seconds by default. Caution: the time for the receiving dev...
Page 1141
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-11 1.3.4 configuring ntdp parameters follow these steps to configure ntdp parameters: to do… use the command… remarks enter system view system-view — configure the range within...
Page 1142
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-12 1.3.7 establishing a cluster before establishing a cluster, you need to configure a private ip address pool for the devices to be added to the cluster. When a candidate devi...
Page 1143
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-13 i. Manually establishing a cluster follow these steps to manually establish a cluster: to do… use the command… remarks enter system view system-view — specify the management...
Page 1144
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-14 to do… use the command… remarks enter cluster view cluster — configure the private ip address range for member devices on a device which is to be configured as the managemen...
Page 1145
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-15 follow these steps to add/remove a member device: to do… use the command… remarks enter system view system-view — enter cluster view cluster — add a candidate device to the ...
Page 1146: And Its Member Devices
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-16 1.4.4 enabling the cluster function refer to enabling the cluster function . 1.4.5 deleting a member device from a cluster to do… use the command… remarks enter system view ...
Page 1147
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-17 caution: telnet connection is used on the switch between the management device and member devices. Note the following when switching between them: z before the switch, execu...
Page 1148
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-18 1.7 configuring advanced cluster functions this section covers these topics: z configuring topology management z configuring interaction for a cluster 1.7.1 configuring topo...
Page 1150
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-20 follow these steps to configure the interaction for a cluster: to do… use the command… remarks enter system view system-view — enter cluster view cluster — configure the ftp...
Page 1151
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-21 1.8 displaying and maintaining cluster management to do… use the command… remarks display ndp configuration information display ndp [ interface interface-list ] display the ...
Page 1152
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-22 1.9 cluster management configuration examples 1.9.1 cluster management configuration example one i. Network requirements three switches form a cluster, in which: z one devic...
Page 1153
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-23 iii. Configuration procedure 1) configuring the member device (all member devices have the same configuration, taking one member as an example) # enable ndp globally and for...
Page 1154
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-24 # configure the hop count to collect topology as 2. [switch] ntdp hop 2 # configure the delay time for topology-collection request packets to be forwarded on member devices ...
Page 1155
Operation manual – cluster management h3c s3610&s5510 series ethernet switches chapter 1 cluster management configuration 1-25 [aabbcc_0.Switch-cluster] management-vlan synchronization enable # configure the holdtime of the member device information as 100 seconds. [aabbcc_0.Switch-cluster] holdtime...
Page 1156: Table of Contents
Operation manual – udp helper h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 udp helper configuration .......................................................................................... 1-1 1.1 introduction to udp helper..................................
Page 1157
Operation manual – udp helper h3c s3610&s5510 series ethernet switches chapter 1 udp helper configuration 1-1 chapter 1 udp helper configuration when configuring udp helper, go to these sections for information you are interested in: z introduction to udp helper z configuring udp helper z displaying...
Page 1158: 1.2 Configuring Udp Helper
Operation manual – udp helper h3c s3610&s5510 series ethernet switches chapter 1 udp helper configuration 1-2 1.2 configuring udp helper follow these steps to configure udp helper: to do… use the command… remarks enter system view system-view — enable udp helper udp-helper enable required disabled b...
Page 1159
Operation manual – udp helper h3c s3610&s5510 series ethernet switches chapter 1 udp helper configuration 1-3 caution: z by default, s3610&s5510 series ethernet switches do not receiving directed broadcasts. To ensure that udp helper is available, you must use the ip forward-broadcast command in sys...
Page 1160
Operation manual – udp helper h3c s3610&s5510 series ethernet switches chapter 1 udp helper configuration 1-4 ii. Network diagram ip network vlan-int1 10.110.1.1/16 vlan-int1 10.2.1.1/16 switch a switch b server figure 1-1 network diagram for udp helper configuration iii. Configuration procedure not...
Page 1161: Table of Contents
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 snmp configuration.................................................................................................... 1-1 1.1 snmp overview.............................................
Page 1162: 1.1 Snmp Overview
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-1 chapter 1 snmp configuration when configuring snmp, go to these sections for information you are interested in: z snmp overview z snmp configuration z configuring snmp logging z trap configuration ...
Page 1163
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-2 z get operation: nms gets the value of a certain variable of agent through this operation. Z set operation: nms can reconfigure certain values in the agent mib (management information base) to make...
Page 1164: 1.2 Snmp Configuration
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-3 1.2 snmp configuration as configurations for snmpv3 differ substantially from those of snmpv1 and snmpv2c, their snmp functionalities will be introduced separately below. Follow these steps to conf...
Page 1166
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-5 to do… use the command… remarks configure the engine id for a local snmp agent snmp-agent local-engineid engineid optional company id and device id by default create or update mib view content for ...
Page 1167: 1.4 Trap Configuration
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-6 note: z logs occupy storage space of the device, thus affecting the performance of the device. Therefore, you are recommended to disable snmp logging. Z when snmp logging is enabled, snmp logs will...
Page 1168
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-7 to do… use the command… remarks set to enable the device to send traps of interface state change enable snmp trap updown optional enabled by default. Caution: to enable an interface to send snmp tr...
Page 1169
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-8 to do… use the command… remarks configure the lifetime for traps snmp-agent trap life seconds optional 120 seconds by default note: the extended linkup/linkdown traps comprise the standard linkup/l...
Page 1170
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-9 1.6 snmp configuration example i. Network requirements z the nms connects to the agent, a switch, through an ethernet. Z the ip address of the nms is 1.1.1.2/24. Z the ip address of vlan interface ...
Page 1171
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-10 # enable the sending of traps to the nms with an ip address of 1.1.1.2/24, using public as the community name. [sysname] snmp-agent trap enable [sysname] snmp-agent target-host trap address udp-do...
Page 1172
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-11 iii. Configuration procedure note: the configurations for nms and agent are omitted. # enable logging display on the terminal (optional, enabled by default). Terminal monitor terminal logging # en...
Page 1173
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 1 snmp configuration 1-12 field description value value set when the set operation is performed (this field is , meaning the value obtained with the get operation is not logged.) when the value is a string of characters an...
Page 1174: 2.1 Rmon Overview
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-1 chapter 2 rmon configuration when configuring rmon, go to these sections for information you are interested in: z rmon overview z configuring rmon z displaying and maintaining rmon z rmon configura...
Page 1175
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-2 agents with basic snmp commands to gather network management information, which, due to system resources limitation, may not cover all mib information but four groups of information, alarm, event, ...
Page 1176: 2.2 Configuring Rmon
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-3 iii. Private alarm group the private alarm group calculates the sampled values of alarm variables and compares the result with the defined threshold, thereby realizing a more comprehensive alarming...
Page 1177
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-4 2.2.2 configuration procedure follow these steps to configure rmon: to do… use the command… remarks enter system view system-view — create an event entry in the event table rmon event entry-number ...
Page 1178
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-5 note: z two entries with the same configuration cannot be created. If the parameters of a newly created entry are identical to the corresponding parameters of an existing entry, the system consider...
Page 1179
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-6 2.3 displaying and maintaining rmon to do… use the command… remarks display rmon statistics display rmon statistics [ interface-type interface-number ] available in any view display rmon history in...
Page 1180
Operation manual – snmp-rmon h3c s3610&s5510 series ethernet switches chapter 2 rmon configuration 2-7 [sysname] interface ethernet 1/0/1 [sysname-ethernet1/0/1] rmon statistics 1 owner user1-rmon [sysname-ethernet1/0/1] quit # display rmon statistics on ethernet 1/0/1. Display rmon statistics ether...
Page 1181: Table of Contents
Operation manual – ntp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ntp configuration ....................................................................................................... 1-1 1.1 ntp overview.................................................
Page 1182: 1.1 Ntp Overview
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-1 chapter 1 ntp configuration note: the local clock of an s3610&s5510 ethernet switch cannot be set as a reference clock. It can serve as a reference clock source to synchronize the clock of other devices o...
Page 1183
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-2 z in analysis of the log information and debugging information collected from different devices in network management, time must be used as reference basis. Z all devices must use the same reference clock...
Page 1184
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-3 figure 1-1 basic work flow of ntp the process of system clock synchronization is as follows: z device a sends device b an ntp message, which is timestamped when it leaves device a. The time stamp is 10:00...
Page 1185
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-4 1.1.3 ntp message format ntp uses two types of messages, clock synchronization message and ntp control message. An ntp control message is used in environments where network management is needed. As it is ...
Page 1186
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-5 server; 5 – broadcast or multicast; 6 – ntp control message; 7 – reserved for private use. Z stratum: an 8-bit integer indicating the stratum level of the local clock, with the value ranging from 1 to 16....
Page 1187
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-6 replies from the servers, the client performs clock filtering and selection, and synchronizes its local clock to that of the optimal reference source. In this mode, a client can be synchronized to a serve...
Page 1188
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-7 (broadcast mode). Clients listen to the broadcast messages from servers. After a client receives the first broadcast message, the client and the server start to exchange messages, with the mode field set ...
Page 1189
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-8 1.2 ntp configuration task list complete the following tasks to configure ntp: task remarks configuring the operation modes of ntp required configuring optional parameters of ntp optional configuring acce...
Page 1190
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-9 1.3.1 configuring ntp server/client mode for devices working in the server/client mode, you only need to make configurations on the clients, and not on the servers. Follow these steps to configure an ntp ...
Page 1191
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-10 following these steps to configure a symmetric-active device: to do… use the command… remarks enter system view system-view — specify a symmetric-passive peer for the device ntp-service unicast-peer [ vp...
Page 1192
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-11 i. Configuring a broadcast client to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number required enter the interface used to recei...
Page 1193
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-12 i. Configuring a multicast client to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number enter the interface used to receive ntp mu...
Page 1194
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-13 following these steps to configure the interface used to send ntp messages: to do… use the command… remarks enter system view system-view — configure the interface used to send ntp messages ntp-service s...
Page 1195
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-14 z query: control query permitted. This level of right permits the peer device to perform control query to the ntp service on the local device but does not permit the peer device to synchronize its clock ...
Page 1196
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-15 1.6 configuring ntp authentication the ntp authentication feature should be enabled for a system running ntp in a network where there is a high security demand. This feature enhances the network security...
Page 1197
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-16 to do… use the command… remarks enter system view system-view — enable ntp authentication ntp-service authentication enable required disabled by default configure an ntp authentication key ntp-service au...
Page 1198
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-17 to do… use the command… remarks configure the key as a trusted key ntp-service reliable authentication-keyid keyid required no authentication key is configured to be trusted by default enter interface vi...
Page 1199
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-18 1.8 ntp configuration examples 1.8.1 configuring ntp server/client mode i. Network requirements z the local clock of device a is to be used as a reference source, with the stratum level of 2. Z device b ...
Page 1200
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-19 [deviceb] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 1.0.1.11 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offse...
Page 1201
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-20 ii. Network diagram figure 1-8 network diagram for ntp symmetric peers mode configuration iii. Configuration procedure 1) configuration on device a: # specify the local clock as the reference source, wit...
Page 1202
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-21 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offset: -21.1982 ms root delay: 15.00 ms root dispersion: 775.15 ms peer dispersion: 34.29 ms reference time: 15:22...
Page 1203
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-22 ii. Network diagram vlan-int3 1.0.1.11/24 vlan-int3 1.0.1.10/24 vlan-int2 3.0.1.31/24 vlan-int2 3.0.1.32/24 vlan-int2 3.0.1.30/24 switch a switch b switch c switch d figure 1-9 network diagram for ntp br...
Page 1204
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-23 # view the ntp status of switch d after clock synchronization. [switchd] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 3.0.1.31 nominal frequency: 100.0000 hz...
Page 1205
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-24 ii. Network diagram vlan-int3 1.0.1.11/24 vlan-int3 1.0.1.10/24 vlan-int2 3.0.1.31/24 vlan-int2 3.0.1.32/24 vlan-int2 3.0.1.30/24 switch a switch b switch c switch d figure 1-10 network diagram for ntp m...
Page 1206
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-25 actual frequency: 100.0000 hz clock precision: 2^7 clock offset: 0.0000 ms root delay: 31.00 ms root dispersion: 8.31 ms peer dispersion: 34.30 ms reference time: 16:01:51.713 utc apr 20 2007 (c6d95f6f.B...
Page 1207
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-26 [switcha-vlan-interface3] ntp-service multicast-client # view the ntp status of switch a after clock synchronization. [switcha] display ntp-service status clock status: synchronized clock stratum: 3 refe...
Page 1208
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-27 ii. Network diagram figure 1-11 network diagram for configuration of ntp server/client mode with authentication iii. Configuration procedure 1) configuration on device a: # specify the local clock as the...
Page 1209
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-28 clock stratum: 3 reference clock id: 1.0.1.11 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offset: 0.0000 ms root delay: 31.00 ms root dispersion: 1.05 ms peer ...
Page 1210
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-29 ii. Network diagram vlan-int3 1.0.1.11/24 vlan-int3 1.0.1.10/24 vlan-int2 3.0.1.31/24 vlan-int2 3.0.1.32/24 vlan-int2 3.0.1.30/24 switch a switch b switch c switch d figure 1-12 network diagram for confi...
Page 1211
Operation manual – ntp h3c s3610&s5510 series ethernet switches chapter 1 ntp configuration 1-30 now, switch d can receive broadcast messages through vlan-interface 2, and switch c can send broadcast messages through vlan-interface 2. Upon receiving a broadcast message from switch c, switch d synchr...
Page 1212: Table of Contents
Operation manual – dns h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 dns configuration....................................................................................................... 1-1 1.1 dns overview .................................................
Page 1213: 1.1 Dns Overview
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-1 chapter 1 dns configuration when configuring dns, go to these sections for information you are interested in: z dns overview z configuring dynamic domain name resolution z displaying and maintaining dns z...
Page 1214
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-2 1) a user program sends a name query to the resolver of the dns client. 2) the dns resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding ip address bac...
Page 1215
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-3 after all the configured suffixes are used respectively, the original domain name (for example, aabbcc) is used for query. Z if there is a dot in the domain name (for example, www.Aabbcc), the resolver wi...
Page 1216
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-4 to do… use the command… remarks enter system view system-view — enable dynamic domain name resolution dns resolve required disabled by default. Specify a dns server dns server ip-address required not spec...
Page 1217
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-5 ii. Network diagram figure 1-2 network diagram for static domain name resolution iii. Configuration procedure # configure a mapping between host name host.Com and ip address 10.1.1.2. System-view [sysname...
Page 1218
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-6 ii. Network diagram figure 1-3 network diagram for dynamic domain name resolution iii. Configuration procedure note: z before performing the following configuration, make sure that there is a route betwee...
Page 1219
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-7 figure 1-4 create a zone # create a mapping between the host name and ip address. Figure 1-5 add a host in figure 1-5 , right click zone com, and then select new host to bring up a dialog box as shown in ...
Page 1220
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-8 figure 1-6 add a mapping between domain name and ip address 2) configure the dns client # enable dynamic domain name resolution. System-view [sysname] dns resolve # configure ip address 2.1.1.2 of the dns...
Page 1221
Operation manual – dns h3c s3610&s5510 series ethernet switches chapter 1 dns configuration 1-9 --- 3.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/3 ms --- host.Com ping statistics --- 5 packet(s) transmitted 0 packet(s) receiv...
Page 1222: Table of Contents
Operation manual – file system management h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 file system management configuration ................................................................... 1-1 1.1 file system management ....................................
Page 1223: 1.1 File System Management
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-1 chapter 1 file system management configuration when configuring the file system management, go to these sections for information you are interested in: z file system ...
Page 1224
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-2 1.1.2 directory operations directory operations include create, delete, display the current path, display specified directory or file information as shown in the foll...
Page 1225
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-3 to do… use the command… remarks empty the recycle bin reset recycle-bin [ /force ] optional available in user view display the contents of a file more file-url option...
Page 1226
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-4 1.1.4 storage device operations i. Naming rules naming rules of the storage devices are as follows: z if there is only one storage device of the same type on the devi...
Page 1227
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-5 caution: when you format a storage device, all the files stored on it are erased and cannot be restored. In particular, if there is a startup configuration file on th...
Page 1228
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-6 flash:/test # display the files and the subdirectory under the test directory. Dir directory of flash:/test/ 0 drw- - feb 16 2006 15:28:14 mytest 2540 kb total (2519 ...
Page 1229
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-7 z save only non-default configuration settings. Z list commands in sections by view in this view order: system, interface, routing protocol, and so on. Sections are s...
Page 1231
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-9 1.2.4 specifying a configuration file for next startup follow the step below to specify a configuration file for next startup: to do… use the command… remarks specify...
Page 1232
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-10 iii. Restoring the startup configuration file to do… use the command… remarks restore the startup configuration file restore startup-configuration from src-addr file...
Page 1233
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 1 file system management configuration 1-11 note: for detailed description of the display this and display current-configuration commands, refer to the system maintaining and debugging configuration part of th...
Page 1234: 2.1 Ftp Overview
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-1 chapter 2 ftp configuration when configuring ftp, go to these sections for information you are interested in: z ftp overview z configuring the ftp client z configuring the ftp server z ...
Page 1235
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-2 figure 2-1 network diagram for ftp caution: z the ftp function is available when a route exists between the ftp server and the ftp client. Z when a device serving as the ftp server logs...
Page 1236
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-3 the source address specified with the ftp client source command is valid for all ftp connections and the source address specified with the ftp command is valid only for the current ftp ...
Page 1237
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-4 to do… use the command… remarks server indirectly in ftp client view open ipv6 server-address [ service-port ] [ -i interface-type interface-number ] 2.2.2 configuring the ftp client af...
Page 1238
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-5 to do… use the command… remarks find the working path of the ftp client lcd optional create a directory on the ftp server mkdir directory optional set the data transfer mode to passive ...
Page 1239
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-6 ii. Network diagram switch ip network ftp client 10.2.2.1/16 console ftp server 10.1.1.1/16 figure 2-2 network diagram for ftping an image file from an ftp server iii. Configuration pro...
Page 1240
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-7 227 entering passive mode (10.1.1.1,4,1). 125 binary mode data connection already open, transfer starting for aaa.Bin. .....226 transfer complete. Ftp: 5805100 byte(s) received in 19.89...
Page 1241
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-8 to do… use the command… remarks configure the idle-timeout timer ftp timeout minutes optional 30 minutes by default. In idle-timeout time, if there is no information interaction between...
Page 1242
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-9 to do… use the command… remarks assign the priority level of a user level level optional by default, the user level is 0. If the client is to perform the write operations on the device’...
Page 1243
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-10 [sysname-luser-abc] work-directory flash:/ [sysname-luser-abc] quit # enable ftp server. [sysname] ftp server enable [sysname] quit # check files on your device. Remove those redundant...
Page 1244
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 2 ftp configuration 2-11 reboot caution: startup files for next startup must be saved under the root directory. You can copy or move a file to change the path of it to the root directory. For description of th...
Page 1245: 3.1 Tftp Overview
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 3 tftp configuration 3-1 chapter 3 tftp configuration when configuring tftp, go to these sections for information you are interested in: z tftp overview z configuring the tftp client z displaying and maintaini...
Page 1246
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 3 tftp configuration 3-2 figure 3-1 tftp configuration diagram before using tftp, the administrator needs to configure ip addresses for the tftp client and server, and make sure that there is a route between t...
Page 1247
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 3 tftp configuration 3-3 the source address specified with the tftp client source command is valid for all tftp connections and the source address specified with the tftp command is valid only for the current ...
Page 1248
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 3 tftp configuration 3-4 3.3 displaying and maintaining the tftp client to do… use the command… remarks display the configuration of the tftp client display tftp client configuration available in any view 3.4 ...
Page 1249
Operation manual – file system management h3c s3610&s5510 series ethernet switches chapter 3 tftp configuration 3-5 # assign vlan-interface 1 an ip address 1.1.1.1/16, making sure that the port connected to pc belongs to the same vlan. [sysname] interface vlan-interface 1 [sysname-vlan-interface1] i...
Page 1250: Table of Contents
Operation manual – information center h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 information center configuration.............................................................................. 1-1 1.1 information center overview .............................
Page 1251
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-1 chapter 1 information center configuration when configuring information center, go to these sections for information you are interested in: z information center overview z co...
Page 1252
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-2 table 1-1 severity description severity severity value description emergencies 0 the system is unavailable. Alerts 1 information that demands prompt reaction critical 2 criti...
Page 1253
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-3 information channel number default channel name default output direction 4 logbuffer log buffer (receives log information, a buffer inside the router for recording informatio...
Page 1254
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-4 module name description dns domain name system module eth ethernet module ftps ftp server module garp generic attribute registration protocol module habp huawei authenticatio...
Page 1255
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-5 module name description vos virtual operating system module vrrp virtual router redundancy protocol module vty virtual type terminal module to sum up, the major task of the i...
Page 1256
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-6 note that there is a space between the timestamp and sysname (host name) fields. Iii. Sysname sysname is the system name of the current host. You can use the sysname command ...
Page 1257
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-7 task remarks configuring synchronous information output optional 1.2.2 setting to output system information to the console i. Setting to output system information to the cons...
Page 1258
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-8 table 1-4 default output rules for different output directions log trap debug output directio n module s allowe d enable d/disab led severit y enable d/disab led severit y en...
Page 1259
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-9 to do… use the command… remarks enable the display of log information on the console terminal logging optional enabled by default enable the display of trap information on th...
Page 1260
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-10 ii. Enabling the display of system information on a monitor terminal after setting to output system information to a monitor terminal, you need to enable the associated disp...
Page 1262
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-12 1.2.6 setting to output system information to the log buffer to do… use the command… remarks enter system view system-view — enable information center info-center enable opt...
Page 1264
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-14 follow these steps to enable synchronous information output: to do… use the command… remarks enter system view system-view — enable synchronous information output info-cente...
Page 1265
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-15 note: support for the display logfile buffer and display logfile summary commands varies with devices. 1.4 information center configuration examples 1.4.1 outputting log inf...
Page 1266
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-16 caution: z as the default system configurations for different channels vary, ensure that the output of log, trap, and debug information for the specified channel (loghost in...
Page 1268
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-18 caution: z as the default system configurations for different channels vary, ensure that the output of log, trap, and debug information for the specified channel (loghost in...
Page 1269
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-19 # syslogd -r & note: ensure that the syslogd process is started with the -r option on a linux log host. After the above configurations, the system will be able to keep log i...
Page 1270
Operation manual – information center h3c s3610&s5510 series ethernet switches chapter 1 information center configuration 1-20 caution: z as the default system configurations for different channels vary, ensure that the output of log, trap, and debug information for the specified channel (console in...
Page 1271: Table of Contents
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 basic configurations................................................................................................... 1-1 1.1 basic configurations .............
Page 1272: 1.1 Basic Configurations
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-1 chapter 1 basic configurations while performing basic configurations of the system, go to these sections for information you are interested in: z basic configurations z cli...
Page 1273
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-2 1.1.2 configuring the device name to do… use the command… remarks enter system view system-view — configure the device name sysname sysname optional the device name is h3c ...
Page 1274
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-3 table 1-1 relationship between the configuration and display of the system clock configuration system clock displayed by the display clock command example 1 date-time confi...
Page 1275
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-4 configuration system clock displayed by the display clock command example if date-time is not in the summer time range, date-time is displayed. Configure: clock summer-time...
Page 1276
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-5 configuration system clock displayed by the display clock command example if the value of "date-time" ±"zone-offset" is not in the summer-time range, "date-time" ±"zone-off...
Page 1277
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-6 z shell banner, also called session banner, displayed when a non modem user enters user view. Z incoming banner, also called user interface banner, displayed when a user in...
Page 1278
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-7 to do… use the command… remarks configure the banner to be displayed when a user enters user view header shell text optional configure the banner to be displayed before log...
Page 1279
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-8 hotkey function deletes the character to the left of the cursor. Terminates an outgoing connection. Displays the next command in the history command buffer. Displays the pr...
Page 1280
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-9 acquire a higher privilege, you must switch to a higher user level, and it requires password to do so for aux and vty user interfaces for the security’s sake. The following...
Page 1281
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-10 caution: z when you configure the password for switching user level with the super password command, the user level is defaulted to 3 if no user level is specified. Z you ...
Page 1282: 1.2 Cli Features
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-11 one time, you can execute the display diagnostic-information command in any view to display statistics of each module’s running status. The execution of the display diagno...
Page 1283
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-12 1.2.2 online help with command lines the following are the types of online help available with the cli: z full help z fuzzy help to obtain the desired help information, yo...
Page 1284
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-13 c? Cd clock copy 5) enter a command followed by a character string and a >. All the keywords starting with this string are listed. Display ver? Version 6) press after ente...
Page 1285
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-14 follow these steps to access history commands: to do… use the key/command… result view the history commands display history-command displays the commands that you have ent...
Page 1286
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 1 basic configurations 1-15 1.2.6 edit features the cli provides the basic command edit functions and supports multi-line editing. The maximum length of each command is 256 characters. Table 1-6 list...
Page 1287
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 2 system maintaining and debugging 2-1 chapter 2 system maintaining and debugging when maintaining and debugging the system, go to these sections for information you are interested in: z system maint...
Page 1288
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 2 system maintaining and debugging 2-2 ii. The tracert command by using the tracert command, you can trace the routers involved in delivering a packet from source to destination. This is useful for i...
Page 1289
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 2 system maintaining and debugging 2-3 figure 2-1 the relationship between the protocol and screen debugging switch note: displaying debugging information on the terminal is the most commonly used wa...
Page 1291
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 2 system maintaining and debugging 2-5 note: z the debugging commands are usually used by administrators in diagnosing network failure. Z output of the debugging information may reduce system efficie...
Page 1292
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-1 chapter 3 device management when configuring device management, go to these sections for information you are interested in: z device management overview z configuring device m...
Page 1293
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-2 follow these steps to reboot a device: to do… use the command… remarks reboot a device reboot optional available in user view. Enable the scheduled reboot function and specify...
Page 1294
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-3 follow these steps to specify a file for the next device boot: to do… use the command… remarks specify a boot file for the device boot-loader file file-url required available ...
Page 1295
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-4 follow these steps to configure a detection interval: to do… use the command… remarks enter system view system-view — configure a detection interval shutdown-interval time opt...
Page 1296
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-5 3.2.6 identifying and diagnosing pluggable transceivers i. Introduction to pluggable transceivers at present, four types of pluggable transceivers are commonly used, and they ...
Page 1297
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-6 to do… use the command… remarks display main parameters of the pluggable transceiver(s) display transceiver interface [ interface-type interface-number ] available for all plu...
Page 1298: Configuration
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-7 3.3 displaying and maintaining device management configuration to do… use the command… remarks display the boot rom file used for the next boot display boot-loader available i...
Page 1299
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-8 ii. Network diagram figure 3-1 network diagram for remote upgrade iii. Configuration procedure z configuration on ftp server (note that configurations may vary with different ...
Page 1300
Operation manual – system maintaining and debugging h3c s3610&s5510 series ethernet switches chapter 3 device management 3-9 connected. 220 wftpd 2.0 service (by texas imperial software) ready for new user user(none): aaa 331 give me your password, please password: 230 logged in successfully [ftp] #...
Page 1301: Table of Contents
Operation manual – nqa h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 nqa configuration ...................................................................................................... 1-1 1.1 nqa overview .................................................
Page 1302: 1.1 Nqa Overview
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-1 chapter 1 nqa configuration when configuring nqa, go to these sections for information you are interested in: z nqa overview z configuring nqa tests z configuring optional parameters for nqa tests z displ...
Page 1303
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-2 1.1.2 nqa server and nqa client in most nqa test systems, you only need to configure an nqa client. However, when you perform a tcp, udp, or jitter test, you need to configure an nqa server. Figure 1-1 sh...
Page 1304: 1.2 Configuring Nqa Tests
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-3 note: after you enable the nqa client, you can create multiple test groups to perform tests. In this way, you do not need to enable the nqa client repeatedly. 1.2 configuring nqa tests note: z you need to...
Page 1305
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-4 to do… use the command… remarks set the test type to icmp test-type icmp optional icmp by default. Configure a destination address for a test destination-ip ip-address required configure the size of test ...
Page 1306
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-5 figure 1-2 network diagram for the icmp test 3) configuration procedure perform the following configurations on switch a: # enable the nqa client, create an icmp test group, and configure related test par...
Page 1307
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-6 1.2.2 configuring the dhcp test the dhcp test is mainly used to test the existence of a dhcp server on the network as well as the time necessary for the dhcp server to respond to a client request and assi...
Page 1308
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-7 2) network diagram figure 1-3 network diagram for the dhcp test 3) configuration procedure note: for the configuration of dhcp server, refer to the dhcp configuration part of the manual. Perform the follo...
Page 1309
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-8 failures due to other errors: 0 1.2.3 configuring the ftp test the ftp test is mainly used to test the connection with a specified ftp server and the time necessary for the ftp client to transfer a file t...
Page 1310
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-9 to do… use the command… remarks configure common optional parameters refer to configuring optional parameters for nqa tests . Optional enable the nqa test test-enable required view the test results displa...
Page 1311
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-10 3) configuration procedure note: for the configuration of ftp server, refer to the file system management configuration part of the manual. Perform the following configurations on switch a: # enable the ...
Page 1312
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-11 1.2.4 configuring the http test the http test is mainly used to test the connection with a specified http server and the time required to obtain data from the http server. I. Configuration procedure foll...
Page 1313
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-12 2) network diagram figure 1-5 network diagram for the http test 3) configuration procedure note: for the configuration of http server, refer to the login configuration part of the manual. Perform the fol...
Page 1314
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-13 failures due to disconnect: 0 failures due to no connection: 0 failures due to sequence error: 0 failures due to internal error: 0 failures due to other errors: 0 1.2.5 configuring the jitter test cautio...
Page 1315
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-14 to do… use the command… remarks enter system view system-view — enable the nqa server nqa-server enable required disabled by default configure the udp listening function on the nqa server nqa-server udpe...
Page 1316
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-15 to do… use the command… remarks view the recorded delay jitter of udp packet transmission in the last nqa jitter test display nqa jitter [ admin-name operation-tag ] optional available in any view. Note:...
Page 1317
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-16 # enable the jitter test. [switcha-nqa-admin-jitter] test-enable # view the test results with the display nqa results and display nqa jitter commands. [switcha-nqa-admin-jitter] display nqa results admin...
Page 1318
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-17 i. Configuration prerequisites the snmp agent function must be enabled on the device serving as an snmp agent. Ii. Configuration procedure follow these steps to configure the snmp query test: to do… use ...
Page 1319
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-18 [switchb] snmp-agent community read public [switchb] snmp-agent community write private note: z snmp must be enabled on the snmp agent. Otherwise, no response packet will be received. Z in this example, ...
Page 1320
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-19 1.2.7 configuring the tcp test caution: you are not recommended to perform an nqa tcp test on ports from 1 to 1023 (known ports). Otherwise, the nqa test will fail or the corresponding services of this p...
Page 1321
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-20 2) configure the nqa client follow these steps to configure nqa client for the tcp test: to do… use the command… remarks enter system view system-view — enable the nqa client nqa-agent enable required cr...
Page 1322
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-21 2) network diagram figure 1-8 network diagram for the tcp-private test 3) configuration procedure z configuration on switch b # enable the nqa server and configure the listening ip address and port numbe...
Page 1323
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-22 failures due to other errors: 0 1.2.8 configuring the udp test caution: you are not recommended to perform an nqa udp test on ports from 1 to 1023 (known ports). Otherwise, the nqa test will fail or the ...
Page 1324
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-23 to do… use the command… remarks enter system view system-view — enable the nqa client nqa-agent enable required create an nqa test group and enter its view nqa admin-name operation-tag — set the test typ...
Page 1325
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-24 2) network diagram figure 1-9 network diagram for the udp-private test 3) configuration procedure z configuration on switch b # enable the nqa server and configure the listening ip address and port numbe...
Page 1326
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-25 failures due to other errors: 0 1.2.9 configuring the dlsw test data link switching (dlsw) was jointly developed by advanced peer-to-peer networking (appn), implementers workshop (aiw) and the data-link ...
Page 1327
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-26 2) network diagram figure 1-10 network diagram for the dlsw test 3) configuration procedure note: for the configuration of dlsw devices, refer to the related manuals of routers supporting the dlsw functi...
Page 1328
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-27 failures due to internal error: 0 failures due to other errors: 0 1.3 configuring optional parameters for nqa tests unless otherwise specified, the following parameters are applicable to all test types a...
Page 1329
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-28 to do… use the command… remarks configure the number of probes in a test count times optional 1 by default. For the tcp test, a probe means a connection. For the jitter test, the number of test packets s...
Page 1330
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-29 to do… use the command… remarks configure the source ip address of a test request packet source-ip ipaddress this command is required for the ftp test but optional for other tests. You can specify an ip ...
Page 1331
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-30 1.3.3 configuring trap delivery i. Configuration prerequisites before configuring trap delivery, you should configure the address of the network management server which receives the trap message. For det...
Page 1332
Operation manual – nqa h3c s3610&s5510 series ethernet switches chapter 1 nqa configuration 1-31 1.4 displaying and maintaining nqa to do… use the command… remarks display history information of tests display nqa history [ admin-nameoperation-tag ] available in any view display the results of the la...
Page 1333: Table of Contents
Operation manual – vrrp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 vrrp configuration .................................................................................................... 1-1 1.1 introduction to vrrp .........................................
Page 1334: 1.1 Introduction to Vrrp
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-1 chapter 1 vrrp configuration when configuring vrrp, go to these sections for information you are interested in: z introduction to vrrp z configuring vrrp for ipv4 z configuring vrrp for ipv6 z ipv4-base...
Page 1335
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-2 gateway network host a host b host c figure 1-1 lan networking apparently, this approach to enabling hosts on a network to communicate with external networks is easy to configure but it imposes a very h...
Page 1336
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-3 group elect a new gateway to undertake the responsibility of the failed switch, thus ensuring that the hosts in the network segment can communicate with the external networks uninterruptedly. Host a hos...
Page 1337
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-4 remains 255 and cannot be configured. That is, if there is an ip address owner in a standby group, it acts as the master as long as it works properly. Ii. Working mode a switch in a standby group can wo...
Page 1338
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-5 you can adjust the interval of sending vrrp advertisements by setting the vrrp advertisement interval timer. If a backup switch receives no advertisements in three times the interval, the backup switch ...
Page 1339
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-6 z count ip addrs: number of virtual ip addresses for the standby group. A standby group can have multiple virtual ip addresses. Z auth type: authentication type. 0 means no authentication, 1 means simpl...
Page 1340
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-7 z auth type: authentication type. 0 means no authentication, 1 means simple authentication. Vrrpv3 does not support md5 authentication. Z adver int: interval for sending advertisement packets, in centis...
Page 1341
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-8 only one standby group, in which each switch holds different priorities and the one with the highest priority becomes the master, as shown in figure 1-5 . Figure 1-5 vrrp in master/backup mode at the be...
Page 1342
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-9 host a host b host c switch a backup switch b backup switch c master virtual router 2 virtual router 3 virtual router 1 master backup backup backup master backup network figure 1-6 vrrp in load balancin...
Page 1343
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-10 task remarks configuring vrrp packet attributes optional 1.2.2 enabling users to ping virtual ip addresses you can configure whether the master switch responds to the received icmp echo requests, that ...
Page 1344
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-11 when an ip address owner exists in a standby group, if you associate the virtual ip address with the virtual mac address, two mac addresses are associated with an ip address. In this case, you can asso...
Page 1345
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-12 ii. Configuration procedure follow these steps to create standby group and configure virtual ip address: to do… use the command… remarks enter system view system-view — enter the specified interface vi...
Page 1346
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-13 1.2.5 configuring standby group priority, preemption mode and interface tracking i. Configuration prerequisites before you configure these features, you should first create a standby group on the inter...
Page 1347
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-14 1.2.6 configuring vrrp packet attributes i. Configuration prerequisites before configuring the relevant attributes of vrrp packets, you should first create the standby group and configure the virtual i...
Page 1348
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-15 1.2.7 displaying and maintaining vrrp for ipv4 to do… use the command… remarks display vrrp status display vrrp[ verbose ] [ interface interface-type interface-number [ vrid virtual-router-id ] ] avail...
Page 1349
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-16 caution: you should configure this function before creating a standby group. Otherwise, you cannot ping the virtual ipv6 addresses of standby groups. 1.3.3 configuring the association between virtual i...
Page 1350
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-17 caution: you should configure this function before creating a standby group. Otherwise, you cannot modify the mapping between the virtual ipv6 address and the mac address. 1.3.4 creating standby group ...
Page 1351
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-18 caution: z the maximum number of standby groups on an interface and the maximum number of virtual ipv6 addresses in a standby group vary by device. Z a standby group is removed after you remove all the...
Page 1352
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-19 caution: z the priority of an ip address owner is always 255 and not configurable. Z interface tracking is not configurable on an ip address owner. Z the priority of a device is reset if the state of t...
Page 1353
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-20 1.3.7 displaying and maintaining vrrp for ipv6 to do… use the command… remarks display vrrp status display vrrp ipv6[verbose][ interface interface-type interface-number [vrid virtual-router-id ] ] avai...
Page 1354
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-21 ii. Network diagram host a switch a switch b virtual ip address: 202.38.160.111/24 vlan-int2 202.38.160.1/24 vlan-int2 202.38.160.2/24 host b 202.38.160.3/24 203.2.3.1/24 internet figure 1-7 network di...
Page 1355
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-22 # create standby group 1 and set its virtual ip address to be 202.38.160.111. [switchb-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # set switch b to work in preemption mode. The preemption d...
Page 1356
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-23 [switchb-vlan-interface2] display vrrp verbose ipv4 standby information: run method : virtual-mac virtual ip ping : enable interface : vlan-interface2 vrid : 1 adver. Timer : 1 admin status : up state ...
Page 1357
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-24 iii. Configuration procedure 1) configure switch a # configure vlan 2. System-view [switcha] vlan 2 [switcha-vlan2] port gigabitethernet 2/0/5 [switcha-vlan2] quit [switcha] interface vlan-interface 2 ...
Page 1358
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-25 after the configuration, host b can be pinged through on host a. You can use the display vrrp command to verify the configuration. # display detailed information of standby group 1 on switch a. [switch...
Page 1359
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-26 virtual ip ping : enable interface : vlan-interface2 vrid : 1 adver. Timer : 5 admin status : up state : backup config pri : 110 run pri : 80 preempt mode : yes delay time : 0 auth type : simple text k...
Page 1360
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-27 ii. Network diagram figure 1-9 network diagram for multiple vrrp standby group configuration iii. Configuration procedure 1) configure switch a # configure vlan 2. System-view [switcha] vlan 2 [switcha...
Page 1361
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-28 [switchb-vlan-interface2] ip address 202.38.160.2 255.255.255.0 # create a standby group 1 and set its virtual ip address to 202.38.160.111. [switchb-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160....
Page 1362
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-29 config pri : 100 run pri : 100 preempt mode : yes delay time : 0 auth type : none virtual ip : 202.38.160.111 master ip : 202.38.160.1 interface : vlan-interface2 vrid : 2 adver. Timer : 1 admin status...
Page 1363
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-30 ii. Network diagram host a switch a switch b virtual ipv6 address: fe80::10 vlan-int2 fe80::1 vlan-int2 fe80::2 host b gateway: fe80::10 internet figure 1-10 network diagram for single vrrp standby gro...
Page 1364
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-31 [switchb] vlan 2 [switchb-vlan2] port gigabitethernet 2/0/5 [switchb-vlan2] quit [switchb] interface vlan-interface 2 [switchb-vlan-interface2] ipv6 address fe80::2 link-local # create a standby group ...
Page 1365
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-32 the above information indicates that in standby group 1 switch a is the master, switch b is the backup and packets sent from host a to host b are forwarded by switch a. If switch a fails, you can still...
Page 1366
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-33 ii. Network diagram host a switch a switch b virtual ipv6 address: fe80::10 vlan-int2 fe80::1 vlan-int2 fe80::2 host b gateway: fe80::10 vlan-int3 internet figure 1-11 network diagram for vrrp interfac...
Page 1367
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-34 [switcha-vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3 reduced 30 2) configure switch b # configure vlan 2. System-view [switchb] ipv6 [switchb] vlan 2 [switchb-vlan2] port gigabit...
Page 1368
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-35 # display detailed information of standby group 1 on switch b. [switchb-vlan-interface2] display vrrp ipv6 verbose ipv6 standby information: run method : virtual-mac virtual ip ping : enable interface ...
Page 1369
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-36 admin status : up state : master config pri : 100 run pri : 100 preempt mode : yes delay time : 5 auth type : simple text key : hello virtual ip : fe80::10 virtual mac : 0000-5e00-0201 master ip : fe80...
Page 1370
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-37 [switcha] vlan 2 [switcha-vlan2] port gigabitethernet 2/0/5 [switcha-vlan2] quit [switcha] interface vlan-interface 2 [switcha-vlan-interface2] ipv6 address fe80::1 link-local [switcha-vlan-interface2]...
Page 1371
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-38 preempt mode : yes delay time : 0 auth type : none virtual ip : fe80::10 virtual mac : 0000-5e00-0201 master ip : fe80::1 interface : vlan-interface2 vrid : 2 adver. Timer : 100 admin status : up state...
Page 1372: 1.6 Troubleshooting Vrrp
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-39 the above information indicates that in standby group 1 switch a is the master, switch b is the backup and the host with the default gateway of fe80::10 accesses the internet through switch a; in stand...
Page 1373
Operation manual – vrrp h3c s3610&s5510 series ethernet switches chapter 1 vrrp configuration 1-40 iii. Symptom 3: frequent vrrp state transition. Analysis: the vrrp advertisement interval is set too short. Solution: increase the interval to sent vrrp advertisement or introduce a preemption delay..
Page 1374: Table of Contents
Operation manual – ssh h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ssh configuration....................................................................................................... 1-1 1.1 ssh overview..................................................
Page 1375
Operation manual – ssh h3c s3610&s5510 series ethernet switches table of contents ii 2.3.6 terminating the connection to the remote sftp server ...................................... 2-6 2.4 sftp configuration example .....................................................................................
Page 1376: 1.1 Ssh Overview
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-1 chapter 1 ssh configuration when configuring ssh, go to these sections for information you are interested in: z ssh overview z configuring the device as an ssh server z configuring the device as an ssh cl...
Page 1377
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-2 key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm. 1.1.2 asymmetric key algorithm asymmetric key algorithm means that a key pair exists at both ends. The ...
Page 1378
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-3 protocol version number, while the software version number is used for debugging. Z the client receives and resolves the packet. If the protocol version of the server is lower but supportable, the client ...
Page 1379
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-4 z the server authenticates the client. If the authentication fails, the server informs the client by sending a message, which includes a list of available methods for re-authentication. Z the client selec...
Page 1380
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-5 v. Interactive session in this stage, the server and the client exchanges data in this way: z the client encrypts and sends the command to be executed to the server. Z the server decrypts and executes the...
Page 1381
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-6 1.2.2 enabling ssh server follow these steps to enable ssh server: to do… use the command… remarks enter system view system-view — enable the ssh server function ssh server enable required disabled by def...
Page 1382
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-7 1.2.4 configuring rsa keys i. Creating the rsa key pair for successful ssh login, you must create the rsa key pair first. Follow these steps to create an rsa key pair: to do… use the command… remarks ente...
Page 1383
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-8 1.2.5 configuring a client public key note: this configuration task is only necessary for ssh users using publickey authentication. For an ssh user that uses publickey authentication to login, the server ...
Page 1384
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-9 to do… use the command… remarks return from public key code view to public key view public-key-code end — when you exit public key code view, the system automatically saves the public key. Return from pub...
Page 1385
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-10 caution: z if a local user with the service type being ssh (configured with the local-user command) exists when there is no ssh user, the ssh client can log on to the ssh server through the local user. I...
Page 1386
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-11 z enabling the ssh server to be compatible with ssh1 z setting the server key pair update interval, applicable to users using ssh1 client. Z setting the ssh user authentication timeout period z setting t...
Page 1387
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-12 task remarks establishing a connection between ssh client and server required 1.3.2 specifying a source ip address/interface for ssh client this configuration task allows you to specify a source ip addre...
Page 1388
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-13 to do... Use the command… remarks enter system view system-view — enable the device to support first-time authentication ssh client first-time optional by default, first-time authentication is supported ...
Page 1389
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-14 to do... Use the command… remarks establish a connection between the ssh client and the ipv4 server, and specify the preferred key exchange algorithm, encryption algorithms, and hmac algorithms for them ...
Page 1390
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-15 to do… use the command… remarks display the mappings between host public keys and ssh servers saved on a client display ssh server-info available in any view display information about a specified or all ...
Page 1391
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-16 [switch] user-interface vty 0 4 [switch-ui-vty0-4] authentication-mode scheme # enable the user interface to support ssh. [switch-ui-vty0-4] protocol inbound ssh [switch-ui-vty0-4] quit # create local us...
Page 1392
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-17 figure 1-3 ssh client configuration interface from the window shown in figure 1-3 , click open. The following ssh client interface appears. If the connection is normal, you will be prompted to enter the ...
Page 1393
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-18 figure 1-4 ssh client interface 1.5.2 when using publickey authentication i. Network requirements z the host (ssh client) and the switch (ssh server) are directly connected through the ethernet interface...
Page 1394
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-19 [switch] ssh server enable # configure an ip address for vlan-interface 1, which the ssh client will use as the destination for ssh connection. [switch] interface vlan-interface 1 [switch-vlan-interface1...
Page 1395
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-20 figure 1-6 generate a client key pair (1) while generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in figure 1-7 . Otherwise, the process bar...
Page 1396
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-21 figure 1-7 generate a client key pair (2) after the key pair is generated, click save public key to save the key in a file by entering a file name (key.Pub in this case)..
Page 1397
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-22 figure 1-8 generate a client key pair (3) likewise, to save the private key, click save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click y...
Page 1398
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-23 # specify the private key file and establish a connection with the ssh server launch putty.Exe to enter the following interface. In the host name (or ip address) text box, enter the ip address of the ser...
Page 1399
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-24 figure 1-11 ssh client configuration interface (2) from the window shown in figure 1-11 , click open. The following ssh client interface appears. If the connection is normal, you will be prompted to ente...
Page 1400
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-25 figure 1-12 ssh client interface 1.6 ssh client configuration examples 1.6.1 when using password authentication i. Network requirements z as shown in figure 1-13 , switch a (the ssh client) needs to log ...
Page 1401
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-26 [switchb] public-key local create rsa [switchb] ssh server enable # create an ip address for vlan-interface 1, which the ssh client will use as the destination for ssh connection. [switchb] interface vla...
Page 1402
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-27 6fd60fe01941ddd77fe6b12893da76e [switcha-pkey-key-code]ebc1d128d97f0678d7722b5341c8506f358214b16a2fac4b3 68950387811c7da33021500c773218c [switcha-pkey-key-code]737ec8ee993b4f2ded30f48edace915f02818100822...
Page 1403
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-28 1.6.2 when using publickey authentication i. Network requirements z as shown in figure 1-14 , switch a (the ssh client) needs to log on to switch b (the ssh server) through ssh protocol. Z publickey auth...
Page 1404
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-29 note: before performing the following tasks, you must generate an rsa key pair (using the client software) on the client, save the public key in a file named key.Pub, and then upload the file to the ssh ...
Page 1405
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 1 ssh configuration 1-30 the server is not authenticated. Continue? [y/n]:y do you want to save the server public key? [y/n]:n ***************************************************************** * copyright (c) 2004-2007 hangzhou ...
Page 1406: Chapter 2 Sftp Service
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-1 chapter 2 sftp service when configuring sftp, go to these sections for information you are interested in: z sftp overview z configuring an sftp server z configuring an sftp client z sftp configuration example ...
Page 1407
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-2 note: when the device functions as the sftp server, only one client can access the sftp server at a time. If the sftp client uses winscp, a file on the server cannot be modified directly; it can only be downlo...
Page 1408
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-3 follow these steps to specify a source ip address or interface for the sftp client: to do… use the command… remarks enter system view system-view — specify a source ipv4 address or interface for the sftp clien...
Page 1409
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-4 z changing the name of a specified directory on the server z creating or deleting a directory follow these steps to work with the sftp directories: to do… use the command… remarks establish a connection to the...
Page 1410
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-5 z displaying a list of the files z deleting a file follow these steps to work with sftp files: to do… use the command… remarks establish a connection to the remote sftp server and enter sftp client view sftp [...
Page 1411
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-6 follow these steps to display a list of all commands or the help information of an sftp client command: to do… use the command… remarks establish a connection to the remote sftp server and enter sftp client vi...
Page 1412
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-7 2.4 sftp configuration example i. Network requirements as shown in figure 2-1 , an ssh connection is established between switch a and switch b. Switch a, as an sftp client, uses the username client001 and pass...
Page 1413
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-8 [switchb] ssh user client001 service-type sftp authentication-type password note: if you set the ssh authentication method to publickey, you need to configure the host public key of switcha. For the specific c...
Page 1414
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-9 the following file will be deleted: /z are you sure to delete it? [y/n]:y this operation may take a long time.Please wait... File successfully removed sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 aug 23 06...
Page 1415
Operation manual – ssh h3c s3610&s5510 series ethernet switches chapter 2 sftp service 2-10 uploading file successfully ended sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 aug 23 06:52 config.Cfg -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubke...
Page 1416: Table of Contents
Operation manual – mce h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 mce overview .............................................................................................................. 1-1 1.1 mce overview ..............................................
Page 1417: Chapter 1 McE Overview
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-1 chapter 1 mce overview note: the term “router” in this document refers to a router in a generic sense or a layer 3 switch running routing protocols. 1.1 mce overview multi-ce (mce) enables a switch to function...
Page 1418
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-2 figure 1-1 a bgp/mpls vpn implementation ces and pes mark the boundary between the service providers and the customers. A ce is usually a router. After a ce establishes adjacency with a directly connected pe, ...
Page 1419
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-3 z the devices at a site can belong to multiple vpns, namely, a site can belong to multiple vpns. Z a site is connected to a provider network through one or more ces. A site can contain many ces, but a ce can b...
Page 1420
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-4 a vpn-ipv4 address consists of 12 bytes. The first eight bytes represent the rd, followed by a 4-byte ipv4 address prefix, as shown in. Type field ( 2-byte ) ipv4 address prefix ( 4-byte ) administrator subfie...
Page 1421
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-5 z export target attribute: a local pe sets this type of vpn target attribute for vpn-ipv4 routes learnt from directly connected sites before advertising them to other pes. Z import target attribute: a pe check...
Page 1422
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-6 figure 1-3 how mce works in figure 1-3 , the two vpn sites on the left side (site 1 and site 2) are connected to the backbone network through an mce device. Two vpn tunnels are expected between them and the re...
Page 1423
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-7 z ebgp note: this introduces the cooperation of routing protocols and mce in brief. For details on routing protocols, see the ipv4 routing module of this manual. I. Static routes a ce can communicate with a si...
Page 1424
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-8 note: normally, when an ospf route is imported to the bgp routing table as a bgp route on a pe, some attributes of the ospf route get lost. When the bgp route is imported to the ospf routing table on the remot...
Page 1425
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 1 mce overview 1-9 1.2.2 route exchange between ce and pe routing information entries are bound to specific vpn instances on a mce device, and packets of each vpn instance are forwarded between ce and pe according to interface. ...
Page 1426
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-1 chapter 2 mce configuration note: for detailed information on the routing protocol configuration mentioned in this chapter, see the ipv4 routing module of this manual. 2.1 configuring a vpn instance 2.1.1...
Page 1427
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-2 2.1.3 creating a vpn instance a vpn instance needs to be associated with a site. A vpn instance does not correspond to a vpn directly. Instead, a vpn instance is an integration of the vpn membership and r...
Page 1428
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-3 table 2-4 associate an vpn instance with an interface operation command description enter system view system-view — enter interface view of the interface to be associated interface interface-type interfac...
Page 1430
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-5 2.2.2 configuring to use static routes between a mce and a site table 2-7 configure to use static routes between a mce and a site operation command description enter system view system-view — define a sta...
Page 1431
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-6 table 2-9 configure to use ospf between a mce and a site operation command description enter system view system-view — enable ospf for a vpn instance (this operation also leads you to ospf view) ospf [ pr...
Page 1432
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-7 table 2-10 configure to use is-is between a mce and a site operation command description enter system view system-view — enable is-is for a vpn instance and enter is-is view isis [ process-id ] vpn-instan...
Page 1435
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-10 2.3.2 configuring to use static routes between a mce and a pe table 2-14 define a static route for a vpn instance operation command description enter system view system-view — ip route-static dest-addres...
Page 1436
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-11 2.3.3 configuring to use rip between a mce and a pe when configuring to use rip between a mce and a pe, you need to configure the rip processes to be bound to the vpn instances and manually import the vp...
Page 1438
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-13 2.3.6 configure to use ebgp between a mce and a pe to use ebgp to exchange routing information between a mce and a pe, you need to configure the peer end as a peer in the bgp-vpns on both ends, import vp...
Page 1439
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-14 table 2-19 display and maintain mce operation command display the ip routing tables associated with a vpn instance display ip routing-table vpn-instance vpn-instance-name [ verbose ] display the informat...
Page 1440
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-15 operation command clear route flap history information about a bgp peer of a vpn instance reset bgp vpn-instance vpn-instance-name ip-address flap-info reset bgp vpn-instance vpn-instance-name flap-info ...
Page 1441
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-16 ii. Network diagram figure 2-1 network diagram for mce configuration (a) iii. Configuration procedure for distinguish devices, assume the system name of the mce device is “mce”, the names of the egress r...
Page 1442
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-17 [mce-vlan10] quit [mce] interface vlan-interface 10 # bind vlan-interface 10 to vpn1, and configure ip address 10.214.10.3/24 for vlan-interface 10. [mce-vlan-interface10] ip binding vpn-instance vpn1 [m...
Page 1443
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-18 10.214.10.0/24 direct 0 0 10.214.10.3 vlan10 10.214.10.3/32 direct 0 0 127.0.0.1 inloop0 192.168.0.0/16 static 60 0 10.214.10.2 vlan10 as shown in the displayed information above, a static route has been...
Page 1444
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-19 [mce-ethernet1/0/3] port link-type trunk [mce-ethernet1/0/3] port trunk permit vlan 10 20 # configure ethernet 1/0/18 of pe. System-view [pe] interface ethernet 1/0/18 [pe-ethernet1/0/18] port link-type ...
Page 1445
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-20 10.214.10.0/24 direct 0 0 10.214.10.4 vlan10 10.214.10.4/32 direct 0 0 127.0.0.1 inloop0 100.100.10.1/32 direct 0 0 127.0.0.1 inloop0 192.168.0.0/16 o_ase 150 1 10.214.10.2 vlan10 as shown in the display...
Page 1446
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-21 ii. Network diagram figure 2-2 network diagram for mce configuration (b) iii. Configuration procedure z configure vpn instances # the procedure of creating vpn instances on mce and binding interfaces to ...
Page 1447
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-22 127.0.0.1/32 direct 0 0 127.0.0.1 inloop0 10.100.10.0/24 direct 0 0 10.100.10.1 vlan2 10.100.10.1/32 direct 0 0 127.0.0.1 inloop0 172.16.10.0/24 ospf 10 1 10.100.10.2 vlan2 as shown in the displayed info...
Page 1448
Operation manual – mce h3c s3610&s5510 series ethernet switches chapter 2 mce configuration 2-23 [pe-bgp-vpn1] peer 10.100.10.1 as-number 100 # display the information about the routes of vpn1 on pe. Display ip routing-table vpn-instance vpn1 routing tables: vpn1 destinations : 5 routes : 5 destinat...
Page 1449: Table of Contents
Operation manual – oam h3c s3610&s5510 series ethernet switches tabel of contents i table of contents chapter 1 oam configuration...................................................................................................... 1-1 1.1 oam overview...................................................
Page 1450: 1.1 Oam Overview
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-1 chapter 1 oam configuration when performing oam configuration, go to these sections for information you are interested in: z oam overview z oam configuration z displaying and maintaining oam configuration...
Page 1451
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-2 z the source addr field holds the source mac address of an oampdu, which is the bridge mac address of the sending side. Z the type field indicates the protocol type of an oampdu, which is fixed to 0x8809....
Page 1452
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-3 as for oam connection establishment, a device can operate in two modes: active oam mode and passive oam mode. Only devices operating in active oam mode can initiate oam connection establishment processes....
Page 1453
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-4 table 1-2 oam link error events oam link events description error signal event a signal error event occurs if the number of signal errors in specific period exceeds the threshold. Error frame event a fram...
Page 1454: 1.2 Oam Configuration
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-5 1.2 oam configuration 1.2.1 oam configuration task list complete the following tasks to configure oam: task remarks configuring basic oam basic functions required configuring the periods and thresholds fo...
Page 1455
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-6 1.2.3 configuring the periods and thresholds for oam link error event detection follow these steps to configure the periods and thresholds for oam link error event detection: to do… use the command… remar...
Page 1456
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-7 note: z an error signal event occurs when a period for error signal event detection expires and the number of the signal errors occurred on an ethernet port is larger than or (equal to) the threshold for ...
Page 1457
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-8 note: z currently, oam external loopback is only available on 1000 mbps ethernet ports (sfp ports with electrical ports installed not included) operating at a speed of 1000 mbps, 100 mbps, or 10 mbps. Z o...
Page 1458
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-9 1.4 oam configuration example i. Network requirements z enable oam on device a and device b to manage links on data link layer. Z monitor link performance and collect statistics about the error frames rec...
Page 1459
Operation manual – oam h3c s3610&s5510 series ethernet switches chapter 1 oam configuration 1-10 errored-frame-period event threshold : 1 errored-frame-seconds event period : 60 errored-frame-seconds event threshold : 1 2) configure device b: # configure ethernet 1/0/1 to operate in active oam mode ...
Page 1460: Table of Contents
Operation manual – dldp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 dldp configuration .................................................................................................... 1-1 1.1 overview .....................................................
Page 1461: 1.1 Overview
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-1 chapter 1 dldp configuration when performing dldp configuration, go to these sections for information you are interested in: z overview z dldp configuration task list z enabling dldp z setting dldp mode...
Page 1462
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-2 devic e a ge1/1/1 ge1/1/2 devic e b pc ge1/1/1 ge1/1/2 figure 1-1 unidirectional fiber link: cross-connected fiber device a device b pc ge1/1/1 ge1/1/1 ge1/1/2 ge1/1/2 figure 1-2 unidirectional fiber li...
Page 1463
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-3 connected correctly and if packets can be exchanged between the two devices. Note that dldp is not implemented through auto-negotiation. 1.1.2 dldp fundamentals i. Dldp link states a device is in one of...
Page 1464
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-4 ii. Dldp timers table 1-2 dldp timers dldp timer description active timer determines the interval to send advertisement packets with rsy tag, which defaults to 1 second. When a device transits to the ac...
Page 1465
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-5 dldp timer description enhanced timer in the enhanced mode, this timer is triggered if no packet is received from a neighbor when the entry aging timer expires. Enhanced timer is set to 10 seconds. Afte...
Page 1466
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-6 table 1-3 dldp mode and neighbor entry aging dldp mode detecting a neighbor after the corresponding neighbor entry ages out removing the neighbor entry immediately after the entry timer expires triggeri...
Page 1467
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-7 iv. Dldp authentication mode you can prevent network attacks and illegal detect through dldp authentication. Three dldp authentication modes exist, as described below. Z non-authentication. In this mode...
Page 1468
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-8 z the packet is dropped if the setting of the interval for sending advertisement packets it carries conflicts with the corresponding local setting. Z other processes. Table 1-5 procedures for processing...
Page 1469
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-9 packet type processing procedure if not, no process is performed. Recoverprobe packet check to see if the local port is in disable or advertisement state. If yes, returns recoverecho packets. If not, no...
Page 1470
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-10 dldp neighbor state description unidirectional a neighbor is in this state when the link connecting it is detected to be a unidirectional link. After a device transits to this state, the corresponding ...
Page 1471
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-11 1.2.1 enabling dldp follow these steps to enable dldp: to do… use the command… remarks enter system view system-view — enable dldp globally dldp enable required globally disabled by default enter ether...
Page 1472
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-12 follow these steps to set the interval for sending advertisement packets: to do… use the command… remarks enter system view system-view — set the interval for sending advertisement packets dldp interva...
Page 1473
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-13 1.2.5 setting the port shutdown mode on detecting a unidirectional link, the ports can be shut down in one of the following two modes. Z manual mode. This mode applies to networks with low performance,...
Page 1474
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-14 caution: to enable dldp to operate properly, make sure the dldp authentication modes and the passwords of the both sides of a link are the same. 1.2.7 resetting dldp state after a unidirectional link i...
Page 1475
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-15 1.2.9 resetting dldp state in port view/port group view follow these steps to reset dldp state in port view/port group view: to do… use the command… remarks enter system view system-view — enter ethern...
Page 1476
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-16 ii. Network diagram device a ge1/1/1 ge1/1/2 device b pc ge1/1/1 ge1/1/2 figure 1-4 network diagram for dldp configuration iii. Configuration procedure 1) configuration on device a # enable dldp on gig...
Page 1477: 1.5 Troubleshooting
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-17 dldp interval : 6s dldp work-mode : enhance dldp authentication-mode : none dldp unidirectional-shutdown : auto dldp delaydown-timer : 2s the number of enabled ports is 2. Interface gigabitethernet1/1/...
Page 1478
Operation manual – dldp h3c s3610&s5510 series ethernet switches chapter 1 dldp configuration 1-18 z dldp authentication modes/passwords on device a and device b are not the same. Solution: make sure the interval for sending advertisement packets, the authentication mode, and the password on device ...
Page 1479: Table of Contents
Operation manual – rrpp h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 rrpp configuration .................................................................................................... 1-1 1.1 rrpp overview ................................................
Page 1480: 1.1 Rrpp Overview
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-1 chapter 1 rrpp configuration when configuring rrpp, go to these sections for information you are interested in: z rrpp overview z rrpp configuration task list z configuring master node z configuring tra...
Page 1481
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-2 i. Rrpp domain the interconnected devices with the same domain id and control vlans constitute an rrpp domain. An rrpp domain contains multiple rrpp rings, in which one ring serves as the primary ring a...
Page 1482
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-3 primary ring and an assistant-edge node on the subring. This node is used in conjunction with the edge node to detect the integrity of the primary ring and perform loop guard. As shown in figure 1-1 , r...
Page 1483
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-4 vii. Multi-domain intersection common port of the two ports on a node where rings of different domains intersect, the common port is the one on the primary ring that belongs to different domains at the ...
Page 1484
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-5 type description complete-flush-fdb the master node initiates complete-flush-fdb packets to notify the transit nodes to update their own mac entries and arp entries, and release from blocking ports temp...
Page 1485
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-6 ii. Multi-domain tangent rings ring 2 ring 1 device a device b device c device e domain 1 transit node device d transit node transit node device f master node domain 2 transit node master node ring 2 fi...
Page 1486
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-7 iv. Dual homed rings device a device b device c device d device e edge node master node transit node assistant edge node domain 1 ring 1 ring 2 master node device f master node ring 3 figure 1-5 dual ho...
Page 1487
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-8 in different domains are independently configured. Each single domain can contain multiple rings, among which there must be one and only one primary ring. The data vlan in one domain must be isolated fr...
Page 1488
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-9 in this case, to prevent from generating this loop, the edge node will block the edge port temporarily. The blocked edge port is activated only when the edge node ensures that no loop will be brought fo...
Page 1489
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-10 caution: z it is recommended to configure the primary ring first and then the subring when you configure an rrpp domain. Moreover, a ring id cannot be applied to more than one rrpp ring in one rrpp dom...
Page 1490
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-11 note: z if you need to transparently transmit rrpp packets on a device without enabling rrpp, you should ensure only the two ports accessing an rrpp ring permits the packets of the control vlan. Otherw...
Page 1491
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-12 caution: z the control vlan configured for an rrpp domain must be a new one. Z control vlan configuration is required for configuring an rrpp ring. Z to use the undo rrpp domain command to remove an rr...
Page 1492
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-13 to do… use the command… remarks specify the current device as the transit node of the ring, and specify the primary port and the secondary port ring ring-id node-mode transit [ primary-port interface-t...
Page 1493: 1.5 Configuring Edge Node
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-14 [sysname] rrpp enable 1.5 configuring edge node 1.5.1 configuration procedure follow these steps to configure edge node: to do… use the command… remarks enter system view system-view — create an rrpp d...
Page 1494
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-15 caution: z the control vlan configured for an rrpp domain must be a new one. Z control vlan configuration is required for configuring an rrpp ring. Z a ring id cannot be applied to more than one rrpp r...
Page 1495
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-16 to do… use the command… remarks enter system view system-view — create an rrpp domain and enter its view rrpp domain domain-id required specify a control vlan for the rrpp domain control-vlan vlan-id r...
Page 1496
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-17 caution: z the control vlan configured for an rrpp domain must be a new one. Z control vlan configuration is required for configuring an rrpp ring. Z a ring id cannot be applied to more than on rrpp ri...
Page 1497
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-18 1.7 displaying and maintaining rrpp to do… use the command… remarks display brief information about rrpp configuration display rrpp brief display detailed information about rrpp configuration display r...
Page 1498
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-19 figure 1-7 single ring networking diagram ii. Configuration considerations first, determine the node mode of a device in an rrpp ring, and then perform the following configurations on a per-device basi...
Page 1499
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-20 [device b-rrpp-domain1] ring 1 enable [device b-rrpp-domain1] quit [device b] rrpp enable 3) perform the following configuration on device c: system-view [device c] rrpp domain 1 [device c-rrpp-domain1...
Page 1500
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-21 figure 1-8 networking diagram for single-domain intersecting rings configuration ii. Configuration considerations first, determine the primary ring and subring in an rrpp domain, node mode of a device ...
Page 1501
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-22 [device b-rrpp-domain1] ring 1 node-mode transit primary-port ethernet 1/0/1 secondary-port ethernet 1/0/2 level 0 [device b-rrpp-domain1] ring 2 node-mode edge common-port ethernet 1/0/2 edge-port eth...
Page 1502
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-23 1.8.3 configuring multi-domain intersecting ring topology i. Networking requirements z device a, device b, device c and device d constitute rrpp domain 1, and device e, device f, device c and device b ...
Page 1503
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-24 z specify the control vlan for each domain; z specify the node role of each device on each rrpp ring and the ports that access the device to the rrpp rings; z enable the rrpp rings; z enable rrpp after...
Page 1504
Operation manual – rrpp h3c s3610&s5510 series ethernet switches chapter 1 rrpp configuration 1-25 [device c-rrpp-domain2] ring 2 node-mode transit primary-port ethernet 1/0/3 secondary-port ethernet 1/0/2 level 0 [device c-rrpp-domain2] ring 2 enable [device c-rrpp-domain2] quit [device c] rrpp ena...
Page 1505: Table of Contents
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 ssl configuration ....................................................................................................... 1-1 1.1 ssl overview ..........................................
Page 1506: 1.1 Ssl Overview
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-1 chapter 1 ssl configuration when configuring ssl, go to these sections for information you are interested in: z ssl overview z ssl configuration task list z displaying and maintaining ssl z troubles...
Page 1507
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-2 z ssl change cipher spec protocol: used for notification between a client and the server that the subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite an...
Page 1509
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-4 caution: in this instance, windows server works as the ca and the simple certificate enrollment protocol (scep) plug-in is installed on the ca. Ii. Network diagram figure 1-2 network diagram for ssl...
Page 1510
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-5 [sysname] pki request-certificate domain 1 2) configure an ssl server policy # create an ssl server policy named myssl. [sysname] ssl server-policy myssl # specify the pki domain for the ssl server ...
Page 1511: 1.6 Troubleshooting Ssl
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-6 1.4.2 configuration procedure follow these steps to configure an ssl client policy: to do... Use the command... Remarks enter system view system-view — create an ssl client policy and enter its view...
Page 1512
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 1 ssl configuration 1-7 ii. Analysis ssl handshake failure may result from the following causes: z no ssl server certificate exists, or the certificate is not trusted. Z the server is expected to authenticate the client, b...
Page 1513: 2.1 Https Overview
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-1 chapter 2 https configuration when configuring https, go to these sections for information you are interested in: z https overview z https configuration task list z associating the https service w...
Page 1514
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-2 configuration task remarks associating the https service with a certificate attribute access control policy optional associating the https service with an acl optional 2.3 associating the https se...
Page 1515
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-3 note: z after the https service is enabled, you can use the display ip https command to view the state of the https service and verify the configuration. Z enabling of the https service will trigg...
Page 1516
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-4 note: z if the ip https certificate access-control-policy command is executed repeatedly, the https server is only associated with the last specified certificate attribute access control policy. Z...
Page 1517
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-5 2.8 https configuration example i. Network requirements z host acts as the https client and switch acts as the https server. Z host accesses switch through web to control switch. Z ca (certificate...
Page 1518
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-6 [switch-pki-domain-1] certificate request url http://10.1.2.2:8080/certsrv/mscep/mscep.Dll [switch-pki-domain-1] certificate request from ra [switch-pki-domain-1] certificate request entity en [sw...
Page 1519
Operation manual – ssl-https h3c s3610&s5510 series ethernet switches chapter 2 https configuration 2-7 launch the ie explorer on host, and enter https://10.1.1.1. You can log onto switch and control it. Note: z for details of pki commands, refer to pki commands. Z for details of the public-key loca...
Page 1520: Table of Contents
Operation manual – pki h3c s3610&s5510 series ethernet switches table of contents i table of contents chapter 1 pki configuration ........................................................................................................ 1-1 1.1 introduction to pki ........................................
Page 1521: 1.1 Introduction to Pki
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-1 chapter 1 pki configuration when configuring pki, go to these sections for information you are interested in: z introduction to pki z pki configuration task list z displaying and maintaining pki z pki con...
Page 1522
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-2 ca for an entity, while a ca certificate, also known as root certificate, is signed by the ca for itself. Ii. Crl an existing certificate may need to be revoked when, for example, the user name changes, t...
Page 1523
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-3 i. Entity an entity is an end user of pki products or services, such as a person, an organization, a device like a switch, or a process running on a computer. Ii. Ca a ca is a trusted entity responsible f...
Page 1524
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-4 iii. Web security for web security, two peers can establish a secure sockets layer (ssl) connection first for transparent and secure communications at the application layer. With pki, ssl enables communic...
Page 1525
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-5 1.3 configuring an entity dn a certificate is the binding of a public key and the identity information of an entity, where the identity information is identified by an entity distinguished name (dn). A ca...
Page 1526
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-6 to do… use the command… remarks configure the ip address for the entity ip ip-address optional no ip address is specified by default. Configure the locality of the entity locality locality-name optional n...
Page 1527
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-7 management function is provided by the ca, in which case no independent ra is required. You are recommended to deploy an independent ra. Z url of the enrollment server an entity sends a certificate reques...
Page 1528
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-8 to do… use the command… remarks configure the url of the server for certificate request certificate request url url-string required no url is configured by default. Configure the polling interval and maxi...
Page 1529
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-9 follow these steps to configure an entity to submit a certificate request in auto mode: to do… use the command… remarks enter system view system-view — enter pki domain view pki domain domain-name — set t...
Page 1530
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-10 note: z if a pki domain has already a local certificate, creating an rsa key pair will result in inconsistency between the key pair and certificate. To generate a new rsa key pair, delete the local certi...
Page 1532
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-12 to do… use the command… remarks set the crl update period crl update-period hours optional by default, the crl update period depends on the next update field in the crl file. Enable crl checking crl chec...
Page 1533: 1.9 Deleting A Certificate
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-13 note: z the crl update period refers to the interval at which the entity downloads crls from the crl server. The crl update period configured manually is prior to that specified in the crls. Z the pki re...
Page 1534
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-14 1.10 configuring an access control policy by configuring a certificate attribute-based access control policy, you can further control access to the server, providing additional security for the server. F...
Page 1536
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-16 ii. Network diagram figure 1-2 diagram for configuring a pki entity to request a certificate from a ca iii. Configuration procedure on the ca server, complete the following configurations: 1) create a ca...
Page 1537
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-17 [switch] pki domain torsa # configure the name of the trusted ca as myca. [switch-pki-domain-torsa] ca identifier myca # configure the url of the enrollment server in the format of http://host:port/issui...
Page 1538
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-18 ca certificates retrieval success. # retrieve crls and save them locally. [switch] pki retrieval-crl domain torsa connecting to server for retrieving crl. Please wait a while..... Crl retrieval success! ...
Page 1539
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-19 19103439 3d4f9359 88fb59f3 8d4b2f6c 2b exponent: 65537 (0x10001) x509v3 extensions: x509v3 crl distribution points: uri:http://4.4.4.133:447/myca.Crl signature algorithm: sha1withrsaencryption 836213a4 f...
Page 1540
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-20 iii. Configuration procedure note: z for detailed information about ssl configuration, refer to ssl-https configuration. Z for detailed information about https configuration, refer to ssl-https configura...
Page 1541: 1.13 Troubleshooting Pki
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-21 # create the certificate attribute-based access control policy of myacp and add two access control rules. [switch] pki certificate access-control-policy myacp [switch-pki-cert-acp-myacp] rule 1 deny mygr...
Page 1542
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-22 1.13.2 failed to request a local certificate i. Symptom failed to request a local certificate. Ii. Analysis possible reasons include these: z the network connection is not proper. For example, the networ...
Page 1543
Operation manual – pki h3c s3610&s5510 series ethernet switches chapter 1 pki configuration 1-23 iii. Solution z make sure that the network connection is physically proper. Z retrieve a ca certificate. Z specify the ip address of the ladp server. Z specify the url for crl distribution. Z re-configur...
Page 1544: Table of Contents
Operation manual – appendix h3c s3610&s5510 series ethernet switches table of contents i table of contents appendix a acronyms ..................................................................................................................A-1.
Page 1545: Appendix A Acronyms
Operation manual – appendix h3c s3610&s5510 series ethernet switches appendix a acronyms a-1 appendix a acronyms a aaa authentication, authorization and accounting abr area border router acl access control list arp address resolution protocol as autonomous system asbr autonomous system border router...
Page 1546
Operation manual – appendix h3c s3610&s5510 series ethernet switches appendix a acronyms a-2 i iab internet architecture board icmp internet control message protocol igmp internet group management protocol igp interior gateway protocol ip internet protocol l lsa link state advertisement lsdb link st...
Page 1547
Operation manual – appendix h3c s3610&s5510 series ethernet switches appendix a acronyms a-3 s snmp simple network management protocol sp strict priority ssl secure sockets layer stp spanning tree protocol t tcp/ip transmission control protocol/ internet protocol tftp trivial file transfer protocol ...