DL manuals
H3C
Switch
S5500-EI series
Operation Manual

H3C S5500-EI series Operation Manual

Other manuals for S5500-EI series: Configuration Manual, Operation Manual – Port Security, Configuration Manual

Page of 1529

Download

Print this page

Bookmark us

H3C S5500-EI Series Ethernet Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version:

20071120-C-1.01

Product Version:

Release 2102

1 2 3 4 5 6 7 Next › »

Summary of S5500-EI series

Page 1
H3c s5500-ei series ethernet switches operation manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: 20071120-c-1.01 product version: release 2102.
Page 2
Copyright © 2007, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , irf, n...
Page 3: About This Manual
About this manual related documentation in addition to this manual, each h3c s5500-ei series ethernet switches documentation set includes the following: manual description h3c s5500-ei series ethernet switches installation manual it provides information for the system installation. H3c s5500-ei seri...
Page 4
Part contents 9 dldp introduces dldp and the related configurations. 10 mstp introduces stp, brdu tunnel and the related configurations. 11 ip routing-gr overview introduces the basic routing information, the classification of routing protocols, and gr fundamental. 12 ipv4 routing introduces ipv4 ro...
Page 5
Part contents 28 file system management introduces basic configuration for file system management. 29 information center introduces the configuration to analyze and diagnose networks using the information center. 30 system maintaining and debugging introduces daily system maintenance and debugging. ...
Page 7: Table of Contents
Operation manual – overview h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 obtaining the documentation .................................................................................... 1-1 1.1 cd-rom .............................................................
Page 8
Operation manual – overview h3c s5500-ei series ethernet switches chapter 1 obtaining the documentation 1-1 chapter 1 obtaining the documentation h3c technology co., ltd. Provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerni...
Page 9
Operation manual – overview h3c s5500-ei series ethernet switches chapter 1 obtaining the documentation 1-2 1.3 software version release with software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes..
Page 10
Operation manual – overview h3c s5500-ei series ethernet switches chapter 2 documentation and product version 2-1 chapter 2 documentation and product version 2.1 documentation and software version h3c s5500-ei series ethernet switches operation manual-release 2102 and h3c s5500-ei series ethernet sw...
Page 11: Chapter 3 Product Overview
Operation manual – overview h3c s5500-ei series ethernet switches chapter 3 product overview 3-1 chapter 3 product overview 3.1 preface h3c s5500-ei series ethernet switches (hereinafter referred to as the s5500-ei series) are gigabit ethernet switching products developed by h3c. The s5500-ei series...
Page 12
Operation manual – overview h3c s5500-ei series ethernet switches chapter 3 product overview 3-2 model number of service ports ports console port h3c s5500-28f-ei 28 24 100/1,000 m sfp ports + 8 10/100/1,000 m combo electrical ports + 2 10ge module slots 1 h3c s5500-28c-ei-dc 28 24 10/100/1,000 m el...
Page 13
Operation manual – overview h3c s5500-ei series ethernet switches chapter 4 networking applications 4-1 chapter 4 networking applications the s5500-ei series are designed as convergence layer switches or access layer switches for enterprise networks and mans. The s5500-ei series provide 24 or 48 aut...
Page 14
Operation manual – overview h3c s5500-ei series ethernet switches chapter 4 networking applications 4-2 ethernet cables, the s5500-ei series can provide power to ip phone, wlan ap, and other pd devices that support ieee 802.3af to facilitate network maintenance and management. Figure 4-2 application...
Page 15: Table of Contents
Operation manual – login h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 logging in to an ethernet switch .............................................................................. 1-1 1.1 logging in to an ethernet switch........................................
Page 16
Operation manual – login h3c s5500-ei series ethernet switches table of contents ii chapter 4 logging in using modem............................................................................................ 4-1 4.1 introduction .........................................................................
Page 17
Operation manual – login h3c s5500-ei series ethernet switches chapter 1 logging in to an ethernet switch 1-1 chapter 1 logging in to an ethernet switch 1.1 logging in to an ethernet switch you can log in to an s5500-ei series ethernet switch in one of the following ways: z logging in locally throug...
Page 18
Operation manual – login h3c s5500-ei series ethernet switches chapter 1 logging in to an ethernet switch 1-2 2) a relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The relative user interface index...
Page 19
Operation manual – login h3c s5500-ei series ethernet switches chapter 1 logging in to an ethernet switch 1-3 to do… use the command… remarks set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the tim...
Page 20
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-1 chapter 2 logging in through the console port note: the default system name of s5500-ei series ethernet switches is h3c, that is, the command line prompt is h3c. All the following example...
Page 21
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-2 figure 2-1 diagram for setting the connection to the console port z if you use a pc to connect to the console port, launch a terminal emulation utility (such as terminal in windows 3.X or...
Page 22
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-3 figure 2-4 set port parameters terminal window z turn on the switch. The user will be prompted to press the enter key if the switch successfully completes post (power-on self test). The p...
Page 23
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-4 table 2-2 common configuration of console port login configuration description baud rate optional the default baud rate is 9,600 bps. Check mode optional by default, the check mode of the...
Page 24
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-5 caution: changing of console port configuration terminates the connection to the console port. To establish the connection again, you need to modify the configuration of the termination e...
Page 25
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-6 authentication mode console port login configuration description specify to perform local authentication or radius authentication aaa configuration specifies whether to perform local auth...
Page 26
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-7 to do… use the command… remarks configure not to authenticate users authentication-mode none required by default, users logging in through the console port are not authenticated. Set the ...
Page 27
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-8 to do… use the command… remarks set the history command buffer size history-command max-size value optional the default history command buffer size is 10. That is, a history command buffe...
Page 28
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-9 z the screen can contain up to 30 lines. Z the history command buffer can contain up to 20 commands. Z the timeout time of the aux user interface is 6 minutes. Ii. Network diagram figure ...
Page 29
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-10 the pc, to make the configuration consistent with that on the switch. Refer to section 2.2 “ setting up the connection to the console port ” for more. 2.5 console port login configuratio...
Page 31
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-12 table 2-5 determine the command level (b) scenario authentication mode user type command command level the user privilege level level command not executed level 3 local authentication (a...
Page 32
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-13 iii. Configuration procedure # enter system view. System-view # enter aux user interface view. [h3c] user-interface aux 0 # specify to authenticate the user logging in through the consol...
Page 33
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-14 2.6 console port login configuration with authentication mode being scheme 2.6.1 configuration procedure to do… use the command… remarks enter system view system-view — enter the default...
Page 34
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-15 to do… use the command… remarks set the baud rate speed speed-value optional the default baud rate of the aux port (also the console port) is 9,600 bps. Set the check mode parity { even ...
Page 35
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-16 to do… use the command… remarks set the timeout time for the user interface idle-timeout minutes [seconds ] optional the default timeout time of a user interface is 10 minutes. With the ...
Page 36
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-17 2.6.2 configuration example i. Network requirements assume the switch is configured to allow you to login through telnet, and your user level is set to the administrator level (level 3)....
Page 37
Operation manual – login h3c s5500-ei series ethernet switches chapter 2 logging in through the console port 2-18 # set the service type to terminal, specify commands of level 2 are available to the user logging in to the aux user interface. [h3c-luser-guest] service-type terminal level 2 [h3c-luser...
Page 38
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-1 chapter 3 logging in through telnet 3.1 introduction you can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the telnet termi...
Page 39
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-2 table 3-2 common telnet configuration configuration description configure the command level available to users logging in to the vty user interface optional by default, commands of level 0 are avai...
Page 40
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-3 table 3-3 telnet configurations for different authentication modes authentication mode telnet configuration description none perform common configuration perform common telnet configuration optiona...
Page 41
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-4 3.2 telnet configuration with authentication mode being none 3.2.1 configuration procedure to do… use the command… remarks enter system view system-view — enable the telnet server function telnet s...
Page 42
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-5 to do… use the command… remarks set the history command buffer size history-command max-size value optional the default history command buffer size is 10. That is, a history command buffer can stor...
Page 43
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-6 z the screen can contain up to 30 lines. Z the history command buffer can contain up to 20 commands. Z the timeout time of vty 0 is 6 minutes. Ii. Network diagram figure 3-1 network diagram for tel...
Page 44
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-7 3.3 telnet configuration with authentication mode being password 3.3.1 configuration procedure to do… use the command… remarks enter system view system-view — enable the telnet server function teln...
Page 45
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-8 to do… use the command… remarks set the maximum number of lines the screen can contain screen-length screen-length optional by default, the screen can contain up to 24 lines. You can use the screen...
Page 46
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-9 3.3.2 configuration example i. Network requirements assume that you are a level 3 aux user and want to perform the following configuration for telnet users logging in to vty 0: z authenticate users...
Page 47
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-10 [h3c-ui-vty0] history-command max-size 20 # set the timeout time to 6 minutes. [h3c-ui-vty0] idle-timeout 6 3.4 telnet configuration with authentication mode being scheme 3.4.1 configuration proce...
Page 48
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-11 to do… use the command… remarks configure to authenticate users locally or remotely authentication-mode scheme required the specified aaa scheme determines whether to authenticate users locally or...
Page 49
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-12 to do… use the command… remarks set the timeout time for the user interface idle-timeout minutes [ seconds ] optional the default timeout time of a user interface is 10 minutes. With the timeout t...
Page 50
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-13 scenario authenticat ion mode user type command command level the user privilege level level command is not executed, and the service-type command does not specify the available command level. The...
Page 51
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-14 3.4.2 configuration example i. Network requirements assume that you are a level 3 aux user and want to perform the following configuration for telnet users logging in to vty 0: z configure the nam...
Page 52
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-15 [h3c-ui-vty0] protocol inbound telnet # set the maximum number of lines the screen can contain to 30. [h3c-ui-vty0] screen-length 30 # set the maximum number of commands the history command buffer...
Page 53
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-16 figure 3-4 network diagram for telnet connection establishment step 4: launch telnet on your pc, with the ip address of the management vlan interface of the switch as the parameter, as shown in th...
Page 54
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-17 note: z a telnet connection will be terminated if you delete or modify the ip address of the vlan interface in the telnet session. Z by default, commands of level 0 are available to telnet users a...
Page 55
Operation manual – login h3c s5500-ei series ethernet switches chapter 3 logging in through telnet 3-18 connection and receive the message that says “all user interfaces are used, please try later!”. Step 5: after successfully telnetting to the switch, you can configure the switch or display the inf...
Page 56
Operation manual – login h3c s5500-ei series ethernet switches chapter 4 logging in using modem 4-1 chapter 4 logging in using modem 4.1 introduction the administrator can log in to the console port of a remote switch using a modem through pstn (public switched telephone network) if the remote switc...
Page 57
Operation manual – login h3c s5500-ei series ethernet switches chapter 4 logging in using modem 4-2 ats0=1 ----------------------- configure to answer automatically after the first ring at&d ----------------------- ignore dtr signal at&k0 ----------------------- disable flow control at&r1 ----------...
Page 58
Operation manual – login h3c s5500-ei series ethernet switches chapter 4 logging in using modem 4-3 ii. Configuration on switch when the authentication mode is password refer to section 2.5 " console port login configuration with authentication mode being password ” iii. Configuration on switch when...
Page 59
Operation manual – login h3c s5500-ei series ethernet switches chapter 4 logging in using modem 4-4 console port pstn telephone line modem serial cable telephone number of the romote end: 82882285 modem modem figure 4-1 establish the connection by using modems step 4: launch a terminal emulation uti...
Page 60
Operation manual – login h3c s5500-ei series ethernet switches chapter 4 logging in using modem 4-5 figure 4-3 call the modem step 5: provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the cha...
Page 61: Network Management System
Operation manual – login h3c s5500-ei series ethernet switches chapter 5 logging in through web-based network management system 5-1 chapter 5 logging in through web-based network management system 5.1 introduction an s5500-ei series switch has a web server built in. You can log in to an s5500-ei ser...
Page 62
Operation manual – login h3c s5500-ei series ethernet switches chapter 5 logging in through web-based network management system 5-2 system-view [h3c] interface vlan-interface 1 [h3c-vlan-interface1] ip address 10.153.17.82 255.255.255.0 step 2: configure the user name and the password for the web-ba...
Page 63
Operation manual – login h3c s5500-ei series ethernet switches chapter 5 logging in through web-based network management system 5-3 to do… use the command… remarks enter system view system-view — shut down the web server undo ip http enable required execute this command in system view. The web serve...
Page 64
Operation manual – login h3c s5500-ei series ethernet switches chapter 6 logging in through nms 6-1 chapter 6 logging in through nms 6.1 introduction you can also log in to a switch through an nms (network management station), and then configure and manage the switch through the agent module on the ...
Page 65: Telnet Service Packets
Operation manual – login h3c s5500-ei series ethernet switches chapter 7 configuring source ip address for telnet service packets 7-1 chapter 7 configuring source ip address for telnet service packets go to these sections for information you are interested in: z overview z configuring source ip addr...
Page 66
Operation manual – login h3c s5500-ei series ethernet switches chapter 7 configuring source ip address for telnet service packets 7-2 ii. Configuration in system view table 7-2 configure a source ip address for service packets in system view to do… use the command… remarks enter system view system-v...
Page 67
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-1 chapter 8 controlling login users 8.1 introduction a switch provides ways to control different types of login users, as listed in table 8-1 . Table 8-1 ways to control different types of login users ...
Page 69
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-3 to do… use the command… remarks quit to system view quit — enter user interface view user-interface [ type ] first-number [ last-number ] — apply the acl to control telnet users by specified source a...
Page 70
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-4 8.2.5 configuration example i. Network requirements only the telnet users sourced from the ip address of 10.110.100.52 and 10.110.100.46 are permitted to log in to the switch. Ii. Network diagram swi...
Page 71
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-5 8.3.1 prerequisites the controlling policy against network management users is determined, including the source ip addresses to be controlled and the controlling actions (permitting or denying). 8.3....
Page 72
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-6 note: you can specify different acls while configuring the snmp community name, the snmp group name and the snmp user name. As snmp community name is a feature of snmpv1 and snmpv2c, the specified ac...
Page 73
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-7 [h3c-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [h3c-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [h3c-acl-basic-2000] rule 3 deny source any [h3c-acl-basic-2000] quit # apply the a...
Page 74
Operation manual – login h3c s5500-ei series ethernet switches chapter 8 controlling login users 8-8 8.4.3 disconnecting a web user by force the administrator can disconnect a web user by force using the related command. To do… use the command… remarks disconnect a web user by force free web-users {...
Page 75: Table of Contents
Operation manual – vlan h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 vlan configuration .................................................................................................... 1-1 1.1 introduction to vlan.............................................
Page 76
Operation manual – vlan h3c s5500-ei series ethernet switches table of contents ii 3.1.1 garp ...................................................................................................................... 3-1 3.1.2 gvrp ...........................................................................
Page 77
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-1 chapter 1 vlan configuration when configuring vlan, go to these sections for information you are interested in: z introduction to vlan z configuring basic vlan attributes z basic vlan interface configurati...
Page 78
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-2 vlan 2 vlan 5 switch b switch a router figure 1-1 a vlan diagram a vlan is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same vlan, u...
Page 79
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-3 figure 1-2 the format of a traditional ethernet frame ieee802.1q defines a four-byte vlan tag between the da&sa field and the type field to carry vlan-related information, as shown in figure 1-3 . Figure 1...
Page 80
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-4 1.1.3 vlan classification based on how vlans are established, vlans fall into different categories. The following types are the most commonly used: z port-based z mac address-based z protocol-based z ip-su...
Page 81
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-5 note: z as the default vlan, vlan 1 cannot be created or removed. Z you cannot manually create or remove reserved vlans, which are reserved for specific functions. Z dynamic vlans cannot be removed using t...
Page 82
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-6 to do… use the command… remarks bring up the vlan interface undo shutdown optional by default, a vlan interface is up. The state of a vlan interface also depends on the states of the ports in the vlan. If ...
Page 83
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-7 z a trunk port only allows packets from the default vlan to be sent without the tag label. Ii. Default vlan you can configure the default vlan for a port. By default, vlan 1 is the default vlan for all por...
Page 84
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-8 inbound packets handling port type if no tag is carried in the packet if a tag is carried in the packet outbound packets handling trunk port z strip the tag and send the packet if the vlan id is the same a...
Page 85
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-9 follow these steps to configure the access-port-based vlan in ethernet port view/port group view: to do… use the command… remarks enter system view system-view — enter ethernet port view interface interfac...
Page 87
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-11 to do… use the command… remarks configure the default vlan of the hybrid port port hybrid pvid vlan vlan-id optional vlan 1 is the default by default note: z to configure a trunk port into a hybrid port (...
Page 88
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-12 z auto configuration though the authentication server (that is, vlan issuing) the device associates mac addresses and vlans dynamically based on the information provided by the authentication server. If a...
Page 90
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-14 to do… use the command… remarks enter system view system-view — enter vlan view vlan vlan-id required if the specified vlan does not exist, this command creates the vlan and then enters its view. Configur...
Page 91
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-15 caution: z at present, the appletalk-based protocol template cannot be associated with a port on an s5500-ei series ethernet switch. Z do not configure both the dsap-id and ssap-id arguments in the protoc...
Page 92
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-16 to do… use the command… remarks configure the association between an ip subnet with the current vlan ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ] required the configured ip network segment or...
Page 94
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-18 [devicea-vlan2] quit [devicea] vlan 100 [devicea-vlan100] vlan 6 to 50 please wait... Done. # enter gigabitethernet 1/0/1 port view. [devicea] interface gigabitethernet 1/0/1 # configure gigabitethernet 1...
Page 95
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 1 vlan configuration 1-19 mdi type: auto link delay is 0(sec) port link-type: trunk tagged vlan id : 2, 6-50, 100 untagged vlan id : 2, 6-50, 100 port priority: 0 last 300 seconds input: 8 packets/sec 1513 bytes/sec 0% last 300 se...
Page 96
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-1 chapter 2 voice vlan configuration when configuring voice vlan, go to these sections for information you are interested in: z introduction to voice vlan z configuring voice vlan z displaying and main...
Page 97
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-2 note: z as the first 24 bits of a mac address (in binary format), an oui address is a globally unique identifier assigned to a vendor by ieee (institute of electrical and electronics engineers). Z yo...
Page 98
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-3 table 2-2 voice vlan operating mode and the corresponding voice traffic types port voice vlan mode voice traffic type port link type access: not supported trunk: supported provided that the default v...
Page 99
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-4 caution: z if the voice traffic sent by an ip phone is tagged and that the access port has 802.1x authentication and guest vlan enabled, assign different vlan ids for the voice vlan, the default vlan...
Page 100
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-5 in the two modes, the port processes a packet with other vlan tag in the same way, that is, forwards the packet if the vlan is allowed on the port, or discards the packet if the vlan is not allowed o...
Page 101
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-6 to do... Use the command... Remarks enable the voice vlan feature on the port voice vlan enable required not enabled by default note: z do not configure a vlan as both a protocol-based vlan and a voi...
Page 102
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-7 to do... Use the command... Remarks access port refer to configuring an access-port-based vlan . Trunk port refer to configuring a trunk-port-based vlan . Add the ports in manual mode to the voice vl...
Page 103
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-8 2.4 voice vlan configuration examples 2.4.1 automatic voice vlan mode configuration example i. Network requirement z create vlan 2 and configure it as a voice vlan with an aging time of 100 minutes. ...
Page 104
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-9 # configure the voice vlan mode on gigabitethernet 1/0/1 as automatic. (optional, by default, the voice vlan mode on a port is automatic mode) [devicea] interface gigabitethernet 1/0/1 [devicea-gigab...
Page 105
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-10 2.4.2 manual voice vlan mode configuration example i. Network requirement z create vlan 2 and configure it as a voice vlan. Z the voice traffic sent by the ip phones is untagged. Configure gigabitet...
Page 106
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 2 voice vlan configuration 2-11 # configure gigabitethernet 1/0/1 as a hybrid port. [devicea-gigabitethernet1/0/1]port link-type access please wait... Done. [devicea-gigabitethernet1/0/1]port link-type hybrid # configure the defau...
Page 107
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-1 chapter 3 gvrp configuration garp vlan registration protocol (gvrp) is a garp application. It functions based on the operating mechanism of garp to maintain and propagate dynamic vlan registration informat...
Page 108
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-2 participant sends leaveall messages upon the expiration of the leaveall timer, which is triggered when the garp participant is created. Join messages, leave messages, and leaveall message make sure the rer...
Page 109
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-3 attributes with other participants by making or withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals, handles attributes of other participants. When a ...
Page 110
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-4 field description value attribute consists of an attribute length, an attribute event, and an attribute value –– attribute length number of octets occupied by an attribute, inclusive of the attribute lengt...
Page 111
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-5 forbidden registration type thus allows only vlan 1 to pass through even though it is configured to carry all vlans. 3.1.3 protocols and standards gvrp is described in ieee 802.1q. 3.2 gvrp configuration t...
Page 113
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-7 table 3-2 dependencies of garp timers timer lower limit upper limit hold 10 centiseconds not greater than half of the join timer setting join not less than two times the hold timer setting less than half o...
Page 114
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-8 3.5 gvrp configuration examples 3.5.1 gvrp configuration example i i. Network requirements configure gvrp for dynamic vlan information registration and update among devices, adopting the normal registratio...
Page 115
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-9 [deviceb-gigabitethernet1/0/1] quit # create vlan 3 (a static vlan). [deviceb] vlan 3 3) verify the configuration # display dynamic vlan information on device a. [devicea] display vlan dynamic now, the fol...
Page 116
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-10 [devicea-gigabitethernet1/0/1] gvrp registration fixed [devicea-gigabitethernet1/0/1] quit # create vlan 2 (a static vlan). [devicea] vlan 2 2) configure device b # enable gvrp globally. System-view [devi...
Page 117
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-11 iii. Configuration procedure 1) configure device a # enable gvrp globally. System-view [devicea] gvrp # configure port gigabitethernet 1/0/1 as a trunk port, allowing all vlans to pass. [devicea] interfac...
Page 118
Operation manual – vlan h3c s5500-ei series ethernet switches chapter 3 gvrp configuration 3-12 ip packet frame type: pktfmt_ethnt_2, hardware address: 00e0-fc55-0010 description: gigabitethernet1/0/1 interface loopback is not set media type is twisted pair port hardware type is 1000_base_t unknown-...
Page 119: Table of Contents
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ip addressing configuration ...................................................................................... 1-1 1.1 ip addressing overview ...................
Page 120
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-1 chapter 1 ip addressing configuration when assigning ip addresses to interfaces on your device, go to these sections for information you are interested in: z ip address...
Page 121
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-2 table 1-1 describes the address ranges of these five classes. Currently, the first three classes of ip addresses are used in quantity. Table 1-1 ip address classes and ...
Page 122
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-3 each subnet mask comprises 32 bits related to the corresponding bits in an ip address. In a subnet mask, the part containing consecutive ones identifies the combination...
Page 123
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-4 note: this chapter only covers how to assign an ip address manually. For other approaches, refer to dhcp configuration. This section includes: z assigning an ip address...
Page 124
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-5 1.2.2 ip addressing configuration example i. Network requirements as shown in figure 1-3 , vlan-interface 1 on switch is connected to a lan comprising two segments: 172...
Page 125
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-6 ping 172.16.1.2: 56 data bytes, press ctrl_c to break reply from 172.16.1.2: bytes=56 sequence=1 ttl=255 time=25 ms reply from 172.16.1.2: bytes=56 sequence=2 ttl=255 t...
Page 126
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 1 ip addressing configuration 1-7 1.3 displaying and maintaining ip addressing to do… use the command… remarks display information about a specified or all layer 3 interfaces display ip interface [ inte...
Page 127
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-1 chapter 2 ip performance configuration when configuring ip performance, go to these sections for information you are interested in: z ip performance overview z enablin...
Page 128
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-2 follow these steps to enable the device to receive directed broadcasts: to do… use the command… remarks enter system view system-view — enable the device to receive di...
Page 129
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-3 ii. Network diagram figure 2-1 network diagram for receiving and forwarding directed broadcasts iii. Configuration procedure z configure switch a # enable switch a to ...
Page 130
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-4 2.3 configuring tcp attributes 2.3.1 configuring tcp optional parameters tcp optional parameters that can be configured include: z synwait timer: when sending a syn pa...
Page 131
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-5 i. Advantage of sending icmp error packets there are three kinds of icmp error packets: redirect packets, timeout packets and destination unreachable packets. Their se...
Page 132
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-6 z if the source uses “strict source routing" to send packets, but the intermediate device finds the next hop specified by the source is not directly connected, the dev...
Page 133
Operation manual – ip addressing and ip performance h3c s5500-ei series ethernet switches chapter 2 ip performance configuration 2-7 2.5 displaying and maintaining ip performance to do… use the command… remarks display current tcp connection state display tcp status display tcp connection statistics...
Page 134: Table of Contents
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 qinq configuration ..................................................................................................... 1-1 1.1 introduction to qinq.............................
Page 135
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-1 chapter 1 qinq configuration when configuring qinq, go to these sections for information you are interested in: z introduction to qinq z configuring basic qinq z configuring selective qinq z...
Page 136
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-2 figure 1-1 single-tagged frame structure vs. Double-tagged ethernet frame structure advantages of qinq: z addresses the shortage of public vlan id resource. Z enables customers to plan their...
Page 137
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-3 1.1.3 modification of tpid value of qinq frames a vlan tag uses the tag protocol identifier (tpid) field to identify the protocol type of the tag. The value of this field, as defined in ieee...
Page 138
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-4 protocol type value ipx/spx 0x8137 is-is 0x8000 lacp 0x8809 802.1x 0x888e cluster 0x88a7 reserved 0xfffd/0xfffe/0xffff 1.2 configuring basic qinq follow these steps to configure basic qinq: ...
Page 139
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-5 follow these steps to configure selective qinq: to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interface-type interface-number enter e...
Page 140
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-6 1.5 qinq configuration example i. Network requirements z provider a and provider b are service provider network access devices. Z customer a, customer b and customer c are customer network a...
Page 141
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-7 iii. Configuration procedure note: with this configuration, the user must allow the qinq packets to pass between the devices of the service providers. 1) configuration on provider a # enter ...
Page 142
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 1 qinq configuration 1-8 # configure gigabitethernet 1/0/3 as a trunk port, and permit frames of vlan 1000 and vlan 2000 to pass. [providera] interface gigabitethernet 1/0/3 [providera-gigabitethernet1/0/3] port lin...
Page 143
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-1 chapter 2 bpdu tunneling configuration when configuring bpdu tunneling, go to these sections for information you are interested in: z introduction to bpdu tunneling z configuring b...
Page 144
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-2 ii. Bpdu transparent transmission as shown in figure 2-1 , the upper part is the service provider network, and the lower part represents the customer networks. The customer network...
Page 145
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-3 2.2 configuring bpdu isolation perform the following tasks to configure bpdu isolation: to do... Use the command... Remarks enter system view system-view — enable bpdu tunneling gl...
Page 146
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-4 to do... Use the command... Remarks enter ethernet port view interface interface-type interface-number enter ethernet port view or port group view enter port group view port-group ...
Page 147
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-5 follow these steps to configure destination multicast mac address for bpdu tunnel frames: to do… use the command… remarks enter system view system-view — configure the destination ...
Page 148
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-6 iii. Configuration procedure 1) configuration on provider a # configure bpdu transparent transmission on gigabitethernet 1/0/1. System-view [providera] interface gigabitethernet 1/...
Page 149
Operation manual – qinq-bpdu tunneling h3c s5500-ei series ethernet switches chapter 2 bpdu tunneling configuration 2-7 note: when stp works stably on the customer network, if customer a acts as the root bridge, the ports of customer c and customer d connected with provider c can receive bpdus from ...
Page 150: Table of Contents
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 port correlation configuration................................................................................... 1-1 1.1 ethernet port configuration .................
Page 151
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-1 chapter 1 port correlation configuration when configuring ethernet ports, go to these sections for information you are interested in: z ethernet port configuration z m...
Page 152
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-2 similarly, if you configure the transmission rate for an ethernet port by using the speed command with the auto keyword specified, the transmission rate is determined ...
Page 153
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-3 single combo port can be a layer 2 ethernet interface or a layer 3 ethernet interface. Z dual-combo port: the two ethernet interfaces in the device panel correspond to...
Page 154
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-4 to do... Use the command... Remarks enable flow control flow-control required turned off by default 1.1.4 configuring the suppression time of physical-link-state chang...
Page 155
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-5 follow these steps to enable ethernet port loopback test: to do... Use the command... Remarks enter system view system-view — enter ethernet port view interface interf...
Page 156
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-6 follow these steps to configure a port group: to do... Use the command... Remarks enter system view system-view — enter manual port group view port-group manual port-g...
Page 157
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-7 follow these steps to set the broadcast/multicast/unknown unicast storm suppression ratios: to do... Use the command... Remarks enter system view system-view — enter e...
Page 158
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-8 to do… use the command… remarks enter system view system-view — interface interface-type interface-number configure the interval for collecting port statistics flow-in...
Page 159
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-9 with loopback detection enabled on an ethernet port, the device checks the port for external loopback periodically. Once a loopback is detected on the port, the system...
Page 160
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-10 1.1.11 configuring the cable type for an ethernet port two types of ethernet cables can be used to connect ethernet devices: crossover cable and straight-through cabl...
Page 161
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-11 z the length of the faulty cable if there is any fault. The system will return the check result in 5 seconds. Follow these steps to test the current operating state o...
Page 162
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-12 brought up by using the undo shutdown command or disabling the storm constrain function. Follow these steps to configure the storm constrain function on an ethernet p...
Page 163
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 1 port correlation configuration 1-13 note: z for network stability consideration, configure the interval for generating traffic statistics to a value that is not shorter than the default. Z the storm con...
Page 164
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 2 port isolation configuration 2-1 chapter 2 port isolation configuration when configuring port isolation, go to these sections for information you are interested in: z introduction to port isolation z co...
Page 165
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 2 port isolation configuration 2-2 to do… use the command… remarks add a port to an isolation group as an ordinary port port-isolate enable group group-number required no ports are added to the isolation ...
Page 166
Operation manual – port correlation configuration h3c s5500-ei series ethernet switches chapter 2 port isolation configuration 2-3 iii. Configuration procedure # add ports gigabitethernet1/0/1, gigabitethernet1/0/2 and gigabitethernet1/0/3 to the isolation group. System-view [device] interface gigab...
Page 167: Table of Contents
Operation manual – link aggregation h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 link aggregation overview ........................................................................................ 1-1 1.1 link aggregation .........................................
Page 168
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-1 chapter 1 link aggregation overview this chapter covers these topics: z link aggregation z approaches to link aggregation z load sharing in a link aggregation group z service loop group ...
Page 169
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-2 table 1-1 consistency considerations for ports in an aggregation category considerations stp state of port-level stp (enabled or disabled) attribute of the link (point-to-point or otherw...
Page 170
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-3 1.2 approaches to link aggregation two ways are available for implementing link aggregation, as described in manual link aggregation and static lacp link aggregation . 1.2.1 manual link ...
Page 171
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-4 iii. Port configuration considerations in manual aggregation as mentioned above, in a manual aggregation group, only ports with configurations consistent with those of the reference port...
Page 172
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-5 4) as there is a limit on the number of selected ports, not all selected-port candidates can become selected ports. Before the limit is reached, all the candidates are set to the selecte...
Page 173
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-6 forwarding port according to the source mac address and destination mac address. Z for a unicast ip packet with a known destination ip address, the switch selects the forwarding port acc...
Page 174
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 1 link aggregation overview 1-7 after assigning a port to a service-loop group, you may configure it with other non-conflicting settings, such as qos. If this group is performing load sharing, it continues to function ...
Page 175
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-1 chapter 2 link aggregation configuration when configuring link aggregation, go to these sections for information you are interested in: z configuring link aggregation z displaying a...
Page 176
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-2 z for a manual aggregation group containing only one port, the only way to remove the port from it is to remove the aggregation group. Z to make an aggregation group to function pro...
Page 177
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-3 note: when making configuration, be aware that after a load-balancing aggregation group changes to a non-load balancing group due to resources exhaustion, either of the following ma...
Page 178
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-4 note: z you can remove any service loop group except those that are currently referenced by modules. Z for a service loop group containing only one port, the only way to remove the ...
Page 179
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-5 to do… use the command… remarks display detailed information about specified or all link aggregation groups display link-aggregation verbose [ agg-id ] available in any view clear t...
Page 180
Operation manual – link aggregation h3c s5500-ei series ethernet switches chapter 2 link aggregation configuration 2-6 system-view [switcha] link-aggregation group 1 mode manual # add ports gigabitethernet 1/0/1 through gigabitethernet 1/0/3 to the group. [switcha] interface gigabitethernet 1/0/1 [s...
Page 181: Table of Contents
Operation manual – mac address table management h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 mac address table management configuration ..................................................... 1-1 1.1 introduction to mac address table...............................
Page 182: Configuration
Operation manual – mac address table management h3c s5500-ei series ethernet switches chapter 1 mac address table management configuration 1-1 chapter 1 mac address table management configuration when configuring mac address table management, go to these sections for information you are interested i...
Page 183
Operation manual – mac address table management h3c s5500-ei series ethernet switches chapter 1 mac address table management configuration 1-2 note: dynamically learned mac addresses cannot overwrite static mac address entries, but the latter can overwrite the former. As shown in figure 1-1 , when f...
Page 184
Operation manual – mac address table management h3c s5500-ei series ethernet switches chapter 1 mac address table management configuration 1-3 to do… use the command… remarks enter system view system-view — mac-address blackhole mac-address vlan vlan-id add/modify a mac address entry mac-address { d...
Page 185
Operation manual – mac address table management h3c s5500-ei series ethernet switches chapter 1 mac address table management configuration 1-4 1.2.3 configuring the maximum number of mac addresses an ethernet port or a port group can learn to prevent a mac address table from getting so large that it...
Page 186
Operation manual – mac address table management h3c s5500-ei series ethernet switches chapter 1 mac address table management configuration 1-5 1.4 mac address table management configuration example i. Network requirements log onto your device from the console port to configure mac address table mana...
Page 187: Table of Contents
Operation manual – ip source guard h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ip source guard configuration .................................................................................. 1-1 1.1 ip source guard overview ....................................
Page 188
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-1 chapter 1 ip source guard configuration when configuring ip source guard, go to these sections for information you are interested in: z ip source guard overview z configuring a static...
Page 189
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-2 to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number — configure a static binding entry user-bind { ip-addres...
Page 191
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-4 ii. Network diagram figure 1-1 network diagram for configuring static binding entries iii. Configuration procedure 1) configure switch a # configure the ip addresses of various interf...
Page 192
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-5 [switchb-gigabitethernet1/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406 [switchb-gigabitethernet1/0/1] quit # configure port gigabitethernet1/0/2 of switch b to all...
Page 193
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-6 note: for detailed configuration of dhcp server, refer to dhcp configuration in this manual. Ii. Network diagram figure 1-2 network diagram for configuring dynamic binding iii. Config...
Page 194
Operation manual – ip source guard h3c s5500-ei series ethernet switches chapter 1 ip source guard configuration 1-7 type ip address mac address lease vlan interface ==== =============== ============== ============ ==== ================= d 192.168.0.1 0001-0203-0406 86335 1 gigabitethernet1/0/1 as y...
Page 195: Table of Contents
Operation manual – dldp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 dldp configuration .................................................................................................... 1-1 1.1 overview ........................................................
Page 196
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-1 chapter 1 dldp configuration when performing dldp configuration, go to these sections for information you are interested in: z overview z dldp configuration task list z enabling dldp z setting dldp mode z ...
Page 197
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-2 device a ge1/0/50 ge1/0/51 device b pc ge1/0/50 ge1/0/51 figure 1-1 unidirectional fiber link: cross-connected fiber device a device b pc ge1/0/50 ge1/0/50 ge1/0/51 ge1/0/51 figure 1-2 unidirectional fiber...
Page 198
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-3 connected correctly and if packets can be exchanged between the two devices. Note that dldp is not implemented through auto-negotiation. 1.1.2 dldp fundamentals i. Dldp link states a device is in one of th...
Page 199
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-4 ii. Dldp timers table 1-2 dldp timers dldp timer description active timer determines the interval to send advertisement packets with rsy tag, which defaults to 1 second. When a device transits to the activ...
Page 200
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-5 dldp timer description enhanced timer in the enhanced mode, this timer is triggered if no packet is received from a neighbor when the entry aging timer expires. Enhanced timer is set to 10 seconds. After t...
Page 201
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-6 table 1-3 dldp mode and neighbor entry aging dldp mode detecting a neighbor after the corresponding neighbor entry ages out removing the neighbor entry immediately after the entry timer expires triggering ...
Page 202
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-7 iv. Dldp authentication mode you can prevent network attacks and illegal detect through dldp authentication. Three dldp authentication modes exist, as described below. Z non-authentication. In this mode, t...
Page 203
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-8 z the packet is dropped if the setting of the interval for sending advertisement packets it carries conflicts with the corresponding local setting. Z other processes. Table 1-5 procedures for processing di...
Page 204
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-9 packet type processing procedure if not, no process is performed. Recoverprobe packet check to see if the local port is in disable or advertisement state. If yes, returns recoverecho packets. If not, no pr...
Page 205
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-10 dldp neighbor state description unidirectional a neighbor is in this state when the link connecting it is detected to be a unidirectional link. After a device transits to this state, the corresponding nei...
Page 206
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-11 to do… use the command… remarks enter system view system-view — enable dldp globally dldp enable required globally disabled by default enter ethernet port view interface interface-type interface-number en...
Page 207
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-12 follow these steps to set the interval for sending advertisement packets: to do… use the command… remarks enter system view system-view — set the interval for sending advertisement packets dldp interval t...
Page 208
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-13 1.2.5 setting the port shutdown mode on detecting a unidirectional link, the ports can be shut down in one of the following two modes. Z manual mode. This mode applies to networks with low performance, wh...
Page 209
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-14 caution: to enable dldp to operate properly, make sure the dldp authentication modes and the passwords of the both sides of a link are the same. 1.2.7 resetting dldp state after a unidirectional link is d...
Page 210
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-15 to do… use the command… remarks enter system view system-view — enter ethernet port view interface interface-type interface-number enter ethernet port view/port group view enter port group view port-group...
Page 211
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-16 ii. Network diagram device a ge1/0/50 ge1/0/51 device b pc ge1/0/50 ge1/0/51 figure 1-4 network diagram for dldp configuration iii. Configuration procedure 1) configuration on device a # enable dldp on gi...
Page 212
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-17 dldp interval : 6s dldp work-mode : enhance dldp authentication-mode : none dldp unidirectional-shutdown : auto dldp delaydown-timer : 2s the number of enabled ports is 2. Interface gigabitethernet1/0/50 ...
Page 213
Operation manual – dldp h3c s5500-ei series ethernet switches chapter 1 dldp configuration 1-18 z dldp authentication modes/passwords on device a and device b are not the same. Solution: make sure the interval for sending advertisement packets, the authentication mode, and the password on device a a...
Page 214: Table of Contents
Operation manual – mstp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 mstp configuration .................................................................................................... 1-1 1.1 mstp overview ...................................................
Page 215
Operation manual – mstp h3c s5500-ei series ethernet switches table of contents ii 1.6.1 configuration prerequisites................................................................................... 1-41 1.6.2 configuration procedure ....................................................................
Page 216
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-1 chapter 1 mstp configuration when configuring mstp, go to these sections for information you are interested in: z mstp overview z configuring the root bridge z configuring leaf nodes z performing mcheck z ...
Page 217
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-2 iii. Basic concepts in stp 1) root bridge a tree network must have a root; hence the concept of “root bridge” has been introduced in stp. There is one and only one root bridge in the entire network, and th...
Page 218
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-3 lan device a device b device c ap 2 bp 1 bp 2 cp 1 cp 2 ap 1 figure 1-1 a schematic diagram of designated bridges and designated ports iv. Path cost path cost is a reference value used for link selection i...
Page 219
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-4 note: for the convenience of description, the description and examples below involve only four parts of a configuration bpdu: z root bridge id (in the form of device priority) z root path cost z designated...
Page 220
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-5 note: principle for configuration bpdu comparison: z the configuration bpdu that has the lowest root bridge id has the highest priority. Z if all the configuration bpdus have the same root bridge id, they ...
Page 221
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-6 step description 3 the device compares the calculated configuration bpdu with the configuration bpdu on the port of which the port role is to be defined, and does different things according to the comparis...
Page 222
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-7 table 1-4 initial state of each device device port name bpdu of port ap1 {0, 0, 0, ap1} device a ap2 {0, 0, 0, ap2} bp1 {1, 0, 1, bp1} device b bp2 {1, 0, 1, bp2} cp1 {2, 0, 2, cp1} device c cp2 {2, 0, 2, ...
Page 223
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-8 device comparison process bpdu of port after comparison z port bp1 receives the configuration bpdu of device a {0, 0, 0, ap1}. Device b finds that the received configuration bpdu is superior to the configu...
Page 224
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-9 device comparison process bpdu of port after comparison z port cp1 receives the configuration bpdu of device a {0, 0, 0, ap2}. Device c finds that the received configuration bpdu is superior to the configu...
Page 225
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-10 figure 1-3 the final calculated spanning tree note: to facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated. 2) the bpd...
Page 226
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-11 3) stp timers stp calculations need three important timing parameters: forward delay, hello time, and max age. Z forward delay is the delay time for device state transition. A path failure will cause re-c...
Page 227
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-12 note: z in rstp, a newly elected root port can enter the forwarding state rapidly if this condition is met: the old root port on the device has stopped forwarding data and the upstream designated port has...
Page 228
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-13 figure 1-4 basic concepts in mstp 1) mst region a multiple spanning tree region (mst region) is composed of multiple devices in a switched network and network segments among them. These devices have the f...
Page 229
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-14 2) vlan-to-instance mapping table as an attribute of an mst region, the vlan-to-instance mapping table describes the mapping relationships between vlans and mst instances. In figure 1-4 , for example, the...
Page 230
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-15 in figure 1-4 , for example, the common root bridge is a device in region a0. 9) boundary port a boundary port is a port that connects an mst region to another mst configuration, or to a single spanning-t...
Page 231
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-16 connecting to the common root bridge edge ports port 1 port 2 master port alternate port designated port port 3 port 4 port 5 a b c d port 6 backup port mst region figure 1-5 port roles figure 1-5 helps u...
Page 232
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-17 note: when in different mst instances, a port can be in different states. Z the role a boundary port plays in an msti is consistent with the role it plays in the cist. The master port, which is a root por...
Page 233
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-18 calculation process, which is similar to spanning tree calculation in stp, for each spanning tree. For details, refer to how stp works . In mstp, a vlan packet is forwarded along the following paths: z wi...
Page 234
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-19 task remarks configuring an mst region required specifying the root bridge or a secondary root bridge optional configuring the work mode of mstp device optional configuring the priority of the current dev...
Page 235
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-20 task remarks performing mcheck optional configuring digest snooping optional configuring no agreement check optional configuring protection functions optional note: in a network containing switches with b...
Page 236
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-21 to do... Use the command... Remarks display all the configuration information of the mst region check region-configuration optional display the currently effective mst region configuration information dis...
Page 237
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-22 1.3.2 specifying the root bridge or a secondary root bridge mstp can determine the root bridge of a spanning tree through mstp calculation. Alternatively, you can specify the current device as the root br...
Page 238
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-23 z there is one and only one root bridge in effect in a spanning tree instance. If two or more devices have been designated to be root bridges of the same spanning tree instance, mstp will select the devic...
Page 239
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-24 z in mstp mode, all ports of the device send out mstp bpdus. If the device detects that it is connected with a legacy stp device, the port connecting with the legacy stp device will automatically migrate ...
Page 240
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-25 caution: z upon specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Z during root bridge selection, if all devices in a spanning tree...
Page 241
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-26 note: a larger maximum hops setting means a larger size of the mst region. Only the maximum hops configured on the regional root bridge can restrict the size of the mst region. Ii. Configuration example #...
Page 242
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-27 1.3.7 configuring timers of mstp mstp involves three timers: forward delay, hello time and max age. You can configure these three parameters for mstp to calculate spanning trees. I. Configuration procedur...
Page 243
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-28 caution: z the length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note...
Page 244
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-29 1.3.8 configuring the timeout factor after the network topology is stabilized, each non-root-bridge device forwards configuration bpdus to the surrounding devices at the interval of hello time to check wh...
Page 245
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-30 i. Configuration procedure follow these steps to configure the maximum transmission rate of a port or a group of ports: to do... Use the command... Remarks enter system view system-view — enter ethernet i...
Page 246
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-31 i. Configuration procedure follow these steps to specify a port or a group of ports as edge port(s): to do... Use the command... Remarks enter system view system-view — enter ethernet interface view inter...
Page 247
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-32 i. Configuration procedure follow these steps to configure whether a port or a group of ports connect to point-to-point links: to do... Use the command... Remarks enter system view system-view — enter eth...
Page 248
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-33 1.3.12 configuring the mode a port uses to recognize/send mstp packets a port can send/recognize mstp packets of two formats: z 802.1s-compliant standard format, and z compatible format by default, the pa...
Page 249
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-34 ii. Configuration example # configure gigabitethernet 1/0/1 to receive and send standard-format mstp packets. System-view [sysname] interface gigabitethernet 1/0/1 [sysname-gigabitethernet1/0/1] stp compl...
Page 250
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-35 to do... Use the command... Remarks enable the mstp feature on the port(s) stp enable optional mstp is disabled on ports by default and automatically enabled on all ports after it is enabled globally on t...
Page 251
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-36 1.4.5 configuring ports as edge ports refer to configuring ports as edge ports in the section about root bridge configuration. 1.4.6 configuring path costs of ports path cost is a parameter related to the...
Page 252
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-37 link speed duplex state 802.1d-1998 802.1t private standard 100 mbps single port aggregated link 2 ports aggregated link 3 ports aggregated link 4 ports 19 19 19 19 200,000 100,000 66,666 50,000 200 180 1...
Page 253
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-38 to do... Use the command... Remarks configure the path cost of the port(s) stp [ instance instance-id ] cost cost required by default, mstp automatically calculates the path cost of each port. Caution: z ...
Page 254
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-39 to do... Use the command... Remarks configure the port priority stp [ instance instance-id ] port priority priority optional 128 for all ethernet ports by default. Note: z when the priority of a port is c...
Page 255
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-40 1.5 performing mcheck ports on an mstp-compliant device have three working modes: stp compatible mode, rstp mode, and mstp mode. In a switched network, if a port on the device running mstp (or rstp) conne...
Page 256
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-41 caution: the stp mcheck command is meaningful only when the device works in the mstp (or rstp) mode, not in the stp-compatible mode. 1.5.3 configuration example # perform mcheck on port gigabitethernet 1/...
Page 257
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-42 1.6.2 configuration procedure follow these steps to configure digest snooping: to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type in...
Page 258
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-43 caution: z you can only enable the digest snooping feature on the device connected to another vendor’s device that uses a private key to calculate the configuration digest. Z with the digest snooping feat...
Page 259
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-44 iii. Configuration procedure 1) enable digest snooping on device a # enable digest snooping on gigabitethernet1/0/1. System-view [devicea] interface gigabitethernet 1/0/1 [devicea-gigabitethernet1/0/1] st...
Page 260
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-45 root port designated port root port blocks other non-edge ports , changes to forwarding state and sends agreement to upstream switch downstream switch upstream switch proposal for rapid transition designa...
Page 261
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-46 to do... Use the command... Remarks enable no agreement check stp no-agreement-check required not enabled by default note: the no agreement check feature can only take effect on the root port or alternate...
Page 262
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-47 z root guard z loop guard z tc-bpdu attack guard note: z the s5500-ei series ethernet switches support the bpdu guard, root guard and loop guard functions. Z among loop guard, root guard and edge port set...
Page 263
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-48 follow these steps to enable bpdu guard: to do... Use the command... Remarks enter system view system-view — enable the bpdu guard function on the device stp bpdu-protection required disabled by default 1...
Page 264
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-49 to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface view or port group view enter port grou...
Page 265
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-50 follow these steps to enable loop guard: to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interfac...
Page 266
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-51 note: we recommend that you keep this feature enabled. 1.9 displaying and maintaining mstp to do... Use the command... Remarks view the information about abnormally blocked ports display stp abnormal-port...
Page 267
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-52 z device a and device b are convergence layer devices, while device c and device d are access layer devices. Vlan 10 and vlan 30 are terminated on the convergence layer devices, and vlan 40 is terminated ...
Page 268
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-53 # define device a as the root bridge of mst instance 1. [devicea] stp instance 1 root primary # view the mst region configuration information that has taken effect. [devicea] display stp region-configurat...
Page 269
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-54 1 10 3 30 4 40 3) configuration on device c # enter mst region view. System-view [devicec] stp region-configuration [devicec-mst-region] region-name example # configure the region name, vlan-to-instance m...
Page 270
Operation manual – mstp h3c s5500-ei series ethernet switches chapter 1 mstp configuration 1-55 [deviced-mst-region] instance 3 vlan 30 [deviced-mst-region] instance 4 vlan 40 [deviced-mst-region] revision-level 0 # activate mst region configuration manually. [deviced-mst-region] active region-confi...
Page 271: Table of Contents
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ip routing overview.................................................................................................... 1-1 1.1 ip routing and routing table...................
Page 272
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-1 chapter 1 ip routing overview go to these sections for information you are interested in: z ip routing and routing table z routing protocol overview z displaying and maintaining a routin...
Page 273
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-2 z network mask: specifies, in company with the destination address, the address of the destination network. A logical and operation between the destination address and the network mask y...
Page 274
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-3 router a router b router h router e 16.0.0.2 17.0.0.3 15.0.0.0 12.0.0.0 17.0.0.0 11.0.0.0 16.0.0.0 13.0.0.0 14.0.0.0 router c router d router f router g 11.0.0.1 12.0.0.1 12.0.0.2 15.0.0...
Page 275
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-4 i. Operational scope z interior gateway protocols (igps): work within an autonomous system, including rip, ospf, and is-is. Z exterior gateway protocols (egps): work between autonomous s...
Page 276
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-5 the following table lists some routing protocols and the default priorities for routes found by them: routing approach priority direct 0 ospf 10 is-is 15 static 60 rip 100 ospf ase 150 o...
Page 277
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-6 ii. Route backup route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest prior...
Page 278
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 1 ip routing overview 1-7 to do… use the command… remarks display routing information permitted by an ipv4 prefix list display ip routing-table ip-prefix ip-prefix-name [ verbose ] display routes of a routing pro...
Page 279: Chapter 2 Gr Overview
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 2 gr overview 2-1 chapter 2 gr overview go to these sections for information you are interested in: z introduction to graceful restart z basic concepts in graceful restart z graceful restart communication procedu...
Page 280
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 2 gr overview 2-2 z gr session: a graceful restart session, which is the negotiation between the gr restarter and the gr helper. A gr session includes restart notification and communications across restart. Throu...
Page 281
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 2 gr overview 2-3 2) gr restarter restarting figure 2-2 restarting process for the gr restarter as illustrated in figure 2-2 . The gr helper detects that the gr restarter has restarted its routing protocol and as...
Page 282
Operation manual – ip routing-gr overview h3c s5500-ei series ethernet switches chapter 2 gr overview 2-4 figure 2-4 the gr restarter obtains topology and routing information from the gr helper as illustrated in figure 2-4 , the gr restarter obtains the necessary topology and routing information fro...
Page 283: Table of Contents
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 static routing configuration...................................................................................... 1-1 1.1 introduction .................................................
Page 284
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents ii 2.4.6 configuring ripv2 message authentication ......................................................... 2-15 2.4.7 specifying a rip neighbor ......................................................................
Page 285
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents iii 3.7.3 specifying an lsa transmission delay ................................................................ 3-34 3.7.4 specifying spf calculation interval ........................................................
Page 286
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents iv 4.4.2 specifying a priority for is-is ................................................................................ 4-20 4.4.3 configuring is-is link cost.......................................................
Page 287
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents v 5.4.1 prerequisites ......................................................................................................... 5-22 5.4.2 configuring bgp route redistribution........................................
Page 288
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches table of contents vi 6.3.1 prerequisites ........................................................................................................... 6-4 6.3.2 defining an ipv4 prefix list .............................................
Page 289
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 1 static routing configuration 1-1 chapter 1 static routing configuration when configuring a static route, go to these sections for information you are interested in: z introduction z configuring a static route z applicati...
Page 290
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 1 static routing configuration 1-2 you can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing protocols, such as ospf, rip and is-is, can also generate the default route. 1.1.3 ...
Page 292
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 1 static routing configuration 1-4 i. Network requirements to detect the reachability of a static route's nexthop through a track entry, you need to create a track first. For detailed track configuration procedure, refer t...
Page 293
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 1 static routing configuration 1-5 1.5 configuration example i. Network requirements the ip addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection be...
Page 294
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 1 static routing configuration 1-6 routing tables: public destinations : 7 routes : 7 destination/mask proto pre cost nexthop interface 0.0.0.0/0 static 60 0 1.1.4.2 vlan500 1.1.2.0/24 direct 0 0 1.1.2.3 vlan300 1.1.2.3/32...
Page 295
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-1 chapter 2 rip configuration note: z the term “router” in this document refers to a router in a generic sense or a layer 3 switch. Z the s5500-ei series only support single rip process. When configur...
Page 296
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-2 rip prevents routing loops by implementing the split horizon and poison reverse functions. Ii. Rip routing table a rip router has a routing table containing routing entries of all reachable destinat...
Page 297
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-3 z triggered updates. A router advertises updates once the metric of a route is changed rather than after the update period expires to speed up network convergence. 2.1.2 operation of rip the followi...
Page 298
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-4 2.1.4 rip message format i. Ripv1 message format a ripv1 message consists of a header and up to 25 route entries. Figure 2-1 shows the format of ripv1 message. Figure 2-1 ripv1 message format z comm...
Page 299
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-5 z next hop: if set to 0.0.0.0, it indicates that the originator of the route is the best next hop; otherwise it indicates a next hop better than the originator of the route. Iii. Ripv2 authenticatio...
Page 300
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-6 rfc 2082: ripv2 md5 authentication 2.2 configuring rip basic functions 2.2.1 configuration prerequisites before configuring rip basic functions, configure ip addresses for interfaces, making all adj...
Page 301
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-7 to do… use the command… remarks return to system view quit — enter interface view interface interface-type interface-number — enable the interface to receive rip messages rip input optional enabled ...
Page 303
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-9 to do… use the command… remarks define an outbound additional routing metric rip metricout [ route-policy route-policy-name ]value optional 1 by default 2.3.2 configuring ripv2 route summarization r...
Page 304
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-10 note: you need to disable ripv2 route automatic summarization before advertising a summary route on an interface. 2.3.3 disabling host route reception sometimes a router may receive many host route...
Page 305
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-11 note: the router enabled to advertise a default route does not receive default routes from rip neighbors. 2.3.5 configuring inbound/outbound route filtering the device supports route filtering. You...
Page 306
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-12 follow these steps to configure a priority for rip: to do… use the command… remarks enter system view system-view –– enter rip view rip [ process-id ] –– configure a priority for rip preference [ r...
Page 308
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-14 ii. Enabling poison reverse the poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. Follow th...
Page 309
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-15 2.4.5 enabling source ip address check on incoming rip updates you can enable source ip address check on incoming rip updates. For a message received on an ethernet interface, rip compares the sour...
Page 310
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-16 2.4.7 specifying a rip neighbor usually, rip sends messages to broadcast or multicast addresses. On non broadcast or multicast links, you need to manually specify rip neighbors. If a specified neig...
Page 311
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-17 2.6 rip configuration examples 2.6.1 configuring rip version i. Network requirements as shown in figure 2-4 , enable ripv2 on all interfaces on switch a and switch b. Ii. Network diagram figure 2-4...
Page 312
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-18 3) configure rip version # configure ripv2 on switch a. [switcha] rip [switcha-rip-1] version 2 [switcha-rip-1] undo summary # configure ripv2 on switch b. [switchb] rip [switchb-rip-1] version 2 [...
Page 313
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 2 rip configuration 2-19 z use the display rip command to check whether some interface is disabled 2.7.2 route oscillation occurred symptom: when all links work well, route oscillation occurs on the rip network. After disp...
Page 314
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-1 chapter 3 ospf configuration note: the term “router” in this document refers to a router in a generic sense or a layer 3 switch. Open shortest path first (ospf) is a link state interior gateway pro...
Page 315
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-2 z loop-free: computes routes with the shortest path first (spf) algorithm according to the collected link states, so no route loops are generated. Z area partition: allows an as to be split into di...
Page 316
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-3 iv. Ospf packets ospf uses five types of packets: z hello packet: periodically sent to find and maintain neighbors, containing the values of some timers, information about the dr, bdr and known nei...
Page 317
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-4 z opaque lsa: a proposed type of lsa, the format of which consists of a standard lsa header and application specific information. Opaque lsas are used by the ospf protocol or by some application to...
Page 318
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-5 figure 3-1 ospf area partition after area partition, area border routers perform route summarization to reduce the number of lsas advertised to other areas and minimize the effect of topology chang...
Page 319
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-6 figure 3-2 ospf router types iii. Backbone area and virtual links each as has a backbone area, which is responsible for distributing routing information between none-backbone areas. Routing informa...
Page 320
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-7 another application of virtual links is to provide redundant links. If the backbone area cannot maintain internal connectivity due to a physical link failure, configuring a virtual link can guarant...
Page 321
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-8 nssa area. When traveling to the nssa abr, type-7 lsas are translated into type-5 lsas by the abr for advertisement to other areas. In the following figure, the ospf as contains three areas: area 1...
Page 322
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-9 segment. The abr in the area distributes only the summary lsa to reduce the scale of lsdbs on routers in other areas. 2) asbr route summarization if summarization for redistributed routes is config...
Page 323
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-10 z p2mp (point-to-multipoint): by default, ospf considers no link layer protocol as p2mp, which is a conversion from other network types such as nbma in general. On p2mp networks, packets are sent ...
Page 324
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-11 the new dr in a very short period by avoiding adjacency establishment and dr reelection. Meanwhile, other routers elect another bdr, which requires a relatively long period but has no influence on...
Page 325
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-12 3.1.5 ospf packet formats ospf packets are directly encapsulated into ip packets. Ospf has the ip protocol number 89. The ospf packet format is shown below (taking a lsu packet as an example). Fig...
Page 326
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-13 ii. Hello packet a router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the dr/bdr, including information about values of timers, dr, bdr a...
Page 327
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-14 the dd packet format: ... Version 2 router id area id checksum autype packet length authentication authentication interface mtu dd sequence number lsa header options 0 0 0 0 0 i m m s 0 7 15 31 ls...
Page 328
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-15 version 3 router id area id checksum autype packet length authentication authentication ls type link state id ... Advertising router 0 7 15 31 figure 3-12 lsr packet format major fields: z ls type...
Page 329
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-16 lsas can be acknowledged in a single link state acknowledgment packet. The following figure gives its format. ... Figure 3-14 lsack packet format vii. Lsa header format all lsas have the same head...
Page 330
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-17 viii. Formats of lsas 1) router lsa figure 3-16 router lsa format major fields: z link state id: id of the router that originated the lsa. Z v (virtual link): set to 1 if the router that originate...
Page 331
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-18 figure 3-17 network lsa format major fields: z link state id: the interface address of the dr z network mask: the mask of the network (a broadcast or nbma network) z attached router: the ids of th...
Page 332
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-19 note: a type-3 lsa can be used to advertise a default route, having the link state id and network mask set to 0.0.0.0. 4) as external lsa an as external lsa originates from an asbr, describing rou...
Page 333
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-20 an nssa external lsa originates from the asbr in a nssa and is flooded in the nssa area only. It has the same format as the as external lsa. Network mask forwarding address ls age linke state id a...
Page 334
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-21 after an ospf gr restarter restarts ospf, it needs to perform the following two tasks in order to re-synchronize its lsdb with its neighbors. Z to obtain once again effective ospf neighbor informa...
Page 335
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-22 task remarks configuring ospf route summarization optional configuring ospf inbound route filtering optional configuring abr type-3 lsa filtering optional configuring an ospf cost for an interface...
Page 336
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-23 3.3 configuring ospf basic functions you need to enable ospf, specify an interface and area id first before performing other tasks. 3.3.1 prerequisites before configuring ospf, you need to configu...
Page 337
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-24 note: z an ospf process id is unique. Z a network segment can only belong to one area. Z it is recommended to configure a description for each ospf process to help identify purposes of processes a...
Page 339
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-26 3.5.1 prerequisites before configuring ospf network types, you have configured: z ip addresses for interfaces, making neighboring nodes accessible with each other at network layer. Z ospf basic fu...
Page 340
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-27 3.5.4 configuring a router priority for an ospf interface for broadcast or nbma interfaces, you can configure router priorities for dr/bdr election. Follow these steps to configure a router priori...
Page 341
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-28 z configuring route summarization between ospf areas on an abr z configuring route summarization when redistributing routes into ospf on an asbr follow these steps to configure route summarization...
Page 342
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-29 note: since ospf is a link state-based interior gateway protocol, routing information is contained in lsas. However, ospf cannot filter lsas. Using the filter-policy import command is to filter ro...
Page 343
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-30 to do… use the command… remarks configure a bandwidth reference value bandwidth-reference value optional the value defaults to 100 mbps. Note: if no ospf cost is configured for an interface, ospf ...
Page 344
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-31 3.6.8 configuring a priority for ospf a router may run multiple routing protocols, and it sets a priority for each protocol. When a route found by several routing protocols, the route found by the...
Page 346
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-33 z ospf basic functions. 3.7.2 configuring ospf packet timers you can configure the following timers on ospf interfaces as needed: z hello timer: interval for sending hello packets. It must be iden...
Page 347
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-34 note: z the hello and dead intervals restore to default values after you change the network type for an interface. Z the dead interval should be at least four times the hello interval on an interf...
Page 348
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-35 note: with this task configured, when network changes are not frequent, spf calculation applies at the minimum-interval. If network changes become frequent, spf calculation interval is incremented...
Page 349
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-36 to do… use the command… remarks configure the lsa generation interval lsa-generation-interval maximum-interval [ initial-interval [ incremental-interval ] ] optional by default, the maximum interv...
Page 350
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-37 3.7.8 configuring stub routers a stub router is used for traffic control. It tells other ospf routers not to use it to forward data, but they can have a route to it. The router lsas from the stub ...
Page 351
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-38 to do… use the command… remarks enter interface view interface interface-type interface-number — configure the authentication mode (simple authentication) for the interface ospf authentication-mod...
Page 352
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-39 to do… use the command… remarks specify the maximum number of external lsas in the lsdb lsdb-overflow-limit number optional no limitation by default 3.7.12 making external route selection rules de...
Page 355
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-42 note: z with the graceful-restart command used, a device can act as a gr restarter and a gr helper. Z without the graceful-restart command used, a device can only act as a gr helper. 3.8.2 configu...
Page 356
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-43 3.9 displaying and maintaining ospf to do… use the command… remarks display ospf brief information display ospf [ process-id ] brief display ospf statistics display ospf [ process-id ] cumulative ...
Page 357
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-44 to do… use the command… remarks reset ospf counters reset ospf [ process-id ] counters[ neighbor [ interface-type interface-number ] [ router-id ] ] reset an ospf process reset ospf [ process-id ]...
Page 358
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-45 iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ospf basic functions # configure switch a. System-view [switcha] ospf [switcha-ospf-1] area 0 [switcha-...
Page 359
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-46 3) verify the configuration # display information about neighbors on switch a. [switcha] display ospf peer verbose ospf process 1 with router id 10.2.1.1 neighbors area 0.0.0.0 interface 10.1.1.1(...
Page 360
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-47 intra area: 3 inter area: 2 ase: 0 nssa: 0 # display the link state database on switch a. [switcha] display ospf lsdb ospf process 1 with router id 10.2.1.1 link state database area: 0.0.0.0 type ...
Page 361
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-48 # on switch d, ping the ip address 10.4.1.1 to check connectivity. [switchd] ping 10.4.1.1 ping 10.4.1.1: 56 data bytes, press ctrl_c to break request time out reply from 10.4.1.1: bytes=56 sequen...
Page 362
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-49 [switchd-ospf-1] import-route static [switchd-ospf-1] quit # display abr/asbr information on switch c. [switchc] display ospf abr-asbr ospf process 1 with router id 10.4.1.1 routing table to abr a...
Page 363
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-50 [switcha] ospf [switcha-ospf-1] area 1 [switcha-ospf-1-area-0.0.0.1] stub [switcha-ospf-1-area-0.0.0.1] quit [switcha-ospf-1] quit # configure switch c. [switchc] ospf [switchc-ospf-1] area 1 [swi...
Page 364
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-51 [switchc] display ospf routing ospf process 1 with router id 10.4.1.1 routing tables routing for network destination cost type nexthop advrouter area 0.0.0.0/0 4 inter 10.2.1.1 10.2.1.1 0.0.0.1 10...
Page 365
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-52 iii. Configuration procedure 1) configure ip addresses for interfaces. 2) configure ospf basic functions (refer to configuring ospf basic functions ). 3) configure area 1 as an nssa area. # config...
Page 366
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-53 [switchc] ospf [switchc-ospf-1] import-route static [switchc-ospf-1] quit # display ospf routing information on switch d. [switchd-ospf-1] display ospf routing ospf process 1 with router id 10.5.1...
Page 367
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-54 ii. Network diagram switch a switch d switch b switch c vlan-int1 196.1.1.1/24 vlan-int1 196.1.1.4/24 vlan-int1 196.1.1.2/24 vlan-int1 196.1.1.3/24 dr bdr figure 3-24 network diagram for ospf dr e...
Page 368
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-55 # configure switch d. System-view [switchd] router id 4.4.4.4 [switchd] ospf [switchd-ospf-1] area 0 [switchd-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] quit [s...
Page 369
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-56 [routera-vlan-interface1] quit # configure switch b. [switchb] interface vlan-interface 1 [switchb-vlan-interface1] ospf dr-priority 0 [switchb-vlan-interface1] quit # configure switch c. [switchc...
Page 370
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-57 note: in the above output, you can find the priority configuration does not take effect immediately. 4) restart ospf process (omitted) # display neighbor information on switch d. [switchd] display...
Page 371
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-58 note: if the neighbor state is full, it means switch d has established the adjacency with the neighbor. If the neighbor state is 2-way, it means the two switches are neither the dr nor the bdr, an...
Page 372
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-59 ii. Network diagram figure 3-25 network diagram for ospf virtual link configuration iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ospf basic function...
Page 373
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-60 192.168.1.0/24 1562 stub 192.168.1.1 1.1.1.1 0.0.0.1 total nets: 2 intra area: 2 inter area: 0 ase: 0 nssa: 0 note: since area 2 has no direct connection to area 0, the ospf routing table of route...
Page 374
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-61 3.10.6 ospf graceful restart configuration example i. Network requirements z switch a, switch b and switch c that belong to the same autonomous system and the same ospf routing domain are gr capab...
Page 375
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-62 [switchb-vlan-interface100] ip address 192.1.1.2 255.255.255.0 [switchb-vlan-interface100] ospf dr-priority 0 [switchb-vlan-interface100] quit [switchb] router id 2.2.2.2 [switchb] ospf 100 [switc...
Page 376
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 3 ospf configuration 3-63 iii. Processing steps 1) display ospf neighbor information using the display ospf peer command. 2) display ospf interface information using the display ospf interface command. 3) ping the neighbor...
Page 377
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-1 chapter 4 is-is configuration when configuring is-is, go to these sections for information you are interested in: z is-is overview z is-is configuration task list z configuring is-is basic functio...
Page 378
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-2 z routing domain (rd). A group of iss exchange routing information with the same routing protocol in a routing domain. Z area. An area is a division unit in a routing domain. The is-is protocol al...
Page 379
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-3 generally, a router only needs one area address, and all nodes in the same routing domain must share the same area address. However, a router can have three area addresses at most to support smoot...
Page 380
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-4 4.1.2 is-is area i. Two-level hierarchy is-is uses two-level hierarchy in the routing domain to support large scale routing networks. A large routing domain is divided into multiple areas. The lev...
Page 381
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-5 figure 4-2 is-is topology figure 4-3 shows another network topology running the is-is protocol. The level-1-2 routers connect the level-1 and level-2 routers, and also form the is-is backbone toge...
Page 382
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-6 both the is-is level-1 and level-2 routers use the spf algorithm to generate the shortest path tree (spt). Iii. Interface routing hierarchy type you can configure the routing type for each interfa...
Page 383
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-7 note: for the non-broadcast multi-access (nbma) network, such as atm, you need to configure point-to-point or broadcast network on its configured subinterfaces. Is-is does not run on point to mult...
Page 384
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-8 note: on is-is broadcast networks, all routers are adjacent with each other. The dis is responsible for the synchronization of their lsdbs. 4.1.4 is-is pdu format i. Pdu header format the is-is pa...
Page 385
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-9 z maximum area address: maximum number of area addresses supported. Table 4-1 pdu type type pdu type acronym 15 level-1 lan is-is hello pdu l1 lan iih 16 level-2 lan is-is hello pdu l2 lan iih 17 ...
Page 386
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-10 figure 4-7 l1/l2 lan iih format z reserved/circuit type: the first 6 bits are reserved with value 0. The last 2 bits indicates router types: 00 means reserved, 01 indicates l1, 10 indicates l2, a...
Page 387
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-11 figure 4-8 p2p iih format instead of the priority and lan id fields in the lan iih, the p2p iih has a local circuit id field. Iv. Lsp packet format the link state pdus (lsp) carries link state in...
Page 388
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-12 figure 4-9 l1/l2 lsp format z pdu length: total length of the pdu in bytes. Z remaining lifetime: lsp remaining lifetime in seconds. Z lsp id: consists of the system id, the pseudonode id (one by...
Page 389
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-13 figure 4-10 lsdb overload z is type: type of the router generating the lsp. V. Snp format the sequence number pdu (snp) confirms the latest received lsps. It is similar to the acknowledge packet,...
Page 390
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-14 psnp only contains the sequence numbers of one or multiple latest received lsps. It can acknowledge multiple lsps at one time. When lsdbs are not synchronized, a psnp is used to request new lsps ...
Page 391
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-15 clv code name pdu type 9 lsp entries snp 10 authentication information iih, lsp, snp 128 ip internal reachability information lsp 129 protocols supported iih, lsp 130 ip external reachability inf...
Page 392
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-16 iii. Management tag management tag carries the management information of the ip address prefixes and bgp community attribute. It controls the redistribution from other routing protocols. Iv. Lsp ...
Page 393
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-17 virtual router. An extended lsp fragment is advertised by a virtual system identified by additional system id. 2) operation modes the lsp fragment extension feature operates in two modes on an is...
Page 394
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-18 z rfc 1195 - use of osi is-is for routing in tcp/ip and dual environments z rfc 2763 - dynamic hostname exchange mechanism for is-is z rfc 2966 - domain-wide prefix distribution with two-level is...
Page 395
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-19 task remarks configuring a dis priority for an interface optional configuring is-is timers optional disabling an interface from sending/receiving is-is hello packets optional configuring lsp para...
Page 396
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-20 to do… use the command… remarks enable an is-is process on the interface isis enable [ process-id ] required disabled by default specify network type for the interface as p2p isis circuit-type p2...
Page 399
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-23 note: in the case no interface cost is specified in interface view or system view and automatic cost calculation is enabled: z when the cost style is wide or wide-compatible, is-is automatically ...
Page 400
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-24 follow these steps to configure route summarization: to do… use the command... Remarks enter system view system-view — enter is-is view isis [ process-id ] –– configure is-is route summarization ...
Page 402
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-26 note: z if a filter policy is specified, only routes passing it can be advertised into level-1 area. Z you can specify a routing policy in the import-route isis level-2 into level-1 command to fi...
Page 403
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-27 to do… use the command… remarks enter system view system-view –– enter interface view interface interface-type interface-number –– specify the interval between hello packets isis timer hello seco...
Page 404
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-28 note: z on the broadcast link, you can specify different intervals for level-1 and level-2 hello packets; if no level is specified, the interval applies to both level-1 and level-2 hello packets,...
Page 405
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-29 the router will discard a lsp with incorrect checksum. You can configure the router to ignore the incorrect checksum, which means a lsp will be processed even with an incorrect lsp checksum. On t...
Page 407
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-31 4.5.7 configuring dynamic host name mapping follow these steps to configure the dynamic host name mapping: to do… use the command... Remarks enter system view system-view –– enter is-is view isis...
Page 408
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-32 authentication enabled level-2 routers in the backbone must adopt the same authentication mode and share the same password. The authentication configured on an interface applies to the hello pack...
Page 409
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-33 the overload tag can be used for troubleshooting as well. You can temporarily isolate a router from the is-is network by setting the overload tag. Follow these steps to configure the lsdb overloa...
Page 410
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-34 to do… use the command… remarks enable the interface to send small hello packets that have no padding field isis small-hello required standard hello packets are sent by default. 4.5.12 enabling s...
Page 411
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-35 note: a device can act as both the gr restarter and gr helper at the same time. Follow these steps to configure gr on the gr restarter and gr helper respectively: to do… use the command… remarks ...
Page 413
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-37 iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure is-is # configure switch a. System-view [switcha] isis 1 [switcha-isis-1] is-level level-1 [switcha-is...
Page 414
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-38 [switchd-isis-1] quit [switchd] interface vlan-interface 100 [switchd-vlan-interface100] isis enable 1 [switchd-vlan-interface100] quit [switchd] interface vlan-interface 300 [switchd-vlan-interf...
Page 415
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-39 *-self lsp, +-self lsp(extended), att-attached, p-partition, ol-overload [switchc] display isis lsdb database information for isis(1) -------------------------------- level-1 link state database ...
Page 416
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-40 0000.0000.0004.01-00* 0x00000002 0xec96 1007 55 0/0/0 *-self lsp, +-self lsp(extended), att-attached, p-partition, ol-overload # display the is-is routing information of each switch. Level-1 swit...
Page 417
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-41 ------------------------------------- ipv4 destination intcost extcost exitinterface nexthop flags -------------------------------------------------------------------------- 192.168.0.0/24 10 nul...
Page 418
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-42 ii. Network diagram figure 4-15 network diagram for dis selection iii. Configuration procedure 1) configure an ip address for each interface (omitted) 2) enable is-is # configure switch a. System...
Page 419
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-43 [switchc-vlan-interface100] isis enable 1 [switchc-vlan-interface100] quit # configure switch d. System-view [switchd] isis 1 [switchd-isis-1] network-entity 10.0000.0000.0004.00 [switchd-isis-1]...
Page 420
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-44 [switchc] display isis interface interface information for isis(1) --------------------------------- interface: vlan-interface100 id ipv4.State ipv6.State mtu type dis 001 up down 1497 l1/l2 yes/...
Page 421
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-45 system id: 0000.0000.0002 interface: vlan-interface100 circuit id: 0000.0000.0001.01 state: up holdtime: 28s type: l2(l1l2) pri: 64 system id: 0000.0000.0004 interface: vlan-interface100 circuit ...
Page 422
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-46 id ipv4.State ipv6.State mtu type dis 001 up down 1497 l1/l2 no/no # display information about is-is neighbors and interfaces of switch d. [switchd] display isis peer peer information for isis(1)...
Page 423
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-47 iii. Configuration procedure 1) configure ip addresses of the interfaces on each switch and configure is-is. Follow figure 4-16 to configure the ip address and subnet mask of each interface. The ...
Page 424
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 4 is-is configuration 4-48 interface vlan1 t1 timer status: remaining time: 1 ra not received complete csnp not received number of t1 pre expiry: 0 is-is(1) level-2 restart status restart interval: 150 sa bit supported tot...
Page 425
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-1 chapter 5 bgp configuration the border gateway protocol (bgp) is a dynamic inter-as route discovery protocol. When configuring bgp, go to these sections for information you are interested in: z bgp ...
Page 426
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-2 z using tcp as its transport layer protocol to enhance reliability z supporting cidr z substantially reducing bandwidth occupation by advertising updating routes only and applicable to advertising a...
Page 427
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-3 z marker: the 16-byte field is used for bgp authentication. If no authentication information is available, then the marker must be all ones. Z length: the 2-byte unsigned integer indicates the total...
Page 428
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-4 figure 5-3 bgp update message format each update message can advertise a group of feasible routes with similar attributes, which are contained in the network layer reachable information (nlri) field...
Page 429
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-5 v. Keepalive keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Vi. Route-refresh a route-refresh message is sent to a peer to request t...
Page 430
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-6 name category aggregator optional transitive community optional transitive multi_exit_disc (med) optional non-transitive originator_id optional non-transitive cluster_list optional non-transitive ii...
Page 431
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-7 8.0.0.0 as 10 d=8.0.0.0 (10) d=8.0.0.0 (10) as 20 as 40 d=8.0.0.0 (20,10) as 30 as 50 d=8.0.0.0 (30,20,10) d=8.0.0.0 (40,10) figure 5-6 as_path attribute in general, a bgp router does not receive ro...
Page 432
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-8 z when sending a received route to an ebgp peer, a bgp speaker sets the next_hop for the route to the address of the sending interface. Z when sending a route received from an ebgp peer to an ibgp p...
Page 433
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-9 in general, bgp compares meds of routes to the same as only. Note: you can use the compare-different-as-med command to force bgp to compare med values of routes to different ass. 5) local_pref this ...
Page 434
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-10 z no_advertise: after received, routes with this attribute cannot be advertised to other bgp peers. Z no_export_subconfed: after received, routes with this attribute cannot be advertised out the lo...
Page 435
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-11 on route recursion is always enabled on the switch rather than configured using commands. Bgp differs from igp in the implementation of load balancing in the following: z igp routing protocols such...
Page 436
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-12 only once, with as_path unchanged, next_hop changed to router c’s address. Other bgp transitive attributes apply according to route selection rules. Iii. Bgp route advertisement rules bgp supports ...
Page 437
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-13 routing table can the ibgp router add the route into its bgp routing table and advertise the route to the ebgp peer. You can disable the synchronization feature in the following cases: z the local ...
Page 438
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-14 figure 5-12 bgp route dampening iii. Peer group a peer group is a collection of peers with the same attributes. When a peer joins the peer group, the peer obtains the same configuration as the peer...
Page 439
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-15 besides using the well-known community attribute, you can define the extended community attribute using a community list to help define a routing policy. V. Route reflector ibgp peers should be ful...
Page 440
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-16 figure 5-14 network diagram for route reflectors when clients of a route reflector are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. The system support...
Page 441
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-17 figure 5-15 confederation network diagram from the perspective of a non-confederation speaker, it needs not know sub-ass in the confederation. The id of the confederation is the number of the as. I...
Page 442
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-18 4) after the restart, the gr restarter will reestablish a gr session with its peer and send a new gr message notifying the completion of restart. Routing information is exchanged between them for t...
Page 443
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-19 note: z for information about the ipv6 extension application, refer to ipv6 bgp configuration in ipv6 routing. Z this chapter gives no detailed commands related to any specific extension applicatio...
Page 444
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-20 task remarks configuring bgp peer groups optional configuring bgp community optional configuring a bgp route reflector optional configuring a large scale bgp network configuring a bgp confederation...
Page 446
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-22 note: z it is required to specify for a bgp router a router id, a 32-bit unsigned integer and the unique identifier of the router in the as. Z you can specify a router id manually. If not, the syst...
Page 447
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-23 5.4.2 configuring bgp route redistribution bgp can advertise the routing information of the local as to peering ass, but it redistributes routing information from igp into bgp rather than self-find...
Page 448
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-24 follow these steps to configure bgp route summarization: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — configure automatic route summarization summa...
Page 451
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-27 5.4.8 configuring bgp route dampening by configuring bgp route dampening, you can suppress unstable routes from neither adding them to the local routing table nor advertising them to bgp peers. Fol...
Page 452
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-28 to do… use the command… remarks configure the default med value default med med-value optional 0 by default enable the comparison of med of routes from different ass compare-different- as-med optio...
Page 454
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-30 note: z using a routing policy can set preferences for routes matching it. Routes not matching it use the default preferences. Z if other conditions are identical, the route with the smallest med v...
Page 455
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-31 bgp command to soft-reset bgp connections, to refresh the bgp routing table and apply the new policy without tearing down bgp connections. 3) configure bgp authentication bgp employs tcp as the tra...
Page 457
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-33 note: z the maximum keepalive interval should be one third of the holdtime and no less than 1 second. The holdtime is no less than 3 seconds unless it is set to 0. Z the intervals set with the peer...
Page 458
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-34 to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — create an ibgp peer group group group-name [ internal ] configu re an ibgp peer group add a peer into ...
Page 460
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-36 note: z in general, it is not required to make clients of a route reflector fully meshed. The route reflector forwards routing information between clients. If clients are fully meshed, you can disa...
Page 461
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-37 5.8 configuring bgp gr note: a device can act as both a gr restarter and gr helper at the same time. Follow these steps to configure bgp gr: to do… use the command… remarks enter system view system...
Page 462
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-38 5.9 displaying and maintaining bgp 5.9.1 displaying bgp to do… use the command… remarks display peer group information display bgp group [group-name ] display advertised bgp routing information dis...
Page 463
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-39 to do… use the command… remarks display routing information matching a regular expression display bgp routing-table regular-expression as-regular-expression display bgp routing statistics display b...
Page 464
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-40 ii. Network diagram device interface ip address device interface ip address switch a vlan-int100 8.1.1.1/8 switch d vlan-int400 9.1.1.2/24 vlan-int200 200.1.1.2/24 vlan-int500 9.1.2.2/24 switch b v...
Page 465
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-41 [switchd-bgp] quit 3) configure the ebgp connection # configure switch a. System-view [switcha] bgp 65008 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] peer 200.1.1.1 as-number 65009 # inject netwo...
Page 466
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-42 # display bgp routing table information on switch b. [switchb] display bgp routing-table total number of routes: 1 bgp local router id is 2.2.2.2 status codes: * - valid, > - best, d - damped, h - ...
Page 467
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-43 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locp...
Page 468
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-44 5.10.2 bgp and igp synchronization configuration i. Network requirements as shown below, ospf is used as the igp protocol in as65009, where switch c is a non-bgp switch. Between switch a and switch...
Page 469
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-45 # display routing table information on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - damped, h - hist...
Page 470
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-46 total number of routes: 2 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplet...
Page 471
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-47 ii. Network diagram vlan-int200 200.1.1.2/24 switch a as 65008 vlan-int100 8.1.1.1/8 vlan-int400 9.1.1.2/24 vlan-int300 200.1.2.1/24 vlan-int200 200.1.1.1/24 switch b switch c as 65009 vlan-int300 ...
Page 472
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-48 [switchc-bgp] quit # display the routing table on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1 status codes: * - valid, > - best, d - dampe...
Page 473
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-49 [switchb] bgp 65009 [switchb-bgp] default med 100 # display the routing table on switch a. [switcha] display bgp routing-table total number of routes: 3 bgp local router id is 1.1.1.1 status codes:...
Page 474
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-50 iii. Configuration procedure 1) configure ip addresses for interfaces (omitted) 2) configure ebgp # configure switch a. System-view [switcha] bgp 10 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] pe...
Page 475
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-51 # display the routing table on switch c. [switchc] display bgp routing-table total number of routes: 1 bgp local router id is 3.3.3.3 status codes: * - valid, > - best, d - damped, h - history, i -...
Page 476
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-52 5.10.5 bgp route reflector configuration i. Network requirements in the following figure, all switches run bgp. Z between switch a and switch b is an ebgp connection, between switch c and switch b,...
Page 477
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-53 # configure switch c. System-view [switchc] bgp 200 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] peer 193.1.1.2 as-number 200 [switchc-bgp] peer 194.1.1.2 as-number 200 [switchc-bgp] quit # config...
Page 478
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-54 origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn i 1.0.0.0 193.1.1.2 0 100 0 100i switch d learned route 1.0.0.0/8 from switch c. 5.10.6 bgp confederation confi...
Page 479
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-55 [switcha-bgp] confederation peer-as 65002 65003 [switcha-bgp] peer 10.1.1.2 as-number 65002 [switcha-bgp] peer 10.1.1.2 next-hop-local [switcha-bgp] peer 10.1.2.2 as-number 65003 [switcha-bgp] peer...
Page 480
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-56 [switche] bgp 65001 [switche-bgp] router-id 5.5.5.5 [switche-bgp] confederation id 200 [switche-bgp] peer 10.1.4.1 as-number 65001 [switche-bgp] peer 10.1.5.1 as-number 65001 [switche-bgp] quit 4) ...
Page 481
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-57 as-path : (65001) 100 origin : igp attribute value : med 0, localpref 100, pref-val 0, pre 255 state : valid, external-confed, best, not advertised to any peers yet # display the bgp routing table ...
Page 482
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-58 ii. Network diagram device interface ip address device interface ip address switch a vlan-int101 1.0.0.1/8 switch d vlan-int400 195.1.1.1/24 vlan-int100 192.1.1.1/24 vlan-int300 194.1.1.1/24 vlan-i...
Page 483
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-59 [switchd-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [switchd-ospf-1-area-0.0.0.0] quit [switchd-ospf-1] quit 3) configure bgp connect...
Page 484
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-60 [switcha-route-policy] if-match acl 2000 [switcha-route-policy] apply cost 50 [switcha-route-policy] quit [switcha] route-policy apply_med_100 permit node 10 [switcha-route-policy] if-match acl 200...
Page 485
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-61 [switchc] bgp 200 [switchc-bgp] peer 193.1.1.1 route-policy localpref import [switchc-bgp] quit # display the routing table on switch d. [switchd] display bgp routing-table total number of routes: ...
Page 486
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 5 bgp configuration 5-62 7) use the display tcp status command to check the tcp connection. 8) check whether an acl disabling tcp port 179 is configured..
Page 487
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-1 chapter 6 routing policy configuration note: the term “router” refers to a router in a generic sense or a layer 3 switch running routing protocols. A routing policy is used on a router fo...
Page 488
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-2 when distributing or receiving routing information, a router can use a routing policy to filter routing information. For example, a router receives or advertises only routing information ...
Page 489
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-3 v. Extended community list extended community list (extcommunity-list) applies to bgp only. It involves two attributes: route-target extcommunity for vpn, source of origin extcommunity. A...
Page 490
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-4 task creating a routing policy defining if-match clauses for the routing policy configuring a routing policy defining apply clauses for the routing policy 6.3 defining filtering lists 6.3...
Page 491
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-5 system-view [sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16 [sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16 [sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16 [sysname] ip ip-...
Page 492
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-6 follow these steps to define an extended community list: to do… use the command… remarks enter system view system-view — define an extended community list ip extcommunity-list ext-comm-li...
Page 493
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-7 note: z if a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match agains...
Page 496
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-10 to do… use the command… remarks set a tag value for rip, ospf or is-is routes apply tag value optional not set by default note: the apply ip-address next-hop command do not apply to redi...
Page 497
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-11 ii. Network diagram figure 6-1 network diagram for routing policy application to route redistribution iii. Configuration procedure 1) specify ip addresses for interfaces (omitted). 2) co...
Page 498
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-12 [switchb-isis-1] quit [switchb] interface vlan-interface 200 [switchb-vlan-interface200] isis enable [switchb-vlan-interface200] quit 3) configure ospf and route redistribution # configu...
Page 499
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-13 [switchb] acl number 2002 [switchb-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255 [switchb-acl-basic-2002] quit # configure an ip prefix list named prefix-a, letting pass route ...
Page 500
Operation manual – ipv4 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-14 intra area: 1 inter area: 0 ase: 4 nssa: 0 6.7 troubleshooting routing policy configuration 6.7.1 ipv4 routing information filtering failure i. Symptom filtering routing information fail...
Page 501: Table of Contents
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ipv6 static routing configuration ............................................................................. 1-1 1.1 introduction to ipv6 static routing .............................
Page 502
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches table of contents ii 3.1.4 timers of ospfv3................................................................................................... 3-3 3.1.5 ospfv3 features supported.......................................................
Page 503
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches table of contents iii 4.5 ipv6 is-is configuration example ..................................................................................... 4-5 chapter 5 ipv6 bgp configuration ...................................................
Page 504
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches table of contents iv 5.9 ipv6 bgp configuration examples.................................................................................. 5-23 5.9.1 ipv6 bgp basic configuration ......................................................
Page 505
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 1 ipv6 static routing configuration 1-1 chapter 1 ipv6 static routing configuration note: the term “router” in this document refers to a layer 3 switch running routing protocols. 1.1 introduction to ipv6 static routing sta...
Page 506
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 1 ipv6 static routing configuration 1-2 1.2.2 configuring an ipv6 static route follow these steps to configure an ipv6 static route: to do... Use the commands… remarks enter system view system-view — configure an ipv6 stat...
Page 507
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 1 ipv6 static routing configuration 1-3 ii. Network diagram figure 1-1 network diagram for static routes iii. Configuration procedure 1) configure the ipv6 addresses of all vlan interfaces (omitted) 2) configure ipv6 stati...
Page 508
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 1 ipv6 static routing configuration 1-4 destination: ::/0 protocol : static nexthop : 4::2 preference: 60 interface : vlan200 cost : 0 destination: ::1/128 protocol : direct nexthop : ::1 preference: 0 interface : inloop0 ...
Page 509
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 1 ipv6 static routing configuration 1-5 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/62/63 ms.
Page 510
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-1 chapter 2 ipv6 ripng configuration note: z the term “router” in this document refers to a layer 3 switch running routing protocols. Z the s5500-ei series only support single ripng process. 2....
Page 511
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-2 z destination address: ipv6 address of a host or a network. Z next hop address: ipv6 address of a neighbor along the path to the destination. Z egress interface: outbound interface that forwa...
Page 512
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-3 figure 2-3 shows the format of the ipv6 prefix rte. Ipv6 prefix (16 octets) route tag prefix length metric 0 7 15 31 figure 2-3 ipv6 prefix rte format z ipv6 prefix: destination ipv6 address ...
Page 513
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-4 2.2 configuring ripng basic functions in this section, you are presented with the information to configure the basic ripng features. You need to enable ripng first before configuring other ta...
Page 514
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-5 z define an ipv6 acl before using it for route filtering. Refer to acl configuration for related information. Z define an ipv6 address prefix list before using it for route filtering. Refer t...
Page 516
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-7 to do... Use the command... Remarks enter system view system-view — enter ripng view ripng [ process-id ] — configure a ripng priority preference [ route-policy route-policy-name ] preference...
Page 517
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-8 follow these steps to configure ripng timers: to do... Use the command... Remarks enter system view system-view — enter ripng view ripng [ process-id ] — configure ripng timers timers { garba...
Page 518
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-9 to do... Use the command... Remarks enable the split horizon function ripng split-horizon optional enabled by default note: generally, you are recommended to enable the split horizon to preve...
Page 519
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-10 2.4.4 configuring the maximum number of equal cost routes for load balancing follow these steps to configure the maximum number of equal cost ripng routes for load balancing: to do... Use th...
Page 520
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-11 iii. Configuration procedure 1) configure the ipv6 address for each interface (omitted) 2) configure basic ripng functions # configure switch a. System-view [switcha] ipv6 [switcha] ripng 1 ...
Page 521
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-12 [switchb] display ripng 1 route route flags: a - aging, s - suppressed, g - garbage-collect ---------------------------------------------------------------- peer fe80::20f:e2ff:fe23:82f5 on ...
Page 522
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 2 ipv6 ripng configuration 2-13 [switchb] display ripng 1 route route flags: a - aging, s - suppressed, g - garbage-collect ---------------------------------------------------------------- peer fe80::20f:e2ff:fe23:82f5 on ...
Page 523
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-1 chapter 3 ipv6 ospfv3 configuration note: z the term “router” in this document refers to a layer 3 switch running routing protocols. Z the s5500-ei series only support single ospfv3 process....
Page 524
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-2 figure 3-1 ospfv3 packet header major fields: z version #: version of ospf, which is 3 for ospfv3. Z type: type of ospf packet, from 1 to 5 are hello, dd, lsr, lsu, and lsack respectively. Z...
Page 525
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-3 3.1.4 timers of ospfv3 timers in ospfv3 include: z ospfv3 packet timer z lsa delay timer z spf timer i. Ospfv3 packet timer hello packets are sent periodically between neighboring routers fo...
Page 526
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-4 task remarks configuring ospfv3 basic functions required configuring an ospfv3 stub area optional configuring ospfv3 area parameters configuring ospfv3 virtual links optional configuring osp...
Page 527
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-5 to do... Use the command... Remarks enter interface view interface interface-type interface-number — enable ospfv3 on the interface ospfv3 process-id area area-id [ instance instance-id ] re...
Page 528
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-6 to do... Use the command... Remarks configure the area as a stub area stub [ no-summary ] required not configured by default configure the default route cost of sending a packet to the stub ...
Page 529
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-7 note: both ends of a virtual link are abrs that are configured with the vlink-peer command. 3.5 configuring ospfv3 routing information management this section is to configure management of o...
Page 530
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-8 follow these steps to configure inbound route filtering: to do... Use the command... Remarks enter system view system-view — enter ospfv3 view ospfv3 [ process-id ] — configure inbound route...
Page 531
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-9 3.5.6 configuring a priority for ospfv3 a router may run multiple routing protocols. The system assigns a priority for each protocol. When these routing protocols find the same route, the ro...
Page 532
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-10 note: z using the import-route command on a router makes the router become an asbr. Z since ospfv3 is a link state based routing protocol, it cannot directly filter lsas to be advertised. T...
Page 533
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-11 to do... Use the command... Remarks configure the dead interval ospfv3 timer dead seconds [ instance instance-id ] optional 40 seconds by default configure the lsa retransmission interval o...
Page 534
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-12 3.6.4 ignoring mtu check for dd packets when lsas are few in dd packets, it is unnecessary to check mtu in dd packets in order to improve efficiency. Follow these steps to ignore mtu check ...
Page 535
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-13 to do... Use the command... Remarks enable the logging on neighbor state changes log-peer-change required enabled by default 3.7 displaying and maintaining ospfv3 to do... Use the command.....
Page 537
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-15 iii. Configuration procedure 1) configure ipv6 addresses for interfaces (omitted) 2) configure ospfv3 basic functions # configure switch a. System-view [switcha] ipv6 [switcha] ospfv3 [swit...
Page 538
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-16 system-view [switchd] ipv6 [switchd] ospfv3 [switchd-ospfv3-1] router-id 4.4.4.4 [switchd-ospfv3-1] quit [switchd] interface vlan-interface 400 [switchd-vlan-interface400] ospfv3 1 area 2 [...
Page 539
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-17 nexthop : fe80::f40d:0:93d0:1 interface: vlan400 *destination: 2001:1::/64 type : ia cost : 3 nexthop : fe80::f40d:0:93d0:1 interface: vlan400 *destination: 2001:2::/64 type : i cost : 1 ne...
Page 540
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-18 type : ia cost : 3 nexthop : fe80::f40d:0:93d0:1 interface: vlan400 *destination: 2001:2::/64 type : i cost : 1 nexthop : directly-connected interface: vlan400 *destination: 2001:3::/64 typ...
Page 541
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-19 ii. Network diagram figure 3-3 network diagram for ospfv3 dr election configuration iii. Configuration procedure 1) configure ipv6 addresses for interfaces (omitted) 2) configure ospfv3 bas...
Page 542
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-20 [switchc-ospfv3-1] quit [switchc] interface vlan-interface 100 [switchc-vlan-interface100] ospfv3 1 area 0 [switchc-vlan-interface100] quit # configure switch d system-view [switchd] ipv6 [...
Page 543
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-21 [switchb-vlan-interface200] quit #configure the dr priority of switch c as 2. [switchc] interface vlan-interface 100 [switchc-vlan-interface100] ospfv3 dr-priority 2 [switchc-vlan-interface...
Page 544
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-22 3.3.3.3 2 full/backup 00:00:32 vlan100 0 3.9 troubleshooting ospfv3 configuration 3.9.1 no ospfv3 neighbor relationship established i. Symptom no ospf neighbor relationship can be establish...
Page 545
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 3 ipv6 ospfv3 configuration 3-23 3) use the display ospfv3 lsdb command to display link state database information to check integrity. 4) display information about area configuration using the display current-configuration...
Page 546
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-1 chapter 4 ipv6 is-is configuration note: z ipv6 is-is supports all the features of ipv4 is-is except that it advertises ipv6 routing information instead. This document describes only ipv6 is-...
Page 547
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-2 4.2 configuring ipv6 is-is basic functions note: you can implement ipv6 inter-networking through configuring ipv6 is-is in ipv6 network environment. 4.2.1 configuration prerequisites before t...
Page 548
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-3 4.3 configuring ipv6 is-is routing information control 4.3.1 configuration prerequisites you need to complete the ipv6 is-is basic function configuration before configuring this task. 4.3.2 c...
Page 549
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-4 note: the ipv6 filter-policy export command, usually used in combination with the ipv6 import-route command, filters redistributed routes when advertising them to other routers. If no protoco...
Page 550
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-5 4.5 ipv6 is-is configuration example i. Network requirements as shown in figure 4-1 , switch a, switch b, switch c and switch d reside in the same autonomous system, and all are enabled with ...
Page 551
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 4 ipv6 is-is configuration 4-6 [switchb-isis-1] network-entity 10.0000.0000.0002.00 [switchb-isis-1] ipv6 enable [switchb-isis-1] quit [switchb] interface vlan-interface 200 [switchb-vlan-interface200] isis ipv6 enable 1 [...
Page 552
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-1 chapter 5 ipv6 bgp configuration note: this chapter describes only configuration for ipv6 bgp. For other related information, refer to the part discussing ipv4 routing. When configuring ipv6 bg...
Page 553
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-2 5.2 configuration task list complete the following tasks to configure ipv6 bgp: task remarks configuring an ipv6 peer required advertising a local ipv6 route optional configuring a preferred va...
Page 554
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-3 5.3 configuring ipv6 bgp basic functions 5.3.1 prerequisites before configuring this task, you need to: z specify ip addresses for interfaces. Z enable ipv6. Note: you need create a peer group ...
Page 556
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-5 to do... Use the command... Remarks enter ipv6 address family view ipv6-family — specify the source interface for establishing tcp connections to a bgp peer or peer group peer { ipv6-group-name...
Page 557
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-6 caution: in general, direct links should be available between ebgp peers. If not, you can use the peer ebgp-max-hop command to establish a multi-hop tcp connection in between. However, you need...
Page 558
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-7 5.3.9 logging peer state changes follow these steps to configure to log on the session and event information of a peer/peer group: to do... Use the command... Remarks enter system view system-v...
Page 559
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-8 to do... Use the command... Remarks enable default route redistribution into the ipv6 bgp routing table default-route imported optional not enabled by default enable route redistribution from a...
Page 560
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-9 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required enter ipv6 address family view ipv6-family — configure outbound route filtering filter-...
Page 561
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-10 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number — enter ipv6 address family view ipv6-family — configure inbound route filtering filter-policy ...
Page 562
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-11 by default, when a bgp router receives an ibgp route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the ibgp ...
Page 563
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-12 z configured ipv6 bgp basic functions 5.5.2 configuring ipv6 bgp preference and default local_pref and next_hop attributes follow these steps to perform this configuration: to do... Use the co...
Page 564
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-13 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required enter ipv6 address family view ipv6-family — configure a default med value default med...
Page 566
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-15 to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required enter ipv6 address family view ipv6-family — specify keepalive interval and holdtime t...
Page 567
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-16 ii. Perform manual soft-reset follow these steps to perform manual soft reset: to do... Use the command... Remarks enter system view system-view — enter bgp view bgp as-number required enter i...
Page 568
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-17 5.7 configuring a large scale ipv6 bgp network in a large-scale ipv6 bgp network, configuration and maintenance become no convenient due to too many peers. In this case, configuring peer group...
Page 569
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-18 to do... Use the command... Remarks add a peer into the group peer ipv6-address group ipv6-group-name [ as-number as-number ] required not added by default ii. Create a pure ebgp peer group fo...
Page 570
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-19 to do... Use the command... Remarks create an ebgp peer group group ipv6-group-name external required specify the as number of an ipv6 peer peer ipv6-address as-number as-number required not s...
Page 572
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-21 note: z in general, since the route reflector forwards routing information between clients, it is not required to make clients of a route reflector fully meshed. If clients are fully meshed, i...
Page 573
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-22 to do... Use the command... Remarks display ipv6 bgp dampening parameter information display bgp ipv6 routing-table dampening parameter display ipv6 bgp routing information originated from dif...
Page 574
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-23 5.9 ipv6 bgp configuration examples note: some examples for ipv6 bgp configuration are similar to those of bgp-4, so refer to the sections covering bgp in the ipv4 routing part for related inf...
Page 575
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-24 # configure switch c. System-view [switchc] ipv6 [switchc] bgp 65009 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] ipv6-family [switchc-bgp-af-ipv6] peer 9:3::1 as-number 65009 [switchc-bgp-af...
Page 576
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-25 total number of peers : 3 peers in established state : 3 peer v as msgrcvd msgsent outq prefrcv up/down state 10::2 4 65008 3 3 0 0 00:01:16 established 9:3::2 4 65009 2 3 0 0 00:00:40 establi...
Page 577
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-26 iii. Configuration procedure 1) configure ipv6 addresses for vlan interfaces (omitted) 2) configure ipv6 bgp basic functions # configure switch a. System-view [switcha] ipv6 [switcha] bgp 100 ...
Page 578
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 5 ipv6 bgp configuration 5-27 use the display bgp ipv6 routing-table command on switch b and switch d respectively, you can find both of them have learned the network 1::/64. 5.10 troubleshooting ipv6 bgp configuration 5.1...
Page 579
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-1 chapter 6 routing policy configuration 6.1 introduction to routing policy 6.1.1 routing policy a routing policy is used on the router for route inspection, filtering, attributes modifying...
Page 580
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-2 iii. As-path as path is only applicable to ipv6 bgp. There is an as-path field in the ipv6 bgp packet. An as path list specifies matching conditions according to the as-path field. Iv. Co...
Page 581
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-3 z ip-prefix list name z matching address range z extcommunity list sequence number 6.2.2 defining an ipv6 prefix list identified by name, each ipv6 prefix list can comprise multiple items...
Page 583
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-5 6.3 configuring a routing policy a routing policy is used to filter routing information according to some attributes, and modify some attributes of the routing information that matches th...
Page 584
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-6 note: z if a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match agains...
Page 585
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-7 to do... Use the command... Remarks match bgp routes having extended attributes contained in the extended community list(s) if-match extcommunity ext-comm-list-number& 16> optional not co...
Page 586
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-8 to do... Use the command... Remarks specify a community list according to which to delete community attributes of ipv6 bgp routing information apply comm-list comm-list-number delete opti...
Page 587
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-9 6.4 displaying and maintaining the routing policy to do... Use the command... Remarks display ipv6 bgp as path acl information display ip as-path [ as-path-number ] display ipv6 bgp commu...
Page 588
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-10 system-view [switcha] ipv6 [switcha] interface vlan-interface 100 [switcha-vlan-interface100] ipv6 address 10::1 32 [switcha-vlan-interface100] quit [switcha] interface vlan-interface 20...
Page 589
Operation manual – ipv6 routing h3c s5500-ei series ethernet switches chapter 6 routing policy configuration 6-11 route flags: a - aging, s - suppressed, g - garbage-collect ---------------------------------------------------------------- peer fe80::7d58:0:ca03:1 on vlan-interface 100 dest 10::/32, ...
Page 590: Table of Contents
Operation manual – ipv6 h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ipv6 basics configuration .......................................................................................... 1-1 1.1 ipv6 overview.......................................................
Page 591
Operation manual – ipv6 h3c s5500-ei series ethernet switches table of contents ii 3.3 configuring ipv6 manual tunnel ....................................................................................... 3-4 3.3.1 configuration prerequisites............................................................
Page 592
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-1 chapter 1 ipv6 basics configuration when configuring ipv6 basics, go to these sections for information you are interested in: z ipv6 overview z ipv6 basics configuration task list z configuring basi...
Page 593
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-2 1.1.1 ipv6 features i. Header format simplification ipv6 cuts down some ipv4 header fields or move them to the ipv6 extension headers to reduce the length of the basic ipv6 header. Ipv6 uses the bas...
Page 594
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-3 z stateless address configuration means that a host automatically configures an ipv6 address and related information on basis of its own link-layer address and the prefix information advertised by a...
Page 595
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-4 z leading zeros in each group can be removed. For example, the above-mentioned address can be represented in shorter format as 2001:0:130f:0:0:9c0:876a:130b. Z if an ipv6 address contains two or mor...
Page 596
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-5 note: there are no broadcast addresses in ipv6. Their function is superseded by multicast addresses. The type of an ipv6 address is designated by the first several bits called format prefix. Table 1...
Page 597
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-6 to any physical interface. Like the loopback address in ipv4, it may be used by a node to send an ipv6 packet to itself. Z unassigned address: the unicast address "::” is called the unassigned addre...
Page 598
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-7 figure 1-2 convert a mac address into an eui-64 interface identifier 1.1.3 introduction to ipv6 neighbor discovery protocol ipv6 neighbor discovery protocol (ndp) uses five types of icmpv6 messages ...
Page 599
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-8 icmpv6 message number function used to respond to an rs message router advertisement (ra) message 134 with the ra message suppression disabled, the router regularly sends an ra message containing in...
Page 600
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-9 ii. Neighbor reachability detection after node a acquires the link-layer address of its neighbor node b, node a can verify whether node b is reachable according to ns and na messages. 1) node a send...
Page 601
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-10 the router/prefix discovery is implemented through rs and ra messages. The router/prefix discovery procedure is as follows: 1) after started, a node sends an rs message to request the router for th...
Page 602
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-11 the path mtu (pmtu) discovery mechanism is to find the minimum mtu of all links in the path from the source to the destination. Figure 1-5 shows the working procedure of the pmtu discovery. Figure ...
Page 603
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-12 z rfc 1881: ipv6 address allocation management z rfc 1887: an architecture for ipv6 unicast address allocation z rfc 1981: path mtu discovery for ip version 6 z rfc 2375: ipv6 multicast address ass...
Page 604
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-13 follow these steps to enable the ipv6 packet forwarding function: to do... Use the command... Remarks enter system view system-view — enable the ipv6 packet forwarding function ipv6 required disabl...
Page 605
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-14 to do... Use the command... Remarks automatically generate a link-local address ipv6 address auto link-local configure an ipv6 link-local address manually assign a link-local address for an interfa...
Page 606
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-15 1.4 configuring ipv6 ndp 1.4.1 configuring a static neighbor entry the ipv6 address of a neighbor node can be resolved into a link-layer address dynamically through ns and na messages or through a ...
Page 607
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-16 follow these steps to configure the maximum number of neighbors dynamically learned: to do… use the command… remarks enter system view system-view — enter interface view interface interface-type in...
Page 608
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-17 parameters description router lifetime this field is used to set the lifetime of the router that sends ra messages to serve as the default router of hosts. According to the router lifetime in the r...
Page 609
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-18 to do… use the command… remarks configure the maximum and minimum intervals for sending ra messages ipv6 nd ra interval max-interval-value min-interval-value optional by default, the maximum interv...
Page 610
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-19 to do… use the command… remarks set the reachable time ipv6 nd nud reachable-time value optional by default, the neighbor reachable time on the local interface is 30,000 milliseconds and the reacha...
Page 611
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-20 the smaller one between the two values, the host fragments the packet according to the smaller value. Follow these steps to configure a static pmtu for a specified address: to do… use the command… ...
Page 612
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-21 follow these steps to configure ipv6 tcp properties: to do… use the command… remarks enter system view system-view — set the finwait timer of ipv6 tcp packets tcp ipv6 timer fin-timeout wait-time o...
Page 613
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-22 1.7.2 enable sending of multicast echo replies if hosts are capable of relying multicast echo requests, host a can attack host b by sending an echo request with the source being host b to a multica...
Page 614
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-23 to do… use the command… remarks enter system view system-view — enable the dynamic domain name resolution function dns resolve required disabled by default. Configure an ipv6 dns server dns server ...
Page 616
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-25 1.10 ipv6 configuration example i. Network requirements two switches are directly connected through two ethernet ports. The ethernet ports belong to vlan 2. Configure different types of ipv6 addres...
Page 617
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-26 # configure an eui-64 address for vlan-interface 2. [switchb-vlan-interface2] ipv6 address 2001::/64 eui-64 # configure an aggregatable global unicast address for vlan-interface 2. [switchb-vlan-in...
Page 618
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-27 hosts use stateless autoconfig for addresses # from switch a, ping the link-local address, eui-64 address, and aggregatable global unicast address respectively. If the configurations are correct, t...
Page 619
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 1 ipv6 basics configuration 1-28 bytes=56 sequence=5 hop limit=255 time = 60 ms --- 2001::20f:e2ff:fe00:1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/58/70 ms [swi...
Page 620
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 2 dual stack configuration 2-1 chapter 2 dual stack configuration when configuring dual stack, go to these sections for information you are interested in: z dual stack overview z configuring dual stack 2.1 dual stack overview dual...
Page 621
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 2 dual stack configuration 2-2 follow these steps to configure dual stack on a gateway: to do… use the command… remarks enter system view system-view — enable the ipv6 packet forwarding function ipv6 required disabled by default. ...
Page 622
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-1 chapter 3 tunneling configuration when configuring tunneling, go to these sections for information you are interested in: z introduction to tunneling z tunneling configuration task list z configuring ...
Page 623
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-2 caution: the devices at both ends of an ipv6 over ipv4 tunnel must support ipv4/ipv6 dual stack. Figure 3-1 principle of ipv6 over ipv4 tunnel the ipv6 over ipv4 tunnel processes packets in the follow...
Page 624
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-3 z if the ipv4 address of the tunnel destination cannot be acquired from the destination address of the ipv6 packet, it needs to be configured manually. Such a tunnel is called a configured tunnel. Z i...
Page 625
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-4 destination address of an ipv6 packet and the ipv6 address of a tunnel interface both adopt special addresses: isatap addresses. The isatap address format is prefix(64bit):0:5efe:ip-address. The ip-ad...
Page 626
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-5 to do… use the command… remarks create a tunnel interface and enter tunnel interface view interface tunnel number required by default, there is no tunnel interface on the device. Ipv6 address { ipv6-a...
Page 627
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-6 caution: z after a tunnel interface is deleted, all the above features configured on the tunnel interface will be deleted. Z if the addresses of the tunnel interfaces at the two ends of a tunnel are n...
Page 628
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-7 iii. Configuration procedure z configuration on switch a # enable ipv6. System-view [switcha] ipv6 # configure a link aggregation group. Disable stp on the port before adding it into the link aggregat...
Page 629
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-8 [switchb-gigabitethernet1/0/1] port link-aggregation group 1 [switchb-gigabitethernet1/0/1] quit # configure an ipv4 address for vlan-interface 100. [switchb] vlan 100 [switchb-vlan100] port gigabitet...
Page 630
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-9 global unicast address(es): 3001::2, subnet is 3001::/64 joined group address(es): ff02::1:ffa8:3201 ff02::1:ff00:2 ff02::2 ff02::1 mtu is 1500 bytes nd reachable time is 30000 milliseconds nd retrans...
Page 631
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-10 to do… use the command… remarks enter system view system-view — enable ipv6 ipv6 required by default, the ipv6 packet forwarding function is disabled. Create a tunnel interface and enter tunnel inter...
Page 632
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-11 caution: z only one automatic tunnel can be configured at the same tunnel source. Z no destination address needs to be configured for an automatic tunnel because the destination address can automatic...
Page 633
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-12 ii. Network diagram vlan-int100 2.1.1.1/24 vlan-int100 5.1.1.1/24 vlan-int101 2002:0201:0101:1::1/64 vlan-int101 2002:0501:0101:1::1/64 switch a switch b 6to4 switch 6to4 switch host a 2002:0201:0101...
Page 634
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-13 [switcha-vlan101] port gigabitethernet 1/0/3 [switcha-vlan101] quit [switcha] interface vlan-interface 101 [switcha-vlan-interface101] ipv6 address 2002:0201:0101:1::1/64 [switcha-vlan-interface101] ...
Page 635
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-14 [switchb] ip route-static 2.1.1.1 24 [nexthop] # configure an ipv6 address for vlan-interface 101. [switchb] vlan 101 [switchb-vlan101] port gigabitethernet 1/0/3 [switchb-vlan101] quit [switchb] int...
Page 636
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-15 3.5 configuring isatap tunnel 3.5.1 configuration prerequisites ip addresses are configured for interfaces such as vlan interface, and loopback interface on the device. Such an interface can serve as...
Page 637
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-16 to do… use the command… remarks set an isatap tunnel tunnel-protocol ipv6-ipv4 isatap required by default, the tunnel mode is manual. The same tunnel type should be configured at both ends of the tun...
Page 638
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-17 3.5.3 configuration example i. Network requirements the destination address of a tunnel is an isatap address. It is required that ipv6 hosts in the ipv4 network can access the ipv6 network via an isa...
Page 639
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-18 [switch-vlan-interface101] ip address 2.1.1.1 255.0.0.0 [switch-vlan-interface101] quit # configure an isatap tunnel. [switch] interface tunnel 0 [switch-tunnel0] ipv6 address 2001::1/64 eui-64 [swit...
Page 640
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-19 c:\>ipv6 if 2 interface 2: automatic tunneling pseudo-interface guid {48fce3fc-ec30-e50e-f1a7-71172aeee3ae} does not use neighbor discovery uses router discovery routing preference 1 eui-64 embedded ...
Page 641
Operation manual – ipv6 h3c s5500-ei series ethernet switches chapter 3 tunneling configuration 3-20 solution: follow the steps below: 1) the common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view...
Page 642: Table of Contents
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 multicast overview ...................................................................................................... 1-1 1.1 introduction to multicast.................................
Page 643
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents ii 2.6.4 configuring the function of dropping unknown multicast data ........................... 2-19 2.6.5 configuring igmp report suppression................................................................. 2-20 2...
Page 644
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents iii 3.7 displaying and maintaining mld snooping..................................................................... 3-21 3.8 mld snooping configuration examples.........................................................
Page 645
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents iv 6.7.2 inconsistent memberships on routers on the same subnet................................ 6-18 chapter 7 pim configuration..........................................................................................
Page 646
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents v 7.8 troubleshooting pim configuration ................................................................................. 7-51 7.8.1 failure of building a multicast distribution tree correctly .........................
Page 647
Operation manual – multicast h3c s5500-ei series ethernet switches table of contents vi 9.2 configuration task list ...................................................................................................... 9-6 9.3 configuring multicast routing and forwarding................................
Page 648
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-1 chapter 1 multicast overview note: this manual chiefly focuses on the ip multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to ip multica...
Page 649
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-2 figure 1-1 unicast transmission assume that hosts b, d and e need this information. The information source establishes a separate transmission channel for each of these hosts. In unicast transmission,...
Page 650
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-3 figure 1-2 broadcast transmission assume that only hosts b, d, and e need the information. If the information source broadcasts the information, hosts a and c also receive it. In addition to informati...
Page 651
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-4 figure 1-3 multicast transmission assume that hosts b, d and e need the information. To receive the information correctly, these hosts need to join a receiver set, which is known as a multicast group....
Page 652
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-5 for a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of tv programs, as shown in table 1-1 . Table 1-1 an analogy between tv transmission ...
Page 653
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-6 z any other point-to-multiple-point data distribution application. 1.2 multicast models based on how the receivers treat the multicast sources, there are two multicast models: i. Asm model in the asm ...
Page 654
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-7 hosts, and the tcp/ip stack must support reception and transmission of multicast data. 1.3.1 multicast addresses to allow communication between multicast sources and multicast group members, network-l...
Page 655
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-8 note: z the membership of a group is dynamic. Hosts can join or leave multicast groups at any time. Z “glop” is a mechanism for assigning multicast addresses between different autonomous systems (ass)...
Page 656
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-9 figure 1-4 ipv6 multicast format z 0xff: 8 bits, indicating that this address is an ipv6 multicast address. Z flags: 4 bits, of which the high-order flag is reserved and set to 0; the definition and u...
Page 657
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-10 1) ipv4 multicast mac addresses as defined by iana, the high-order 24 bits of an ipv4 multicast mac address are 0x01005e, bit 25 is 0x0, and the low-order 23 bits are the low-order 23 bits of a multi...
Page 658
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-11 1.3.2 multicast protocols note: z generally, we refer to ip multicast working at the network layer as layer 3 multicast and the corresponding multicast protocols as layer 3 multicast protocols, which...
Page 659
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-12 connected with the hosts. These protocols define the mechanism of establishing and maintaining group memberships between hosts and layer 3 multicast devices. 2) multicast routing protocols a multicas...
Page 660
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 1 multicast overview 1-13 1) igmp snooping/mld snooping running on layer 2 devices, internet group management protocol snooping (igmp snooping) and multicast listener discovery snooping (mld snooping) are multicast constraini...
Page 661
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-1 chapter 2 igmp snooping configuration when configuring igmp snooping, go to the following sections for information you are interested in: z igmp snooping overview z igmp snooping configuratio...
Page 662
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-2 multicast packet transmission without igmp snooping source multicast router host a receiver host b host c receiver multicast packets layer 2 switch multicast packet transmission when igmp sno...
Page 663
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-3 z router port: a router port is a port on the ethernet switch that leads switch towards the layer 3 multicast device (dr or igmp querier). In the figure, ethernet 1/0/1 of switch a and ethern...
Page 664
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-4 note: the port aging mechanism of igmp snooping works only for dynamic ports; a static port will never age out. 2.1.3 work mechanism of igmp snooping a switch running igmp snooping performs d...
Page 665
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-5 z if a forwarding table entry exists for the reported group and the port is included in the outgoing port list, which means that this port is already a member port, the switch resets the memb...
Page 666
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-6 forwards it through all its router ports in the vlan and all member ports for that multicast group, and performs the following: z if any igmp report in response to the group-specific query is...
Page 667
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-7 2.2 igmp snooping configuration task list complete these tasks to configure igmp snooping: task remarks enabling igmp snooping required configuring basic functions of igmp snooping configurin...
Page 668
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-8 note: z configurations made in igmp snooping view are effective for all vlans, while configurations made in vlan view are effective only for ports belonging to the current vlan. For a given v...
Page 669
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-9 note: z igmp snooping must be enabled globally before it can be enabled in a vlan. Z after enabling igmp snooping in a vlan, you cannot enable igmp and/or pim on the corresponding vlan interf...
Page 670
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-10 z enable igmp snooping in the vlan or enable igmp on the desired vlan interface z configure the corresponding port groups. Before configuring igmp snooping port functions, prepare the follow...
Page 671
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-11 to do... Use the command... Remarks configure member port aging time igmp-snooping host-aging-time interval optional 260 seconds by default 2.4.3 configuring static ports if all the hosts at...
Page 672
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-12 2.4.4 configuring simulated joining generally, a host running igmp responds to igmp queries from the igmp querier. If a host fails to respond due to some reasons, the multicast router may de...
Page 673
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-13 2.4.5 configuring fast leave processing the fast leave processing feature allows the switch to process igmp leave group messages in a fast way. With the fast leave processing feature enabled...
Page 674
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-14 caution: if fast leave processing is enabled on a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and interested in...
Page 675
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-15 caution: it is meaningless to configure an igmp snooping querier in a multicast network running igmp. Although an igmp snooping querier does not take part in igmp querier elections, it may a...
Page 676
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-16 ii. Configuring igmp queries and responses in a vlan follow these steps to configure igmp queries and responses in a vlan: to do... Use the command... Remarks enter system view system-view —...
Page 678
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-18 i. Configuring a multicast group filter globally follow these steps to configure a multicast group filter globally: to do... Use the command... Remarks enter system view system-view — enter ...
Page 679
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-19 to do... Use the command... Remarks enter system view system-view — enter igmp snooping view igmp-snooping — enable multicast source port filtering source-deny port interface-list required d...
Page 680
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-20 to do... Use the command... Remarks enter system view system-view — enter vlan view vlan vlan-id — enable the function of dropping unknown multicast data igmp-snooping drop-unknown required ...
Page 681
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-21 follow these steps to configure the maximum number of multicast groups that can be joined on a port or ports: to do... Use the command... Remarks enter system view system-view — enter ethern...
Page 682
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-22 i. Configuring multicast group replacement globally follow these steps to configure multicast group replacement globally: to do... Use the command... Remarks enter system view system-view — ...
Page 683
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-23 2.7 displaying and maintaining igmp snooping to do... Use the command... Remarks view the information of igmp snooping multicast groups display igmp-snooping group [ vlan vlan-id ] [ verbose...
Page 684
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-24 ii. Network diagram source router a switch a receiver receiver host b host a host c 1.1.1.1/24 ge1/0/4 ge1/0/2 ge1/0/3 igmp querier ge1/0/1 ge1/0/1 10.1.1.1/24 ge1/0/2 1.1.1.2/24 vlan100 fig...
Page 685
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-25 [switcha] vlan 100 [switcha-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 [switcha-vlan100] igmp-snooping enable [switcha-vlan100] quit # enable simulated host joining on giga...
Page 686
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-26 as shown above, gigabitethernet 1/0/3 and gigabitethernet 1/0/4 of switch a have joined multicast group 224.1.1.1. 2.8.2 static router port configuration i. Network requirements z as shown i...
Page 687
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-27 ii. Network diagram source 1.1.1.1/24 router a igmp querier ge1/0/1 10.1.1.1/24 ge1/0/2 1.1.1.2/24 switch a switch c switch b ge1/0/1 ge1/0/2 ge1/0/2 host c host b host a receiver receiver g...
Page 688
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-28 # create vlan 100, assign gigabitethernet 1/0/1 through gigabitethernet 1/0/3 to this vlan, and enable igmp snooping in the vlan. [switcha] vlan 100 [switcha-vlan100] port gigabitethernet 1/...
Page 689
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-29 total 1 mac group(s). Port flags: d-dynamic port, s-static port, a-aggregation port, c-copy port subvlan flags: r-real vlan, c-copy vlan vlan(id):100. Total 1 ip group(s). Total 1 ip source(...
Page 690
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-30 ii. Network diagram source 1.1.1.1/24 host a receiver switch c switch a switch b host b receiver host c receiver querier ge1/0/1 ge1/0/2 ge1/0/1 ge1/0/1 ge1/0/2 ge1/0/3 ge1/0/2 ge1/0/3 figur...
Page 691
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-31 # create vlan 100, add gigabitethernet 1/0/1 through gigabitethernet 1/0/3 to vlan 100, and enable igmp snooping in this vlan. [switchb] vlan 100 [switchb-vlan100] port gigabitethernet 1/0/1...
Page 692
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-32 ii. Analysis igmp snooping is not enabled. Iii. Solution 1) enter the display current-configuration command to view the running status of igmp snooping. 2) if igmp snooping is not enabled, u...
Page 693
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 2 igmp snooping configuration 2-33 4) use the display igmp-snooping group command to check whether any port has been configured as a static member port of any multicast group. If so, check whether this configuration conflicts...
Page 694
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-1 chapter 3 mld snooping configuration when configuring mld snooping, go to these sections for information you are interested in: z mld snooping overview z mld snooping configuration task list z...
Page 695
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-2 ipv6 multicast packet transmission without mld snooping source multicast router host a receiver host b host c receiver ipv6 multicast packets layer 2 switch ipv6 multicast packet transmission ...
Page 696
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-3 z router port: a router port is a port on the ethernet switch that leads switch towards the layer-3 multicast device (dr or mld querier). In the figure, ethernet 1/0/1 of switch a and ethernet...
Page 697
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-4 note: the port aging mechanism of mld snooping works only for dynamic ports; a static port will never age out. 3.1.3 how mld snooping works a switch running mld snooping performs different act...
Page 698
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-5 z if a forwarding table entry exists for the reported ipv6 multicast group and the port is included in the outgoing port list, which means that this port is already a member port, the switch r...
Page 699
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-6 z if no mld report in response to the mld multicast-address-specific query is heard on a member port before its aging timer expires, this means that no hosts attached to the port are still lis...
Page 700
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-7 note: z configurations made in mld snooping view are effective for all vlans, while configurations made in vlan view are effective only for ports belonging to the current vlan. For a given vla...
Page 701
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-8 note: z mld snooping must be enabled globally before it can be enabled in a vlan. Z after enabling mld snooping in a vlan, you cannot enable mld and/or ipv6 pim on the corresponding vlan inter...
Page 702
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-9 z configure the corresponding port groups before configuring mld snooping port functions, prepare the following data: z aging time of router ports z aging timer of member ports z ipv6 multicas...
Page 703
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-10 3.4.3 configuring static ports if all the hosts attached to a port is interested in the ipv6 multicast data addressed to a particular ipv6 multicast group, you can configure that port as a st...
Page 704
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-11 to avoid this situation from happening, you can enable simulated joining on a port of the switch, namely configure the port as a simulated member host for an ipv6 multicast group. When an mld...
Page 705
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-12 in vlans where only one host is attached to each port, fast leave processing helps improve bandwidth and resource usage. I. Configuring fast leave processing globally follow these steps to co...
Page 706
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-13 z enable mld snooping in the vlan. Before configuring mld snooping querier, prepare the following data: z mld general query interval, z mld last-member query interval, z maximum response time...
Page 707
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-14 upon receiving an mld query (general query or group-specific query), a host starts a timer for each ipv6 multicast group it has joined. This timer is initialized to a random value in the rang...
Page 708
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-15 to do... Use the command... Remarks configure the mld last-member query interval mld-snooping last-listener-query-inter val interval optional 1 second by default caution: make sure that the m...
Page 709
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-16 z enable mld snooping in the vlan before configuring an mld snooping policy, prepare the following data: z ipv6 acl rule for ipv6 multicast group filtering z the maximum number of ipv6 multic...
Page 710
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-17 to do... Use the command... Remarks configure an ipv6 multicast group filter mld-snooping group-policy acl6-number [ vlan vlan-list ] required no ipv6 filter configured by default, namely hos...
Page 711
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-18 to do... Use the command... Remarks enable ipv6 multicast source port filtering mld-snooping source-deny required disabled by default note: when enabled to filter ipv6 multicast data based on...
Page 712
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-19 layer 2 device, the layer 3 device directly connected with it will receive duplicate mld reports from these members. With the mld report suppression function enabled, within a query interval,...
Page 713
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-20 note: z when the number of ipv6 multicast groups that can be joined on a port reaches the maximum number configured, the system deletes all the forwarding entries persistent to that port from...
Page 714
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-21 ii. Configuring ipv6 multicast group replacement on a port or a group of ports follow these steps to configure ipv6 multicast group replacement on a port or a group of ports: to do... Use the...
Page 715
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-22 note: the reset mld-snooping group command cannot clear mld snooping multicast group information for static joins. 3.8 mld snooping configuration examples 3.8.1 simulated joining i. Network r...
Page 716
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-23 2) configure router a # enable ipv6 multicast routing, enable ipv6 pim-dm on each interface, and enable mldv1 on gigabitethernet 1/0/1. System-view [routera] multicast ipv6 routing-enable [ro...
Page 717
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-24 vlan(id):100. Total 1 ip group(s). Total 1 ip source(s). Total 1 mac group(s). Router port(s):total 1 port. Ge1/0/1 (d) ( 00:01:30 ) ip group(s):the following ip group(s) match to one mac gro...
Page 718
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-25 note: if no static router port is configured, when the path of switch a—switch b—switch c gets blocked, at least one mld query-response cycle must be completed before the ipv6 multicast data ...
Page 719
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-26 [routera-gigabitethernet 1/0/2] pim ipv6 dm [routera-gigabitethernet 1/0/2] quit 3) configure switch a # enable mld snooping globally. System-view [switcha] mld-snooping [switcha-mld-snooping...
Page 720
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-27 6) verify the configuration # view the detailed information about mld snooping multicast groups in vlan 100 on switch a. [switcha] display mld-snooping group vlan 100 verbose total 1 ip group...
Page 721
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-28 ii. Network diagram figure 3-5 network diagram for mld snooping querier configuration iii. Configuration procedure 1) configure switch a # enable ipv6 forwarding and enable mld snooping globa...
Page 722
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-29 [switchb] vlan 100 [switchb-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 [switchb-vlan100] mld-snooping enable 3) configuration on switch c # enable ipv6 forwarding and enable...
Page 723
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-30 iii. Solution 1) enter the display current-configuration command to view the running status of mld snooping. 2) if mld snooping is not enabled, use the mld-snooping command to enable mld snoo...
Page 724
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 3 mld snooping configuration 3-31 4) use the display mld-snooping group command to check whether any port has been configured as a static member port of any ipv6 multicast group. If so, check whether this configuration confli...
Page 725
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 4 multicast vlan configuration 4-1 chapter 4 multicast vlan configuration 4.1 introduction to multicast vlan as shown in figure 4-1 , in the traditional multicast programs-on-demand mode, when hosts that belong to different v...
Page 726
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 4 multicast vlan configuration 4-2 to do… use the command… remarks enter system view system-view — configure a specific vlan as a multicast vlan multicast-vlan vlan-id enable required disabled by default configure sub-vlans f...
Page 727
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 4 multicast vlan configuration 4-3 z igmp is required on router a, and igmp snooping is required on switch a. Router a is the igmp querier. Z switch a’s gigabitethernet 1/0/1 belongs to vlan 1024, gigabitethernet 1/0/2 throug...
Page 728
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 4 multicast vlan configuration 4-4 [routera-gigabitethernet 1/0/1] igmp enable [routera-gigabitethernet 1/0/1] quit [routera] interface gigabitethernet 1/0/2 [routera-gigabitethernet 1/0/2] pim dm [routera-gigabitethernet 1/0...
Page 729
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 5 ipv6 multicast vlan configuration 5-1 chapter 5 ipv6 multicast vlan configuration 5.1 introduction to ipv6 multicast vlan as shown in figure 5-1 , in the traditional ipv6 multicast programs-on-demand mode, when hosts that b...
Page 730
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 5 ipv6 multicast vlan configuration 5-2 to do… use the command… remarks enter system view system-view — configure a specific vlan as an ipv6 multicast vlan multicast-vlan ipv6 vlan-id enable required by default, no vlan is an...
Page 731
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 5 ipv6 multicast vlan configuration 5-3 5.4 ipv6 multicast vlan configuration examples i. Network requirements z as shown in figure 5-2 , router a connects to an ipv6 multicast source (source) through gigabitethernet 1/0/2, a...
Page 732
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 5 ipv6 multicast vlan configuration 5-4 # enable ipv6 multicast routing, enable ipv6 pim-dm on each interface, and enable mld on gigabitethernet 1/0/1. System-view [routera] multicast ipv6 routing-enable [routera] interface g...
Page 733
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-1 chapter 6 igmp configuration when configuring igmp, go to the following sections for the information you are interested in: z igmp overview z igmp configuration task list z igmp configuration example ...
Page 734
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-2 querier election mechanism is required to determine which router will act as the igmp querier on the subnet. In igmpv1, the designated router (dr) elected by a multicast routing protocol (such as pim)...
Page 735
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-3 g1. This mechanism, known as igmp report suppression, helps reduce traffic over the local subnet. 4) at the same time, because host a is interested in g2, it sends a report to the multicast group addr...
Page 736
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-4 ii. “leave group” mechanism in igmpv1, when a host leaves a multicast group, it does not send any notification to the multicast router. The multicast router relies on host response timeout to know whe...
Page 737
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-5 is interested only in the multicast data that source 1 sends to g but not in the data from source 2. Source 2 receiver host a host b host c packets (s1,g) packets (s2,g) source 1 figure 6-2 flow paths...
Page 738
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-6 list. If the specified multicast source list is empty, this means that the report sender has left the reported multicast group. Z is_ex: the source filtering mode is exclude, namely, the report sender...
Page 739
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-7 note: z configurations performed in igmp view are effective on all interfaces, while configurations performed in interface view are effective on the current interface only. Z if a feature is not confi...
Page 740
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-8 6.3.3 configuring igmp versions because messages vary with different igmp versions, the same igmp version should be configured for all routers on the same subnet before igmp can work properly. I. Conf...
Page 741
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-9 to do... Use the command... Description configure the interface as a static member of a multicast group igmp static-group group-address [ source source-address ] required an interface is not a static ...
Page 742
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-10 before adjusting igmp performance, prepare the following data: z igmp general query interval z igmp querier’s robustness variable z maximum response time for igmp general queries z igmp last-member q...
Page 743
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-11 ii. Configuring igmp packet options on an interface follow these steps to configure igmp packet options on an interface: to do... Use the command... Description enter system view system-view — enter ...
Page 744
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-12 z for igmp group-specific queries, you can configure the igmp last member query interval to fill their max response time field. Namely, for igmp group-specific queries, the maximum response time equa...
Page 745
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-13 to do... Use the command... Description configure the maximum response time for igmp general queries igmp max-response-time interval optional 10 seconds by default configure the igmp last member quer...
Page 747
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-15 6.6 igmp configuration example i. Network requirements z receivers receive vod information through the multicast mode. Receivers of different organizations form stub networks n1 and n2, and host a an...
Page 748
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-16 configure the ospf protocol for interoperation among the switches. Ensure the network-layer interoperation among switch a, switch b and switch c on the pim network and dynamic update of routing infor...
Page 749
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-17 querier for igmp: 10.110.2.1 (this router) total 1 igmp group reported 6.7 troubleshooting igmp 6.7.1 no member information on the receiver-side router i. Symptom when a host sends a report for joini...
Page 750
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 6 igmp configuration 6-18 6.7.2 inconsistent memberships on routers on the same subnet i. Symptom different memberships are maintained on different igmp routers on the same subnet. Ii. Analysis z a router running igmp maintai...
Page 751
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-1 chapter 7 pim configuration when configuring pim, go to these sections for information you are interested in: z pim overview z configuring pim-dm z configuring pim-sm z configuring pim-ssm z configurin...
Page 752
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-2 note: to facilitate description, a network comprising pim-capable routers is referred to as a “pim domain” in this document. 7.1.1 introduction to pim-dm pim-dm is a type of dense mode multicast protoc...
Page 753
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-3 note: every activated interface on a router sends hello messages periodically, and thus learns the pim neighboring information pertinent to the interface. Ii. Spt establishment the process of building ...
Page 754
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-4 figure 7-1 spt establishment the “flood and prune” process takes place periodically. A pruned state timeout mechanism is provided. A pruned branch restarts multicast forwarding when the pruned state ti...
Page 755
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-5 iv. Assert if multiple multicast routers exist on a multi-access subnet, duplicate packets may flow to the same subnet. To shut off duplicate flows, the assert mechanism is used for election of a singl...
Page 756
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-6 pim-sm is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast...
Page 757
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-7 i. Neighbor discovery pim-sm uses exactly the same neighbor discovery mechanism as pim-dm does. Refer to neighbor discovery . Ii. Dr election pim-sm also uses hello messages to elect a designated route...
Page 758
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-8 1) routers on the multi-access network send hello messages to one another. The hello messages contain the router priority for dr election. The router with the highest dr priority will become the dr. 2)...
Page 759
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-9 figure 7-4 bsr and c-rps iv. Rpt establishment figure 7-5 rpt establishment in a pim-sm domain as shown in figure 7-5 , the process of building an rpt is as follows: 1) when a receiver joins a multicas...
Page 760
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-10 the multicast data addressed to the multicast group g flows through the rp, reaches the corresponding dr along the established rpt, and finally is delivered to the receiver. When a receiver is no long...
Page 761
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-11 3) the subsequent multicast data from the multicast source travels along the established spt to the rp, and then the rp forwards the data along the rpt to the receivers. When the multicast traffic arr...
Page 762
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-12 ii. Relationship between bsr admin-scope regions and the global scope zone a better understanding of the global scope zone and bsr admin-scope regions should be based on two aspects: geographical spac...
Page 763
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-13 figure 7-8 relationship between bsr admin-scope regions and the global scope zone in group address ranges in figure 7-8 , the group address ranges of admin-scope-scope regions bsr1 and bsr2 have no in...
Page 764
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-14 the ssm model provides a solution for source-specific multicast. It maintains the relationships between hosts and routers through igmpv3. In actual application, part of the pim-sm technique is adopted...
Page 765
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-15 as shown in figure 7-9 , host b and host c are multicast information receivers. They send igmpv3 report messages denoted as (include s, g) to the respective drs to express their interest in the inform...
Page 766
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-16 7.2 configuring pim-dm 7.2.1 pim-dm configuration task list complete these tasks to configure pim-dm: task remarks enabling pim-dm required enabling state refresh optional configuring state refresh pa...
Page 767
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-17 to do... Use the command... Remarks enable pim-dm pim dm required disabled by default caution: z all the interfaces of the same router must work in the same pim mode. Z pim-dm cannot be used for multi...
Page 768
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-18 control the propagation scope of state refresh messages, you need to configure an appropriate ttl value based on the network size. Follow these steps to configure state refresh parameters: to do... Us...
Page 769
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-19 7.3 configuring pim-sm note: a device can serve as a c-rp and a c-bsr at the same time. 7.3.1 pim-sm configuration task list complete these tasks to configure pim-sm: task remarks configuring pim-sm r...
Page 770
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-20 z bootstrap timeout time z an acl rule defining a legal c-rp address range and the range of multicast groups to be served z c-rp-adv interval z c-rp timeout time z the ip address of a static rp z an a...
Page 771
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-21 7.3.4 configuring a bsr note: the bsr is dynamically elected from a number of c-bsrs. Because it is unpredictable which router will finally win a bsr election, the commands introduced in this section ...
Page 772
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-22 perform neighbor check and rpf check on bsr messages and discard unwanted messages. 2) when a router in the network is controlled by an attacker or when an illegal router is present in the network, th...
Page 774
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-24 follow these steps to configure a bsr admin-scope region boundary: to do... Use the command... Remarks enter system view system-view — enter interface view interface interface-type interface-number — ...
Page 775
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-25 note: about the bootstrap timeout time: z by default, the bootstrap timeout time is determined by this formula: bootstrap timeout = bootstrap interval × 2 + 10. The default bootstrap interval is 60 se...
Page 776
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-26 to do… use the command… remarks configure a static rp static-rp rp-address [ acl-number ] [ preferred ] optional no static rp by default ii. Configuring a c-rp in a pim-sm domain, you can configure ro...
Page 777
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-27 iii. Enabling auto-rp auto-rp announcement and discovery messages are respectively addressed to the multicast group addresses 224.0.1.39 and 224.0.1.40. With auto-rp enabled on a device, the device ca...
Page 778
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-28 note: z the commands introduced in this section are to be configured on c-rps. Z for the configuration of other timers in pim-sm, refer to configuring pim common timers . 7.3.6 configuring pim-sm regi...
Page 779
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-29 to do... Use the command... Remarks configure a filtering rule for register messages register-policy acl-number optional no register filtering rule by default configure the device to calculate the che...
Page 780
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-30 note: z the support for the timer spt-switch command depends on the specific device model. Z typically, you need to configure the above-mentioned parameters on the receiver-side dr and the rp only. Si...
Page 781
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-31 7.4.3 enabling pim-sm the ssm model is implemented based on some subsets of pim-sm. Therefore, a router is pim-ssm capable after you enable pim-sm on it. When deploying a pim-sm domain, you are recomm...
Page 782
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-32 note: the commands introduced in this section are to be configured on all routers in the pim domain. Caution: z make sure that the same ssm group range is configured on all routers in the entire domai...
Page 783
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-33 7.5.2 configuration prerequisites before configuring pim common information, complete the following tasks: z configure any unicast routing protocol so that all devices in the domain are interoperable ...
Page 784
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-34 note: z generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. Z this filter works not only on independent multicast data but also on mult...
Page 785
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-35 new generation id. If a pim router finds that the generation id in a hello message from the upstream router has changed, it assumes that the status of the upstream neighbor is lost or the upstream nei...
Page 786
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-36 to do... Use the command... Remarks configure the prune delay time (lan-delay) pim hello-option lan-delay interval optional 500 milliseconds by default configure the prune override interval pim hello-...
Page 787
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-37 i. Configuring pim common timers globally follow these steps to configure pim common timers globally: to do... Use the command... Remarks enter system view system-view — enter pim view pim — configure...
Page 788
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-38 note: if there are no special networking requirements, we recommend that you use the default settings. 7.5.6 configuring join/prune message limits a larger join/prune message size will result in loss ...
Page 789
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-39 to do... Use the command... Remarks view the information about unacknowledged graft messages display pim grafts available in any view view the pim information on an interface or all interfaces display...
Page 790
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-40 z switch a connects to stub network n1 through vlan-interface 100, and to switch d through vlan-interface 103. Z switch b and switch c connect to stub network n2 through their respective vlan-interfac...
Page 791
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-41 among the switches through a unicast routing protocol. Detailed configuration steps are omitted here. 2) enable ip multicast routing, and enable pim-dm on each interface # enable ip multicast routing ...
Page 792
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-42 carry out the display pim neighbor command to view the pim neighboring relationships among the switches. For example: # view the pim neighboring relationships on switch d. [switchd] display pim neighb...
Page 793
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-43 the information on switch b and switch c is similar to that on switch a. # view the pim routing table information on switch d. [switchd] display pim routing-table total 0 (*, g) entry; 1 (s, g) entry ...
Page 794
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-44 ii. Network diagram ether net ether net e thernet n1 n2 vl an- in t101 vlan- int10 1 device interface ip address device interface ip address switch a vlan-int100 10.110.1.1/24 switch d vlan-int300 10....
Page 795
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-45 system-view [switcha] multicast routing-enable [switcha] interface vlan-interface 100 [switcha-vlan-interface100] igmp enable [switcha-vlan-interface100] pim sm [switcha-vlan-interface100] quit [switc...
Page 796
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-46 [switcha] display pim bsr-info elected bsr address: 192.168.9.2 priority: 0 hash mask length: 30 state: accept preferred scope: not scoped uptime: 01:40:40 next bsr message scheduled at: 00:01:42 # vi...
Page 797
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-47 assume that host a needs to receive information addressed to the multicast group g (225.1.1.1/24). An rpt will be built between switch a and switch e. When the multicast source s (10.110.5.100/24) reg...
Page 798
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-48 upstream interface: vlan-interface300 upstream neighbor: null rpf prime neighbor: null downstream interface(s) information: total number of downstreams: 1 1: vlan-interface105 protocol: pim-sm, uptime...
Page 799
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-49 ii. Network diagram ether net ether net e thernet n1 n2 vl an- in t101 vlan- int10 1 device interface ip address device interface ip address switch a vlan-int100 10.110.1.1/24 switch d vlan-int300 10....
Page 800
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-50 system-view [switcha] multicast routing-enable [switcha] interface vlan-interface 100 [switcha-vlan-interface100] igmp enable [switcha-vlan-interface100] igmp version 3 [switcha-vlan-interface100] pim...
Page 801
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-51 multicast routing entries. You can use the display pim routing-table command to view the pim routing table information on each switch. For example: # view the pim routing table information on switch a...
Page 802
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-52 ii. Analysis z when pim-dm runs on the entire network, multicast data is flooded from the first hop router connected with the multicast source to the last hop router connected with the clients along t...
Page 803
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-53 5) check that the same pim mode is enabled on related interfaces. Use the display pim interface verbose command to check whether the same pim mode is enabled on the rpf interface and the corresponding...
Page 804
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-54 ii. Analysis z as the core of a pim-sm domain, the rps serve specific multicast groups. Multiple rps can coexist in a network. Make sure that the rp information on all routers is exactly the same, and...
Page 805
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 7 pim configuration 7-55 and the bsr. Make sure that each c-rp has a unicast route to the bsr, the bsr has a unicast route to each c-rp, and all the routers in the entire network have a unicast route to the rp. 2) check the r...
Page 806
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-1 chapter 8 msdp configuration when configuring msdp, go to these sections for information you are interested in: z msdp overview z msdp configuration task list z displaying and maintaining msdp z msdp ...
Page 807
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-2 caution: z msdp is applicable only if the intra-domain multicast protocol is pim-sm. Z msdp is meaningful only for the any-source multicast (asm) model. 8.1.2 how msdp works i. Msdp peers with one or ...
Page 808
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-3 data from the multicast source arrives, the receiver-side msdp peer forwards the data to the receivers along the rpt. Z intermediate msdp peer: an msdp peer with multicast remote msdp peers, like rp 2...
Page 809
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-4 rp 1 dr 1 source pim-sm 1 pim-sm 3 pim-sm 2 pim-sm 4 rp 3 rp 2 dr 2 msdp peers sa message join message multicast packets register message receiver figure 8-2 msdp peering relationships the process of ...
Page 810
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-5 hop towards dr 1 at the multicast source side, so that it can directly join the spt rooted at the source over other pim-sm domains. Then, the multicast data can flow along the spt to rp 2 and is forwa...
Page 811
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-6 sa message msdp peers as 1 as 2 as 3 as 4 as 5 rp 1 rp 2 rp 3 rp 4 rp 5 rp 6 rp 7 rp 8 rp 9 mesh group source (1) (2) (3) (3) (4) (7) (6) (5) (4) static rpf peers figure 8-3 diagram for rpf check for ...
Page 812
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-7 6) when rp 8 receives the sa message from rp 7 an ebgp route exists between two msdp peers in different ass. Because the sa message is from an msdp peer (rp 7) in a different as, and the msdp peer is ...
Page 813
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-8 the work process of anycast rp is as follows: 1) the multicast source registers with the nearest rp. In this example, source registers with rp 1, with its multicast data encapsulated in the register m...
Page 814
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-9 8.2 msdp configuration task list complete these tasks to configure msdp: task remarks enabling msdp required creating an msdp peer connection required configuring basic functions of msdp configuring a...
Page 815
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-10 to do... Use the command... Remarks enter system view system-view — enable ip multicast routing multicast routing-enable required disabled by default enable msdp and enter msdp view msdp required dis...
Page 816
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-11 to do... Use the command... Remarks configure a static rpf peer static-rpf-peer peer-address [ rp-policy ip-prefix-name ] required no static rpf peer configured by default note: if only one msdp peer...
Page 817
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-12 8.4.3 configuring an msdp mesh group an as may contain multiple msdp peers. You can use the msdp mesh group mechanism to avoid sa message flooding among these msdp peers and optimize the multicast tr...
Page 818
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-13 when a new msdp peer is created, or when a previously deactivated msdp peer connection is reactivated, or when a previously failed msdp peer attempts to resume operation, a tcp connection is required...
Page 819
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-14 message containing the multicast packet in an sa message and sends it out. After receiving the sa message, the remote rp decapsulates the sa message and delivers the multicast data contained in the r...
Page 820
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-15 to do... Use the command... Remarks configure a filtering rule for sa request messages peer peer-address sa-request-policy [ acl acl-number ] optional sa request messages are not filtered by default ...
Page 821
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-16 to do... Use the command... Remarks configure the minimum ttl value of multicast packets to be encapsulated in sa messages peer peer-address minimum-ttl ttl-value optional 0 by default 8.5.5 configur...
Page 823
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-18 ii. Network diagram vl an -int103 vl an -int103 vl an- int20 0 vlan- int30 0 vl an- int40 0 device interface ip address device interface ip address switch a vlan-int103 10.110.1.2/24 switch d vlan-in...
Page 824
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-19 # enable ip multicast routing on switch a, enable pim-sm on each interface, and enable igmp on the host-side interface vlan-interface 200. System-view [switcha] multicast routing-enable [switcha] int...
Page 825
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-20 [switchc-bgp] peer 192.168.3.2 as-number 200 [switchc-bgp] import-route ospf 1 [switchc-bgp] quit # configure ibgp on switch e, and redistribute ospf routes. [switche] bgp 200 [switche-bgp] router-id...
Page 826
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-21 peer v as msgrcvd msgsent outq prefrcv up/down state 192.168.1.2 4 200 24 21 0 6 00:13:09 established # view the information about bgp peering relationships on switch c. [switchc] display bgp peer bg...
Page 827
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-22 * 192.168.1.1 0 0 100? *> 192.168.1.1/32 0.0.0.0 0 0 ? *> 192.168.1.2/32 0.0.0.0 0 0 ? * 192.168.1.1 0 0 100? *> 192.168.3.0 0.0.0.0 0 0 ? * i 192.168.3.2 0 100 0 ? *> 192.168.3.1/32 0.0.0.0 0 0 ? *>...
Page 828
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-23 msdp peer 192.168.1.2, as 200 description: information about connection status: state: up up/down time: 00:15:47 resets: 0 connection interface: vlan-interface101 (192.168.1.1) number of sent/receive...
Page 829
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-24 switch e, so that any switch can receive sa messages only from its static rpf peer(s) and permitted by the corresponding filtering policy. Ii. Network diagram vlan-int101 vl an -int102 switch b switc...
Page 830
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-25 2) enable ip multicast routing, enable pim-sm and igmp, and configure a pim-sm domain border # enable ip multicast routing on switch a, enable pim-sm on each interface, and enable igmp on the host-si...
Page 831
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-26 [switchb-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [switchb-msdp] static-rpf-peer 192.168.3.1 rp-policy list-df [switchb-msdp] static-rpf-peer 192.168.1.2 rp-policy list-df [switchb...
Page 832
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-27 1 1 0 0 0 0 peer's address state up/down time as sa count reset count 192.168.1.1 up 01:07:09 ? 8 0 # view the brief msdp peer information on switch e. [switche] display msdp brief msdp peer brief in...
Page 833
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-28 ii. Network diagram loop10 lo op0 loo p2 0 loop10 loop 20 loop 0 receiver 1 source 1 switch a switch b switch c switch d switch e v la n -i n t1 0 1 v la n -i n t1 0 1 v la n -in t1 0 2 v la n -in t1...
Page 834
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-29 [switchb] interface vlan-interface 100 [switchb-vlan-interface100] igmp enable [switchb-vlan-interface100] pim sm [switchb-vlan-interface100] quit [switchb] interface vlan-interface 103 [switchb-vlan...
Page 835
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-30 5) verify the configuration you can use the display msdp brief command to view the brief information of msdp peering relationships between the switches. # view the brief msdp peer information on swit...
Page 836
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-31 (10.110.5.100, 225.1.1.1) rp: 10.1.1.1 (local) protocol: pim-sm, flag: spt 2msdp act uptime: 00:46:28 upstream interface: vlan-interface103 upstream neighbor: 10.110.2.2 rpf prime neighbor: 10.110.2....
Page 837
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-32 protocol: pim-sm, flag: spt 2msdp act uptime: 00:40:22 upstream interface: vlan-interface104 upstream neighbor: 10.110.4.2 rpf prime neighbor: 10.110.4.2 downstream interface(s) information: total nu...
Page 838
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-33 ii. Analysis z the import-source command is used to control sending (s, g) entries through sa messages to msdp peers. If this command is executed without the acl-number argument, all the (s, g) entri...
Page 839
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 8 msdp configuration 8-34 3) check the configuration of the originating-rp command. In the anycast rp application environment, be sure to use the originating-rp command to configure the rp address in the sa messages, which mu...
Page 840: Configuration
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-1 chapter 9 multicast routing and forwarding configuration when configuring multicast routing and forwarding, go to these sections for information you are interested in: z mu...
Page 841
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-2 9.1.2 rpf mechanism when creating multicast routing table entries, a multicast routing protocol uses the reverse path forwarding (rpf) mechanism to ensure multicast data de...
Page 842
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-3 unicast route; instead, it relies on the existing unicast routing information or multicast static routes in creating multicast routing entries. When performing an rpf check...
Page 843
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-4 figure 9-1 rpf check process z a multicast packet from source arrives on vlan-interface 1 of switch c, and the corresponding forwarding entry does not exist in the multicas...
Page 844
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-5 unicast rpf route and the optimal multicast static route respectively from the routing tables, and uses one of them as the rpf route after comparison. Figure 9-2 multicast ...
Page 845
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-6 z request, with the igmp type field set to 0x1f, and z response, with the igmp type field set to 0x1e. Iii. Process of multicast traceroute 1) the querier sends a query to ...
Page 846
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-7 z the maximum number of routing entries in a multicast forwarding table 9.3.2 enabling ip multicast routing before configuring any layer 3 multicast functionality, you must...
Page 847
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-8 follow these steps to configure a multicast static route: to do... Use the command... Remarks enter system view system-view — configure a multicast static route ip rpf-rout...
Page 848
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-9 follow these steps to configure multicast load splitting: to do... Use the command... Remarks enter system view system-view — configuring multicast load splitting multicast...
Page 849
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-10 routing protocol. In addition, newly added downstream nodes cannot be installed to the routing entry into the forwarding table. If the configured maximum number of routing...
Page 850
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-11 9.4 displaying and maintaining multicast routing and forwarding to do... Use the command... Remarks view the multicast boundary information display multicast boundary [ gr...
Page 851
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-12 caution: z the reset command clears the information in the multicast routing table or the multicast forwarding table, and thus may cause failure of multicast transmission....
Page 852
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-13 iii. Configuration procedure 1) configure the interface ip addresses and enable unicast routing on each switch configure the ip address and subnet mask for each interface ...
Page 853
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-14 [switchb] display multicast rpf-info 50.1.1.100 rpf information about source 50.1.1.100: rpf interface: vlan-interface102, rpf neighbor: 30.1.1.2 referenced route/mask: 50...
Page 854
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-15 ii. Network diagram switch a switch b switch c vlan-int102 30.1.1.2/24 vlan-int101 20.1.1.2/24 vlan-int101 20.1.1.1/24 vlan-int102 30.1.1.1/24 source 1 source 2 receiver 4...
Page 855
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-16 [switchc] interface vlan-interface 300 [switchc-vlan-interface300] pim dm [switchc-vlan-interface300] quit [switchc] interface vlan-interface 102 [switchc-vlan-interface10...
Page 856
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-17 as shown above, the rpf routes to source 2 exist on switch b and switch c. The source is the configured static route. 9.6 troubleshooting multicast routing and forwarding ...
Page 857
Operation manual – multicast h3c s5500-ei series ethernet switches chapter 9 multicast routing and forwarding configuration 9-18 ii. Analysis if a multicast forwarding boundary has been configured through the multicast boundary command, any multicast packet will be kept from crossing the boundary. I...
Page 858: Table of Contents
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 802.1x configuration ................................................................................................... 1-1 1.1 802.1x overview ......................
Page 859
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches table of contents ii chapter 4 mac authentication configuration............................................................................ 4-1 4.1 mac authentication overview .......................................
Page 860
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-1 chapter 1 802.1x configuration when configuring 802.1x, go to these sections for information you are interested in: z 802.1x overview z configuring 802.1x z configuring a guest ...
Page 861
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-2 figure 1-1 architecture of 802.1x z supplicant system: a system at one end of the lan segment, which is authenticated by the authenticator system at the other end. A supplicant ...
Page 862
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-3 ii. Controlled port and uncontrolled port an authenticator provides ports for supplicants to access the lan. Each of the ports can be regarded as two logical ports: a controlled...
Page 863
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-4 z after a user passes the authentication, the authentication server passes information about the user to the authenticator, which then controls the status of the controlled port...
Page 864
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-5 type description eapol-encapsulated-asf-alert (a value of 0x04) frame for carrying alerting information compliant to alert standard forum (asf). A frame of this type carries net...
Page 865
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-6 z data: content of the eap packet. This field is zero or more bytes and its format is determined by the code field. 1.1.4 eap encapsulation over radius two attributes of radius ...
Page 866
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-7 an 802.1x authenticator system communicates with a remotely located radius server in two modes: eap relay and eap termination. The following description takes the first case as ...
Page 867
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-8 figure 1-8 message exchange in eap relay mode 1) when a user launches the 802.1x client software and enters the registered username and password, the 802.1x client software gene...
Page 868
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-9 6) after receiving the radius access-challenge packet, the authenticator relays the contained eap-request/md5 challenge packet to the supplicant. 7) when receiving the eap-reque...
Page 869
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-10 eapol radius eapol- start eap- resquest / identity eap- response / identity eap - request / md 5 challenge eap- response / md5 challenge radius access - request (chap- response...
Page 870
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-11 when an authenticator multicasts an eap-request/identity frame. Once an authenticator sends an eap-request/identity frame to a supplicant, it starts this timer. If this timer e...
Page 871
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-12 note: after an 802.1x supplicant passes authentication, the authentication server sends authorization information to the authenticator. If the authorization information contain...
Page 872
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-13 ii. Guest vlan guest vlan allows unauthenticated users to access some special resources. Guest vlan is the default vlan that a supplicant on a port can access without authentic...
Page 873
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-14 1.2 configuring 802.1x 1.2.1 configuration prerequisites 802.1x provides a user identity authentication scheme. However, 802.1x cannot implement the authentication scheme solel...
Page 874
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-15 to do… use the command… remarks set the maximum number of attempts to send an authentication request to a supplicant dot1x retry max-retry-value optional 2 by default set timer...
Page 875
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-16 to do… use the command… remarks enter system view system-view — in system view dot1x interface interface-list interface interface-type interface-number enable 802.1x for one or...
Page 876
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-17 z in eap relay authentication mode, the authenticator encapsulates the 802.1x user information in the eap attributes of radius packets and sends the packets to the radius serve...
Page 877
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-18 note: z you can specify a tagged vlan as the guest vlan for a hybrid port, but the guest vlan does not take effect. Similarly, if a guest vlan for a hybrid port is in operation...
Page 878
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-19 z a server group with two radius servers is connected to the switch. The ip addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary authe...
Page 879
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-20 [sysname] local-user localuser [sysname-luser-localuser] service-type lan-access [sysname-luser-localuser] password simple localpass [sysname-luser-localuser] attribute idle-cu...
Page 880
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-21 [sysname-isp-aabbcc.Net] access-limit enable 30 # enable the idle cut function and set the idle cut interval. [sysname-isp-aabbcc.Net] idle-cut enable 20 [sysname-isp-aabbcc.Ne...
Page 881
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-22 ii. Network diagrams internet update server authenticator server supplicant vlan 10 ge1/0/4 vlan 1 ge1/0/1 vlan 5 ge1/0/2 vlan 2 ge1/0/3 switch figure 1-11 network diagram for ...
Page 882
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-23 internet update server authenticator server supplicant vlan 10 ge1/0/4 vlan 5 ge1/0/1 vlan 5 ge1/0/2 vlan 2 ge1/0/3 vlan 5 switch figure 1-13 network diagram when the supplican...
Page 883
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-24 [sysname-gigabitgigabitethernet1/0/1] dot1x port-method portbased # set the port access control mode to auto. [sysname-gigabitgigabitethernet1/0/1] dot1x port-control auto [sys...
Page 884
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-25 iii. Configuration procedure # configure the ip addresses of the interfaces. (omitted) # configure the radius scheme. System-view [sysname] radius scheme 2000 [sysname-radius-2...
Page 885
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 1 802.1x configuration 1-26 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss.
Page 886
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 2 ead fast deployment configuration 2-1 chapter 2 ead fast deployment configuration when configuring ead fast deployment, go to these sections for information you are interested in: z ead fast deployment ...
Page 887
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 2 ead fast deployment configuration 2-2 2.2.2 configuration procedure i. Configuring a freely accessible network segment a freely accessible network segment, also called a free ip, is a network segment th...
Page 888
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 2 ead fast deployment configuration 2-3 iii. Setting the ead rule timeout time with the ead fast deployment function, a user is authorized by an ead rule (generally an acl rule) to access the freely acces...
Page 889
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 2 ead fast deployment configuration 2-4 ii. Network diagram host switch ge1/0/1 free ip: web server 192.168.1.3/24 internet 192.168.1.10/24 192.168.1.1/24 192.168.1.0/24 figure 2-1 network diagram for ead...
Page 890
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 2 ead fast deployment configuration 2-5 reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time reply from 192.168.1.3: bytes=32 time ping statist...
Page 891
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 3 habp configuration 3-1 chapter 3 habp configuration when configuring habp, go to these sections for the information you are interested in: z introduction to habp z configuring habp z displaying and main...
Page 892
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 3 habp configuration 3-2 follow these steps to configure an habp server: to do… use the command… remarks enter system view system-view — enable habp habp enable optional enabled by default configure habp ...
Page 893
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-1 chapter 4 mac authentication configuration when configuring mac authentication, go to these sections for information you are interested in: z mac authentication over...
Page 894
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-2 if the authentication succeeds, the user will be granted permission to access the network resources. 4.1.2 local mac authentication in local mac authentication, the ...
Page 895
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-3 caution: if the quiet mac is the same as the static mac configured or an authentication-passed mac, then the quiet function is not effective. 4.2.3 vlan assigning fo...
Page 896
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-4 caution: for local authentication: z the type of username and password of a local user must be consistent with that used for mac authentication. Z all the letters in...
Page 897
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-5 to do… use the command… remarks configure the username and password for mac authentication mac-authentication user-name-format { fixed [ account name ] [ password { ...
Page 898
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-6 z set the offline detect timer to 180 seconds and the quiet timer to 3 minutes. Ii. Network diagram figure 4-1 network diagram for local mac authentication iii. Conf...
Page 899
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-7 fixed password:123456 offline detect period is 180s quiet period is 60s. Server response timeout value is 100s the max allowed user number is 1024 per slot current u...
Page 900
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-8 [sysname] radius scheme 2000 [sysname-radius-2000] primary authentication 10.1.1.1 1812 [sysname-radius-2000] primary accounting 10.1.1.2 1813 [sysname-radius-2000] ...
Page 901
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-9 gigabitgigabitethernet1/0/1 is link-up mac address authentication is enabled authenticate success: 1, failed: 0 current online user number is 1 mac addr authenticate...
Page 902
Operation manual – 802.1x-habp-mac authentication h3c s5500-ei series ethernet switches chapter 4 mac authentication configuration 4-10 [sysname-radius-2000] quit # create an isp domain and specify the aaa schemes. [sysname] domain 2000 [sysname-isp-2000] authentication default radius-scheme 2000 [s...
Page 903: Table of Contents
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 aaa/radius/hwtacacs configuration ................................................................. 1-1 1.1 aaa/radius/hwtacacs overview .........................................
Page 904
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches table of contents ii 1.6.1 displaying and maintaining aaa ........................................................................... 1-39 1.6.2 displaying and maintaining radius................................................
Page 905: Configuration
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-1 chapter 1 aaa/radius/hwtacacs configuration when configuring aaa/radius/hwtacacs, go to these sections for information you are interested in: z aaa/radius/hwtacacs overview z ...
Page 906
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-2 user nas radius server hwtacacs server internet figure 1-1 aaa networking diagram when a user tries to establish a connection to the nas and obtain the rights to access other ...
Page 907
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-3 aaa can be implemented through multiple protocols. Currently, the device supports using radius and hwtacacs for aaa, and radius is often used in practice. 1.1.2 introduction t...
Page 908
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-4 ii. Security authentication mechanism information exchanged between the radius client and the radius server is authenticated with a shared key, which is never transmitted over...
Page 909
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-5 3) the radius server authenticates the username and password. If the authentication succeeds, it sends back an access-accept message containing the information of user’s right...
Page 910
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-6 table 1-1 main values of the code field code packet type description 1 access-request from the client to the server. A packet of this type carries user information for the ser...
Page 911
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-7 z type: one byte, in the range 1 to 255. It indicates the type of the attribute. Commonly used attributes for radius authentication and authorization are listed in table 1-2 ....
Page 912
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-8 no. Attribute type no. Attribute type 26 vendor-specific 73 arap-security 27 session-timeout 74 arap-security-data 28 idle-timeout 75 password-retry 29 termination-action 76 p...
Page 913
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-9 z vendor-id (four bytes): indicates the id of the vendor. Its most significant byte is 0 and the other three bytes contain a code complying with rfc 1700. The vendor id of h3c...
Page 914
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-10 hwtacacs radius protocol packets are complicated and authorization is independent of authentication. Authentication and authorization can be deployed on different hwtacacs se...
Page 915
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-11 user hwtacacs client hwtacacs server 1) the user logs in 2) start-authentication packet 3) authentication response requesting the username 4) request for username 5) the user...
Page 916
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-12 7) the hwtacacs server sends back an authentication response, requesting the login password. 8) upon receipt of the response, the hwtacacs client requests of the user the log...
Page 917
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-13 task remarks configuring an aaa authentication scheme for an isp domain required for local authentication, refer to configuring local user attributes . For radius authenticat...
Page 918
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-14 iii. Hwtacacs configuration task list task remarks creating a hwtacas scheme required specifying the hwtacacs authentication servers required specifying the hwtacacs authoriz...
Page 919
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-15 follow these steps to create an isp domain: to do… use the command… remarks enter system view system-view — create an isp domain and enter isp domain view domain isp-name req...
Page 920
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-16 to do… use the command… remarks enable the self-service server localization function and specify the url of the self-service server for changing user password self-service-ur...
Page 922
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-18 if you do not perform any authorization configuration, the system-default domain uses the local authorization scheme. With the authorization scheme of none, the users are not...
Page 924
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-20 2) determine the access mode or service type to be configured. With aaa, you can configure an accounting scheme specifically for each access mode and service type, limiting t...
Page 925
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-21 note: z with the accounting optional command configured, a user that will be disconnected otherwise can use the network resources even when there is no available accounting s...
Page 927
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-23 note: z with the local-user password-display-mode cipher-force command configured, a local user password is always displayed in cipher text, regardless of the configuration o...
Page 928
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-24 1.4 configuring radius the radius protocol is configured scheme by scheme. After creating a radius scheme, you need to configure the ip addresses and udp ports of the radius ...
Page 929
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-25 to do… use the command… remarks configure the ip address and udp port of the primary radius authentication/authorizati on server primary authentication ip-address [ port-numb...
Page 930
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-26 to do… use the command… remarks configure the ip address and udp port of the secondary radius accounting server secondary accounting ip-address [ port-number ] optional the d...
Page 931
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-27 1.4.4 setting the shared key for radius packets the radius client and radius server use the md5 algorithm to encrypt packets exchanged between them and a shared key to verify...
Page 932
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-28 note: z the maximum number of retransmission attempts of radius packets multiplied by the radius server response timeout period cannot be greater than 75. Z refer to the time...
Page 933
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-29 z if the secondary server fails, the device restores the status of the primary server to active immediately. If the primary server has resumed, the device turns to use the pr...
Page 935
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-31 1.4.9 setting timers regarding radius servers there are three timers regarding radius servers: z radius server response timeout (response-timeout): if a nas receives no respo...
Page 936
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-32 note: z the product of the maximum number of retransmission attempts of radius packets and the radius server response timeout period cannot be greater than 75. This product i...
Page 937
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-33 note: if the system has no authentication scheme enabled with the accounting-on function when you execute the accounting-on enable command,you need to save the configuration ...
Page 938
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-34 1.5 configuring hwtacacs 1.5.1 creating a hwtacas scheme the hwtacacs protocol is configured on a per scheme basis. Before performing other hwtacacs configurations, follow th...
Page 939
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-35 note: z the ip addresses of the primary and secondary authentication servers cannot be the same. Otherwise, the configuration fails. Z you can remove an authentication server...
Page 940
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-36 to do… use the command… remarks enter system view system-view — create a hwtacacs scheme and enter hwtacacs scheme view hwtacacs scheme hwtacacs-scheme-name required not defi...
Page 941
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-37 follow these steps to set the shared key for hwtacacs packets: to do… use the command… remarks enter system view system-view — create a hwtacacs scheme and enter hwtacacs sch...
Page 942
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-38 note: z if a hwtacacs server does not support a username with the domain name, you can configure the device to remove the domain name before sending the username to the serve...
Page 943
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-39 1.6 displaying and maintaining aaa/radius/hwtacacs 1.6.1 displaying and maintaining aaa to do… use the command… remarks display the configuration information of a specified i...
Page 944
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-40 to do… use the command… remarks clear the statistics on the local server reset local-server statistics available in user view 1.6.3 displaying and maintaining hwtacacs to do…...
Page 945
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-41 ii. Network diagram internet switch telnet user authentication/accounting server 10.1.1.1/24 figure 1-7 configure aaa for telnet users by a hwtacacs server iii. Configuration...
Page 946
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-42 [switch-isp-1] authentication default hwtacacs-scheme hwtac [switch-isp-1] authorization default hwtacacs-scheme hwtac [switch-isp-1] accounting default hwtacacs-scheme hwtac...
Page 947
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-43 # enable the telnet server on the switch. System-view [switch] telnet server enable # configure the switch to use aaa for telnet users. [switch] user-interface vty 0 4 [switc...
Page 948
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-44 1.8 troubleshooting aaa/radius/hwtacacs 1.8.1 troubleshooting radius symptom1: user authentication/authorization always fails. Analysis: 1) a communication failure exists bet...
Page 949
Operation manual – aaa radius hwtacacs h3c s5500-ei series ethernet switches chapter 1 aaa/radius/hwtacacs configuration 1-45 provide all the services of authentication/authorization and accounting, but in fact the services are provided by different servers. Solution: check that: 1) the accounting p...
Page 950: Table of Contents
Operation manual – arp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 arp configuration....................................................................................................... 1-1 1.1 arp overview.....................................................
Page 951
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-1 chapter 1 arp configuration when configuring arp, go to these sections for information you are interested in: z arp overview z configuring arp z configuring gratuitous arp z displaying and maintaining arp 1....
Page 952
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-2 the following explains the fields in figure 1-1 . Z hardware type: this field specifies the hardware address type. The value “1” represents ethernet. Z protocol type: this field specifies the type of the pro...
Page 953
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-3 figure 1-2 arp address resolution process when host a and host b are not on the same subnet, host a first sends an arp request to the gateway. The destination ip address in the arp request is the ip address ...
Page 954
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-4 receiving the arp reply into the static arp entry. Now the entry can be used for forwarding ip packets. Note: usually arp dynamically implements and automatically seeks mappings from ip addresses to mac addr...
Page 955
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-5 to do… use the command… remarks enter system view system-view — enter vlan interface view interface vlan-interface vlan-id — set the maximum number of dynamic arp entries that a vlan interface can learn arp ...
Page 956
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-6 1.2.5 arp configuration example i. Network requirements z enable the arp entry check. Z set the aging time for dynamic arp entries to 10 minutes. Z set the maximum number of dynamic arp entries that vlan-int...
Page 957
Operation manual – arp h3c s5500-ei series ethernet switches chapter 1 arp configuration 1-7 to do… use the command… remarks enter system view system-view — enable the device to send gratuitous arp packets when receiving arp requests from another network segment gratuitous-arp-sending enable require...
Page 958
Operation manual – arp h3c s5500-ei series ethernet switches chapter 2 proxy arp configuration 2-1 chapter 2 proxy arp configuration when configuring proxy arp, go to these sections for information you are interested in: z proxy arp overview z enabling proxy arp z displaying and maintaining proxy ar...
Page 959
Operation manual – arp h3c s5500-ei series ethernet switches chapter 2 proxy arp configuration 2-2 2.3 displaying and maintaining proxy arp to do… use the command… remarks display whether proxy arp is enabled display proxy-arp [ interface vlan-interface vlan-id ] available in any view display whethe...
Page 960
Operation manual – arp h3c s5500-ei series ethernet switches chapter 2 proxy arp configuration 2-3 [switch] vlan 2 [switch-vlan2] quit [switch] interface vlan-interface 1 [switch-vlan-interface1] ip address 192.168.10.99 255.255.255.0 [switch-vlan-interface1] proxy-arp enable [switch-vlan-interface1...
Page 961
Operation manual – arp h3c s5500-ei series ethernet switches chapter 2 proxy arp configuration 2-4 [switchb-vlan2] port gigabitethernet 1/0/1 [switchb-vlan2] port gigabitethernet 1/0/2 [switchb-vlan2] port gigabitethernet 1/0/3 [switchb-vlan2] quit [switchb] interface gigabitethernet 1/0/2 [switchb-...
Page 962: Table of Contents
Operation manual – dhcp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 dhcp overview............................................................................................................ 1-1 1.1 introduction to dhcp ..........................................
Page 963
Operation manual – dhcp h3c s5500-ei series ethernet switches table of contents ii 2.8 displaying and maintaining the dhcp server................................................................. 2-16 2.9 dhcp server configuration examples.................................................................
Page 964
Operation manual – dhcp h3c s5500-ei series ethernet switches table of contents iii 6.3 displaying and maintaining bootp client configuration ................................................. 6-3 6.4 bootp client configuration example ....................................................................
Page 965: Chapter 1 Dhcp Overview
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-1 chapter 1 dhcp overview when configuring arp, go to these sections for information you are interested in: z introduction to dhcp z dhcp address allocation z dhcp message format z dhcp options z protocols and st...
Page 966
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-2 note: when residing in a different subnet from the dhcp server, the dhcp client can get the ip address and other configuration parameters from the server via a dhcp relay agent. For information about the dhcp r...
Page 967
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-3 3) if several dhcp servers send offers to the client, the client accepts the first received offer, and broadcasts it in a dhcp-request message to formally request the ip address. 4) all dhcp servers receive the...
Page 968
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-4 figure 1-3 dhcp message format z op: message type defined in option field. 1 = request, 2 = reply z htype,hlen: hardware address type and length of a dhcp client. Z hops: number of relay agents a request messag...
Page 969
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-5 1.4 dhcp options 1.4.1 dhcp options overview the dhcp message adopts the same format as the bootstrap protocol (bootp) message for compatibility, but differs from it in the option field, which identifies new fe...
Page 970
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-6 i. Relay agent option (option 82) option 82 is the relay agent option in the option field of the dhcp message. It records the location information of the dhcp client. When a dhcp relay agent receives a client’s...
Page 971
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-7 figure 1-7 sub-option 1 in verbose padding format note: in the above figure, except that the vlan id field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable. Z su...
Page 972
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 1 dhcp overview 1-8 1.5 protocols and standards z rfc2131: dynamic host configuration protocol z rfc2132: dhcp options and bootp vendor extensions z rfc1542: clarifications and extensions for the bootstrap protocol z rfc 3046: dhc...
Page 973
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-1 chapter 2 dhcp server configuration when configuring the dhcp server, go to these sections for information you are interested in: z introduction to dhcp server z dhcp server configuration task list ...
Page 974
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-2 2.1.2 dhcp address pool i. Address pool structure in response to a client’s request, the dhcp server selects an idle ip address from an address pool and sends it together with other parameters such ...
Page 975
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-3 for example, two address pools are configured on the dhcp server. The ranges of ip addresses that can be dynamically assigned are 1.1.1.0/24 and 1.1.1.0/25 respectively. If the ip address of the int...
Page 976
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-4 follow these steps to enable dhcp: to do… use the command… remarks enter system view system-view — enable dhcp dhcp enable required disabled by default. 2.4 enabling the dhcp server on an interface ...
Page 977
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-5 2.5 configuring an address pool for the dhcp server 2.5.1 configuration task list complete the following tasks to configure an address pool: task remarks creating a dhcp address pool required config...
Page 978
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-6 2.5.3 configuring an address allocation mode caution: you can configure either the static binding or dynamic address allocation for an address pool as needed. It is required to specify an address ra...
Page 979
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-7 note: z use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration. Z in a dhcp address pool, ...
Page 980
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-8 to do… use the command… remarks exclude ip addresses from automatic allocation dhcp server forbidden-ip low-ip-address [ high-ip-address ] optional except ip addresses of the dhcp server interfaces,...
Page 981
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-9 follow these steps to configure dns servers in the dhcp address pool: to do… use the command… remarks enter system view system-view — enter dhcp address pool view dhcp server ip-pool pool-name — spe...
Page 983
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-11 to do… use the command… remarks specify gateways gateway-list ip-address& required no gateway is specified by default. 2.5.9 configuring option 184 parameters for the client with voice service to a...
Page 984
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-12 2.5.10 configuring the tftp server and bootfile name for the client this task is to specify the ip address and name of a tftp server and the bootfile name in the dhcp address pool. The dhcp clients...
Page 985
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-13 z define new dhcp options. New configuration options will come out with dhcp development. To support these new options, you can add them into the attribute list of the dhcp server. Z define existin...
Page 986
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-14 caution: z be cautious when configuring self-defined dhcp options because such configuration may affect the dhcp operation process. Z when you use self-defined option (option 51) to configure the i...
Page 987
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-15 2.6.3 configuring ip address conflict detection to avoid ip address conflicts, the dhcp server checks whether the address to be assigned is in use via sending ping packets. The dhcp server pings th...
Page 988
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-16 to do… use the command… remarks enter system view system-view — enable the server to handle option 82 dhcp server relay information enable optional enabled by default. Note: to support option 82, i...
Page 989
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-17 note: using the save command does not save dhcp server lease information. Therefore, when the system boots up or the reset dhcp server ip-in-use command is executed, no lease information will be av...
Page 990
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-18 ii. Network diagram figure 2-1 dhcp network diagram iii. Configuration procedure specify ip addresses for vlan interfaces (omitted). Configure the dhcp server # enable dhcp. System-view [switcha] d...
Page 991
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 2 dhcp server configuration 2-19 [switcha-dhcp-pool-1] quit # configure dhcp address pool 2 (address range, gateway, and lease duration). [switcha] dhcp server ip-pool 2 [switcha-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.12...
Page 992
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-1 chapter 3 dhcp relay agent configuration when configuring the dhcp relay agent, go to these sections for information you are interested in: z introduction to dhcp relay agent z configuration ta...
Page 993
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-2 ip network dhcp server dhcp relay agent dhcp client dhcp client dhcp client dhcp client figure 3-1 dhcp relay agent application no matter whether a relay agent exists or not, the dhcp server an...
Page 994
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-3 if the dhcp relay agent supports option 82, it will handle a client’s request according to the contents defined in option 82, if any. The handling strategies are described in the table below. I...
Page 995
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-4 follow these steps to enable dhcp: to do… use the command… remarks enter system view system-view — enable dhcp dhcp enable required disabled by default. 3.3.2 enabling the dhcp relay agent on a...
Page 996
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-5 follow these steps to correlate a dhcp server group with a relay agent interface: to do… use the command… remarks enter system view system-view — create a dhcp server group and add a server int...
Page 997
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-6 follow these steps to configure the dhcp relay agent in system view to send a dhcp-release request: to do… use the command… remarks enter system view system-view — configure the dhcp relay agen...
Page 998
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-7 note: z the dhcp relay address-check enable command is independent of other commands of the dhcp relay agent. That is, the invalid address check takes effect when this command is executed, rega...
Page 999
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-8 iii. Enabling unauthorized dhcp servers detection there are unauthorized dhcp servers on networks, which reply dhcp clients with wrong ip addresses. With this feature enabled, upon receiving a ...
Page 1002
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 3 dhcp relay agent configuration 3-11 # configure dhcp server group 1 with the dhcp server 10.1.1.1, and correlate the dhcp server group 1 with vlan-interface 1. [switcha] dhcp relay server-group 1 ip 10.1.1.1 [switcha] interface ...
Page 1003
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 4 dhcp client configuration 4-1 chapter 4 dhcp client configuration when configuring the dhcp client, go to these sections for information you are interested in: z introduction to dhcp client z enabling the dhcp client on an inter...
Page 1004
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 4 dhcp client configuration 4-2 device model vendor and device information s5500-28c-ei-dc h3c. H3c s5500-28c-ei-dc 4.2 enabling the dhcp client on an interface follow these steps to enable the dhcp client on an interface: to do… ...
Page 1005
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 4 dhcp client configuration 4-3 4.4 dhcp client configuration example i. Network requirements on a lan, switch b contacts the dhcp server via vlan-interface 1 to obtain an ip address. Ii. Network diagram see figure 2-1 . Iii. Conf...
Page 1006
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-1 chapter 5 dhcp snooping configuration when configuring dhcp snooping, go to these sections for information you are interested in: z dhcp snooping overview z configuring dhcp snooping basic functio...
Page 1007
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-2 ii. Ensuring dhcp clients to obtain ip addresses from valid dhcp servers if there is an unauthorized dhcp server on a network, the dhcp clients may obtain invalid ip addresses. With dhcp snooping,...
Page 1008
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-3 ports, ge1/0/3 on switch a, ge1/0/1 on switch b, ge1/0/3 and ge1/0/4 on switch c, which are not directly connected to dhcp clients, from recording client’s ip-to-mac bindings. Figure 5-2 configure...
Page 1009
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-4 if a client’s requesting message has… handling strategy padding format the dhcp snooping device will… drop random drop the message. Keep random forward the message without changing option 82. Norm...
Page 1010
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-5 note: z you need to specify the ports connected to the valid dhcp servers as trusted to ensure that dhcp clients can obtain valid ip addresses. The trusted port and the port connected to the dhcp ...
Page 1011
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-6 note: z to support option 82, it is required to perform related configuration on both the dhcp server and the device enabled with dhcp snooping. Refer to configuring the handling mode for option 8...
Page 1012
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 5 dhcp snooping configuration 5-7 ii. Network diagram ge1/0/1 switch a dhcp server switch b dhcp snooping ge1/0/2 dhcp client dhcp client ge1/0/3 figure 5-3 network diagram for dhcp snooping configuration iii. Configuration proced...
Page 1013
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 6 bootp client configuration 6-1 chapter 6 bootp client configuration while configuring a bootp client, go to these sections for information you are interested in: z introduction to bootp client z configuring an interface to dynam...
Page 1014
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 6 bootp client configuration 6-2 because you need to configure a parameter file for each client on the bootp server, bootp usually runs under a relatively stable environment. If the network changes frequently, dhcp is applicable. ...
Page 1015
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 6 bootp client configuration 6-3 6.2 configuring an interface to dynamically obtain an ip address through bootp follow these steps to configure an interface to dynamically obtain an ip address: to do… use the command… remarks ente...
Page 1016
Operation manual – dhcp h3c s5500-ei series ethernet switches chapter 6 bootp client configuration 6-4 note: to make the bootp client to obtain an ip address from the dhcp server, you need to perform additional configurations on the dhcp server. For details, refer to dhcp server configuration exampl...
Page 1017: Table of Contents
Operation manual – acl h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 acl overview .............................................................................................................. 1-1 1.1 introduction to acl ..........................................
Page 1018
Operation manual – acl h3c s5500-ei series ethernet switches table of contents ii 2.7 ipv4 acl configuration example ...................................................................................... 2-9 2.7.1 network requirements.....................................................................
Page 1019: Chapter 1 Acl Overview
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-1 chapter 1 acl overview in order to filter traffic, network devices use sets of rules, called access control lists (acls), to identify and handle packets. When configuring acls, go to these chapters for informatio...
Page 1020
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-2 z software-based application: an acl is referenced by a piece of upper layer software. For example, an acl can be referenced to configure login user control behavior, thus controlling telnet, snmp and web users. ...
Page 1021
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-3 1.2.2 ipv4 acl naming when creating an ipv4 acl, you can specify a unique name for it. Afterwards, you can identify the acl by its name. An ipv4 acl can have only one name. Whether to specify a name for an acl is...
Page 1022
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-4 3) if the numbers of zeros in the source ip address wildcards are the same, look at the destination ip address wildcards. Then, compare packets against the rule configured with more zeros in the destination ip ad...
Page 1023
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-5 newly defined rule will get a number of 30. If the acl has no rule defined already, the first defined rule will get a number of 0. Another benefit of using the step is that it allows you to insert new rules betwe...
Page 1024
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-6 1.3.2 ipv6 acl naming when creating an ipv6 acl, you can specify a unique name for it. Afterwards, you can identify the ipv6 acl by its name. An ipv6 acl can have only one name. Whether to specify a name for an a...
Page 1025
Operation manual – acl h3c s5500-ei series ethernet switches chapter 1 acl overview 1-7 3) if the prefix lengths in the source ipv6 address wildcards are the same, look at the destination ipv6 address wildcards. Then, compare packets against the rule configured with a larger prefix length in the des...
Page 1026
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-1 chapter 2 ipv4 acl configuration when configuring an ipv4 acl, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv4 acl z configuring an advance...
Page 1027
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-2 may use the time-range test from 00:00 01/01/2004 to 23:59 12/31/2004 command. Z compound time range created using the time-range time-name start-time to end-time days { from time1 date1 [ to time2 date...
Page 1028
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-3 2.2.1 configuration prerequisites if you want to reference a time range to a rule, define it with the time-range command first. 2.2.2 configuration procedure follow these steps to configure a basic ipv4...
Page 1034
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-9 caution: z the source ipv4 acl and the destination ipv4 acl must be of the same type. Z the generated acl does not take the name of the source ipv4 acl. 2.6 displaying and maintaining ipv4 acls to do......
Page 1035
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-10 2.7.2 network diagram ge1/0/4 ge1/0/1 ge1/0/2 ge1/0/3 192.168.4.1 switch r&d department marketing department salary query server president`s office 192.168.2.0/24 192.168.3.0/24 192.168.1.0/24 figure 2...
Page 1036
Operation manual – acl h3c s5500-ei series ethernet switches chapter 2 ipv4 acl configuration 2-11 # configure traffic behavior b_rd to deny matching packets. [switch] traffic behavior b_rd [switch-behavior-b_rd] filter deny [switch-behavior-b_rd] quit # configure class c_market for packets matching...
Page 1037
Operation manual – acl h3c s5500-ei series ethernet switches chapter 3 ipv6 acl configuration 3-1 chapter 3 ipv6 acl configuration when configuring ipv6 acls, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv6 acl z configuring an advanced ...
Page 1039
Operation manual – acl h3c s5500-ei series ethernet switches chapter 3 ipv6 acl configuration 3-3 [sysname] acl ipv6 number 2000 [sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64 [sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96 # verify the configuration. [sysname-acl6-bas...
Page 1041
Operation manual – acl h3c s5500-ei series ethernet switches chapter 3 ipv6 acl configuration 3-5 3.3.3 configuration examples # create ipv6 acl 3000 to permit the tcp packets with the source address 2030:5060::9050/64 to pass. System-view [sysname] acl ipv6 number 3000 [sysname-acl6-adv-3000] rule ...
Page 1043
Operation manual – acl h3c s5500-ei series ethernet switches chapter 3 ipv6 acl configuration 3-7 # configure class c_rd for packets matching ipv6 acl 2000. [switch] traffic classifier c_rd [switch-classifier-c_rd] if-match acl ipv6 2000 [switch-classifier-c_rd] quit # configure traffic behavior b_r...
Page 1044: Table of Contents
Operation manual – qos h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 qos overview .............................................................................................................. 1-1 1.1 introduction .................................................
Page 1045
Operation manual – qos h3c s5500-ei series ethernet switches table of contents ii 4.2 congestion management policy ........................................................................................ 4-1 4.3 configuring an sp queue....................................................................
Page 1046
Operation manual – qos h3c s5500-ei series ethernet switches table of contents iii 7.4.2 configuration procedure ......................................................................................... 7-3.
Page 1047: Chapter 1 Qos Overview
Operation manual – qos h3c s5500-ei series ethernet switches chapter 1 qos overview 1-1 chapter 1 qos overview 1.1 introduction quality of service (qos) is a concept generally existing in occasions where service supply-demand relations exist. Qos measures the ability to meet the service needs of cus...
Page 1048
Operation manual – qos h3c s5500-ei series ethernet switches chapter 1 qos overview 1-2 the new services have one thing in common: they all have special requirements for delivery performances such as bandwidth, delay, and delay jitter. For example, video conferencing and vod require the guarantee of...
Page 1049
Operation manual – qos h3c s5500-ei series ethernet switches chapter 1 qos overview 1-3 within a certain period of time is improperly controlled and the traffic goes beyond the assignable network resources. 1.4.2 influence of congestion congestion may cause a series of negative influences: z congest...
Page 1050
Operation manual – qos h3c s5500-ei series ethernet switches chapter 1 qos overview 1-4 z congestion management: congestion management is necessary for solving resource competition. Congestion management is generally to cache packets in the queues and arrange the forwarding sequence of the packets b...
Page 1051: Configuration
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-1 chapter 2 traffic classification, tp, and lr configuration when configuring traffic classification, tp, and lr, go to these section for information you are interested in: z tra...
Page 1052
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-2 scheduling is performed on the packets; when congestion get worse, congestion avoidance is performed on the packets. 2.1.2 priority the following describes several types of pre...
Page 1053
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-3 services with low delay, low packet loss ratio, low jitter, and assured bandwidth (such as virtual leased line); z assured forwarding (af) class: this class is further divided ...
Page 1054
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-4 2) 802.1p precedence 802.1p precedence lies in layer 2 packet headers and is applicable to occasions where the layer 3 packet header does not need analysis but qos must be assu...
Page 1055
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-5 the precedence is called 802.1p precedence because the related applications of this precedence are defined in detail in the 802.1p specifications. 2.2 tp and lr overview if the...
Page 1056
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-6 when the token bucket evaluates the traffic, its parameter configurations include: z average rate: the rate at which tokens are put into the bucket, namely, the permitted avera...
Page 1057
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-7 z marking a conforming packet with a new 802.1p precedence value and forwarding the packet. Z marking a conforming packet with a new ip precedence value and forwarding the pack...
Page 1058
Operation manual – qos h3c s5500-ei series ethernet switches chapter 2 traffic classification, tp, and lr configuration 2-8 system-view # enter interface view [sysname] interface gigabitethernet 1/0/1 # configure lr parameter and limit the outbound rate to 640 kbps [sysname-gigabitethernet1/0/1] qos...
Page 1059
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-1 chapter 3 qos policy configuration when configuring qos policy, go to these sections for information that you are interested in: z overview z configuring qos policy z introduction to qos policies z co...
Page 1060
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-2 3.2 configuring qos policy the procedure for configuring qos policy is as follows: 1) define a class and define a group of traffic classification rules in class view. 2) define a traffic behavior and ...
Page 1061
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-3 3.4 configuring a qos policy 3.4.1 configuration prerequisites z the name and the rules of the class to which the policy is to be bound to are determined. Z the traffic behavior name and actions in th...
Page 1062
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-4 form description acl ipv6 access-list-numb er specifies an ipv6 acl to match ipv6 packets. The access-list-number argument is in the range 2000 to 3999. In a class configured with the operator and, th...
Page 1063
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-5 note: suppose the logical relationship between classification rules is and. Note the following when using the if-match command to define matching rules. Z if multiple matching rules with the acl or ac...
Page 1064
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-6 to do… use the command… remarks configure accounting action accounting configure tp action car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-informat...
Page 1065
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-7 2) configuration procedure # enter system view. System-view # create the traffic behavior (this operation leads you to traffic behavior view). [sysname] traffic behavior test # configure tp action for...
Page 1066
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-8 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual p...
Page 1067
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-9 action inbound outbound remarking the service provider network vlan id for packets supported supported caution: follow these rules when configuring a behavior. Otherwise the corresponding qos policy c...
Page 1068
Operation manual – qos h3c s5500-ei series ethernet switches chapter 3 qos policy configuration 3-10 # apply the policy to the port. [sysname-gigabitethernet1/0/1] qos apply policy test inbound 3.5 displaying and maintaining qos policy to do… use the command… remarks display the information about a ...
Page 1069
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-1 chapter 4 congestion management when configuring congestion management, go to these section for information that you are interested in: z overview z congestion management policy z configuring an sp queue...
Page 1070
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-2 figure 4-1 diagram for sp queuing sp queue-scheduling algorithm is specially designed for critical service applications. An important feature of critical services is that they demand preferential service...
Page 1071
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-3 figure 4-2 diagram for wrr queuing a port of the switch supports eight outbound queues. The wrr queue-scheduling algorithm schedules all the queues in turn to ensure that every queue can be assigned a ce...
Page 1072
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-4 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual port...
Page 1073
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-5 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual port...
Page 1074
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-6 4.5 configuring sp+wrr queues as required, you can configure part of the queues on the port to adopt the sp queue-scheduling algorithm and parts of queues to adopt the wrr queue-scheduling algorithm. Thr...
Page 1075
Operation manual – qos h3c s5500-ei series ethernet switches chapter 4 congestion management 4-7 4.5.2 configuration examples i. Network requirements z configure to adopt sp+wrr queue scheduling algorithm on gigabitethernet1/0/1. Z configure queue 0, queue 1, queue 2 and queue 3 on gigabitethernet1/...
Page 1076: Chapter 5 Priority Mapping
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-1 chapter 5 priority mapping when configuring priority mapping, go to these sections for information you are interested in: z priority mapping overview z configuring a priority mapping table z configuring the p...
Page 1077
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-2 table 5-1 the default values of dot1p-lp mapping and dot1p-dp mapping imported priority value dot1p-lp mapping dot1p-dp mapping 802.1p precedence (dot1p) local precedence (lp) drop precedence (dp) 0 2 0 1 0 0...
Page 1078
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-3 5.2 configuring a priority mapping table you can modify the priority mapping tables in a switch as required. Follow the two steps to configure priority mapping tables: z enter priority mapping table view; z c...
Page 1079
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-4 802.1p precedence local precedence 5 2 6 3 7 3 ii. Configuration procedure # enter system view. System-view # enter dot1p-lp priority mapping table view. [sysname] qos map-table dot1p-lp # modify dot1p-lp pri...
Page 1080
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-5 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual port-grou...
Page 1081
Operation manual – qos h3c s5500-ei series ethernet switches chapter 5 priority mapping 5-6 to do… use the command… remarks enter system view system-view — enter port view interface interface-type interface-number enter port view or port group view enter port group view port-group { manual port-grou...
Page 1082
Operation manual – qos h3c s5500-ei series ethernet switches chapter 6 applying a qos policy to vlans 6-1 chapter 6 applying a qos policy to vlans when applying a qos policy to vlans, go to these sections for information that you are interested in: z overview z applying a qos policy to vlans z displ...
Page 1084
Operation manual – qos h3c s5500-ei series ethernet switches chapter 6 applying a qos policy to vlans 6-3 # apply the policy to specific vlans. [sysname] qos vlan-policy test vlan 200 300 400 500 600 700 800 900 inbound.
Page 1085
Operation manual – qos h3c s5500-ei series ethernet switches chapter 7 traffic mirroring configuration 7-1 chapter 7 traffic mirroring configuration when configuring traffic mirroring, go to these sections for information that you are interested in: z overview z configuring traffic mirroring z displ...
Page 1086
Operation manual – qos h3c s5500-ei series ethernet switches chapter 7 traffic mirroring configuration 7-2 to do… use the command… remarks enter system view system-view — enter traffic behavior view traffic behavior behavior-name required configure traffic mirroring action in the traffic behavior mi...
Page 1087
Operation manual – qos h3c s5500-ei series ethernet switches chapter 7 traffic mirroring configuration 7-3 7.4.2 configuration procedure configure switch: # enter system view. System-view # configure basic ipv4 acl 2000 to match packets with the source ip address 192.168.0.1. [sysname] acl number 20...
Page 1088: Table of Contents
Operation manual – port mirroring h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 port mirroring configuration ...................................................................................... 1-1 1.1 introduction to port mirroring ............................
Page 1089
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-1 chapter 1 port mirroring configuration when configuring port mirroring, go to these sections for information you are interested in: z introduction to port mirroring z configuring local ...
Page 1090
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-2 1.1.2 implementing port mirroring port mirroring is implemented through port mirroring groups, which fall into these three categories: local port mirroring group, remote source port mir...
Page 1091
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-3 z destination device destination device contains destination mirroring port, and remote destination port mirroring groups are created on destination devices. Upon receiving a mirrored p...
Page 1092
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-4 note: z a local mirroring group is effective only when it has both source ports and the destination port configured. Z it is not recommended to enable stp, rstp or mstp on the destinati...
Page 1093
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-5 to do… use the command… remarks configure the remote port mirroring vlan for the mirroring group mirroring-group group-id remote-probe vlan rprobe-vlan-id required note: z all ports in ...
Page 1094
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-6 to do… use the command… remarks in system view mirroring-group group-id monitor-port monitor-port-id interface interface-type interface-number [ mirroring-group group-id ] monitor-port ...
Page 1096
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-8 iii. Configuration procedure configure switch c. # create a local port mirroring group. System-view [switchc] mirroring-group 1 local # add port gigabitethernet 1/0/1 and gigabitetherne...
Page 1097
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-9 z on switch a, create a remote source mirroring group; create vlan 2 and configure it as the remote port mirroring vlan; add port gigabitethernet 1/0/1 and gigabitethernet 1/0/2 to the ...
Page 1098
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-10 # configure port gigabitethernet 1/0/3 as a trunk port and configure the port to permit the packets of vlan 2. [switcha] interface gigabitethernet 1/0/3 [switcha-gigabitethernet1/0/3] ...
Page 1099
Operation manual – port mirroring h3c s5500-ei series ethernet switches chapter 1 port mirroring configuration 1-11 after finishing the configuration, you can monitor all the packets sent by department 1 and department 2 on the data monitoring device..
Page 1100: Table of Contents
Operation manual – cluster management h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 cluster management configuration........................................................................... 1-1 1.1 cluster management overview ...................................
Page 1101
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-1 chapter 1 cluster management configuration when configuring cluster management, go to these sections for information you are interested in: z cluster management overview z clust...
Page 1102
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-2 network 69.110.1.100 network management device 69.110.1.1 management device member device member device member device cluster candidate device figure 1-1 network diagram for a c...
Page 1103
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-3 z candidate device: a device that does not belong to any cluster but can be added to a cluster. Different from a member device, its topology information has been collected by th...
Page 1104
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-4 z the management device adds or deletes a member device and modifies cluster management configuration according to the candidate device information collected through ntdp. I. In...
Page 1105
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-5 z the management device periodically sends ntdp topology collection request from the ntdp-enabled ports. Z upon receiving the request, the device sends ntdp topology collection ...
Page 1106
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-6 receives the handshake or management packets fails to receive handshake packets in three consecutive intervals state holdtime exceeds the specified value disconnect state is rec...
Page 1107
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-7 iv. Management vlan the management vlan limits the cluster management range. Through configuration of the management vlan, the following functions can be implemented: z manageme...
Page 1108
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-8 tasks remarks enabling ndp globally and for specific ports optional configuring ndp parameters optional enabling ntdp globally and for specific ports optional configuring ntdp p...
Page 1109
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-9 1.3 configuring the management device 1.3.1 enabling ndp globally and for specific ports follow these steps to enable ndp globally and for specific ports: to do… use the command...
Page 1110
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-10 to do… use the command… remarks configure the interval to send ndp packets ndp timer hello hello-time optional 60 seconds by default. Caution: the time for the receiving device...
Page 1111
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-11 caution: z for ntdp to work normally, you must enable ntdp both globally and on the specified port. Z the ntdp function is mutually exclusive with the bpdu tunnel function unde...
Page 1112
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-12 1.3.5 manually collecting ntdp information the management device collects topology information periodically after a cluster is created. In addition, you can configure to manual...
Page 1113
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-13 caution: z you can only specify a management vlan before establishing a cluster. After a device has been added to the cluster, you cannot modify the management vlan. To change ...
Page 1114
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-14 to do… use the command… remarks configure the current device as the management device and assign a name to it build name required by default, the device is not the management d...
Page 1115
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-15 1.3.8 configuring communication between the management device and the member devices within a cluster in a cluster, the management device and member devices communicate by send...
Page 1116
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-16 to do… use the command… remarks configure the interval to send mac address negotiation broadcast packets for cluster management multicast packets cluster-mac syn-interval inter...
Page 1118
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-18 follow these steps to configure access between member devices of a cluster: to do… use the command… remarks switch from the operation device of the management device to that of...
Page 1119
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-19 1.6 adding a candidate device to a cluster follow these steps to add a candidate device to a cluster: to do… use the command… remarks enter system view system-view — enter clus...
Page 1120
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-20 z backing them up in the flash of the management device. When the management device restarts, the whitelist and blacklist will be automatically restored from the flash. When a ...
Page 1121
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-21 if the port of an access nm device (including ftp/tftp server, nm host and log host) does not allow the packets from the management vlan to pass, the nm device cannot manage th...
Page 1122
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-22 1.8 displaying and maintaining cluster management to do… use the command… remarks display ndp configuration information display ndp [ interface interface-list ] display the glo...
Page 1123
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-23 1.9 cluster management configuration examples 1.9.1 cluster management configuration example one i. Network requirements three switches form a cluster, in which: z one device s...
Page 1124
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-24 iii. Configuration procedure 1) configuring the member device (all member devices have the same configuration, taking one member as an example) # enable ndp globally and for th...
Page 1125
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-25 # configure the hop count to collect topology as 2. [switch] ntdp hop 2 # configure the delay time for topology-collection request packets to be forwarded on member devices as ...
Page 1126
Operation manual – cluster management h3c s5500-ei series ethernet switches chapter 1 cluster management configuration 1-26 [aabbcc_0.Switch-cluster] management-vlan synchronization enable # configure the holdtime of the member device information as 100 seconds. [aabbcc_0.Switch-cluster] holdtime 10...
Page 1127: Table of Contents
Operation manual – udp helper h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 udp helper configuration .......................................................................................... 1-1 1.1 introduction to udp helper.....................................
Page 1128
Operation manual – udp helper h3c s5500-ei series ethernet switches chapter 1 udp helper configuration 1-1 chapter 1 udp helper configuration when configuring udp helper, go to these sections for information you are interested in: z introduction to udp helper z configuring udp helper z displaying an...
Page 1129
Operation manual – udp helper h3c s5500-ei series ethernet switches chapter 1 udp helper configuration 1-2 to do… use the command… remarks specify the destination server to which udp packets are to be forwarded udp-helper server ip-address required no destination server is specified by default. Caut...
Page 1130
Operation manual – udp helper h3c s5500-ei series ethernet switches chapter 1 udp helper configuration 1-3 ii. Network diagram figure 1-1 network diagram for udp helper configuration iii. Configuration procedure note: the following configuration assumes that a route from switch a to the network segm...
Page 1131: Table of Contents
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 snmp configuration.................................................................................................... 1-1 1.1 snmp overview................................................
Page 1132
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-1 chapter 1 snmp configuration when configuring snmp, go to these sections for information you are interested in: z snmp overview z snmp configuration z configuring snmp logging z trap configuration z d...
Page 1133
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-2 snmp provides the following four basic operations: z get operation: nms gets the value of a certain variable of agent through this operation. Z set operation: nms can reconfigure certain values in the...
Page 1134
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-3 figure 1-1 relationship between nms, agent and mib mib stores data using a tree structure. The node of the tree is the managed object and can be uniquely identified by a path starting from the root no...
Page 1137
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-6 1.3 configuring snmp logging 1.3.1 introduction to snmp logging snmp logs the get and set operations that nms performs to snmp agent. When the get operation is performed, agent logs the ip address of ...
Page 1138
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-7 1.4 trap configuration snmp agent sends traps to nms to alert the latter of critical and important events (such as restart of the managed device). 1.4.1 configuration prerequisites basic snmp configur...
Page 1139
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-8 ii. Configuring trap transmission parameters follow these steps to configure trap: to do… use the command… remarks enter system view system-view — configure target host attribute for traps snmp-agent ...
Page 1140
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-9 1.5 displaying and maintaining snmp to do… use the command… remarks display snmp-agent system information, including the contact, location, and version of the snmp display snmp-agent sys-info [ contac...
Page 1141
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-10 ii. Network diagram terminal agent nms console vlan-int2 1.1.1.1/24 1.1.1.2/24 figure 1-3 network diagram for snmp (on a switch) iii. Configuration procedure 1) configuring snmp agent # configure the...
Page 1142
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-11 note: the configurations on the agent and the nms must match. 1.7 snmp logging configuration example i. Network requirements z nms and agent are connected through an ethernet z the ip address of nms ...
Page 1143
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 1 snmp configuration 1-12 z the following log information is displayed on the terminal when nms performs the get operation to agent. %jan 1 02:49:40:566 2006 sysname snmp/6/get: seqno = srcip = op = node = value= z the follow...
Page 1144
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-1 chapter 2 rmon configuration when configuring rmon, go to these sections for information you are interested in: z rmon overview z configuring rmon z displaying and maintaining rmon z rmon configuratio...
Page 1145
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-2 agents with basic snmp commands to gather network management information, which, due to system resources limitation, may not cover all mib information but four groups of information, alarm, event, his...
Page 1146
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-3 iii. Private alarm group the private alarm group calculates the sampled values of alarm variables and compares the result with the defined threshold, thereby realizing a more comprehensive alarming fu...
Page 1147
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-4 2.2.2 configuration procedure follow these steps to configure rmon: to do… use the command… remarks enter system view system-view — create an event entry in the event table rmon event entry-number [ d...
Page 1148
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-5 note: z two entries with the same configuration cannot be created. If the parameters of a newly created entry are identical to the corresponding parameters of an existing entry, the system considers t...
Page 1149
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-6 to do… use the command… remarks display rmon prialarm configuration information display rmon prialarm [ entry-number ] available in any view display rmon events configuration information display rmon ...
Page 1150
Operation manual – snmp-rmon h3c s5500-ei series ethernet switches chapter 2 rmon configuration 2-7 etherstatsundersizepkts : 0 , etherstatsoversizepkts : 0 etherstatsfragments : 0 , etherstatsjabbers : 0 etherstatscrcalignerrors : 0 , etherstatscollisions : 0 etherstatsdropevents (insufficient reso...
Page 1151: Table of Contents
Operation manual – ntp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ntp configuration ....................................................................................................... 1-1 1.1 ntp overview....................................................
Page 1152
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-1 chapter 1 ntp configuration note: the local clock of an s5500-ei ethernet switch cannot be set as a reference clock. It can serve as a reference clock source to synchronize the clock of other devices only af...
Page 1153
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-2 z in analysis of the log information and debugging information collected from different devices in network management, time must be used as reference basis. Z all devices must use the same reference clock in...
Page 1154
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-3 ip network ip network ip network ip network switch b switch a switch b switch a switch b switch a switch b switch a 10:00:00 am 11:00:01 am 10:00:00 am ntp message 10:00:00 am 11:00:01 am 11:00:02 am ntp mes...
Page 1155
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-4 1.1.3 ntp message format ntp uses two types of messages, clock synchronization message and ntp control message. An ntp control message is used in environments where network management is needed. As it is not...
Page 1156
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-5 z mode: a 3-bit code indicating the work mode of ntp. This field can be set to these values: 0 – reserved; 1 – symmetric active; 2 – symmetric passive; 3 – client; 4 – server; 5 – broadcast or multicast; 6 –...
Page 1157
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-6 receiving the message, the servers automatically work in the server mode and send a reply, with the mode field in the messages set to 4 (server mode). Upon receiving the replies from the servers, the client ...
Page 1158
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-7 in the broadcast mode, a server periodically sends clock synchronization messages to the broadcast address 255.255.255.255, with the mode field in the messages set to 5 (broadcast mode). Clients listen to th...
Page 1159
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-8 1.2 ntp configuration task list complete the following tasks to configure ntp: task remarks configuring the operation modes of ntp required configuring optional parameters of ntp optional configuring access-...
Page 1160
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-9 1.3.1 configuring ntp server/client mode for switches working in the server/client mode, you only need to make configurations on the clients, and not on the servers. Follow these steps to configure an ntp cl...
Page 1161
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-10 following these steps to configure a symmetric-active switch: to do… use the command… remarks enter system view system-view — specify a symmetric-passiv e peer for the switch ntp-service unicast-peer { ip-a...
Page 1162
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-11 i. Configuring a broadcast client to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number required enter the interface used to receive ...
Page 1163
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-12 i. Configuring a multicast client to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number enter the interface used to receive ntp multi...
Page 1164
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-13 to do… use the command… remarks enter system view system-view — configure the interface used to send ntp messages ntp-service source-interface interface-type interface-number required caution: if you have s...
Page 1165
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-14 z query: control query permitted. This level of right permits the peer switch to perform control query to the ntp service on the local switch but does not permit the peer switch to synchronize its clock to ...
Page 1166
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-15 1.6 configuring ntp authentication the ntp authentication feature should be enabled for a system running ntp in a network where there is a high security demand. This feature enhances the network security by...
Page 1167
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-16 to do… use the command… remarks enter system view system-view — enable ntp authentication ntp-service authentication enable required disabled by default configure an ntp authentication key ntp-service authe...
Page 1168
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-17 to do… use the command… remarks configure the key as a trusted key ntp-service reliable authentication-keyid keyid required no authentication key is configured to be trusted by default enter interface view ...
Page 1169
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-18 1.8 ntp configuration examples 1.8.1 configuring ntp server/client mode i. Network requirements z the local clock of switch a is to be used as a reference source, with the stratum level of 2. Z switch b wor...
Page 1170
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-19 [switchb] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 1.0.1.11 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offset: ...
Page 1171
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-20 ii. Network diagram switch a switch b switch c 3.0.1.31/24 3.0.1.32/24 3.0.1.33/24 figure 1-8 network diagram for ntp symmetric peers mode configuration iii. Configuration procedure 1) configuration on swit...
Page 1172
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-21 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offset: -21.1982 ms root delay: 15.00 ms root dispersion: 775.15 ms peer dispersion: 34.29 ms reference time: 15:22:47...
Page 1173
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-22 ii. Network diagram vlan-int3 1.0.1.11/24 vlan-int3 1.0.1.10/24 vlan-int2 3.0.1.31/24 vlan-int2 3.0.1.32/24 vlan-int2 3.0.1.30/24 switch a switch b switch c switch d figure 1-9 network diagram for ntp broad...
Page 1174
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-23 # view the ntp status of switch d after clock synchronization. [switchd] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 3.0.1.31 nominal frequency: 100.0000 hz ac...
Page 1175
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-24 ii. Network diagram figure 1-10 network diagram for ntp multicast mode configuration iii. Configuration procedure 1) configuration on switch c: # specify the local clock as the reference source, with the st...
Page 1176
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-25 actual frequency: 100.0000 hz clock precision: 2^7 clock offset: 0.0000 ms root delay: 31.00 ms root dispersion: 8.31 ms peer dispersion: 34.30 ms reference time: 16:01:51.713 utc apr 20 2007 (c6d95f6f.B687...
Page 1177
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-26 [switcha-vlan-interface3] ntp-service multicast-client # view the ntp status of switch a after clock synchronization. [switcha] display ntp-service status clock status: synchronized clock stratum: 3 referen...
Page 1178
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-27 ii. Network diagram figure 1-11 network diagram for configuration of ntp server/client mode with authentication iii. Configuration procedure 1) configuration on switch a: # specify the local clock as the re...
Page 1179
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-28 clock stratum: 3 reference clock id: 1.0.1.11 nominal frequency: 100.0000 hz actual frequency: 100.0000 hz clock precision: 2^7 clock offset: 0.0000 ms root delay: 31.00 ms root dispersion: 1.05 ms peer dis...
Page 1180
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-29 ii. Network diagram figure 1-12 network diagram for configuration of ntp broadcast mode with authentication iii. Configuration procedure 1) configuration on switch c: # specify the local clock as the refere...
Page 1181
Operation manual – ntp h3c s5500-ei series ethernet switches chapter 1 ntp configuration 1-30 now, switch d can receive broadcast messages through vlan-interface 2, and switch c can send broadcast messages through vlan-interface 2. Upon receiving a broadcast message from switch c, switch d synchroni...
Page 1182: Table of Contents
Operation manual – dns h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 dns configuration....................................................................................................... 1-1 1.1 dns overview ....................................................
Page 1183
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-1 chapter 1 dns configuration when configuring dns, go to these sections for information you are interested in: z dns overview z configuring the dns client z configuring the dns proxy z displaying and maintain...
Page 1184
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-2 1.1.2 dynamic domain name resolution i. Resolving procedure dynamic domain name resolution is implemented by querying the dns server. The resolution procedure is as follows: 1) a user program sends a name qu...
Page 1185
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-3 for example, a user can configure com as the suffix for aabbcc.Com. The user only needs to type aabbcc to get the ip address of aabbcc.Com. The resolver can add the suffix and delimiter before passing the na...
Page 1186
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-4 figure 1-2 dns proxy networking application ii. Operation of a dns proxy 1) a dns client considers the dns proxy as the dns server, and sends a dns request to the dns proxy, that is, the destination address ...
Page 1187
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-5 note: the ip address you last assign to the host name will overwrite the previous one if there is any. You may create up to 50 static mappings between domain names and ip addresses. 1.2.2 configuring dynamic...
Page 1188
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-6 1.4 displaying and maintaining dns to do… use the command… remarks display the static domain name resolution table display ip host display dns server information display dns server [ dynamic ] available in a...
Page 1189
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-7 reply from 10.1.1.2: bytes=56 sequence=3 ttl=128 time=2 ms reply from 10.1.1.2: bytes=56 sequence=4 ttl=128 time=2 ms reply from 10.1.1.2: bytes=56 sequence=5 ttl=128 time=2 ms --- host.Com ping statistics -...
Page 1190
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-8 # enter dns server configuration page. Select start > programs > administrative tools > dns. # create zone com. In figure 1-5 , right click forward lookup zones, select new zone, and then follow the instruct...
Page 1191
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-9 in figure 1-6 , right click zone com, and then select new host to bring up a dialog box as shown in figure 1-7 . Enter host name host and ip address 3.1.1.1. Figure 1-7 add a mapping between domain name and ...
Page 1192
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-10 reply from 3.1.1.1: bytes=56 sequence=4 ttl=126 time=1 ms reply from 3.1.1.1: bytes=56 sequence=5 ttl=126 time=1 ms --- host.Com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet...
Page 1193
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-11 1) configure the dns server this configuration may vary with different dns servers. When a windows 2000 server acts as the dns server, refer to dynamic domain name resolution configuration example for relat...
Page 1194
Operation manual – dns h3c s5500-ei series ethernet switches chapter 1 dns configuration 1-12 1.6 troubleshooting dns configuration i. Symptom after enabling the dynamic domain name resolution, the user cannot get the correct ip address. Ii. Solution z use the display dns dynamic-host command to ver...
Page 1195: Table of Contents
Operation manual – file system management h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 file system management configuration ................................................................... 1-1 1.1 file system management .......................................
Page 1196
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-1 chapter 1 file system management configuration when configuring the file system management, go to these sections for information you are interested in: z file system man...
Page 1197
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-2 1.1.2 directory operations directory operations include create, delete, display the current path, display specified directory or file information as shown in the followi...
Page 1198
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-3 to do… use the command… remarks empty the recycle bin reset recycle-bin [ /force ] optional available in user view display the contents of a file more file-url optional ...
Page 1199
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-4 1.1.4 storage device operations i. Naming rules naming rules of the storage devices are as follows: z if there is only one storage device of the same type on the device,...
Page 1200
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-5 caution: when you format a storage device, all the files stored on it are erased and cannot be restored. In particular, if there is a startup configuration file on the s...
Page 1201
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-6 flash:/test # display the files and the subdirectory under the test directory. Dir directory of flash:/test/ 0 drw- - feb 16 2006 15:28:14 mytest 2540 kb total (2519 kb ...
Page 1202
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-7 z save only non-default configuration settings. Z list commands in sections by view in this view order: system, interface, routing protocol, and so on. Sections are sepa...
Page 1203
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-8 z safe mode. This is the mode when you use the save command with the safely keyword. The mode saves the file slower but can retain the configuration file in the device e...
Page 1204
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-9 note: z fast saving mode is suitable for environments where power supply is stable. The safe mode, however, is preferred where stable power supply is unavailable or remo...
Page 1205
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-10 1.2.4 specifying a configuration file for next startup you can assign main or backup attribute to the configuration file for next startup when main/backup attributes ar...
Page 1206
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-11 note: for h3c s5500-ei series ethernet swithces, the file to be backed up or restored is the main confiugration file for next startup. Ii. Backing up the configuration ...
Page 1207
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 1 file system management configuration 1-12 1.3 displaying and maintaining device configuration to do… use the command… remarks display the configuration file saved in the storage device display saved-configurati...
Page 1208
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-1 chapter 2 ftp configuration when configuring ftp, go to these sections for information you are interested in: z ftp overview z configuring the ftp client z configuring the ftp server z dis...
Page 1209
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-2 figure 2-1 network diagram for ftp caution: z the ftp function is available when a route exists between the ftp server and the ftp client. Z when a device serving as the ftp server logs on...
Page 1210
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-3 the source address specified with the ftp client source command is valid for all ftp connections and the source address specified with the ftp command is valid only for the current ftp con...
Page 1211
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-4 to do… use the command… remarks log onto the remote ftp server directly in user view ftp ipv6 [ server-address [ service-port ] [ source ipv6 source-ipv6-address ] [ -i interface-type inte...
Page 1212
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-5 to do… use the command… remarks check files/directories on the ftp server ls [ remotefile [ localfile ] ] optional download a file from the ftp server get remotefile [ localfile ] optional...
Page 1213
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-6 2.2.3 ftp client configuration example i. Network requirements z use your device as an ftp client to download a startup file from the ftp server. Z the ip address of the ftp server is 10.1...
Page 1214
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-7 password: 331 password required for abc. Password: 230 user logged in. [ftp] binary 200 type set to i. [ftp] get aaa.Bin bbb.Bin 227 entering passive mode (10.1.1.1,4,1). 125 binary mode d...
Page 1215
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-8 result in file corruption on the router. This mode, however, consumes less memory space than the fast mode. Follow these steps to configure the ftp server: to do… use the command… remarks ...
Page 1216
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-9 to do… use the command… remarks assign the ftp service to the user service-type ftp required by default, the system does not support anonymous ftp access, and does not assign any service. ...
Page 1217
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-10 ii. Network diagram figure 2-3 smooth upgrading using the ftp server iii. Configuration procedure 1) configure device (ftp server) # create an ftp user account abc, setting its password t...
Page 1218
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-11 connected to 1.1.1.1. 220 ftp service ready. User(1.1.1.1:(none)):abc 331 password required for abc. Password: 230 user logged in. Ftp> put aaa.Bin bbb.Bin note: z when upgrading the conf...
Page 1219
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 2 ftp configuration 2-12 2.4 displaying and maintaining ftp to do… use the command… remarks display the configuration of the ftp client display ftp client configuration available in any view display the configura...
Page 1220
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 3 tftp configuration 3-1 chapter 3 tftp configuration when configuring tftp, go to these sections for information you are interested in: z tftp overview z configuring the tftp client z displaying and maintaining ...
Page 1221
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 3 tftp configuration 3-2 figure 3-1 tftp configuration diagram before using tftp, the administrator needs to configure ip addresses for the tftp client and server, and make sure that there is a route between the ...
Page 1222
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 3 tftp configuration 3-3 the source address specified with the tftp client source command is valid for all tftp connections and the source address specified with the tftp command is valid only for the current tft...
Page 1223
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 3 tftp configuration 3-4 3.3 displaying and maintaining the tftp client to do… use the command… remarks display the configuration of the tftp client display tftp client configuration available in any view 3.4 tft...
Page 1224
Operation manual – file system management h3c s5500-ei series ethernet switches chapter 3 tftp configuration 3-5 # assign vlan-interface 1 an ip address 1.1.1.1/16, making sure that the port connected to pc belongs to the same vlan. [sysname] interface vlan-interface 1 [sysname-vlan-interface1] ip a...
Page 1225: Table of Contents
Operation manual – information center h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 information center configuration.............................................................................. 1-1 1.1 information center overview ................................
Page 1226
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-1 chapter 1 information center configuration when configuring information center, go to these sections for information you are interested in: z information center overview z confi...
Page 1227
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-2 table 1-1 severity description severity severity value description emergencies 0 the system is unavailable. Alerts 1 information that demands prompt reaction critical 2 critical...
Page 1228
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-3 information channel number default channel name default output destination 4 logbuffer log buffer (receives log information, a buffer inside the router for recording information...
Page 1229
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-4 module name description dns domain name system module eth ethernet module ftps ftp server module garp generic attribute registration protocol module habp huawei authentication b...
Page 1230
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-5 module name description vlan virtual local area network module vos virtual operating system module vrrp virtual router redundancy protocol module vty virtual type terminal modul...
Page 1231
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-6 ii. Timestamp timestamp records the time when system information is generated to allow users to check and identify system events. Note that there is a space between the timestam...
Page 1232
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-7 task remarks setting to output system information to the console optional setting to output system information to a monitor terminal optional setting to output system informatio...
Page 1233
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-8 table 1-4 default output rules for different output destinations log trap debug output destina tion module s allowe d enable d/disab led severit y enable d/disab led severit y e...
Page 1234
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-9 to do… use the command… remarks enable the display of log information on the console terminal logging optional enabled by default enable the display of trap information on the c...
Page 1235
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-10 ii. Enabling the display of system information on a monitor terminal after setting to output system information to a monitor terminal, you need to enable the associated display...
Page 1236
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-11 to do… use the command… remarks configure the source interface through which log information can be output to a log host info-center loghost source interface-type interface-num...
Page 1239
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-14 1.2.8 configuring synchronous information output synchronous information output refers to the feature that if the user’s input is interrupted by system output such as log, trap...
Page 1240
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-15 to do… use the command… remarks display the state of the trap buffer and the trap information recorded display trapbuffer [ size buffersize ] available in any view reset the lo...
Page 1241
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-16 [sysname] info-center source default channel loghost debug state off log state off trap state off caution: as the default system configurations for different channels are diffe...
Page 1242
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-17 note: be aware of the following issues while editing the /etc/syslog.Conf file: z comments must be on a separate line and must begin with the # sign. Z the selector/action pair...
Page 1243
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-18 [sysname] info-center enable # specify the host with ip address 1.2.0.1/16 as the log host, use channel loghost to output log information (optional, loghost by default), and sp...
Page 1244
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-19 note: be aware of the following issues while editing the /etc/syslog.Conf file: z comments must be on a separate line and must begin with the # sign. Z the selector/action pair...
Page 1245
Operation manual – information center h3c s5500-ei series ethernet switches chapter 1 information center configuration 1-20 iii. Configuration procedure # enable information center. System-view [sysname] info-center enable # use channel console to output log information to the console (optional, con...
Page 1246: Table of Contents
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 basic configurations................................................................................................... 1-1 1.1 basic configurations ................
Page 1247
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-1 chapter 1 basic configurations while performing basic configurations of the system, go to these sections for information you are interested in: z basic configurations z cli fe...
Page 1248
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-2 1.1.2 configuring the device name to do… use the command… remarks enter system view system-view — configure the device name sysname sysname optional the device name is h3c by ...
Page 1249
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-3 table 1-1 relationship between the configuration and display of the system clock configuration system clock displayed by the display clock command example 1 date-time configur...
Page 1250
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-4 configuration system clock displayed by the display clock command example if date-time is not in the summer time range, date-time is displayed. Configure: clock summer-time ss...
Page 1251
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-5 configuration system clock displayed by the display clock command example if the value of "date-time" ±"zone-offset" is not in the summer-time range, "date-time" ±"zone-offset...
Page 1252
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-6 z shell banner, also called session banner, displayed when a non modem user enters user view. Z incoming banner, also called user interface banner, displayed when a user inter...
Page 1253
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-7 to do… use the command… remarks configure the banner to be displayed when a user enters user view header shell text optional configure the banner to be displayed before login ...
Page 1254
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-8 hotkey function terminates an outgoing connection. Displays the next command in the history command buffer. Displays the previous command in the history command buffer. Redisp...
Page 1255
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-9 table 1-3 default command levels level privilege command 0 visit ping, tracert, telnet 1 monitor refresh, reset, send 2 system all configuration commands except for those at m...
Page 1256
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-10 caution: z when you configure the password for switching user level with the super password command, the user level is defaulted to 3 if no user level is specified. Z you can...
Page 1257
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-11 to display statistics of each module’s running status. The execution of the display diagnostic-information command has the same effect as that of the commands display clock, ...
Page 1258
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-12 example, for the keyword ethernet, you only need to input eth when you execute a command with this keyword. 1.2.2 online help with command lines the following are the types o...
Page 1259
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-13 4) enter a character string followed by a >. All the commands starting with this string are displayed. C? Cd clock copy 5) enter a command followed by a character string and ...
Page 1260
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-14 table 1-4 edit functions key function common keys if the editing buffer is not full, insert the character at the position of the cursor and move the cursor to the right. Key ...
Page 1261
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-15 table 1-5 special characters in a regular expression character meaning remarks ^ starting sign, the string following it appears only at the beginning of a line. Regular expre...
Page 1262
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-16 action function enter when information display pauses stops the display and the command execution. Moves the cursor to the end of the current line. Displays information on th...
Page 1263
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 1 basic configurations 1-17 table 1-7 common command line errors error information cause the command was not found. The keyword was not found. Parameter type error % unrecognized command found at '^' po...
Page 1264
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 2 system maintaining and debugging 2-1 chapter 2 system maintaining and debugging when maintaining and debugging the system, go to these sections for information you are interested in: z system maintain...
Page 1265
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 2 system maintaining and debugging 2-2 ii. The tracert command by using the tracert command, you can trace the routers involved in delivering a packet from source to destination. This is useful for iden...
Page 1266
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 2 system maintaining and debugging 2-3 figure 2-1 the relationship between the protocol and screen debugging switch note: displaying debugging information on the terminal is the most commonly used way t...
Page 1268
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 2 system maintaining and debugging 2-5 note: z the debugging commands are usually used by administrators in diagnosing network failure. Z output of the debugging information may reduce system efficiency...
Page 1269
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-1 chapter 3 device management when configuring device management, go to these sections for information you are interested in: z device management overview z configuring device mana...
Page 1270
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-2 follow these steps to reboot a device: to do… use the command… remarks reboot a device reboot optional available in user view. Enable the scheduled reboot function and specify a ...
Page 1272
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-4 3.2.4 clearing the 16-bit interface indexes not used in the current system in practical networks, the network management software requires the device to provide a uniform, stable...
Page 1273
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-5 table 3-1 commonly used pluggable transceivers transceiver type applied environment whether can be an optical transceiver whether can be an electrical transceiver sfp (small form...
Page 1274
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-6 z you can use the vendor name field in the prompt information of the display transceiver interface command to identify an anti-spoofing pluggable transceiver customized by h3c. I...
Page 1275
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-7 to do… use the command… remarks display manufacture information of the device display device manuinfo available in any view display the temperature information of the device disp...
Page 1276
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-8 ii. Network diagram figure 3-1 network diagram for remote upgrade iii. Configuration procedure z configuration on ftp server (note that configurations may vary with different typ...
Page 1277
Operation manual – system maintaining and debugging h3c s5500-ei series ethernet switches chapter 3 device management 3-9 connected. 220 wftpd 2.0 service (by texas imperial software) ready for new user user(none): aaa 331 give me your password, please password: 230 logged in successfully [ftp] # do...
Page 1278: Table of Contents
Operation manual – nqa h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 nqa configuration ...................................................................................................... 1-1 1.1 nqa overview ....................................................
Page 1279
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-1 chapter 1 nqa configuration when configuring nqa, go to these sections for information you are interested in: z nqa overview z nqa configuration task list z configuring the nqa server z enabling the nqa clie...
Page 1280
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-2 ii. Supporting the collaboration function collaboration is implemented by establishing collaboration entries to monitor the detection results of the current test group. If the number of consecutive probe fai...
Page 1281
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-3 note: for the detailed description of the track module, refer to track configuration. Iii. Supporting delivery of traps traps can be sent to the network management server when a test is completed, fails, or ...
Page 1282
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-4 figure 1-2 relationship between the nqa client and nqa server in most nqa tests, you only need to configure the nqa client; while in tcp, udp-echo and udp-jitter tests, you must configure the nqa server. You...
Page 1283
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-5 task remarks configuring the icmp-echo test configuring the dhcp test configuring the ftp test configuring the http test configuring the udp-jitter test configuring the snmp test configuring the tcp test con...
Page 1284
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-6 1.4 enabling the nqa client configurations on the nqa client take effect only when the nqa client is enabled. Follow these steps to enable the nqa client: to do… use the command… remarks enter system view sy...
Page 1285
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-7 to do… use the command… remarks configure the test type as icmp-echo and enter test type view type icmp-echo required configure the destination address for a test operation destination ip ip-address required...
Page 1286
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-8 to do… use the command… remarks configure the next hop ip address for an icmp-echo request next-hop ip-address optional by default, no next hop ip address is configured. Configure common optional parameters ...
Page 1287
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-9 note: as dhcp test is a process to simulate address allocation in dhcp, the ip address of the interface performing the dhcp test will not be changed. 1.6.3 configuring the ftp test the ftp test is mainly use...
Page 1289
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-11 to do… use the command… remarks configure the destination address for a test operation destination ip ip-address required by default, no destination ip address is configured for a test operation. The destin...
Page 1290
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-12 1.6.5 configuring the udp-jitter test note: you are not recommended to perform an nqa udp-jitter test on ports from 1 to 1023 (known ports). Otherwise, the nqa test will fail or the corresponding services o...
Page 1291
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-13 to do… use the command… remarks configure the destination port for a test operation destination port port-number required by default, no destination port number is configured for a test operation. The desti...
Page 1292
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-14 note: the number of probes made in a udp-jitter test depends on the probe count command, while the number of probe packets sent in each probe depends on the probe packet-number command. 1.6.6 configuring th...
Page 1293
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-15 to do… use the command… remarks configure common optional parameters refer to configuring optional parameters common to an nqa test group optional 1.6.7 configuring the tcp test note: you are not recommende...
Page 1294
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-16 to do… use the command… remarks configure the destination port destination port port-number required by default, no destination port number is configured for a test operation. The destination port number mu...
Page 1295
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-17 ii. Configuring the udp-echo test follow these steps to configure the udp-echo test to do… use the command… remarks enter system view system-view — enter nqa test group view nqa entry admin-name operation-t...
Page 1296
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-18 to do… use the command… remarks configure the source ip address of a probe request in a test operation source ip ip-address optional by default, no source ip address is specified. The source ip address must...
Page 1297
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-19 to do… use the command… remarks configure common optional parameters refer to configuring optional parameters common to an nqa test group optional 1.7 configuring the collaboration function collaboration is...
Page 1298
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-20 1.8 configuring trap delivery traps can be sent to the network management server when test is completed, test fails or probe fails. I. Configuration prerequisites before configuring trap delivery, you need ...
Page 1300
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-22 1.10 scheduling an nqa test group with this configuration, you can set the start time and time period for a test group to perform the test and start the test. I. Configuration prerequisites before schedulin...
Page 1301
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-23 1.12 nqa configuration examples 1.12.1 icmp-echo test configuration example i. Network requirements use the nqa icmp function to test whether the nqa client (device a) can send packets to the specified dest...
Page 1302
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-24 failures due to sequence error: 0 failures due to internal error: 0 failures due to other errors: 0 1.12.2 dhcp test configuration example i. Network requirements use the nqa dhcp function to test the time ...
Page 1303
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-25 failures due to other errors: 0 1.12.3 ftp test configuration example i. Network requirements use the nqa ftp function to test the connection with a specified ftp server and the time necessary for device a ...
Page 1304
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-26 packet lost in test: 0% failures due to timeout: 0 failures due to disconnect: 0 failures due to no connection: 0 failures due to sequence error: 0 failures due to internal error: 0 failures due to other er...
Page 1305
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-27 square-sum of round trip time: 4096 last succeeded probe time: 2007-03-27 13:40:36.2 extend results: packet lost in test: 0% failures due to timeout: 0 failures due to disconnect: 0 failures due to no conne...
Page 1306
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-28 [devicea] nqa schedule admin test start-time now lifetime forever # display results of a udp-jitter test. [devicea] display nqa result admin test nqa entry(admin admin, tag test) test results: destination i...
Page 1307
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-29 ii. Network diagram figure 1-8 network diagram for snmp test iii. Configuration procedure 1) configurations on snmp agent. # enable the snmp agent service and set the snmp version to all, the read community...
Page 1308
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-30 failures due to other errors: 0 1.12.7 tcp test configuration example i. Network requirements use the nqa tcp function to test the time for establishing a tcp connection between device a and device b. The p...
Page 1309
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-31 extend results: packet lost in test: 0% failures due to timeout: 0 failures due to disconnect: 0 failures due to no connection: 0 failures due to sequence error: 0 failures due to internal error: 0 failures...
Page 1310
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-32 [devicea] display nqa result admin test nqa entry(admin admin, tag test) test results: destination ip address: 10.2.2.2 send operation times: 1 receive response times: 1 min/max/average round trip time: 25/...
Page 1311
Operation manual – nqa h3c s5500-ei series ethernet switches chapter 1 nqa configuration 1-33 destination ip address: 10.2.2.2 send operation times: 1 receive response times: 1 min/max/average round trip time: 19/19/19 square-sum of round trip time: 361 last succeeded probe time: 2007-03-27 15:32:48...
Page 1312: Table of Contents
Operation manual – vrrp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 vrrp configuration .................................................................................................... 1-1 1.1 introduction to vrrp ............................................
Page 1313
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-1 chapter 1 vrrp configuration when configuring vrrp, go to these sections for information you are interested in: z introduction to vrrp z configuring vrrp for ipv4 z configuring vrrp for ipv6 z ipv4-based v...
Page 1314
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-2 gateway network host a host b host c figure 1-1 lan networking apparently, this approach to enabling hosts on a network to communicate with external networks is easy to configure but it imposes a very high...
Page 1315
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-3 group elect a new gateway to undertake the responsibility of the failed switch, thus ensuring that the hosts in the network segment can communicate with the external networks uninterruptedly. Host a host b...
Page 1316
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-4 remains 255. That is, if there is an ip address owner in a standby group, it acts as the master as long as it works properly. Ii. Working mode a switch in a standby group can work in one of the following t...
Page 1317
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-5 you can adjust the interval of sending vrrp advertisements by setting the vrrp advertisement interval timer. If a backup switch receives no advertisements in three times the interval, the backup switch reg...
Page 1318
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-6 z count ip addrs: number of virtual ip addresses for the standby group. A standby group can have multiple virtual ip addresses. Z auth type: authentication type. 0 means no authentication, 1 means simple a...
Page 1319
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-7 z auth type: authentication type. 0 means no authentication, 1 means simple authentication. Vrrpv3 does not support md5 authentication. Z adver int: interval for sending advertisement packets, in centiseco...
Page 1320
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-8 only one standby group, in which each switch holds different priorities and the one with the highest priority becomes the master, as shown in figure 1-5 . Figure 1-5 vrrp in master/backup mode at the begin...
Page 1321
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-9 host a host b host c switch a backup switch b backup switch c master virtual router 2 virtual router 3 virtual router 1 master backup backup backup master backup network figure 1-6 vrrp in load balancing m...
Page 1322
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-10 task remarks configuring vrrp packet attributes optional 1.2.2 enabling users to ping virtual ip addresses you can configure whether the master switch responds to the received icmp echo requests, that is,...
Page 1323
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-11 when an ip address owner exists in a standby group, if you associate the virtual ip address with the virtual mac address, two mac addresses are associated with an ip address. In this case, you can associa...
Page 1324
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-12 to do… use the command… remarks enter system view system-view — enter the specified interface view interface interface-type interface-number — create standby group and configure virtual ip address of the ...
Page 1325
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-13 ii. Configuration procedure by configuring switch priority, preemption mode and interface tracking, you can decide which switch in the standby group serves as the master. Follow these steps to configure s...
Page 1326
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-14 to do… use the command… remarks enter system view system-view — enter the specified interface view interface interface-type interface-number — configure the authentication mode and authentication key when...
Page 1327
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-15 to do… use the command… remarks remove vrrp statistics reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ]] available in user view 1.3 configuring vrrp for ipv6 1....
Page 1328
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-16 caution: you should configure this function before creating a standby group. Otherwise, you cannot ping the virtual ipv6 addresses of standby groups. 1.3.3 configuring the association between virtual ipv6...
Page 1329
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-17 caution: you should configure this function before creating a standby group. Otherwise, you cannot modify the mapping between the virtual ipv6 address and the mac address. 1.3.4 creating standby group and...
Page 1330
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-18 caution: z the maximum number of standby groups on an interface and the maximum number of virtual ipv6 addresses in a standby group vary by device. Z a standby group is removed after you remove all the vi...
Page 1331
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-19 caution: z the priority of an ip address owner is always 255 and not configurable. Z interface tracking is not configurable on an ip address owner. Z the priority of a device is reset if the state of the ...
Page 1332
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-20 1.3.7 displaying and maintaining vrrp for ipv6 to do… use the command… remarks display vrrp status display vrrp ipv6[verbose][ interface interface-type interface-number [vrid virtual-router-id ] ] availab...
Page 1333
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-21 ii. Network diagram host a switch a switch b virtual ip address: 202.38.160.111/24 vlan-int2 202.38.160.1/24 vlan-int2 202.38.160.2/24 host b 202.38.160.3/24 203.2.3.1/24 internet figure 1-7 network diagr...
Page 1334
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-22 # create standby group 1 and set its virtual ip address to be 202.38.160.111. [switchb-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # set switch b to work in preemption mode. The preemption dela...
Page 1335
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-23 [switchb-vlan-interface2] display vrrp verbose ipv4 standby information: run method : virtual-mac virtual ip ping : enable interface : vlan-interface2 vrid : 1 adver. Timer : 1 admin status : up state : m...
Page 1336
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-24 iii. Configuration procedure 1) configure switch a # configure vlan 2. System-view [switcha] vlan 2 [switcha-vlan2] port gigabitethernet 1/0/5 [switcha-vlan2] quit [switcha] interface vlan-interface 2 [sw...
Page 1337
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-25 after the configuration, host b can be pinged through on host a. You can use the display vrrp command to verify the configuration. # display detailed information of standby group 1 on switch a. [switcha-v...
Page 1338
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-26 virtual ip ping : enable interface : vlan-interface2 vrid : 1 adver. Timer : 5 admin status : up state : backup config pri : 110 run pri : 80 preempt mode : yes delay time : 0 auth type : simple text key ...
Page 1339
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-27 ii. Network diagram figure 1-9 network diagram for multiple vrrp standby group configuration iii. Configuration procedure 1) configure switch a # configure vlan 2. System-view [switcha] vlan 2 [switcha-vl...
Page 1340
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-28 [switchb-vlan-interface2] ip address 202.38.160.2 255.255.255.0 # create a standby group 1 and set its virtual ip address to 202.38.160.111. [switchb-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111...
Page 1341
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-29 config pri : 100 run pri : 100 preempt mode : yes delay time : 0 auth type : none virtual ip : 202.38.160.111 master ip : 202.38.160.1 interface : vlan-interface2 vrid : 2 adver. Timer : 1 admin status : ...
Page 1342
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-30 ii. Network diagram host a switch a switch b virtual ipv6 address: fe80::10 vlan-int2 fe80::1 vlan-int2 fe80::2 host b gateway: fe80::10 internet figure 1-10 network diagram for single vrrp standby group ...
Page 1343
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-31 [switchb] vlan 2 [switchb-vlan2] port gigabitethernet 1/0/5 [switchb-vlan2] quit [switchb] interface vlan-interface 2 [switchb-vlan-interface2] ipv6 address fe80::2 link-local # create a standby group 1 a...
Page 1344
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-32 the above information indicates that in standby group 1 switch a is the master, switch b is the backup and packets sent from host a to host b are forwarded by switch a. If switch a fails, you can still pi...
Page 1345
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-33 ii. Network diagram host a switch a switch b virtual ipv6 address: fe80::10 vlan-int2 fe80::1 vlan-int2 fe80::2 host b gateway: fe80::10 vlan-int3 internet figure 1-11 network diagram for vrrp interface t...
Page 1346
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-34 [switcha-vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3 reduced 30 2) configure switch b # configure vlan 2. System-view [switchb] ipv6 [switchb] vlan 2 [switchb-vlan2] port gigabiteth...
Page 1347
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-35 # display detailed information of standby group 1 on switch b. [switchb-vlan-interface2] display vrrp ipv6 verbose ipv6 standby information: run method : virtual-mac virtual ip ping : enable interface : v...
Page 1348
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-36 admin status : up state : master config pri : 100 run pri : 100 preempt mode : yes delay time : 5 auth type : simple text key : hello virtual ip : fe80::10 virtual mac : 0000-5e00-0201 master ip : fe80::2...
Page 1349
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-37 [switcha] vlan 2 [switcha-vlan2] port gigabitethernet 1/0/5 [switcha-vlan2] quit [switcha] interface vlan-interface 2 [switcha-vlan-interface2] ipv6 address fe80::1 link-local [switcha-vlan-interface2] ip...
Page 1350
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-38 preempt mode : yes delay time : 0 auth type : none virtual ip : fe80::10 virtual mac : 0000-5e00-0201 master ip : fe80::1 interface : vlan-interface2 vrid : 2 adver. Timer : 100 admin status : up state : ...
Page 1351
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-39 the above information indicates that in standby group 1 switch a is the master, switch b is the backup and the host with the default gateway of fe80::10 accesses the internet through switch a; in standby ...
Page 1352
Operation manual – vrrp h3c s5500-ei series ethernet switches chapter 1 vrrp configuration 1-40 symptom 3: frequent vrrp state transition. Analysis: the vrrp advertisement interval is set too short. Solution: increase the interval to sent vrrp advertisement or introduce a preemption delay.
Page 1353: Table of Contents
Operation manual – ssh h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ssh configuration....................................................................................................... 1-1 1.1 ssh2.0 overview..................................................
Page 1354
Operation manual – ssh h3c s5500-ei series ethernet switches table of contents ii 2.3.6 terminating the connection to the remote sftp server ...................................... 2-6 2.4 sftp configuration example ........................................................................................
Page 1355
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-1 chapter 1 ssh configuration when configuring ssh, go to these sections for information you are interested in: z ssh2.0 overview z configuring the device as an ssh server z configuring the device as an ssh cl...
Page 1356
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-2 key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm. 1.1.2 asymmetric key algorithm asymmetric key algorithm means that a key pair exists at both ends. The key...
Page 1357
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-3 i. Version negotiation z the server opens port 22 to listen to connection requests from clients. Z the client sends a tcp connection request to the server. After the tcp connection is established, the server...
Page 1358
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-4 caution: before the negotiation, the server must have already generated the rsa and dsa key pairs, which are mainly used for generating the session key. Iii. Authentication z the client sends to the server a...
Page 1359
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-5 note: besides password authentication and publickey authentication, ssh provides another two authentication methods: z password-publickey: performs both password authentication and publickey authentication o...
Page 1360
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-6 1.2 configuring the device as an ssh server 1.2.1 ssh server configuration task list complete the following tasks to configure an ssh server: task remarks enabling ssh server required configuring the user in...
Page 1361
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-7 follow these steps to configure the protocols for the current user interface to support: to do… use the command… remarks enter system view system-view — enter user interface view of one or more user interfac...
Page 1362
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-8 caution: z configuration of the rsa local-key-pair create and public-key local create dsa command can survive a reboot. You only need to configure it once. Z the length of an rsa server/host key is in the ra...
Page 1363
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-9 1.2.5 configuring a client public key note: this configuration task is only necessary for ssh users using publickey authentication. For an ssh user that uses publickey authentication to login, the server mus...
Page 1364
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-10 to do… use the command… remarks configure a client public key enter the content of the public key required the content must be a hexadecimal string that is generated randomly by the ssh-supported client sof...
Page 1366
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-12 note: for users using publickey authentication: z you must configure on the device the corresponding username and public keys. Z after login, the commands available for a user are determined by the user pri...
Page 1367
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-13 note: authentication will fail if the number of authentication attempts (including both publickey and password authentication) exceeds that specified in the ssh server authentication-retries command. 1.3 co...
Page 1368
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-14 z with first-time authentication, when an ssh client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host publ...
Page 1369
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-15 1.3.4 establishing a connection between the ssh client and the server follow these steps to establish the connection between the ssh client and the server: to do... Use the command… remarks establish a conn...
Page 1370
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-16 to do… use the command… remarks display the mappings between host public keys and ssh servers saved on a client display ssh server-info available in any view display information about a specified or all ssh...
Page 1371
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-17 [switch-ui-vty0-4] authentication-mode scheme # enable the user interface to support ssh. [switch-ui-vty0-4] protocol inbound ssh [switch-ui-vty0-4] quit # create local user client001, and set the user comm...
Page 1372
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-18 figure 1-3 ssh client configuration interface from the window shown in figure 1-3 , click open. The following ssh client interface appears. If the connection is normal, you will be prompted to enter the use...
Page 1373
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-19 iii. Configuration procedure 1) configure the ssh server # generate rsa and dsa key pairs and enable ssh server. System-view [switch] public-key local create rsa [switch] public-key local create dsa [switch...
Page 1374
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-20 figure 1-5 generate a client key pair (1) while generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in figure 1-6 . Otherwise, the process bar st...
Page 1375
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-21 figure 1-6 generate a client key pair (2) after the key pair is generated, click save public key to save the key in a file by entering a file name (“key.Pub” in this case)..
Page 1376
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-22 figure 1-7 generate a client key pair (3) likewise, to save the private key, click save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click yes ...
Page 1377
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-23 # specify the private key file and establish a connection with the ssh server launch putty.Exe to enter the following interface. In the host name (or ip address) text box, enter the ip address of the server...
Page 1378
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-24 figure 1-10 ssh client configuration interface (2) from the window shown in figure 1-10 , click open. The following ssh client interface appears. If the connection is normal, you will be prompted to enter t...
Page 1379
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-25 ii. Network diagram figure 1-11 network diagram for ssh client configuration (using password authentication) iii. Configuration procedure 1) configure the ssh server # create an rsa and dsa key pair and ena...
Page 1380
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-26 [switcha] interface vlan-interface 1 [switcha-vlan-interface1] ip address 10.165.87.137 255.255.255.0 [switcha-vlan-interface1] quit # disable first-time authentication. [switcha] undo ssh client first-time...
Page 1381
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-27 press ctrl+k to abort connected to 10.165.87.136... Enter password: ************************************************************************** * copyright (c) 2004-2007 hangzhou h3c tech. Co., ltd. All righ...
Page 1382
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-28 [switchb-ui-vty0-4] authentication-mode scheme # enable the user interface to support ssh. [switchb-ui-vty0-4] protocol inbound ssh # set the user command privilege level to 3. [switchb-ui-vty0-4] user priv...
Page 1383
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 1 ssh configuration 1-29 note: after generating a key pair on a client, you need to transmit the saved public key file to the server through ftp or tftp and have the configuration on the server done before continuing configuration ...
Page 1384: Chapter 2 Sftp Service
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-1 chapter 2 sftp service when configuring sftp, go to these sections for information you are interested in: z sftp overview z configuring an sftp server z configuring an sftp client z sftp configuration example 2.1...
Page 1385
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-2 note: when the device functions as the sftp server, only one client can access the sftp server at a time. If the sftp client uses winscp, a file on the server cannot be modified directly; it can only be downloade...
Page 1386
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-3 2.3.2 establishing a connection to the sftp server this configuration task is to enable the sftp client to establish a connection with the remote sftp server and enter sftp client view. Follow these steps to enab...
Page 1387
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-4 to do… use the command… remarks change the working directory of the remote sftp server cd [ remote-path ] optional return to the upper-level directory cdup optional display the current working directory of the re...
Page 1390
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-7 ii. Network diagram figure 2-1 network diagram for sftp configuration iii. Configuration procedure 1) configure the sftp server (switch b) # generate rsa and dsa key pairs and enable the ssh server. System-view [...
Page 1391
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-8 note: if you set the ssh authentication method to publickey, you need to configure the host public key of switcha. For the specific configuration, refer to when using publickey authentication . # enable the sftp ...
Page 1392
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-9 this operation may take a long time.Please wait... File successfully removed sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 aug 23 06:52 config.Cfg -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx...
Page 1393
Operation manual – ssh h3c s5500-ei series ethernet switches chapter 2 sftp service 2-10 -rwxrwxrwx 1 noone nogroup 1759 aug 23 06:52 config.Cfg -rwxrwxrwx 1 noone nogroup 225 aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 sep 01 06:22 new drwxr...
Page 1394: Table of Contents
Operation manual – rrpp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 rrpp configuration .................................................................................................... 1-1 1.1 rrpp overview ...................................................
Page 1395
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-1 chapter 1 rrpp configuration when configuring rrpp, go to these sections for information you are interested in: z rrpp overview z rrpp configuration task list z configuring master node z configuring transi...
Page 1396
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-2 i. Rrpp domain the interconnected devices with the same domain id and control vlans constitute an rrpp domain. An rrpp domain contains multiple rrpp rings, in which one ring serves as the primary ring and ...
Page 1397
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-3 primary ring and an assistant-edge node on the subring. This node is used in conjunction with the edge node to detect the integrity of the primary ring and perform loop guard. As shown in figure 1-1 , ring...
Page 1398
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-4 vii. Multi-domain intersection common port of the two ports on a node where rings of different domains intersect, the common port is the one on the primary ring that belongs to different domains at the sam...
Page 1399
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-5 type description complete-flush-fdb the master node initiates complete-flush-fdb packets to notify the transit nodes to update their own mac entries and arp entries, and release from blocking ports tempora...
Page 1400
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-6 ii. Multi-domain tangent rings ring 2 ring 1 device a device b device c device e domain 1 transit node device d transit node transit node device f master node domain 2 transit node master node ring 2 figur...
Page 1401
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-7 iv. Dual homed rings device a device b device c device d device e edge node master node transit node assistant edge node domain 1 ring 1 ring 2 master node device f master node ring 3 figure 1-5 dual homed...
Page 1402
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-8 in different domains are independently configured. Each single domain can contain multiple rings, among which there must be one and only one primary ring. The data vlan in one domain must be isolated from ...
Page 1403
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-9 in this case, to prevent from generating this loop, the edge node will block the edge port temporarily. The blocked edge port is activated only when the edge node ensures that no loop will be brought forth...
Page 1404
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-10 caution: z it is recommended to configure the primary ring first and then the subring when you configure an rrpp domain. Moreover, a ring id cannot be applied to more than one rrpp ring in one rrpp domain...
Page 1405
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-11 note: z if you need to transparently transmit rrpp packets on a device without enabling rrpp, you should ensure only the two ports accessing an rrpp ring permits the packets of the control vlan. Otherwise...
Page 1406
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-12 caution: z the control vlan configured for an rrpp domain must be a new one. Z control vlan configuration is required for configuring an rrpp ring. Z to use the undo rrpp domain command to remove an rrpp ...
Page 1407
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-13 to do… use the command… remarks enter system view system-view — create an rrpp domain and enter its view rrpp domain domain-id required specify a control vlan for the rrpp domain control-vlan vlan-id requ...
Page 1408
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-14 [sysname] interface gigabitethernet 1/0/1 [sysname-gigabitethernet1/0/1] link-delay 0 [sysname-gigabitethernet1/0/1] quit [sysname] interface gigabitethernet 1/0/2 [sysname-gigabitethernet1/0/2] link-dela...
Page 1409
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-15 to do… use the command… remarks enable the subring ring ring-id enable required by default, the rrpp ring is disabled. Return to system view quit — enable rrpp rrpp enable required by default, rrpp is dis...
Page 1410
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-16 [sysname-gigabitethernet1/0/2] link-delay 0 [sysname-gigabitethernet1/0/2] quit [sysname] interface gigabitethernet 1/0/4 [sysname-gigabitethernet1/0/4] link-delay 0 [sysname-gigabitethernet1/0/4] quit [s...
Page 1411
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-17 to do… use the command… remarks enable the subring ring ring-id enable required by default, the rrpp ring is disabled. Return to system view quit — enable rrpp rrpp enable required by default, rrpp is dis...
Page 1412
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-18 [sysname-gigabitethernet1/0/2] link-delay 0 [sysname-gigabitethernet1/0/2] quit [sysname] interface gigabitethernet 1/0/4 [sysname-gigabitethernet1/0/4] link-delay 0 [sysname-gigabitethernet1/0/4] quit [s...
Page 1413
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-19 z specify device a as the master node of primary ring 1, gigabitethernet 1/0/1 as the primary port and gigabitethernet 1/0/2 as the secondary port; z specify device b, device c and device d as the transit...
Page 1414
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-20 [device a-rrpp-domain1] control-vlan 4092 [device a-rrpp-domain1] ring 1 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [device a-rrpp-domain1] ring 1 ena...
Page 1415
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-21 [deviced-gigabitethernet1/0/2] link-delay 0 [deviced-gigabitethernet1/0/2] quit [device d] rrpp domain 1 [device d-rrpp-domain1] control-vlan 4092 [device d-rrpp-domain1] ring 1 node-mode transit primary-...
Page 1416
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-22 figure 1-8 networking diagram for single-domain intersecting rings configuration ii. Configuration considerations first, determine the primary ring and subring in an rrpp domain, node mode of a device on ...
Page 1417
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-23 [device a] rrpp enable 2) perform the following configuration on device b: system-view [deviceb] interface gigabitethernet 1/0/1 [deviceb-gigabitethernet1/0/1] link-delay 0 [deviceb-gigabitethernet1/0/1] ...
Page 1418
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-24 [device c] rrpp enable 4) perform the following configuration on device d: system-view [deviced] interface gigabitethernet 1/0/1 [deviced-gigabitethernet1/0/1] link-delay 0 [deviced-gigabitethernet1/0/1] ...
Page 1419
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-25 z device e, device f, device c and device b constitute primary ring 2; z on primary ring 1 in rrpp domain 1, device a is the master node, gigabitethernet 1/0/1 is the primary port and gigabitethernet 1/0/...
Page 1420
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-26 iii. Configuration procedure 1) perform the following configuration on device a: system-view [devicea] interface gigabitethernet 1/0/1 [devicea-gigabitethernet1/0/1] link-delay 0 [devicea-gigabitethernet1...
Page 1421
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-27 [devicec] interface gigabitethernet 1/0/1 [devicec-gigabitethernet1/0/1] link-delay 0 [devicec-gigabitethernet1/0/1] quit [devicec] interface gigabitethernet 1/0/2 [devicec-gigabitethernet1/0/2] link-dela...
Page 1422
Operation manual – rrpp h3c s5500-ei series ethernet switches chapter 1 rrpp configuration 1-28 [devicee] interface gigabitethernet 1/0/2 [devicee-gigabitethernet1/0/2] link-delay 0 [devicee-gigabitethernet1/0/2] quit [device e] rrpp domain 2 [device e-rrpp-domain2] control-vlan 4092 [device e-rrpp-...
Page 1423: Table of Contents
Operation manual – port security h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 port security configuration........................................................................................ 1-1 1.1 introduction to port security ..............................
Page 1424
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-1 chapter 1 port security configuration when configuring port security, go to these sections for information you are interested in: z introduction to port security z port security configura...
Page 1425
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-2 ii. Intrusion protection the intrusion protection feature checks the source mac addresses in inbound frames and takes a pre-defined action accordingly upon detecting illegal frames. The a...
Page 1426
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-3 security mode description features userloginsecur e in this mode, a port performs 802.1x authentication of users in portbased mode and services only one user passing 802.1x authentication...
Page 1427
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-4 note: z currently, port security supports two authentication methods: 802.1x and mac authentication. Different port security modes employ different authentication method or different comb...
Page 1428
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-5 note that: 1) enabling port security resets the following configurations on a port to the defaults bracketed, making them dependent completely on the port security mode: z 802.1x (disable...
Page 1429
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-6 to do… use the command… remarks set the maximum number of secure mac addresses allowed on a port port-security max-mac-count count-value required not limited by default 1.5 setting the po...
Page 1430
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-7 to do… use the command… remarks enter system view system-view — enter ethernet port view interface interface-type interface-number — enable the autolearn mode port-security port-mode auto...
Page 1431
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-8 to do… use the command… remarks enter system view system-view — enter ethernet port view interface interface-type interface-number — set the port security mode port-security port-mode { m...
Page 1432
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-9 to do… use the command… remarks enter system view system-view — enter ethernet port view interface interface-type interface-number — configure the intrusion protection feature port-securi...
Page 1433
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-10 1.7.1 configuration prerequisites z enable port security z set the maximum number of secure mac addresses allowed on the port z set the port security mode to autolearn 1.7.2 configuratio...
Page 1434
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-11 to do… use the command… remarks ignore the authorization information from the radius server port-security authorization ignore required by default, a port uses the authorization informat...
Page 1435
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-12 iii. Configuration procedure 1) configure port security # enable port security. System-view [switch] port-security enable # enable intrusion protection trap. [switch] port-security trap ...
Page 1436
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-13 you can also use the above command repeatedly to track the number of mac addresses learned by the port, or use the display this command in ethernet port view to display the secure mac ad...
Page 1437
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-14 now, if you manually delete several secure mac addresses, the port security mode of the port will be restored to autolearn, and the port will be able to learn mac addresses again. 1.10.2...
Page 1438
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-15 # set the ip addresses of the primary authentication and accounting servers to 192.168.1.1 and 192.168.1.2 respectively. [switch-radius-radsun] primary authentication 192.168.1.1 [switch...
Page 1439
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-16 [switch] port-security oui 1234-0100-1111 index 1 [switch] port-security oui 1234-0200-1111 index 2 [switch] port-security oui 1234-0300-1111 index 3 [switch] port-security oui 1234-0400...
Page 1440
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-17 idle-cut = disable self-service = disable use the following command to view the port security configuration information: display port-security interface gigabitethernet 1/0/1 equipment p...
Page 1441
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-18 the port is an authenticator authentication mode is auto port control type is mac-based 802.1x multicast-trigger is enabled guest vlan: 0 max number of on-line users is 256 eapol packet:...
Page 1442
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-19 z enable ntk to prevent frames from being sent to unknown mac addresses. Ii. Network diagram see figure 1-2 . Iii. Configuration procedure note: configurations on the host and radius ser...
Page 1443
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-20 oui value: gigabitethernet1/0/1 is link-up port mode is macaddresselseuserloginsecure needtoknow mode is needtoknowonly intrusion protection mode is noaction max mac address number is 64...
Page 1444
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-21 quiet period 60 s, quiet period timer is disabled supp timeout 30 s, server timeout 100 s the maximal retransmitting times 2 ead quick deploy configuration: ead timeout: 30 m the maximum...
Page 1445
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-22 error:when we change port-mode, we should first change it to norestrictions, then change it to the other. Ii. Analysis for a port working in a port security mode other than norestriction...
Page 1446
Operation manual – port security h3c s5500-ei series ethernet switches chapter 1 port security configuration 1-23 error:cannot configure port-security for there is 802.1x user(s) on line on port gigabitethernet1/0/1. Ii. Analysis changing port security mode is not allowed when an 802.1x-authenticate...
Page 1447: Table of Contents
Operation manual – lldp h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 lldp configuration..................................................................................................... 1-1 1.1 introduction to lldp ............................................
Page 1448
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-1 chapter 1 lldp configuration when configuring lldp, go to these sections for information you are interested in: z introduction to lldp z lldp configuration tasks list z performing basic lldp configuration ...
Page 1449
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-2 the two cases, an interval exists between two successive operations of sending lldpdus. This prevents the network from being overwhelmed by lldpdus even if the lldp operating mode changes frequently. To en...
Page 1450
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-3 table 1-1 basic lldp tlvs type description remarks end of lldpdu tlv marks the end of an lldpdu. Chassis id tlv carries the bridge mac address of the sender port id tlv carries the sending port. For device...
Page 1451
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-4 2) ieee 802.3 defined lldp tlvs include the following: z mac/phy configuration/status tlv, which carries port configuration, such as port speed, duplex state, whether port speed auto-negotiation is support...
Page 1452
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-5 task remarks enabling lldp required setting lldp operating mode optional configuring lldpdu tlvs optional enable lldp polling optional basic lldp configuration configuring the parameters concerning lldpdu ...
Page 1453
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-6 1.3.2 setting lldp operating mode follow these steps to set lldp operating mode: to do… use the command… remarks enter system view system-view — set the initialization delay period lldp timer reinit-delay ...
Page 1455
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-8 note: z to enable med related lldp tlv sending, you need to enable lldp-med capabilities tlv sending first. Conversely, to disable lldp-med capabilities tlv sending, you need to disable the sending of othe...
Page 1456
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-9 to do… use the command… remarks enter system view system-view — set the interval to send lldpdus lldp timer tx-interval value optional 30 seconds by default set the delay period to send lldpdus lldp timer ...
Page 1457
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-10 follow these steps to configure lldp trap: to do… use the command… remarks enter system view system-view — enter ethernet interface view interface interface-type interface-number enter ethernet interface ...
Page 1458
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-11 1.6 lldp configuration example 1.6.1 lldp configuration example i. Network requirements z the nms and switch a are located in the same ethernet. An med device and switch b are connected to gigabitethernet...
Page 1459
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-12 [switcha-gigabitethernet1/0/2] lldp enable [switcha-gigabitethernet1/0/2] lldp admin-status rx [switcha-gigabitethernet1/0/2] quit 2) configure switch b. # enter system view. System-view # enable lldp glo...
Page 1460
Operation manual – lldp h3c s5500-ei series ethernet switches chapter 1 lldp configuration 1-13 roll time : 0s number of neighbors : 1 number of med neighbors : 0 number of sent optional tlv : 0 number of received unknown tlv : 3 # tear down the link between switch a and switch b and then display th...
Page 1461: Table of Contents
Operation manual – poe h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 poe configuration ....................................................................................................... 1-1 1.1 poe overview ...................................................
Page 1462
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-1 chapter 1 poe configuration when configuring poe, go to these sections for information you are interested in: z poe overview z poe configuration task list z configuring the poe interface z configuring pd pow...
Page 1463
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-2 pse is a card or subcard. Pse manages its own poe interfaces independently. Pse examines the ethernet cables connected to poe interfaces, searches for the devices, classifies them, and supplies power to them...
Page 1464
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-3 caution: you can adopt either mode to configure, modify, or delete a poe configuration parameter under the same poe interface. The pse supplies power for a poe interface in the following two modes: z for a d...
Page 1465
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-4 1.3.2 configuring poe interfaces through a poe configuration file a poe configuration file is used to configure at the same time multiple poe interfaces with the same attributes to simplify operations. This ...
Page 1466
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-5 caution: z after a poe configuration file is applied to a poe interface, other poe configuration files can not take effect on this poe interface. Z if a poe configuration file is already applied to a poe int...
Page 1467
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-6 preempted will be powered off, but their configurations will remain unchanged. When you change the priority of a poe interface from critical to a lower level, the pds connecting to other poe interfaces will ...
Page 1468
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-7 1.6 upgrading pse processing software online you can upgrade the pse processing software online in either of the following two modes: z refresh mode this mode enables you to update the pse processing softwar...
Page 1469
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-8 caution: if you adjust the pd disconnection detection mode when the device is running, the connected pds will be powered off. Therefore, be cautious to do so. 1.8 enabling the pse to detect nonstandard pds t...
Page 1470
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-9 1.10 poe configuration example i. Network requirements the device provides power supply for pds through poe interfaces. Z gigabitethernet 1/0/1 and gigabitethernet 1/0/2 are connected to ip telephones. Z gig...
Page 1471
Operation manual – poe h3c s5500-ei series ethernet switches chapter 1 poe configuration 1-10 # set the power priority level of gigabitethernet 1/0/2 to critical. System-view [sysname] interface gigabitethernet 1/0/2 [sysname-gigabitethernet1/0/2] poe priority critical [sysname-gigabitethernet1/0/2]...
Page 1472: Table of Contents
Operation manual – sflow h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 sflow configuration .................................................................................................... 1-1 1.1 sflow overview.................................................
Page 1473
Operation manual – sflow h3c s5500-ei series ethernet switches chapter 1 sflow configuration 1-1 chapter 1 sflow configuration when configuring sflow, go to these sections for information you are interested in: z sflowoverview z configuring sflow z displaying sflow z sflow configuration example z tr...
Page 1474
Operation manual – sflow h3c s5500-ei series ethernet switches chapter 1 sflow configuration 1-2 1.1.2 operation of sflow sflow operates as follows: 1) with sflow enabled, a physical port encapsulates received data into packets and sends them to the sflow agent. 2) the sflow agent periodically colle...
Page 1475
Operation manual – sflow h3c s5500-ei series ethernet switches chapter 1 sflow configuration 1-3 caution: z the sflow agent and sflow collector must not have the same ip address. Z currently, you can specify at most two sflow collectors on s5500-ei series ethernet switches. 1.3 displaying sflow to d...
Page 1476
Operation manual – sflow h3c s5500-ei series ethernet switches chapter 1 sflow configuration 1-4 iii. Configuration procedure # configure an ip address for the sflow agent. System-view [switch] sflow agent ip 3.3.3.1 # specify the ip address and port number of the sflow collector. [switch] sflow col...
Page 1477
Operation manual – sflow h3c s5500-ei series ethernet switches chapter 1 sflow configuration 1-5 z the physical link between the device and the sflow collector fails. Iii. Solution 1) check whether sflow is correctly configured by displaying sflow configuration with the display sflow command. 2) che...
Page 1478: Table of Contents
Operation manual – ssl-https h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 ssl configuration ....................................................................................................... 1-1 1.1 ssl overview .............................................
Page 1479
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 1 ssl configuration 1-1 chapter 1 ssl configuration when configuring ssl, go to these sections for information you are interested in: z ssl overview z ssl configuration task list z displaying and maintaining ssl z troubleshoo...
Page 1480
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 1 ssl configuration 1-2 z ssl change cipher spec protocol: used for notification between a client and the server that the subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite and k...
Page 1482
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 1 ssl configuration 1-4 ii. Network diagram vlan-int2 10.1.1.1/24 vlan-int3 10.1.2.1/24 host ca 10.1.1.2/24 10.1.2.2/24 switch figure 1-2 network diagram for ssl server policy configuration iii. Configuration procedure 1) req...
Page 1483
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 1 ssl configuration 1-5 # enable client authentication. [sysname-ssl-server-policy-myssl] client-verify enable [sysname-ssl-server-policy-myssl] quit 3) associate https service with the ssl server policy and enable https serv...
Page 1485
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 1 ssl configuration 1-7 z if the ssl server has no certificate, request one for it. Z if the server certificate cannot be trusted, install on the ssl client the root certificate of the ca that issues the local certificate to ...
Page 1486
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-1 chapter 2 https configuration when configuring https, go to these sections for information you are interested in: z https overview z https configuration task list z associating the https service with...
Page 1487
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-2 configuration task remarks associating the https service with a certificate attribute access control policy optional associating the https service with an acl optional 2.3 associating the https servi...
Page 1488
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-3 note: z after the https service is enabled, you can use the display ip https command to view the state of the https service and verify the configuration. Z enabling of the https service will trigger ...
Page 1489
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-4 2.6 associating the https service with an acl associating the https service with an acl can filter out requests from some clients to let pass only clients that pass the acl filtering. Follow these st...
Page 1490
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-5 ii. Network diagram figure 2-1 network diagram for https configuration iii. Configuration procedure perform the following configurations on switch: 1) apply for a certificate for switch # configure a...
Page 1491
Operation manual – ssl-https h3c s5500-ei series ethernet switches chapter 2 https configuration 2-6 [switch-ssl-server-policy-myssl] pki-domain 1 [switch-ssl-server-policy-myssl] client-verify enable [switch-ssl-server-policy-myssl] quit 3) configure certificate access control policy # configure ce...
Page 1492: Table of Contents
Operation manual – pki h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 pki configuration ........................................................................................................ 1-1 1.1 introduction to pki ...........................................
Page 1493
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-1 chapter 1 pki configuration when configuring pki, go to these sections for information you are interested in: z introduction to pki z pki configuration task list z displaying and maintaining pki z pki config...
Page 1494
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-2 ca for an entity, while a ca certificate, also known as root certificate, is signed by the ca for itself. Ii. Crl an existing certificate may need to be revoked when, for example, the user name changes, the ...
Page 1495
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-3 i. Entity an entity is an end user of pki products or services, such as a person, an organization, a device like a switch, or a process running on a computer. Ii. Ca a ca is a trusted entity responsible for ...
Page 1496
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-4 iii. Web security for web security, two peers can establish a secure sockets layer (ssl) connection first for transparent and secure communications at the application layer. With pki, ssl enables communicati...
Page 1497
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-5 1.3 configuring an entity dn a certificate is the binding of a public key and the identity information of an entity, where the identity information is identified by an entity distinguished name (dn). A ca id...
Page 1498
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-6 to do… use the command… remarks configure the ip address for the entity ip ip-address optional no ip address is specified by default. Configure the locality of the entity locality locality-name optional no l...
Page 1499
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-7 management function is provided by the ca, in which case no independent ra is required. You are recommended to deploy an independent ra. Z url of the enrollment server an entity sends a certificate request t...
Page 1502
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-10 note: z if a pki domain has already a local certificate, creating an rsa key pair will result in inconsistency between the key pair and certificate. To generate a new rsa key pair, delete the local certific...
Page 1504
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-12 to do… use the command… remarks set the crl update period crl update-period hours optional by default, the crl update period depends on the next update field in the crl file. Enable crl checking crl check e...
Page 1505
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-13 note: z the crl update period refers to the interval at which the entity downloads crls from the crl server. The crl update period configured manually is prior to that specified in the crls. Z the pki retri...
Page 1506
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-14 1.10 configuring an access control policy by configuring a certificate attribute-based access control policy, you can further control access to the server, providing additional security for the server. Foll...
Page 1508
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-16 ii. Network diagram figure 1-2 diagram for configuring a pki entity to request a certificate from a ca iii. Configuration procedure on the ca server, complete the following configurations: 1) create a ca se...
Page 1509
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-17 [switch] pki domain torsa # configure the name of the trusted ca as myca. [switch-pki-domain-torsa] ca identifier myca # configure the url of the enrollment server in the format of http://host:port/issuing ...
Page 1510
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-18 ca certificates retrieval success. # retrieve crls and save them locally. [switch] pki retrieval-crl domain torsa connecting to server for retrieving crl. Please wait a while..... Crl retrieval success! # a...
Page 1511
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-19 19103439 3d4f9359 88fb59f3 8d4b2f6c 2b exponent: 65537 (0x10001) x509v3 extensions: x509v3 crl distribution points: uri:http://4.4.4.133:447/myca.Crl signature algorithm: sha1withrsaencryption 836213a4 f2f7...
Page 1512
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-20 iii. Configuration procedure note: z for detailed information about ssl configuration, refer to ssl-https configuration. Z for detailed information about https configuration, refer to ssl-https configuratio...
Page 1513
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-21 # create the certificate attribute-based access control policy of myacp and add two access control rules. [switch] pki certificate access-control-policy myacp [switch-pki-cert-acp-myacp] rule 1 deny mygroup...
Page 1514
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-22 1.13.2 failed to request a local certificate i. Symptom failed to request a local certificate. Ii. Analysis possible reasons include these: z the network connection is not proper. For example, the network c...
Page 1515
Operation manual – pki h3c s5500-ei series ethernet switches chapter 1 pki configuration 1-23 iii. Solution z make sure that the network connection is physically proper. Z retrieve a ca certificate. Z specify the ip address of the ladp server. Z specify the url for crl distribution. Z re-configure t...
Page 1516: Table of Contents
Operation manual – track h3c s5500-ei series ethernet switches table of contents i table of contents chapter 1 track configuration..................................................................................................... 1-1 1.1 track overview ................................................
Page 1517
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-1 chapter 1 track configuration when configuring track, go to these sections for information you are interested in: z track overview z track configuration task list z configuring collaboration between the ...
Page 1518
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-2 1.1.1 collaboration between the track module and the detection modules you can establish the collaboration between the track module and the detection modules through configuration. A detection module pro...
Page 1519
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-3 1.3 configuring collaboration between the track module and the detection modules 1.3.1 configuring track-nqa collaboration through the following configuration, you can establish the collaboration between...
Page 1520
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-4 i. Configuration prerequisites before configuring vrrp to monitor a track object, you need to create a vrrp group on an interface and configure the virtual ip address of the vrrp group. Ii. Configuration...
Page 1521
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-5 follow these steps to configure the track-static routing collaboration: to do… use the command… remarks enter system view system-view — configure the track-static routing collaboration, so as to check th...
Page 1522
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-6 1.6 track configuration example 1.6.1 vrrp-track-nqa collaboration configuration example i. Network requirements z host a needs to access host b on the internet. The default gateway of host a is 10.1.1.1...
Page 1523
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-7 [switcha-nqa-admin-test-icmp-echo] frequency 100 # configure reaction entry 1, specifying that five consecutive probe failures trigger the track-nqa collaboration. [switcha-nqa-admin-test-icmp-echo] reac...
Page 1524
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-8 [switchb-vlan-interface2] vrrp vrid 1 timer advertise 5 # configure switch b to work in preemptive mode, and set the preemption delay to five seconds. [switchb-vlan-interface2] vrrp vrid 1 preempt-mode t...
Page 1525
Operation manual – track h3c s5500-ei series ethernet switches chapter 1 track configuration 1-9 when there is a fault on the link between switch a and switch c, you can still successfully ping host b on host a. Use the display vrrp command to view information about vrrp group 1. # display detailed ...
Page 1526: Table of Contents
Operation manual – appendix h3c s5500-ei series ethernet switches table of contents i table of contents appendix a acronyms ..................................................................................................................A-1.
Page 1527: Appendix A Acronyms
Operation manual – appendix h3c s5500-ei series ethernet switches appendix a acronyms a-1 appendix a acronyms a aaa authentication, authorization and accounting abr area border router acl access control list arp address resolution protocol as autonomous system asbr autonomous system border router b ...
Page 1528
Operation manual – appendix h3c s5500-ei series ethernet switches appendix a acronyms a-2 icmp internet control message protocol igmp internet group management protocol igp interior gateway protocol ip internet protocol l lsa link state advertisement lsdb link state database m mac medium access cont...
Page 1529
Operation manual – appendix h3c s5500-ei series ethernet switches appendix a acronyms a-3 t tcp/ip transmission control protocol/ internet protocol tftp trivial file transfer protocol tos type of service ttl time to live u udp user datagram protocol v vlan virtual lan vod video on demand vrrp virtua...