H3C S7500E Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20071025-C-1.
Copyright © 2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.
About This Manual Related Documentation In addition to this manual, each H3C S7500E Series Ethernet Switches documentation set includes the following: Manual Description H3C S7500E Series Ethernet Switches Command Manual It is used for assisting the users in using various commands. (See the electronic documentation for details) H3C S7500E Series Ethernet Switches Installation Manual It provides information for the system installation.
Part Contents 10 IP Routing Overview Introduces the basic routing information and the classification of routing protocols. 11 IPv4 Routing Introduces IPv4 routing related configurations, such as static routing, RIP, OSPF, IS-IS, BGP, and route policy. 12 IPv6 Routing Introduces IPv6 routing related configurations, such as static routing, RIPng, OSPFv3, IS-ISv6, and BGP4+. 13 IPv6 Configuration Introduces IPv6 basic configuration and application, IPv6 tunneling, and so on.
Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. [] Items (keywords or arguments) in square brackets [ ] are optional. { x | y | ... } Alternative items are grouped in braces and separated by vertical bars. One is selected. [ x | y | ... ] Optional alternative items are grouped in square brackets and separated by vertical bars.
III. Symbols Convention Description Warning Means reader be extremely careful. Improper operation may cause bodily injury. Caution Means reader be careful. Improper operation may cause data loss or damage to equipment. Note Means a complementary description.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Obtaining the Documentation .................................................................................... 1-1 1.1 CD-ROM ............................................................................................................................ 1-1 1.2 H3C Website......................................................................................................................
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 1 Obtaining the Documentation Chapter 1 Obtaining the Documentation H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerning newly added new features. The documentations are available in one of the following ways: z CD-ROMs shipped with the devices z H3C website z Software release notes 1.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 2 Documentation and Product Version Chapter 2 Documentation and Product Version 2.1 Documentation and Software Version H3C S7500E Series Ethernet Switches Operation Manual and H3C S7500E Series Ethernet Switches Command Manual apply to S7500E series Ethernet switches with their software version being Release 6000. 2.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Chapter 3 Product Overview 3.1 Preface H3C S7500E Series Ethernet Switches (hereinafter referred to as the S7500E series) are cost-effective Layer 3 switch with high capacity. It is designed to operate at the core layer of small and medium-sized networks, convergence layer of large enterprise networks, and convergence layer and access layer of the metropolitan area networks (MANs).
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches SRPU Chassis Chapter 3 Product Overview LSQ1MP UA0 LSQ1SRP2XB0 (Salience VI-10GE) LSQ1SRPB0 LSQ1SRP1CB0 (Salience VI-Turbo) (Salience VI) S7510E No Yes Yes Yes S7506E-V No Yes Yes Yes Note: H3C S7500E series Ethernet switch is dual-SRPU system. The SRPUs in a chassis must be of the same type. 3.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module 06-Link Aggregation Software feature z z z 07-MAC Address Table Management z z z 08-IP Source Guard z z z z 10-IP Routing Overview z z z z z z z 12-IPv6 Routing z z z z z z 13-IPv6 Configuration z z z z z z 14-Multicast z z z 15-802.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module Software feature z 16-AAA RADIUS HWTACACS 17-Portal z z Portal authentication z 18-ARP z z z z z 19-DHCP z z z z z 20-ACL z z z z z z 21-QoS z z z z z 22-Port Mirroring z z 25-DNS IPv4 basic ACLs IPv4 advanced ACLs Layer 2 ACLs IPv6 basic ACLs IPv6 advanced ACLs Traffic classification Traffic policing QoS policy applied to a VLAN, the system, and a port/port group.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module 28-System Maintenance and Debugging Software feature z z z z z 29-HA z z Configuring command levels Configuring online help for command lines Configuring system time Displaying and configuring system device state IPv4-based Virtual Router Redundancy Protocol (VRRP) IPv6-based VRRP Primary-secondary SRPU switchover Secure shell (SSH) v1.5/v2.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 4 Networking Applications Chapter 4 Networking Applications S7500E series switches can: z Be used as core layer devices of small-sized network. z Be used for high-speed links for data centers. z Be used as distribution layer devices of MAN Ethernet. The following are typical networking examples. 4.
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 4 Networking Applications 4.
Operation Manual – Login H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ............................................................................... 1-1 1.1 Logging into an Ethernet Switch ........................................................................................ 1-1 1.2 Introduction to User Interface ............................................................................................ 1-1 1.2.
Operation Manual – Login H3C S7500E Series Ethernet Switches Table of Contents Chapter 4 Logging In Using Modem............................................................................................ 4-1 4.1 Introduction ........................................................................................................................ 4-1 4.2 Configuration on the Administrator Side............................................................................ 4-1 4.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Chapter 1 Logging into an Ethernet Switch When logging into an Ethernet switch, go to these sections for information you are interested in: z Logging into an Ethernet Switch z Introduction to User Interface 1.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch 1.2.2 User Interface Number Two kinds of user interface index exist: absolute user interface index and relative user interface index.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 1 Logging into an Ethernet Switch Use the command… Remarks Optional Set the history command buffer size history-command max-size value The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default. Optional The default timeout time of a user interface is 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch To do… Use the command… Remarks Display the physical attributes and configuration of the current/a specified user interface display user-interface [ type number | number ] [ summary ] You can execute this command in any view.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Chapter 2 Logging in Through the Console Port When logging in through the Console port, go to these sections for information you are interested in: z Introduction z Setting Up the Connection to the Console Port z Console Port Login Configuration z Console Port Login Configuration with Authentication Mode Being None z Console Port Login Configuration with Authentication Mode Being Password z
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port After logging into a switch, you can perform configuration for AUX users. Refer to Console Port Login Configuration for more. 2.2 Setting Up the Connection to the Console Port z Connect the serial port of your PC/terminal to the Console port of the switch, as shown in Figure 2-1.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Figure 2-3 Specify the port used to establish the connection Figure 2-4 Set port parameters terminal window z Turn on the switch. The user will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as ) appears after the user presses the Enter key.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.3 Console Port Login Configuration 2.3.1 Common Configuration Table 2-2 lists the common configuration of Console port login. Table 2-2 Common configuration of Console port login Configuration Description Optional Baud rate The default baud rate is 9,600 bps. Optional By default, the check mode of the Console port is set to “none”, which means no check bit.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Configuration Description Define a shortcut key for aborting tasks Define a shortcut key for starting terminal sessions Terminal configuration Make terminal services available Set the maximum number of lines the screen can contain Set history command buffer size Set the timeout time of a user interface Optional The default shortcut key combination for aborting tasks is < Ctrl + C >.
Operation Manual – Login H3C S7500E Series Ethernet Switches Authentication mode Chapter 2 Logging in Through the Console Port Console port login configuration Configure the password Configure the password for local authentication Perform common configuration Perform common configuration for Console port login Specify to perform local authenticatio n or RADIUS authenticatio n AAA configuration specifies whether to perform local authentication or RADIUS authentication Password Description Required
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional Make terminal services available By default, terminal services are available in all user interfaces. shell Optional Set the maximum number of lines the screen can contain By default, the screen can contain up to 24 lines. screen-length screen-length You can use the screen-length 0 command to disable the function to display information in pages.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.4.2 Configuration Example I. Network requirements Assume the switch is configured to allow you to login through Telnet, and your user level is set to the administrator level (level 3). After you telnet to the switch, you need to limit the console user at the following aspects. z The user is not authenticated when logging in through the Console port.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port # Set the maximum number of lines the screen can contain to 30. [H3C-ui-aux0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20. [H3C-ui-aux0] history-command max-size 20 # Set the timeout time of the AUX user interface to 6 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 2 Logging in Through the Console Port Use the command… Remarks Optional Configur e the Console port Set the baud rate speed speed-value Set the check mode parity { even | mark | none | odd | space } Set the stop bits Set the data bits The default baud rate of an AUX port (also the Console port) is 9,600 bps. Optional By default, the check mode of a Console port is set to none, that is, no check bit.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. Set the timeout time for the user interface idle-timeout minutes [ seconds ] With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port z The history command buffer can store up to 20 commands. z The timeout time of the AUX user interface is 6 minutes. II. Network diagram Ethernet2/0/1 Ethernet User PC running Telnet Figure 2-6 Network diagram for AUX user interface configuration (with the authentication mode being password) III. Configuration procedure # Enter system view. system-view # Enter AUX user interface view.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port [H3C-ui-aux0] idle-timeout 6 After the above configuration, to ensure a successful login, the console user needs to change the corresponding configuration of the terminal emulation program running on the PC, to make the configuration consistent with that on the switch. Refer to Setting Up the Connection to the Console Port for more. 2.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Enter AUX interface view Chapter 2 Logging in Through the Console Port Use the command… user user-interface aux 0 Remarks — Required Configure to authenticate users locally or remotely Configure the Console port authentication-mode scheme [ commandauthorization ] Users are authenticated locally by default.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 2 Logging in Through the Console Port Use the command… Remarks Optional Set history command buffer size history-command max-size value The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default. Optional The default timeout time of a user interface is 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Table 2-6 Determine the command level Scenario Authentication mode authenticationmode scheme [ commandauthorization ] User type Users logging into the Console port and pass AAA-RADI US or local authenticati on Command Command level The user privilege level level command is not executed, and the service-type terminal [ level level ] command does not specify the available command level.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port z The history command buffer can store up to 20 commands. z The timeout time of the AUX user interface is 6 minutes. II. Network diagram Ethernet2/0/1 Ethernet User PC running Telnet Figure 2-7 Network diagram for AUX user interface configuration (with the authentication mode being scheme) III. Configuration procedure # Enter system view.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port [H3C-ui-aux0] history-command max-size 20 # Set the timeout time of the AUX user interface to 6 minutes. [H3C-ui-aux0] idle-timeout 6 After the above configuration, to ensure a successful login, the console user needs to change the corresponding configuration of the terminal emulation program running on the PC, to make the configuration consistent with that on the switch.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Chapter 3 Logging in Through Telnet When logging in through Telnet, go to these sections for information you are interested in: z Introduction z Telnet Configuration with Authentication Mode Being None z Telnet Configuration with Authentication Mode Being Password z Telnet Configuration with Authentication Mode Being Scheme z Telnet Connection Establishment 3.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Note: z After you log into the switch through Telnet, you can issue commands to the switch by way of pasting session text, which cannot exceed 2000 bytes, and the pasted commands must be in the same view; otherwise, the switch may not execute the commands correctly.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Configuration Remarks Define a shortcut key for aborting tasks Make terminal available VTY terminal configuration services Set the maximum number of lines the screen can contain Set history buffer size command Set the timeout time of a user interface Optional The default shortcut key combination for aborting tasks is < Ctrl + C >.
Operation Manual – Login H3C S7500E Series Ethernet Switches Authentication mode Chapter 3 Logging in Through Telnet Telnet configuration Configure the password Configure the password for local authentication Perform common configuration Perform common Telnet configuration Specify to perform local authentication or RADIUS authentication AAA configuration specifies whether to perform local authentication or RADIUS authentication Password Remarks Required Optional Refer to Table 3-2.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 3 Logging in Through Telnet Use the command… Enter system view system-view Enter one or more VTY user interface views user-interface first-number [ last-number ] Configure not to authenticate users logging into VTY user interfaces Configure the command level available to users logging into VTY user interface Configure the protocols to be supported by the VTY user interface Remarks — vty — Required authentication-mode none
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. Set the timeout time of the VTY user interface idle-timeout [ seconds ] minutes With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet II. Network diagram Figure 3-1 Network diagram for Telnet configuration (with the authentication mode being none) III. Configuration procedure # Enter system view, and enable the Telnet service. system-view [H3C] telnet server enable # Enter VTY 0 user interface view. [H3C] user-interface vty 0 # Configure not to authenticate Telnet users logging into VTY 0.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 3 Logging in Through Telnet Use the command… Remarks Enter system view system-view Enter one or more VTY user interface views user-interface first-number [ last-number ] Configure to authenticate users logging into VTY user interfaces using the local password authentication-mode password Required Set the local password set authentication password { cipher | simple } password Required — vty Optional Configure the com
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Optional Set the history command buffer size history-command max-size value The default history command buffer size is 10. That is, a history command buffer can store up to 10 commands by default. Optional The default timeout time of a user interface is 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet 3.3.2 Configuration Example I. Network requirements Assume that you are a level 3 AUX user and want to perform the following configuration for Telnet users logging into VTY 0: z Authenticate users logging into VTY 0 using the local password. z Set the local password to 123456 (in plain text). z Commands of level 2 are available to users logging into VTY 0. z Telnet protocol is supported.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet [H3C-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [H3C-ui-vty0] idle-timeout 6 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Enter one or more VTY user interface views Chapter 3 Logging in Through Telnet Use the command… user-interface first-number [ last-number ] Remarks vty — Required Configure to authenticate users locally or remotely authentication-mode scheme The specified AAA scheme determines whether to authenticate users locally or remotely. Users are authenticated locally by default.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 3 Logging in Through Telnet Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. Set the timeout time for the user interface idle-timeout [ seconds ] minutes With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Table 3-6 Determine the command level when users logging into switches are authenticated in the scheme mode Scenario Authenticat ion mode User type VTY users that are AAA-RAD IUS authentic ated or locally authentic ated Scheme (authentica tion-mode scheme [ commandauthorizati on ]) Command The user privilege level level command is not executed, and the service-type command does not specify the available co
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Scenario Authenticat ion mode User type Command level Command The user privilege level level command is executed, and the service-type command does not specify the available command level. Level 0 The user privilege level level command is executed, and the service-type command specifies the available command level.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet III. Configuration procedure # Enter system view, and enable the Telnet service. system-view [H3C] telnet server enable # Create a local user named guest and enter local user view. [H3C] local-user guest # Set the authentication password of the local user to 123456 (in plain text).
Operation Manual – Login H3C S7500E Series Ethernet Switches z Chapter 3 Logging in Through Telnet Execute the following commands in the terminal window to enable the Telnet server function and assign an IP address to the management VLAN interface of the switch. # Enable the Telnet server function and configure the IP address of the management VLAN interface as 202.38.160.92, and .the subnet mask as 255.255.255.0.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Figure 3-5 Launch Telnet Step 5: Enter the password when the Telnet window displays “Login authentication” and prompts for login password. The CLI prompt (such as ) appears if the password is correct. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Figure 3-6 Network diagram for Telnetting to another switch from the current switch Step 1: Configure the user name and password for Telnet on the switch operating as the Telnet server. Refer to section Telnet Configuration with Authentication Mode Being None”, section Telnet Configuration with Authentication Mode Being Password, and Telnet Configuration with Authentication Mode Being Scheme for more.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem Chapter 4 Logging In Using Modem When logging in using modem, go to these sections for information you are interested in: z Introduction z Configuration on the Administrator Side z Configuration on the Switch Side z Modem Connection Establishment z Modem Attribute Configuration 4.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem 4.3 Configuration on the Switch Side 4.3.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem I. Configuration on switch when the authentication mode is none Refer to Console Port Login Configuration with Authentication Mode Being None. II. Configuration on switch when the authentication mode is password Refer to Console Port Login Configuration with Authentication Mode Being Password. III.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem Modem serial cable Telephone line Modem PSTN Modem Telephone number of the romote end: 82882285 Console port Figure 4-1 Establish the connection by using modems Step 4: Launch a terminal emulation utility on the PC and set the telephone number to call the modem directly connected to the switch, as shown in Figure 4-2 and Figure 4-3.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem Figure 4-3 Call the modem Step 5: Provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem To do … Use the command … Remarks Enter system view system-view — Enter AUX user interface view user-interface aux 0 — Enable the modem to accept incoming calls, initiate outgoing calls, or both modem [ both | call-in | call-out ] Required Configure the modem to operate in the auto-answer mode modem auto-answer Set the maximum amount of time that the modem waits for the carrier signal after the off-
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 5 Logging in Through NMS Chapter 5 Logging in Through NMS When logging in through NMS, go to these sections for information you are interested in: z Introduction z Connection Establishment Using NMS 5.1 Introduction You can also log into a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 5 Logging in Through NMS 5.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 6 Specifying Source for Telnet Packets Chapter 6 Specifying Source for Telnet Packets When specifying source IP address/interface for Telnet packets, go to these sections for information you are interested in: z Introduction z Specifying Source IP address/Interface for Telnet Packets z Displaying the source IP address/Interface Specified for Telnet Packets 6.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 6 Specifying Source for Telnet Packets II.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users Chapter 7 Controlling Login Users When controlling login users, go to these sections for information you are interested in: z Introduction z Controlling Telnet Users z Controlling Network Management Users by Source IP Addresses 7.1 Introduction Multiple ways are available for controlling different types of login users, as listed in Table 7-1.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 7 Controlling Login Users Use the command… Remarks Enter system view system-view — Create a basic ACL or enter basic ACL view acl [ ipv6 ] number acl-number [ match-order { config | auto } ] As for the acl number command, the config keyword is specified by default.
Operation Manual – Login H3C S7500E Series Ethernet Switches To do… Chapter 7 Controlling Login Users Use the command… Remarks Required Apply the ACL to control Telnet users by specified source and destination IP addresses acl [ ipv6 ] acl-number { inbound | outbound } The inbound keyword specifies to filter the users trying to Telnet to the current switch. The outbound keyword specifies to filter users trying to Telnet to other switches from the current switch. 7.2.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users II. Network diagram 10.110.100.46 Host A IP network Switch Host B 10.110.100.52 Figure 7-1 Network diagram for controlling Telnet users using ACLs III. Configuration procedure # Define a basic ACL. system-view [H3C] acl number 2000 match-order config [H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [H3C-acl-basic-2000] rule 2 permit source 10.110.100.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users 7.3.2 Controlling Network Management Users by Source IP Addresses Follow these steps to control network management users by source IP addresses: To do… Enter system view Use the command… Remarks system-view — Create a basic ACL or enter basic ACL view acl number acl-number [ match-order { config | auto } ] As for the acl number command, the config keyword is specified by default.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users community command) take effect in the network management systems that adopt SNMPv1 or SNMPv2c.
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users [H3C] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000 7-7
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 Introduction to VLAN.......................................................................................................... 1-1 1.1.1 VLAN Overview ....................................................................................................... 1-1 1.1.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Table of Contents Chapter 4 GVRP Configuration .................................................................................................... 4-1 4.1 Introduction to GVRP......................................................................................................... 4-1 4.1.1 GARP ...................................................................................................................... 4-1 4.1.2 GVRP ...................
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: z Introduction to VLAN z Configuring Basic VLAN Attributes z Configuring Basic VLAN Interface Attributes z Configuring Port-Based VLAN z Configuring Protocol-Based VLAN z Configuring IP-Subnet-Based VLAN z Displaying and Maintaining VLAN z VLAN Configuration Example 1.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple switches or routers. VLAN technology has the following advantages: 1) Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and improving network performance.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches z Chapter 1 VLAN Configuration The TPID field, 16 bits in length and with a value of 0x8100, indicates that a packet carries a VLAN tag with it. z The Priority field, three bits in length, indicates the 802.1p priority of a packet. For information about packet priority, refer to QoS Configuration.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Chapter 1 VLAN Configuration Use the command… Enter system view system-view Create VLANs vlan { vlan-id1 [ to vlan-id2 ] | all } Remarks — Optional Using this command can create multiple VLANs. Required Enter VLAN view vlan vlan-id The VLAN must be created first before entering its view; otherwise, using the command creates a VLAN and enters its view By default, only one default VLAN (that is, VLAN 1 ) exists in the system.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Follow these steps to configure basic VLAN interface attributes: To do… Enter system view Use the command… system-view Remarks — Required Create a VLAN interface or enter VLAN interface view interface Vlan-interface vlan-interface-id Configure an IP address for the VLAN interface ip address ip-address { mask | mask-length } [ sub ] Specify the descriptive character string for the VLAN interface description tex
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration 1.4 Configuring Port-Based VLAN 1.4.1 Introduction to Port-Based VLAN This is the simplest and yet the most effective way of classifying VLANs. It groups VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN. I.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Inbound packets handling Port type Untagged packets Tagged packets z Access Outbound packets handling Tag each packet with the default VLAN tag. z Receive the packets with the default VLAN tag. Drop the packet if the VLAN ID is not the default VLAN ID. Remove the default VLAN tag and send the packets.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Add access ports to the current VLAN Chapter 1 VLAN Configuration Use the command… Remarks Required port interface-list By default, all the ports belong to VLAN 1 Follow these steps to configure an Access-port-based VLAN in Ethernet port view/port group view: To do… Enter system view Enter Ethernet port view or port group view Use the command… system-view Enter Ethernet port view interface interface-type interface-number Enter po
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Enter system view Enter Ethernet port view or port group view Chapter 1 VLAN Configuration Use the command… system-view Enter Ethernet port view interface interface-type interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Remarks — Use either command Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configuration
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Enter system view Enter Ethernet port view or port group view Chapter 1 VLAN Configuration Use the command… system-view Enter Ethernet port view interface interface-type interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Remarks — Use either command; Under Ethernet port view, the subsequent configurations only apply to the current port; under port group view, the subsequent configuratio
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration In this approach, inbound packets are assigned with different VLAN IDs based on their protocol type and encapsulation format. The protocols that can be used to categorize VLANs include: IP, IPX, and AppleTalk (AT). The encapsulation formats include: Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Chapter 1 VLAN Configuration Use the command… Remarks Enter Ethernet port view interface interface-type interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Configure the port link type as Hybrid port link-type hybrid Required Allow the packets of a protocol-based VLAN to pass through the current Hybrid port in untagged way port hybrid vlan vlan-id-list untagged Required Configure t
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration 1.6 Configuring IP-Subnet-Based VLAN 1.6.1 Introduction In this approach, VLANs are categorized based on the source IP addresses and the subnet masks of packets. After receiving an untagged packet from a port, the device finds its association with the current VLAN based on the source address contained in the packet, and then forwards the packet in the corresponding VLAN.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do… Configure the association between the Hybrid port and the IP-subnet-based VLAN Chapter 1 VLAN Configuration Use the command… port hybrid ip-subnet-vlan vlan vlan-id Remarks Required 1.7 Displaying and Maintaining VLAN To do...
Operation Manual – VLAN H3C S7500E Series Ethernet Switches z Chapter 1 VLAN Configuration This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through. II. Network diagram Figure 1-4 Network diagram for port-based VLAN configuration III. Configuration procedure 1) Configure Device A # Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 100 [DeviceA-vlan100] vlan 6 to 50 Please wait... Done.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 0000-fc00-6504 Description: Ethernet2/0/1 Interface Loopback is not set Media type is twisted pair Port hardware type is 100_BASE_T Unknown-speed mode, unknown-duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow-control is not enabled The Maximum Frame Length is 1536 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicas
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Chapter 2 Isolate-User-VLAN Configuration When configuring Isolate-user VLAN, go to these sections for information you are interested in: z Introduction to Isolate-User-VLAN z Configuring Isolate-User-VLAN z Displaying and Maintaining Isolate-User-VLAN z Isolate-User-VLAN Configuration Example 2.1 Introduction to Isolate-User-VLAN The isolate-user-VLAN adopts a two-tier VLAN structure.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration 2.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Note: After a mapping is configured, the system disallows adding ports to and removing ports or VLANs from the mapped isolate-user-VLAN and secondary VLAN. 2.3 Displaying and Maintaining Isolate-User-VLAN To do... Display the mapping between an isolate-user-vlan and its secondary VLAN(s) Use the command... display isolate-user-vlan [ isolate-user-vlan-id ] Remarks Available in any view 2.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration III. Configuration procedure The following are the configuration procedures for Device B and Device C. 1) Configure Device B # Configure the isolate-user-VLAN. system-view [DeviceB] vlan 5 [DeviceB-vlan5] isolate-user-vlan enable [DeviceB-vlan5] port ethernet 2/0/5 [DeviceB-vlan5] quit # Configure the secondary VLANs.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Isolate-user-VLAN VLAN ID : 5 Secondary VLAN ID : 2-3 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured Description: VLAN 0005 Broadcast MAX-ratio: 100% Tagged Ports: none Untagged Ports: Ethernet2/0/1 Ethernet2/0/2 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Broadcast MAX-
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Chapter 3 Voice VLAN Configuration When configuring Voice VLAN, go to these sections for information you are interested in: z Introduction to Voice VLAN z Configuring Voice VLAN z Displaying and Maintaining Voice VLAN z Voice VLAN Configuration 3.1 Introduction to Voice VLAN Voice VLANs are configured specially for voice traffic.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: z As the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE (Institute of Electrical and Electronics Engineers). z The default OUI address can be configured/removed manually. 3.1.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Table 3-2 Voice VLAN operating mode and the corresponding voice traffic types Voice VLAN operating mode Voice traffic type Port link type Access: the traffic type is not supported Automatic mode Tagged voice traffic Untagged voice traffic Trunk: supported provided that the default VLAN of the access port exists and is not a voice VLAN and that the access port belongs to the voice VLAN Hybrid: supported pro
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: z The default VLANs for all ports are VLAN 1. Using commands, users can either configure the default VLAN of a port, or configure to allow a certain VLAN to pass through the port. For more information, refer to section Configuring Port-Based VLAN. z Use the display interface command to display the default VLAN and the VLANs that are allowed to go through a certain port. 3.1.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do... Enable the security mode of the voice VLAN Chapter 3 Voice VLAN Configuration Use the command... voice vlan security enable Remarks Optional Enabled by default Optional By default, each voice VLAN has default OUI addresses configured. Refer to Table 3-1 for the default OUI addresses of different vendors.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches To do... Chapter 3 Voice VLAN Configuration Use the command... Remarks Enter system view system-view — Enable the security mode of a voice VLAN voice vlan security enable Optional Enabled by default Optional By default, each voice VLAN has default OUI addresses configured. Refer to Table 3-1 for the default OUI addresses of different vendors.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: z Only one VLAN of a device can have the voice VLAN function enabled at a time, and the VLAN must be an exsiting static VLAN. z A port that has the Link Aggregation Control Protocol (LACP for short) enabled cannot have the voice VLAN feature enabled at the same time.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration II. Network diagram Figure 3-1 Voice VLAN under automatic mode III. Configuration procedure # Create VLAN 2 and VLAN 6. system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 6 [DeviceA-vlan6] quit # Configure the voice VLAN aging time. [DeviceA] voice vlan aging 100 # Configure the OUI address 0011-2200-0000 as the legal address of the voice VLAN.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration [DeviceA-Ethernet2/0/1] voice vlan enable [DeviceA-Ethernet2/0/1] return IV. Verification # Display information about the OUI addresses, OUI address masks, and descriptive strings.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration II. Network diagram Figure 3-2 Voice VLAN under manual mode III. Configuration procedure # Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port. (Optional, enabled by default) system-view [DeviceA] voice vlan security enable # Configure the OUI address 0011-2200-0000 as the legal voice VLAN address.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration IV. Verification # Display information about the OUI addresses, OUI address masks, and descriptive strings.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration Chapter 4 GVRP Configuration GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration Join messages, Leave messages, and LeaveAll message make sure the reregistration and deregistration of GARP attributes are performed in an orderly way. Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a LAN.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration attributes of other participants. When a port receives an attribute declaration, it registers the attribute; when a port receives an attribute withdrawal, it deregisters the attribute. GARP participants send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered. III.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Field Chapter 4 GVRP Configuration Description Value 0: LeaveAll event 1: JoinEmpty event Attribute Event Event described by the attribute 2: JoinIn event 3: LeaveEmpty event 4: LeaveIn event 5: Empty event VLAN ID for GVRP Attribute Value Attribute value If the Attribute Event is LeaveAll, Attribute Value is omitted. End Mark Indicates the end of a GARP PDU 0x00 4.1.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.2 Configuring GVRP Note: GVRP can only be configured on trunk ports. Complete the following tasks to configure GVRP: Task Remarks Enabling GVRP Required Configuring GARP Timers Optional 4.2.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.2.2 Configuring GARP Timers Follow these steps to configure GARP timers: To do… Use the command… Enter system view system-view Configure the GARP LeaveAll timer garp timer leaveall timer-value Enter Ethernet port view or port-group view Remarks –– Optional The default is 1000 centiseconds. Required Enter Ethernet port view interface interface-type interface-number Perform either of the operations.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration # Enable GVRP globally. system-view [DeviceA] gvrp # Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass. [DeviceA] interface ethernet 2/0/1 [DeviceA-Ethernet2/0/1] port link-type trunk [DeviceA-Ethernet2/0/1] port trunk permit vlan all # Enable GVRP on the port. [DeviceA-Ethernet2/0/1] gvrp [DeviceA-Ethernet2/0/1] quit # Create VLAN 2 (a static VLAN).
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.4.2 GVRP Configuration Example II I. Network requirements Configure GVRP for dynamic VLAN information registration and update among devices. Specify fixed GVRP registration on Device A and normal GVRP registration on Device B. II. Network diagram Figure 4-3 Network diagram for GVRP configuration III. Configuration procedure 1) Configure Device A # Enable GVRP globally.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration [DeviceB-Ethernet2/0/1] gvrp [DeviceB-Ethernet2/0/1] quit # Create VLAN 3 (a static VLAN). [Sysname] vlan 3 3) Verify the configuration # Display dynamic VLAN information on Device A. [DeviceA] display vlan dynamic No dynamic vlans exist! # Display dynamic VLAN information on Device B. [DeviceB] display vlan dynamic Now, the following dynamic VLAN exist(s): 2 4.4.3 GVRP Configuration Example III I.
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration [DeviceA-Ethernet2/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 2) Configure Device B # Enable GVRP globally. system-view [DeviceB] gvrp # Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass. [DeviceB] interface ethernet 2/0/1 [DeviceB-Ethernet2/0/1] port link-type trunk [DeviceB-Ethernet2/0/1] port trunk permit vlan all # Enable GVRP on the port.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Addressing Configuration ...................................................................................... 1-1 1.1 IP Addressing Overview .................................................................................................... 1-1 1.1.1 IP Address Classes................................................................................................. 1-1 1.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Chapter 1 IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: z IP Addressing Overview z Configuring IP Addresses z Displaying and Maintaining IP Addressing 1.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Table 1-1 describes the address ranges of these five classes. Currently, the first three classes of IP addresses are used in quantity. Table 1-1 IP address classes and ranges Class Address range Description The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. A 0.0.0.0 to 127.255.255.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration net-id and subnet-id whereas the part containing consecutive zeros identifies the host-id. Figure 1-2 shows how a Class B network is subnetted. Figure 1-2 Subnet a Class B network While allowing you to create multiple logical networks within a single Class A, B, or C network, subnetting is transparent to the rest of the Internet. All these networks still appear as one.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Note: This chapter only covers how to assign an IP address manually. For the other approach, refer to DHCP Configuration. This section includes: z Assigning an IP Address to an Interface z IP Addressing Configuration Example 1.2.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.2.2 IP Addressing Configuration Example I. Network requirements As shown in Figure 1-3, the interface VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches PING 172.16.1.2: 56 Chapter 1 IP Addressing Configuration data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration When configuring IP performance, go to these sections for information you are interested in: z IP Performance Overview z Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network z Configuring TCP Attributes z Configuring ICMP to Send Error Packets z Displaying and Maintaining IP Performance 2.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches To do… Enter system view Enable the device to receive directed broadcasts Chapter 2 IP Performance Configuration Use the command… system-view Remarks — Required ip forward-broadcast By default, the device is disabled from receiving directed broadcasts. 2.2.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration II. Network diagram Figure 2-1 Network diagram for receiving and forwarding directed broadcasts (on a switch) III. Configuration procedure z Configure Switch A # Enable Switch A to receive directed broadcasts. system-view [SwitchA] ip forward-broadcast # Configure IP addresses for VLAN-interface 3 and VLAN-interface 2.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration 2.3 Configuring TCP Attributes 2.3.1 Configuring TCP Optional Parameters TCP optional parameters that can be configured include: z synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packets are received within the synwait timer timeout, the TCP connection is not successfully created.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration I. Advantage of sending ICMP error packets There are three kinds of ICMP error packets: redirect packets, timeout packets and destination unreachable packets. Their sending conditions and functions are as follows. 1) Sending ICMP redirect packets A host may have only a default route to the default gateway in its routing table after startup.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches z Chapter 2 IP Performance Configuration If the source uses “strict source routing" to send packets, but the intermediate device finds the next hop specified by the source is not directly connected, the device will send the source a “source routing failure” ICMP error packet.
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration 2.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QinQ Configuration ..................................................................................................... 1-1 1.1 Introduction to QinQ........................................................................................................... 1-1 1.1.1 Understanding QinQ ............................................................................................... 1-1 1.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Chapter 1 QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: z Introduction to QinQ z Configuring Basic QinQ z Configuring Selective QinQ z Configuring the TPID of a VLAN Tag z QinQ Configuration Example 1.1 Introduction to QinQ 1.1.1 Understanding QinQ In the VLAN tag field defined in IEEE 802.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Advantages of QinQ: z Addresses the shortage of public VLAN ID resource z Enables customers to plan their own VLAN IDs, with running into conflicts with public network VLAN IDs. z Provides an easy-to-do Layer 2 VPN solution for small-sized MANs or intranets. Note: The QinQ feature requires configurations only on the service provider network, and not on the customer network. 1.1.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Figure 1-2 VLAN Tag structure of an Ethernet frame An S7500E switch determines whether a received frame is VLAN tagged by comparing its own TPID with the TPID field in the received frame. If they match, the frame is considered as a VLAN tagged frame. If not, the switch tags the frame with the default VLAN tag of the receiving port.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Protocol type Value IS-IS 0x8000 LACP 0x8809 802.1x 0x888E Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF 1.2 Configuring Basic QinQ Follow these steps to configure basic QinQ: To do... Enter system view Enter Ethernet port view or port group view Use the command...
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches To do... Enter system view Chapter 1 QinQ Configuration Use the command... system-view Remarks — Required By default, the relationship between the match criteria in a class is logical AND.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Caution: z Before enabling selective QinQ on a port, enable basic QinQ on the port first. Selective QinQ enjoys higher priority than basic QinQ. Therefore, a received frame will be tagged with an outer VLAN ID based on basic QinQ only after it fails to match the match criteria defined in the traffic class. z Selective QinQ is achieved through QoS policies.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches z Chapter 1 QinQ Configuration Third-party devices are deployed between Provider A and Provider B, with a TPID value of 0x8200. The expected result of the configuration is as follows: z VLAN 10 of Customer A and Customer B can intercommunicate across VLAN 1000 on the public network. z VLAN 20 of Customer A and Customer C can intercommunicate across VLAN 2000 on the public network.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface ethernet 2/0/1 [ProviderA-Ethernet2/0/1] port link-type hybrid [ProviderA-Ethernet2/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of Ethernet 2/0/1, and enable basic QinQ on Ethernet 2/0/1.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration # Configure VLAN 1000 as the default VLAN. [ProviderA] interface ethernet 2/0/2 [ProviderA-Ethernet2/0/2] port access vlan 1000 # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-Ethernet2/0/2] qinq enable [ProviderA-Ethernet2/0/2] quit z Configuration on Ethernet 2/0/3.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration [ProviderB] interface ethernet 2/0/3 [ProviderB-Ethernet2/0/3] port access vlan 3000 # Enable basic QinQ to tag frames of all customer VLANs with the outer VLAN tag 3000.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration Chapter 2 BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: z Introduction to BPDU Tunneling z Configuring BPDU Isolation z Configuring BPDU Transparent Transmission z Configuring Destination Multicast MAC Address for BPDU Tunnel Frames z BPDU Tunneling Configuration Example 2.1 Introduction to BPDU Tunneling 2.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration II. BPDU transparent transmission As shown in Figure 2-1, the upper part is the service provider network, and the lower part represents the customer networks. The customer networks include network A and network B.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration 2.2 Configuring BPDU Isolation Perform the following tasks to configure BPDU isolation: To do... Use the command...
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches To do... Enter Ethernet port view or port group view Enter Ethernet port view Enter port group view Chapter 2 BPDU Tunneling Configuration Use the command...
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration 2.5 BPDU Tunneling Configuration Example I. Network requirements z Customer A, Customer B, Customer C, and Customer D are customer network access devices. z Provider A, Provider B, and Provider C are service provider network access devices, which are interconnected through configured trunk ports.
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches 2) Chapter 2 BPDU Tunneling Configuration Configuration on Provider B # Configure BPDU isolation on Ethernet 2/0/2. system-view [ProviderB] interface ethernet 2/0/2 [ProviderB-Ethernet2/0/2] port access vlan 4 [ProviderB-Ethernet2/0/2] bpdu-tunnel dot1q enable 3) Configuration on Provider C # Configure BPDU transparent transmission on Ethernet 2/0/3.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Correlation Configuration................................................................................... 1-1 1.1 Ethernet Port Configuration ............................................................................................... 1-1 1.1.1 Performing Basic Ethernet Port Configuration ........................................................ 1-1 1.1.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Chapter 1 Port Correlation Configuration When configuring Ethernet ports, go to these sections for information you are interested in: z Ethernet Port Configuration z Maintaining and Displaying an Ethernet Port 1.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Similarly, if you configure the transmission rate for an Ethernet port by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. Follow these steps to perform basic Ethernet port configuration: To do... Use the command...
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do... Enable flow control Chapter 1 Port Correlation Configuration Use the command... flow-control Remarks Required Turned off by default 1.1.3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Port An Ethernet port operates in one of the two physical link states: up or down. During the suppression time, physical-link-state changes will not be propagated to the system.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do... Chapter 1 Port Correlation Configuration Use the command... Remarks Enter system view system-view — Enter Ethernet port view interface interface-type interface-number — Enable loopback test loopback { external | internal } Optional Disabled by default.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Enter system view Enter port group view Use the command... Remarks system-view — Enter manual port group view port-group manual port-group-name — Enter aggregation port group view port-group aggregation agg-id — Follow these steps to configure manual port group: To do... Use the command...
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do... Enter system view Enter Ethernet port view or port group view Chapter 1 Port Correlation Configuration Use the command... system-view Enter Ethernet port view interface interface-type interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Remarks — Either is required.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do… Enter system view Configure the interval for collecting port statistics Chapter 1 Port Correlation Configuration Use the command… Remarks system-view — interface interface-type interface-number Optional flow-interval interval By default, the interval for collecting port statistics is 300 seconds. 1.1.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration 1.1.9 Enabling Loopback Detection on an Ethernet Port Loop occurs when a port receives the packets that it sent out. Loops may cause broadcast storm. The purpose of loopback detection is to detect loops on a port.. With loopback detection enabled on an Ethernet port, the device checks the port for external loopback periodically.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Caution: z Loopback detection on a given port is enabled only after the loopback-detection enable command has been issued in both system view and the port view of the port. z Loopback detection on all ports will be disabled after the issuing of the undo loopback-detection enable command in system view. z The aggregation port can not support loopback detection. 1.1.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Caution: Although the storm suppression function and the storm constrain function can all be used to control specific type of traffic, they conflict with each other. So, do not configure the both for an Ethernet port at the same time.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do… Specify to send trap messages when the traffic detected exceeds the upper threshold or drops down below the lower threshold from a point higher than the upper threshold Chapter 1 Port Correlation Configuration Use the command… Remarks Optional storm-constrain enable trap By default, the system sends trap messages when the traffic detected exceeds the upper threshold or drops down below the lower threshold from
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do... Chapter 1 Port Correlation Configuration Use the command...
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 2 Port Isolation Configuration Chapter 2 Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested in: z Introduction to Port Isolation z Configuring an Isolation Group z Displaying Isolation Groups z Port Isolation Configuration Example 2.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches To do… Add a port to an isolation group as an ordinary port Chapter 2 Port Isolation Configuration Use the command… port-isolate enable group group-number Remarks Required No ports are added to the isolation group by default. 2.3 Displaying Isolation Groups To do… Display an isolation group and its information Use the command… display port-isolate group Remarks Available in any view 2.
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 2 Port Isolation Configuration system-view [Device] interface ethernet 2/0/1 [Device-Ethernet2/0/1] port-isolate enable [Device-Ethernet2/0/1] quit [Device] interface ethernet 2/0/2 [Device-Ethernet2/0/2] port-isolate enable [Device-Ethernet2/0/2] quit [Device] interface ethernet 2/0/3 [Device-Ethernet2/0/3] port-isolate enable # Display the information about the isolation group.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Overview ........................................................................................ 1-1 1.1 Link Aggregation ................................................................................................................ 1-1 1.1.1 LACP .......................................................................................................................
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview Chapter 1 Link Aggregation Overview This chapter covers these topics: z Link Aggregation z Approaches to Link Aggregation z Load Sharing in a Link Aggregation Group z Service Loop Group z Aggregation Port Group 1.1 Link Aggregation Link aggregation allows you to increase bandwidth by distributing traffic on the member ports in an aggregation group.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview Table 1-1 Consistency considerations for ports in an aggregation Category Considerations State of port-level STP (enabled or disabled) Attribute of the link (point-to-point or otherwise) connected to the port Port path cost STP STP priority Maximum transmission rate Loop protection Root protection Port type (whether the port is an edge port) Traffic policing Port rate limiting Strict priority (SP
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview 1.2 Approaches to Link Aggregation Two ways are available for implementing link aggregation, as described in Manual Link Aggregation and Static LACP link aggregation. 1.2.1 Manual Link Aggregation I. Overview Manual aggregations are created manually. Member ports in a manual aggregation are LACP-disabled. II.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview III. Port Configuration Considerations in manual aggregation As mentioned above, in a manual aggregation group, only ports with configurations consistent with those of the reference port can become selected. These configurations include port rate, duplex mode, link state, and other basic configurations, as described in Consistency Considerations for Ports in an Aggregation.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches 4) Chapter 1 Link Aggregation Overview As there is a limit on the number of selected ports, not all selected-port candidates can become selected ports. Before the limit is reached, all the candidates are set to the selected state. When the limit is reached, the candidates with lower port numbers are set to the selected state while the other candidates are set to the unselected state.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview forwarding port according to the source MAC address and destination MAC address. For a unicast IP packet with a known destination IP address, the switch selects the z forwarding port according to the source IP address and the destination IP address of the packet.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches z Chapter 1 Link Aggregation Overview These ports can be configured only with the physical configuration such as speed and duplex mode, QoS, and ACL. Other conflicting configurations, such as STP cannot be configured. z These ports must belong to VLAN 1. After assigning a port to a service-loop group, you may configure it with other non-conflicting settings, such as QoS.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: z Configuring Link Aggregation z Displaying and Maintaining Link Aggregation z Link Aggregation Configuration Example 2.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches z Chapter 2 Link Aggregation Configuration For a manual aggregation group containing only one port, the only way to remove the port from it is to remove the aggregation group. z To make an aggregation group to function properly, make sure the selected states of the ports on the both sides of the same link are the same. 2.1.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Note: When making configuration, be aware that after a load-balancing aggregation group changes to a non-load balancing group due to resources exhaustion, either of the following may happen: z Forwarding anomaly resulted from inconsistency of the two ends in the number of selected ports.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Note: z You can remove any service loop group except those that are currently referenced by modules. z For a service loop group containing only one port, the only way to remove the port from it is to remove the service loop group. 2.1.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches To do… Chapter 2 Link Aggregation Configuration Use the command… Remarks Display detailed information about specified or all link aggregation groups display link-aggregation verbose [ agg-id ] Available in any view Clear the statistics about LACP for specified or all ports reset lacp statistics [ interface interface-type interface-number [ to interface-type interface-number ] ] Available in user view 2.
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration # Add ports Ethernet 2/0/1 through Ethernet 2/0/3 to the group.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management Configuration ..................................................... 1-1 1.1 Introduction to MAC Address Table................................................................................... 1-1 1.2 Configuring MAC Address Table Management ................................................................. 1-2 1.2.1 Configuring MAC Address Entries .
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration Chapter 1 MAC Address Table Management Configuration When configuring MAC address table management, go to these sections for information you are interested in: z Introduction to MAC Address Table z Configuring MAC Address Table Management z Displaying and Maintaining MAC Address Table Management z MAC Address Table Management Configuration Example Note: This manu
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration Note: Dynamically learned MAC addresses cannot overwrite static MAC address entries, but the latter can overwrite the former. As shown in Figure 1-1, when forwarding a frame, the device looks up the MAC address table. If an entry is available for the destination MAC address, the device forwards the frame directly from the hardware.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration 1.2.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration 1.2.3 Disabling MAC Address Learning on an Ethernet Port or Port Group After enabling global MAC address learning, you may disable the function on a per-port basis as needed.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches To do… Chapter 1 MAC Address Table Management Configuration Use the command… Remarks Enter system view system-view — Configure the aging timer for dynamic MAC address entries mac-address timer { aging seconds | no-aging } Optional 300 seconds by default. Note: The MAC address aging timer takes effect globally on dynamic MAC address entries (learned or administratively configured) only. 1.2.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration Note: The maximum number of MAC addresses that can be learned on a port cannot be applied to the cross-board aggregation group to which the port belongs, that is, the maximum number of MAC addresses that can be learned on an aggregation group is not subject to that on a port in the group. 1.
Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Chapter 1 MAC Address Table Management Configuration # Display the MAC address entry for port Ethernet 2/0/1.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Source Guard Configuration .................................................................................. 1-1 1.1 IP Source Guard Overview ................................................................................................ 1-1 1.2 Configuring a Static Binding Entry ..................................................................................... 1-1 1.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration Chapter 1 IP Source Guard Configuration When configuring IP Source Guard, go to these sections for information you are interested in: z IP Source Guard Overview z Configuring a Static Binding Entry z Configuring Dynamic Binding Function z Displaying z IP Source Guard Configuration Examples z Troubleshooting 1.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches To do… Chapter 1 IP Source Guard Configuration Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Required Configure a static binding entry user-bind { ip-address ip-address | ip-address ip-address mac-address mac-address | mac-address mac-address } No static binding entry exists by default.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration 1.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration II. Network diagram Switch A Eth2/0/1 Eth2/0/1 Eth2/0/2 Eth2/0/2 Host C 192.168.0.3/24 MAC address: 00-01-02-03-04-05 Host A Host B 192.168.0.1/24 MAC address: 00-01-02-03-04-06 192.168.0.2/24 MAC address: 00-01-02-03-04-07 Figure 1-1 Network diagram for configuring static binding entries III.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches [SwitchB-Ethernet2/0/1] Chapter 1 IP Source Guard Configuration user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406 [SwitchA-Ethernet2/0/1] quit # Configure port Ethernet 2/0/2 of Switch B to allow only IP packets with the source MAC address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass. [SwitchB] interface ethernet 2/0/2 [SwitchB-Ethernet2/0/2] user-bind ip-address 192.168.0.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration Note: For detailed configuration of DHCP Server, refer to DHCP Configuration in this manual. II. Network diagram Figure 1-2 Network diagram for configuring dynamic binding III. Configuration procedure 1) Configure Switch A # Configure dynamic binding on port Ethernet 2/0/1.
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches 0001-0203-0406 Chapter 1 IP Source Guard Configuration 192.168.0.1 1 Ethernet2/0/1 DHCP-SNP -----------------1 binding entries queried, 1 listed------------------ # Display the dynamic entries of DHCP Snooping and check it is identical with the dynamic entries that port Ethernet 2/0/1 has obtained. display dhcp-snooping DHCP Snooping is enabled. The client binding table for all untrusted ports.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration .................................................................................................... 1-1 1.1 MSTP Overview ................................................................................................................. 1-1 1.1.1 Introduction to STP ................................................................................................. 1-1 1.1.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Table of Contents 1.6.1 Configuration Prerequisites................................................................................... 1-40 1.6.2 Configuration Procedure ....................................................................................... 1-40 1.6.3 Configuration Example.......................................................................................... 1-41 1.7 Configuring No Agreement Check .............................
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: z MSTP Overview z Configuring the Root Bridge z Configuring Leaf Nodes z Performing mCheck z Configuring Protection Functions z Displaying and Maintaining MSTP 1.1 MSTP Overview 1.1.1 Introduction to STP I. Why STP? The Spanning Tree Protocol (STP) was established based on the 802.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration III. Basic concepts in STP 1) Root bridge A tree network must have a root; hence the concept of “root bridge” has been introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change alone with changes of the network topology. Therefore, the root bridge is not fixed.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-1 A schematic diagram of designated bridges and designated ports IV. Path cost Path cost is a reference value used for link selection in STP. By calculating the path cost, STP selects relatively “robust” links and blocks redundant links, and finally prunes the network into loop-free tree structure. Note: All the ports on the root bridge are designated ports. V.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Forward delay: forward delay of the port.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: Principle for configuration BPDU comparison: z The configuration BPDU that has the lowest root bridge ID has the highest priority. z If all the configuration BPDUs have the same root bridge ID, they will be compared for their root path costs.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and does different things according to the comparison result: z 3 z If the calculated configuration BPDU is superior, the device will consider this port as the designated port, and the configuration BPDU on the port will be replaced with the calculated configuration
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-4 Initial state of each device Device Port name BPDU of port AP1 {0, 0, 0, AP1} AP2 {0, 0, 0, AP2} BP1 {1, 0, 1, BP1} BP2 {1, 0, 1, BP2} CP1 {2, 0, 2, CP1} CP2 {2, 0, 2, CP2} Device A Device B Device C z Comparison process and result on each device The following table shows the comparison process and result on each device.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Device Chapter 1 MSTP Configuration Comparison process z z z Device B z z Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1. Port BP2 receives the configuration BPDU of Device C {2, 0, 2, CP2}.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Device Chapter 1 MSTP Configuration Comparison process z z Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the configuration BPDU of CP1. Port CP2 receives the configuration BPDU of port BP2 of Device B {1, 0, 1, BP2} before the message was updated.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-3 The final calculated spanning tree Note: To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur. 3) STP timers STP calculations need three important timing parameters: forward delay, hello time, and max age. z Forward delay is the delay time for device state transition. A path failure will cause re-calculation of the spanning tree, and the spanning tree structure will change accordingly.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: z In RSTP, a newly elected root port can enter the forwarding state rapidly if this condition is met: The old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-4 Basic concepts in MSTP 1) MST region A multiple spanning tree region (MST region) is composed of multiple devices in a switched network and network segments among them.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration the same VLAN-to-instance mapping (VLAN 1 is mapped to MST instance 1, VLAN 2 to MST instance 2, and the rest to CIST). MSTP achieves load balancing by means of the VLAN-to-instance mapping table. 3) IST Internal spanning tree (IST) is a spanning tree that runs in an MST region.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration A boundary port is a port that connects an MST region to another MST configuration, or to a single spanning-tree region running STP, or to a single spanning-tree region running RSTP. During MSTP calculation, a boundary port assumes the same role on the CIST and on MST instances. Namely, if a boundary port is the master port on the CIST, it is also the master port on all MST instances within this region.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-5 Port roles Figure 1-5 helps understand these concepts. Where, z Devices A, B, C, and D constitute an MST region. z Port 1 and port 2 of device A connect to the common root bridge. z Port 5 and port 6 of device C form a loop. z Port 3 and port 4 of device D connect downstream to other MST regions.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration A port state is not exclusively associated with a port role. Table 1-6 lists the port state(s) supported by each port role (“√” indicates that the port supports this state, while “—“ indicates that the port does not support this state).
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration In addition to basic MSTP functions, many management-facilitating special functions are provided, as follows: z Root bridge hold z Root bridge backup z Root guard z BPDU guard z Loop guard z TC-BPDU guard 1.1.3 Protocols and Standards MSTP is documented in: z IEEE 802.1d: Spanning Tree Protocol z IEEE 802.1w: Rapid Spanning Tree Protocol z IEEE 802.1s: Multiple Spanning Tree Protocol 1.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Task Configurin g Leaf Nodes Remarks Configuring an MST Region Required Configuring the Work Mode of MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Transmission Rate of Ports Optional Configuring Ports as Edge Ports Optional Configuring Path Costs of Ports Optional Configuring Port Priority Optional Configuring Whether Ports Connect to Point-to-Point Links Option
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Optional Configure the MST region name Configure the VLAN-to-instance mapping table region-name name The MST region name is the MAC address by default. instance instance-id vlan vlan-list Optional vlan-mapping modulo modulo Use either command. All VLANs in an MST region are mapped to MST instance 0 by default.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure the MST region name to be “info”, the MSTP revision level to be 1, and VLAN 2 through VLAN 10 to be mapped to instance 1 and VLAN 20 through VLAN 30 to instance 2.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note that: z Upon specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. z You can configure the current device as the root bridge or a secondary root bridge of an MST instance, which is specified by instance instance-id in the command. If you set instance-id to 0, the current device will be the root bridge or a secondary root bridge of the CIST.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.3 Configuring the Work Mode of MSTP Device MSTP and RSTP can recognize each other’s protocol packets, so they are mutually compatible. However, STP is unable to recognize MSTP packets. For hybrid networking with legacy STP devices and full interoperability with RSTP-compliant devices, MSTP supports three work modes: STP-compatible mode, RSTP mode, and MSTP mode.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Configure the priority of the current device stp [ instance instance-id ] priority priority Optional 32768 by default Caution: z Upon specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches To do... Chapter 1 MSTP Configuration Use the command... Enter system view system-view Configure the maximum hops of the MST region stp max-hops hops Remarks — Optional 20 by default Note: A larger maximum hops setting means a larger size of the MST region. Only the maximum hops configured on the regional root bridge can restrict the size of the MST region. II. Configuration example # Set the maximum hops of the MST region to 30.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: z Network diameter is a parameter that indicates network size. A bigger network diameter represents a larger network size. z Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. z The configured network diameter is effective for the CIST only, and not for MSTIs. II.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Caution: z The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced; if the forward delay setting is too big, it may take a long time for the network to resume connectivity.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.8 Configuring the Timeout Factor After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to the surrounding devices at the interval of hello time to check whether any link is faulty.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to configure the maximum transmission rate of a port or a group of ports: To do... Enter system view Enter Ethernet interface view or port group view Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to specify a port or a group of ports as edge port(s): To do... Enter system view Enter Ethernet interface view or port group view Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to configure whether a port or a group of ports connect to point-to-point links: To do... Enter system view Enter Ethernet interface view or port group view Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.12 Configuring the Mode a Port Uses to Recognize/Send MSTP Packets A port can send/recognize MSTP packets of two formats: z 802.1s-compliant standard format, and z Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure GigabitEthernet 2/0/1 to receive and send standard-format MSTP packets. system-view [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] stp compliance dot1s 1.3.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Optional Enable the MSTP feature on the port(s) stp enable MSTP is disabled on ports by default and automatically enabled on all ports after it is enabled globally on the device. Note: z You must enable MSTP for the device before any other MSTP-related configuration can take effect.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.5 Configuring Ports as Edge Ports Refer to Configuring Ports as Edge Ports in the section about root bridge configuration. 1.4.6 Configuring Path Costs of Ports Path cost is a parameter related to the rate of port-connected links. On an MSTP-compliant device, ports can have different priorities in different MST instances.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Link speed 100 Mbps 1000 Mbps 10 Gbps Chapter 1 MSTP Configuration Duplex state 802.1d-1998 802.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Caution: z If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be out of effect. z When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. If you use 0 as instance-id, you are setting the path cost of the CIST. 1.4.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: z When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. z Generally, a lower configured value priority indicates a higher priority of the port. If you configure the same priority value for all the Ethernet ports on a device, the specific priority of a port depends on the index number of that port.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration STP-compatible mode. In this case, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through two approaches, which lead to the same result. 1.5.1 Configuration Prerequisites MSTP has been correctly configured on the device. 1.5.2 Configuration Procedure I. Performing mCheckglobally Follow these steps to perform global mCheck: To do...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches 2) Chapter 1 MSTP Configuration Method 2: Perform mCheck in Ethernet interface view. system-view [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] stp mcheck 1.6 Configuring Digest Snooping As defined in IEEE 802.1s, interconnected devices are in the same region only when the region-related configuration (domain name, revision level, VLAN-to-instance mappings) on them is identical.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches To do... Enable global digest snooping Chapter 1 MSTP Configuration Use the command... stp config-digest-snooping Remarks Required Not enabled by default Caution: z You can only enable the Digest Snooping feature on the device connected to another vendor’s device that uses a private key to calculate the configuration digest.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Third-party device Root port Designated port GE2/0/1 GE2/0/2 GE2/0/1 Blocked port GE2/0/2 GE2/0/2 GE2/0/1 Device A Device B Figure 1-6 Digest Snooping configuration III. Configuration procedure 1) Enable Digest Snooping on Device A # Enable Digest Snooping on GigabitEthernet2/0/1.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-7 and Figure 1-8 show the rapid state transition mechanism on MSTP and RSTP designated ports.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches z Chapter 1 MSTP Configuration Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, making them in the same region. 1.7.2 Configuration Procedure Follow these steps to configure No Agreement Check: To do... Enter system view Enter Ethernet interface or port group view Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Third-party device GE2/0/1 GE2/0/1 Root port Designated port Device A Figure 1-9 No Agreement Check configuration III. Configuration procedure # Enable No Agreement Check on GigabitEthernet2/0/1 of Device A. system-view [DeviceA] interface GigabitEthernet 2/0/1 [DeviceA-GigabitEthernet2/0/1] stp no-agreement-check 1.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.8.2 Enabling BPDU Guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition of these ports. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration playing the role of designated port on all MST instances. Once this port receives a configuration BPDU with a higher priority from an MST instance, it immediately sets that instance port to the listening state, without forwarding the packet (this is equivalent to disconnecting the link connected with this port).
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: It is recommended that you enable the loop guard feature on your device. Follow these steps to enable loop guard: To do... Enter system view Enter Ethernet interface view or port group view Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches To do... Configure the maximum number of times the device deletes forwarding address entries within a certain period of time immediately after it receives TC-BPDUs Chapter 1 MSTP Configuration Use the command... stp tc-protection threshold number Remarks Optional 6 by default Note: We recommend that you keep this feature enabled. 1.9 Displaying and Maintaining MSTP To do... Use the command...
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.10 MSTP Configuration Example I. Network requirements Configure MSTP so that packets of different VLANs are forwarded along different spanning trees. The specific configuration requirements are as follows: z All devices on the network are in the same MST region.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 [DeviceA-mst-region] revision-level 0 # Activate MST region configuration manually. [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Define Device A as the root bridge of MST instance 1.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration [DeviceB] display stp region-configuration Oper configuration Format selector :0 Region name :example Revision level :0 Instance 3) Vlans Mapped 0 1 to 9, 11 to 29, 31 to 39, 41 to 4094 1 10 3 30 4 40 Configuration on Device C # Enter MST region view.
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration # Enter MST region view. system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example # Configure the region name, VLAN-to-instance mappings and revision level of the MST region. [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40 [DeviceD-mst-region] revision-level 0 # Activate MST region configuration manually.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Routing Overview.................................................................................................... 1-1 1.1 IP Routing and Routing Table............................................................................................ 1-1 1.1.1 Routing ....................................................................................................................
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Chapter 1 IP Routing Overview Go to these sections for information you are interested in: z IP Routing and Routing Table z Routing Protocol Overview z Displaying and Maintaining a Routing Table Note: z The term “router” in this document refers to a Layer 3 switch running routing protocols. z Currently, the LSQ1GP12EA board on S7500E series Ethernet switches does not support IPv6 features. 1.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview z Destination address: Destination IP address or destination network. z Network mask: Specifies, in company with the destination address, the address of the destination network. A logical AND operation between the destination address and the network mask yields the address of the destination network. For example, if the destination address is 129.102.8.10 and the mask 255.255.0.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Router A 17.0.0.1 Chapter 1 IP Routing Overview 17.0.0.0 Router F 17.0.0.3 16.0.0.2 11.0.0.2 Router D 17.0.0.2 16.0.0.0 11.0.0.0 14.0.0.3 16.0.0.1 Router B 14.0.0.2 14.0.0.4 14.0.0.0 15.0.0.2 11.0.0.1 Router G 12.0.0.1 Router E 14.0.0.1 12.0.0.0 15.0.0.0 13.0.0.2 15.0.0.1 13.0.0.3 13.0.0.1 13.0.0.0 12.0.0.2 Router C Destination Network 11.0.0.0 12.0.0.0 13.0.0.0 14.0.0.0 15.0.0.0 16.0.0.0 17.0.0.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview I. Operational scope z Interior gateway protocols (IGPs): Work within an autonomous system, including RIP, OSPF, and IS-IS. z Exterior gateway protocols (EGPs): Work between autonomous systems. The most popular one is BGP. Note: An autonomous system refers to a group of routers that share the same routing policy and work under the same administration. II.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Routing approach Priority DIRECT 0 OSPF 10 IS-IS 15 STATIC 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 255 EBGP 255 UNKNOWN 256 Note: z The smaller the priority value, the higher the priority. z The priority for a direct route is always 0, which you cannot change. Any other type of routes can have their priorities manually configured.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Under normal circumstances, packets are forwarded through the main route. When the main route goes down, the route with the highest priority among the backup routes is selected to forward packets. When the main route recovers, the route selection process is performed again and the main route is selected again to forward packets. 1.2.
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview To do… Use the command… Display routing information permitted by an IPv4 prefix list display ip routing-table ip-prefix ip-prefix-name [ verbose ] Display routes of a routing protocol display ip routing-table protocol protocol [ inactive | verbose ] Display statistics about the network routing table display ip routing-table statistics Clear statistics for the routing table reset ip routing-tab
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Static Routing Configuration...................................................................................... 1-1 1.1 Introduction ........................................................................................................................ 1-1 1.1.1 Static Route............................................................................................................. 1-1 1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 2.4.8 Configuring RIP-to-MIB Binding ............................................................................ 2-16 2.5 Displaying and Maintaining RIP....................................................................................... 2-17 2.6 RIP Configuration Examples............................................................................................ 2-17 2.6.1 Configuring RIP Version.....................
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 3.7.3 Specifying an LSA Transmission Delay ................................................................ 3-34 3.7.4 Specifying SPF Calculation Interval ...................................................................... 3-34 3.7.5 Specifying the LSA Minimum Repeat Arrival Interval ........................................... 3-35 3.7.6 Specifying the LSA Generation Interval ..........................................
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 4.4.8 Configuring Route Redistribution .......................................................................... 4-24 4.4.9 Configuring IS-IS Route Leaking........................................................................... 4-24 4.5 Tuning and Optimizing IS-IS Network ............................................................................. 4-25 4.5.1 Configuration Prerequisites...............................
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 5.5.1 Prerequisites ......................................................................................................... 5-27 5.5.2 Configuration Procedure ....................................................................................... 5-27 5.6 Tuning and Optimizing BGP Networks ............................................................................ 5-30 5.6.1 Prerequisites .............................
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 6.5 Displaying and Maintaining the Routing Policy................................................................ 6-10 6.6 Routing Policy Configuration Example ............................................................................ 6-10 6.6.1 Applying Routing Policy When Redistributing IPv4 Routes .................................. 6-10 6.7 Troubleshooting Routing Policy Configuration ...............................
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration Chapter 1 Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: z Introduction z Configuring a Static Route z Displaying and Maintaining Static Routes z Configuration Example Note: The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. 1.1 Introduction 1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration You can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate the default route. 1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration To do… Use the command… Remarks Enter system view system-view — Required Configure a static route ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure the default preference for static routes ip route-static default-preference d
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration 1.4 Configuration Example I. Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. II. Network diagram Figure 1-1 Network diagram for static route configuration III.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration Routing Tables: Public Destinations : 7 Destination/Mask Proto 0.0.0.0/0 Routes : 7 Pre Cost NextHop Interface Static 60 0 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Chapter 2 RIP Configuration Note: The term “router” in this document refers to a router in a generic sense or a Layer 3 switch.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration II. RIP routing table A RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry contains: z Destination address: IP address of a host or a network. z Next hop: IP address of the adjacent router’s interface to reach the destination. z Egress interface: Packet outgoing interface. z Metric: Cost from the local router to the destination.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.1.2 Operation of RIP The following procedure describes how RIP works. 1) After RIP is enabled, the router sends Request messages to neighboring routers. Neighboring routers return Response messages including information about their routing tables. 2) After receiving such information, the router updates its local routing table, and sends triggered update messages to its neighbors.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Figure 2-1 shows the format of RIPv1 message. Figure 2-1 RIPv1 Message Format z Command: Type of message. 1 indicates request, and 2 indicates response. z Version: Version of RIP, 0x01 for RIPv1. z AFI: Address Family Identifier, 2 for IP. z IP Address: Destination IP address of the route. It can be a natural network, subnet or a host address. z Metric: Cost of the route. II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration III. RIPv2 authentication RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information. See Figure 2-3. Figure 2-3 RIPv2 Authentication Message z Authentication Type: 2 represents plain text authentication, while 3 represents MD5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.2 Configuring RIP Basic Functions 2.2.1 Configuration Prerequisites Before configuring RIP basic functions, configure IP addresses for interfaces, making all adjacent nodes reachable to each other at the network layer. 2.2.2 Configuration Procedure I.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Enter interface view interface interface-type interface-number Enable the interface to receive RIP messages rip input Enable the interface to send RIP messages rip output Remarks — Optional Enabled by default Optional Enabled by default III. Configuring a RIP version You can configure a RIP version in RIP or interface view.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks Enter interface view interface interface-type interface-number –– Specify a RIP version for the interface rip version { 1 | 2 [ broadcast | multicast ] } Optional 2.3 Configuring RIP Route Control In complex networks, you need to configure advanced RIP features.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Define an outbound additional routing metric Chapter 2 RIP Configuration Use the command… rip metricout value Remarks Optional 1 by default 2.3.2 Configuring RIPv2 Route Summarization Route summarization means that subnets in a natural network are summarized with a natural network that is sent to other networks. This feature can reduce the size of routing tables. I.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. 2.3.3 Disabling Host Route Reception Sometimes a router may receive many host routes from the same network, which are not helpful for routing and occupy a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: The router enabled to advertise a default route does not receive default routes from RIP neighbors. 2.3.5 Configuring Inbound/Outbound Route Filtering The device supports route filtering. You can filter routes by configuring the inbound and outbound route filtering policies via referencing an ACL or IP prefix list. You can also configure the router to receive only routes from a specified neighbor.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks Enter system view system-view –– Enter RIP view rip [ process-id ] –– Configure a priority for RIP preference [ route-policy route-policy-name ] value Optional 100 by default 2.3.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Configure values for RIP timers timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value }* Remarks Optional The default update timer, timeout timer, suppress timer, and garbage-collect timer are 30s, 180s, 120s and 120s respectively.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration II. Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.4.5 Enabling Source IP Address Check on Incoming RIP Updates You can enable source IP address check on incoming RIP updates. For a message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.4.7 Specifying a RIP Neighbor Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast or multicast links, you need to manually specify RIP neighbors. If a specified neighbor is not directly connected, you must disable source address check on incoming updates.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration [SwitchA-rip-1] quit # Configure Switch B. system-view [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table of Switch A.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: Since RIPv1 routing information has a long aging time, it will still exist until aged out after RIPv2 is configured. 2.6.2 Configuring RIP Route Redistribution I. Network requirements As shown in Figure 2-5, two RIP processes are running on Switch B, which communicates with Switch A through RIP100 and with Switch C through RIP 200.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 3.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIP version 2 on Switch C. system-view [SwitchC] rip 200 [SwitchC-rip-200] network 3.0.0.0 [SwitchC-rip-200] network 4.0.0.0 [SwitchC-rip-200] network 5.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Routing Tables: Public Destinations : 9 Destination/Mask Proto 1.1.1.0/24 Routes : 9 Cost NextHop Interface Direct 0 0 1.1.1.1 Vlan100 1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 2.1.1.0/24 Direct 0 0 2.1.1.1 Vlan101 2.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 3.1.1.0/24 RIP 100 4 1.1.1.2 Vlan100 4.1.1.0/24 RIP 100 4 1.1.1.2 Vlan100 5.1.1.0/24 RIP 100 4 1.1.1.2 Vlan100 127.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.7 Troubleshooting RIP 2.7.1 No RIP Updates Received Symptom: No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Chapter 3 OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 3 OSPF Configuration Area partition: Allows an AS to be split into different areas for ease of management and the routing information transmitted between areas is summarized to reduce network bandwidth consumption. z Equal-cost multi-route: Supports multiple equal-cost routes to a destination.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 3 OSPF Configuration Hello packet: Periodically sent to find and maintain neighbors, containing the values of some timers, information about the DR, BDR and known neighbors. z DD packet (database description packet): Describes the digest of each LSA in the LSDB, exchanged between two routers for data synchronization. z LSR (link state request) packet: Requests needed LSAs from the neighbor.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration into the local subnet, the Type 10 is flooded into the local area, and the Type 11 is flooded throughout the whole AS. VI. Neighbor and Adjacency In OSPF, the “Neighbor” and “Adjacency” are two different concepts. Neighbor: Two routers that have interfaces to a common network. Neighbor relationships are maintained by, and usually dynamically discovered by, OSPF's hello packets.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Area 4 Area 1 Area 0 Area 2 Area 3 Figure 3-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-2 OSPF router types III. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. Therefore, OSPF requires that: z All non-backbone areas must maintain connectivity to the backbone area.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Another application of virtual links is to provide redundant links. If the backbone area cannot maintain internal connectivity due to a physical link failure, configuring a virtual link can guarantee logical connectivity in the backbone area, as shown below. Figure 3-4 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration NSSA area. When traveling to the NSSA ABR, Type-7 LSAs are translated into Type-5 LSAs by the ABR for advertisement to other areas. In the following figure, the OSPF AS contains three areas: Area 1, Area 2 and Area 0. The other two ASs employ the RIP protocol. Area 1 is an NSSA area, and the ASBR in it translates RIP routes into Type-7 LSAs and advertises them throughout Area 1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration segment. The ABR in the area distributes only the summary LSA to reduce the scale of LSDBs on routers in other areas. 2) ASBR route summarization If summarization for redistributed routes is configured on an ASBR, it will summarize redistributed Type-5 LSAs that fall into the specified address range. If in an NSSA area, it also summarizes Type-7 LSAs that fall into the specified address range.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 3 OSPF Configuration P2MP (point-to-multipoint): By default, OSPF considers no link layer protocol as P2MP, which is a conversion from other network types such as NBMA in general. On P2MP networks, packets are sent to multicast addresses (224.0.0.5). z P2P (point-to-point): When the link layer protocol is PPP or HDLC, OSPF considers the network type as P2P. On P2P networks, packets are sent to multicast addresses (224.0.0.5).
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration the new DR in a very short period by avoiding adjacency establishment and DR reelection. Meanwhile, other routers elect another BDR, which requires a relatively long period but has no influence on routing calculation. Other routers, also known as DRothers, establish no adjacency and exchange no routing information with each other, thus reducing the number of adjacencies on broadcast and NBMA networks.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.1.5 OSPF Packet Formats OSPF packets are directly encapsulated into IP packets. OSPF has the IP protocol number 89. The OSPF packet format is shown below (taking a LSU packet as an example). Figure 3-8 OSPF packet format I. OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: MD5 authentication data is added following an OSPF packet rather than contained in the Authentication field. II. Hello packet A router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the DR/BDR, including information about values of timers, DR, BDR and neighbors already known.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration III. DD packet Two routers exchange database description (DD) packets describing their LSDBs for database synchronization, contents in DD packets including the header of each LSA (uniquely representing a LSA). The LSA header occupies small part of an LSA to reduce traffic between routers. The recipient checks whether the LSA is available using the LSA header.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration requesting the missing LSAs. The packets contain the digests of the missing LSAs. The following figure shows the LSR packet format. Figure 3-12 LSR packet format Major fields: z LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. z Link State ID: Determined by LSA type. z Advertising Router: ID of the router that sent the LSA. V.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration VI. LSAck packet LSAack (Link State Acknowledgment) packets are used to acknowledge received LSU packets, contents including LSA headers to describe the corresponding LSAs. Multiple LSAs can be acknowledged in a single Link State Acknowledgment packet. The following figure gives its format. Figure 3-14 LSAck packet format VII. LSA header format All LSAs have the same header, as shown in the following figure.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-16 Router LSA format Major fields: z Link State ID: ID of the router that originated the LSA. z V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint. z E (External): Set to 1 if the router that originated the LSA is an ASBR. z B (Border): Set to 1 if the router that originated the LSA is an ABR.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-17 Network LSA format Major fields: z Link State ID: The interface address of the DR z Network Mask: The mask of the network (a broadcast or NBMA network) z Attached Router: The IDs of the routers, which are adjacent to the DR, including the DR itself 3) Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. 4) AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS. Figure 3-19 AS external LSA format Major fields: z Link State ID: The IP address of another AS to be advertised.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration An NSSA external LSA originates from the ASBR in a NSSA and is flooded in the NSSA area only. It has the same format as the AS external LSA. Figure 3-20 NSSA external LSA format 3.1.6 Supported OSPF Features I. Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Distributed routers support OSPF Hot Standby (HSB). OSPF backups necessary information of the Active Main Board (AMB) into the Standby Main Board. Once the AMB fails, the SMB begins to work to ensure the normal operation of OSPF. 3.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Task Configuring OSPF Network Optimization Remarks Configuring OSPF Packet Timers Optional Specifying an LSA Transmission Delay Optional Specifying SPF Calculation Interval Optional Specifying the LSA Minimum Repeat Arrival Interval Optional Specifying the LSA Generation Interval Optional Disabling Interfaces from Sending OSPF Packets Optional Configuring Stub Routers Optional Configuring OSPF
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To ensure OSPF stability, you need to decide on router IDs and configure them manually. Any two routers in an AS must have different IDs. In practice, the ID of a router is the IP address of one of its interfaces. z Enable an OSPF process The system supports OSPF multi-process.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.4 Configuring OSPF Area Parameters Splitting an OSPF AS into multiple areas reduces the number of LSAs in the networks and extends the OSPF application. For those non-backbone areas residing on the AS boundary, you can configure them as stub areas to further reduce the size of routing tables on routers in these areas and the number of LSAs.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 3 OSPF Configuration Use the command… Configure a virtual link vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | simple [ plain | cipher ] password | { md5 | hmac-md5 } key-id [ plain | cipher ] password ] * Advertise a host route host-advertise ip-address cost Remarks Optional Configured on both ends of a virtual link Note that hello and dead parameters must be identical
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Configure a router priority for the interface Optional ospf dr-priority priority The default router priority is 1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 3 OSPF Configuration Use the command… Remarks Enter system view system-view — Enter OSPF view ospf [ process-id | router-id router-id ] * — Enter OSPF area view area area-id Required Configure ABR route summarization abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] Required Available on an ABR only Not configured by default Follow these steps to configure route summari
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: Since OSPF is a link state-based interior gateway protocol, routing information is contained in LSAs. However, OSPF cannot filter LSAs. Using the filter-policy import command is to filter routes computed by OSPF, and only routes not filtered out are installed into the routing table. 3.6.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 3 OSPF Configuration Use the command… Remarks Enter system view system-view — Enter OSPF view ospf [ process-id | router-id router-id ] * — Configure a bandwidth reference value bandwidth-reference value Optional The value defaults to 100Mbps. Note: If no OSPF cost is configured for an interface, OSPF computes the cost automatically: Interface OSPF cost= Bandwidth reference value/Interface bandwidth.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Configure the maximum number of equivalent load-balanced routes Remarks maximum load-balancing maximum Optional The default number is 4. 3.6.8 Configuring a Priority for OSPF A router may run multiple routing protocols, and it sets a priority for each protocol.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Redistribute a default route Chapter 3 OSPF Configuration Use the command… default-route-advertise [ always | cost cost | type type | route-policy route-policy-name ]* default-route-advertise summary cost cost Remarks Optional Not redistributed by default Optional Configure the default parameters for redistributed routes (cost, route number, tag and type) default { cost cost | limit limit | tag tag | type type } * By default,
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 3 OSPF Configuration Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. 3.7.1 Prerequisites Before configuring OSPF network optimization, you have configured: z IP addresses for interfaces; z OSPF basic functions. 3.7.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Specify the retransmission interval ospf timer retransmit interval Remarks Optional The retransmission interval defaults to 5 seconds. Note: z The hello and dead intervals restore to default values after you change the network type for an interface. z The dead interval should be at least four times the hello interval on an interface.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 3 OSPF Configuration Use the command… Remarks Enter system view system-view — Enter OSPF view ospf [ process-id | router-id router-id ] * — Specify SPF calculation interval(s) spf-schedule-interval maximum-interval [ minimum-interval [ incremental-interval ] ] Optional By default, the interval is 5 seconds.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Follow these steps to configure the LSA generation interval: To do… Use the command… Remarks Enter system view system-view — Enter OSPF view ospf [ process-id | router-id router-id ] * Required Optional Configure the LSA generation interval lsa-generation-interval maximum-interval [ initial-interval [ incremental-interval ] ] By default, the maximum interval is 5 seconds, the minimum interval is 0 m
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: z Different OSPF processes can disable the same interface from sending OSPF packets. Use of the silent-interface command disables only the interfaces associated with the current process rather than interfaces associated with other processes.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view system-view — Enter OSPF view ospf [ process-id | router-id router-id ] * — Enter area view area area-id — Configure the authentication mode authentication-mode { simple | md5 } Exit to OSPF view quit — Exit to system view quit — Enter interface view interface interface-type interface-number — Configure the authentication mode (simple aut
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.7.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.7.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ] [ router-id ] ] Reset OSPF counters Reset an OSPF process reset ospf [ process-id ] process Re-enable OSPF route redistribution reset ospf [ process-id ] redistribution Remarks Available in user view 3.9 OSPF Configuration Examples Note: These examples only cover commands for OSPF configuration.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches 2) Chapter 3 OSPF Configuration Configure OSPF basic functions # Configure Switch A. system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 10.2.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.1 State: Full DR: 10.1.1.1 Address: 10.1.1.2 Mode: Nbr is Master BDR: 10.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Router 10.2.1.1 10.2.1.1 1069 36 80000012 Metric 0 Router 10.3.1.1 10.3.1.1 780 36 80000011 0 Network 10.1.1.1 10.2.1.1 1069 32 80000010 0 Sum-Net 10.5.1.0 10.3.1.1 780 28 80000003 12 Sum-Net 10.2.1.0 10.2.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=15 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=16 ms Reply from 10.4.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms --- 10.4.1.1 ping statistics --5 packet(s) transmitted 4 packet(s) received 20.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Display ABR/ASBR information on Switch C. [SwitchC] display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 3 10.2.1.1 ABR Inter 10.3.1.1 0.0.0.1 5 10.2.1.1 ABR Inter 10.5.1.1 0.0.0.1 7 10.2.1.1 ASBR # Display OSPF routing table information on Switch C.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA-ospf-1-area-0.0.0.1] stub [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch C. [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] stub [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit # Display OSPF routing information on Switch C [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop 0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 3 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 3 Stub 10.4.1.1 0.0.0.1 10.4.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration III. Configuration procedure 1) Configure IP addresses for interfaces. 2) Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). 3) Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch C.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit # Display OSPF routing information on Switch D. [SwitchD-ospf-1] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop 10.2.1.0/24 AdvRouter Area 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration II. Network diagram Figure 3-24 Network diagram for OSPF DR election configuration III. Configuration procedure 1) Configure IP addresses for interfaces (omitted) 2) Configure OSPF basic functions # Configure Switch A. system-view [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Configure Switch D. system-view [SwitchD] router id 4.4.4.4 [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Configure Switch B. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ospf dr-priority 0 [SwitchB-Vlan-interface1] quit # Configure Switch C. [SwitchC] interface vlan-interface 1 [SwitchC-Vlan-interface1] ospf dr-priority 2 [SwitchC-Vlan-interface] quit # Display neighbor information on Switch D. [SwitchD] display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: In the above output, you can find the priority configuration does not take effect immediately. 4) Restart OSPF process (omitted) # Display neighbor information on Switch D. [SwitchD] display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 State: Full Address: 192.168.1.1 Mode: Nbr is Slave DR: 192.168.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: If the neighbor state is full, it means Switch D has established the adjacency with the neighbor. If the neighbor state is 2-way, it means the two switches are neither the DR nor the BDR, and they do not exchange LSAs. # Display OSPF interface information. [SwitchA] display ospf interface OSPF Process 1 with Router ID 1.1.1.1 Interfaces Area: 0.0.0.0 IP Address Type State 192.168.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration II. Network diagram Figure 3-25 Network diagram for OSPF virtual link configuration III. Configuration procedure 1) Configure IP addresses for interfaces (omitted) 2) Configure OSPF basic functions # Configure Switch A. system-view [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 [SwitchA-ospf-1-area-0.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Note: Since Area 2 has no direct connection to Area 0, the OSPF routing table of Router A has no route to Area 2. 3) Configure a virtual link # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.10 Troubleshooting OSPF Configuration 3.10.1 No OSPF Neighbor Relationship Established I. Symptom No OSPF neighbor relationship can be established. II. Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches 4) Display information Chapter 3 OSPF Configuration about area configuration using the display current-configuration configuration ospf command. If more than two areas are configured, at least one area is connected to the backbone. 5) In a Stub area, all routers attached are configured with the stub command. In an NSSA area, all interface connected to which are configured with the nssa command.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Chapter 4 IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: z IS-IS Overview z IS-IS Configuration Task List z Configuring IS-IS Basic Functions z Configuring IS-IS Routing Information Control z Tuning and Optimizing IS-IS Network z Displaying and Maintaining IS-IS z IS-IS Configuration Example Note: The term “router” in this document refers
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 4 IS-IS Configuration Routing domain (RD). A group of ISs exchange routing information with the same routing protocol in a routing domain. z Area. An area is a division unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas. z Link State Database (LSDB). All link states in the network forms the LSDB. There is at least one LSDB in each IS.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Generally, a router only needs one area address, and all nodes in the same routing domain must share the same area address. However, a router can have three area addresses at most to support smooth area merging, partitioning and switching. 3) System ID The system ID identifies the host or router uniquely. It has a fixed length of 48 bits (6 bytes).
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.1.2 IS-IS Area I. Two-level hierarchy IS-IS uses two-level hierarchy in the routing domain to support large scale routing networks. A large routing domain is divided into multiple Areas. The Level-1 router is in charge of forwarding routes within an area, and the Level-2 router is in charge of forwarding routes between areas. II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-2 IS-IS topology Figure 4-3 shows another network topology running the IS-IS protocol. The Level-1-2 routers connect the Level-1 and Level-2 routers, and also form the IS-IS backbone together with the Level-2 routers. There is no area defined as the backbone in this topology. The backbone is composed of all contiguous Level-2 and Level-1-2 routers which can reside in different areas.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the Shortest Path Tree (SPT). III. Interface routing hierarchy type You can configure the routing type for each interface.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 4 IS-IS Configuration Point-to-point network, such as PPP, HDLC. Note: For the Non-Broadcast Multi-Access (NBMA) network, such as ATM, you need to configure point-to-point or broadcast network on its configured subinterfaces. IS-IS does not run on Point to Multipoint (P2MP) links. II. DIS and pseudonodes On an IS-IS broadcast network, a router has to be selected as the Designated Intermediate System (DIS).
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Using pseudonodes can reduce the resources used by SPF and simplify the network topology. Note: On IS-IS broadcast networks, all routers are adjacent with each other. The DIS is responsible for the synchronization of their LSDBs. 4.1.4 IS-IS PDU Format I. PDU header format The IS-IS packets are encapsulated into link layer frames.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration z R(Reserved): Set to 0. z PDU Type: For detail information, refer to Table 4-1. z Version: Set to 1(0x01). z Maximum Area Address: Maximum number of area addresses supported.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-7 L1/L2 LAN IIH format z Reserved/Circuit Type: The first 6 bits are reserved with value 0. The last 2 bits indicates router types: 00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2. z Source ID: The system ID of the router advertising the hello packet.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. IV. LSP packet format The Link State PDUs (LSP) carries link state information. There are two types: Level-1 LSP and Level-2 LSP. The Level-2 LSP is sent by the Level-2 router, and the Level-1 LSP is sent by the Level-1 router. The level-1-2 router can sent both types of the LSPs.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-9 L1/L2 LSP format z PDU Length: Total length of the PDU in bytes. z Remaining Lifetime: LSP remaining lifetime in seconds. z LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). z Sequence Number: LSP sequence number. z Checksum: LSP checksum.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-10 LSDB overload z IS Type: Type of the router generating the LSP. V. SNP format The Sequence Number PDU (SNP) confirms the latest received LSPs. It is similar to the Acknowledge packet, but more efficient. SNP contains Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP and Level-2 PSNP.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 4-12 shows the PSNP packet format. Figure 4-12 L1/L2 PSNP format VI. CLV The variable fields of PDU are composed of multiple Code-Length-Value (CLV) triplets. Figure 4-13 shows the CLV format.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration CLV Code Name PDU Type 9 LSP Entries SNP 10 Authentication Information IIH, LSP, SNP 128 IP Internal Reachability Information LSP 129 Protocols Supported IIH, LSP 130 IP External Reachability Information L2 LSP 131 Inter-Domain Routing Protocol Information L2 LSP 132 IP Interface Address IIH, LSP Code 1 to 10 of CLV are defined in ISO 10589 (code 3 and 5 are not shown in the table), an
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration common LSP or non-zero for a Pseudonode LSP), and LSP Number (LSP fragment number) of the node or pseudo node that generated the LSP. The 1-byte LSP Number field, allowing a maximum of only 256 fragments to be generated by an IS-IS router, limits the amount of link information that the IS-IS router can advertise. The LSP fragment extension feature allows an IS-IS router to generate more LSP fragments.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration originating system only. Therefore, the IS-IS routers not supporting LSP fragment extension can operate normally without modifying the extended LSP fragments received, but some limitation is imposed on the link state information in the extended LSP fragments advertised by the virtual systems. z Mode-2: This mode is recommended in a network where all the routers support LSP fragment extension.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration z RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit z RFC 3787 - Recommendations for Interoperable IP Networks using IS-IS z RFC 3847 - Restart signaling for IS-IS 4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.3 Configuring IS-IS Basic Functions 4.3.1 Configuration Prerequisites Before the task, configure an IP address for each interface, making all adjacent nodes reachable to each other at the network layer. 4.3.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.4 Configuring IS-IS Routing Information Control 4.4.1 Configuration Prerequisites Before the configuration, accomplish the following tasks first: z Configure an IP address on each interface, and make sure all nodes are reachable. z Configure basic IS-IS functions 4.4.2 Specifying a Priority for IS-IS A router can run multiple routing protocols.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 4 IS-IS Configuration Use the command… Remarks Specify a cost style cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } Return to system view quit –– Enter interface view interface interface-type interface-number Required Specify a cost for the interface isis cost value [ level-1 | level-2 ] Optional Optional narrow by default Not specified by default II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Enable automatic IS-IS cost calculation Chapter 4 IS-IS Configuration Use the command… auto-cost enable Remarks Required Disabled by default.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration the size of routing tables, as well as the LSP and LSDB generated by the router itself. Both IS-IS and redistributed routes can be summarized. Follow these steps to configure route summarization: To do… Use the command...
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Enter system view system-view –– Enter IS-IS view isis [ process-id ] –– Configure inbound route filtering filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } import Required Not configured by default 4.4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Enable IS-IS route leaking Use the command… import-route isis level-2 into level-1 [ filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } | tag tag ] * Remarks Required Disabled by default Note: z If a filter policy is specified, only routes passing it can be advertised into Level-1 area.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest MAC address becomes the DIS. This rule applies even all routers’ DIS priority is 0. 4.5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: z On the broadcast link, you can specify different intervals for Level-1 and Level-2 hello packets; if no level is specified, the interval applies to both Level-1 and Level-2 hello packets, but only takes effect on the level of the current process; if a level is specified, it applies to hello packets at this level.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration The router will discard a LSP with incorrect checksum. You can configure the router to ignore the incorrect checksum, which means a LSP will be processed even with an incorrect LSP checksum. On the NBMA network, the router will flood a new LSP received from an interface to other interfaces. This can cause the LSP reflooding on the high connectivity networks.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Optional Not added by default Add the interface to a mesh group isis mesh-group [ mesh-group-number | mesh-blocked ] If the mesh-blocked keyword is included, the interface is blocked from flooding LSPs. It can send an LSP only after receiving a request.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 4 IS-IS Configuration Use the command... Remarks Enter system view system-view –– Enter IS-IS view isis [ process-id ] –– timer spf maximum-interval [ minimum-interval [ incremental-interval ] ] Optional Configure the SPF calculation intervals Specify the SPF calculation duration spf-slice-size duration-time Optional The default SPF calculation interval is 10 seconds. 10 milliseconds by default 4.5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The local host name on the local IS overwrites the remote host name on the remote IS. 4.5.8 Configuring IS-IS Authentication For area authentication, the area authentication password is encapsulated into the Level-1 LSP, CSNP, and PSNP packets. On area authentication enabled routers in the same area, the authentication mode and password must be same.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The level-1 and level-2 keywords in the isis authentication-mode command are only supported on a VLAN interface of a switch, and the interface must be configured with the isis enable command first. 4.5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.5.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 4 IS-IS Configuration Use the command… Remarks Display the host-name-to-system-ID mapping table display isis name-table [ process-id ] Available in any view Display IS-IS neighbor information display isis peer [ verbose ] [ process-id] Available in any view Display IS-IS routing information display isis route [ ipv4 ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] Available in any view Display SPF calculat
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration II. Network diagram Figure 4-14 Network diagram for IS-IS basic configuration III. Configuration procedure 1) Configure IP addresses for interfaces (omitted) 2) Configure IS-IS # Configure Switch A. system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchB] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------0000.0000.0001.00-00 0x00000006 0xdb60 988 68 0/0/0 0000.0000.0002.00-00* 0x00000008 0xe651 1189 68 0/0/0 0000.0000.0002.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchD] display isis lsdb Database information for ISIS(1) -------------------------------- Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -----------------------------------------------------------------------------0000.0000.0003.00-00 0x00000013 0xc73d 1003 100 0/0/0 0000.0000.0004.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------192.168.0.0/24 10 NULL Vlan300 Direct R/L/- 10.1.1.0/24 10 NULL Vlan100 Direct R/L/- 10.1.2.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.7.2 DIS Selection Configuration I. Network requirements As shown in Figure 4-15, Switch A, B, C and Switch D reside in IS-IS area 10 on a broadcast network (Ethernet). Switch A and Switch B are Level-1-2 switches, Switch C is a Level-1 switch, and Switch D is a Level-2 switch. Change the DIS priority of Switch A to make it selected as the Level-1-2 DIS router. II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchB-Vlan-interface100] quit # Configure Switch C. system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] is-level level-1 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit # Configure Switch D.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchA] display isis interface Interface information for ISIS(1) --------------------------------Interface: Vlan-interface100 Id IPV4.State 001 Up IPV6.State Down MTU Type DIS 1497 L1/L2 No/No # Display information about IS-IS interfaces of Switch C. [SwitchC] display isis interface Interface information for ISIS(1) --------------------------------Interface: Vlan-interface100 Id IPV4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up Type: L1(L1L2) HoldTime: 21s PRI: 64 System Id: 0000.0000.0003 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up Type: L1 HoldTime: 27s PRI: 64 System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up Type: L2(L1L2) HoldTime: 28s PRI: 64 System Id: 0000.0000.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up Type: L1 HoldTime: 7s PRI: 100 [SwitchC] display isis interface Interface information for ISIS(1) --------------------------------Interface: Vlan-interface100 Id IPV4.State IPV6.State MTU Type DIS 001 Up Down 1497 L1/L2 No/No # Display information about IS-IS neighbors and interfaces of Switch D.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Chapter 5 BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS route discovery protocol.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration z Supporting CIDR z Substantially reducing bandwidth occupation by advertising updating routes only and applicable to advertising a great amount of routing information on the Internet z Eliminating route loops completely by adding AS path information to BGP routes z Providing abundant routing policies to implement flexible route filtering and selection z Easy to extend, satisfying new network developme
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration z Length: The 2-byte unsigned integer indicates the total length of the message. z Type: This 1-byte unsigned integer indicates the type code of the message. The following type codes are defined: 1–Open, 2-Update, 3-Notification, 4–Keepalive, and 5–Route-refresh. The former four are defined in RFC1771, the last one defined in RFC2918. II.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-3 BGP Update message format Each Update message can advertise a group of feasible routes with similar attributes, which are contained in the network layer reachable information (NLRI) field. The Path Attributes field carries attributes of these routes that are used by BGP for routing. Each message can also carry multiple withdrawn routes in the Withdrawn Routes field.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration V. Keepalive Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. VI. Route-refresh A route-refresh message is sent to a peer to request the resending of the specified address family routing information. Its format is shown below: Figure 5-5 BGP Route-refresh message format AFI: Address Family Identifier. Res: Reserved. Set to 0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Name Category AGGREGATOR Optional transitive COMMUNITY Optional transitive MULTI_EXIT_DISC (MED) Optional non-transitive ORIGINATOR_ID Optional non-transitive CLUSTER_LIST Optional non-transitive II. Usage of BGP path attributes 1) ORIGIN ORIGIN is a well-known mandatory attribute and defines the origin of routing information and how a route becomes a BGP route.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-6 AS_PATH attribute In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. Note: The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements. The AS_PATH attribute can be used for route selection and filtering.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 5 BGP Configuration When sending a received route to an EBGP peer, a BGP speaker sets the NEXT_HOP for the route to the address of the sending interface. z When sending a route received from an EBGP peer to an IBGP peer, a BGP speaker does not modify the NEXT_HOP attribute. If load-balancing is configured, the NEXT_HOP attribute will be modified. For load-balancing information, refer to BGP Route Selection.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration In general, BGP compares MEDs of routes to the same AS only. Note: You can use the compare-different-as-med command to force BGP to compare MED values of routes to different ASs. 5) LOCAL_PREF This attribute is exchanged between IBGP peers only, thus not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 5 BGP Configuration No_Advertise: After received, routes with this attribute cannot be advertised to other BGP peers. z No_Export_Subconfed: After received, routes with this attribute cannot be advertised out the local AS or other ASs in the local confederation. 5.1.3 BGP Route Selection I.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration on route recursion is always enabled on the switch rather than configured using commands. BGP differs from IGP in the implementation of load balancing in the following: z IGP routing protocols such as RIP, OSPF compute metrics of routes, and then implement load balancing on routes with the same metric and to the same destination. The route selection criterion is metric.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration only once, with AS_PATH unchanged, NEXT_HOP changed to Router C’s address. Other BGP transitive attributes apply according to route selection rules. III. BGP route advertisement rules BGP supports the following route advertisement rules: z When multiple feasible routes exist, a BGP speaker advertises only the best route to its peers. z A BGP speaker advertises only routes used by itself.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration routing table can the IBGP router add the route into its BGP routing table and advertise the route to the EBGP peer. You can disable the synchronization feature in the following cases: z The local AS is not a transitive AS (AS20 is a transitive AS in the above figure). z IBGP routers in the local AS are fully meshed. 5.1.5 Settlements for Problems Caused by Large Scale BGP Networks I.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-12 BGP route dampening III. Peer group A peer group is a collection of peers with the same attributes. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If configuration of the peer group is changed, configuration of group members is also changed. There are many peers in a large BGP network. Some of these peers may be configured with identical commands.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Besides using the well-known community attribute, you can define the extended community attribute using a community list to help define a routing policy. V. Route reflector IBGP peers should be fully meshed to maintain connectivity. If there are n routers in an AS, the number of IBGP connections is n (n-1)/2. Therefore if there are many IBGP peers, most network and CPU resources will be consumed.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-14 Network diagram for route reflectors When clients of a route reflector are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. The system supports using related commands to disable route reflection in this case. Note: After route reflection is disabled between clients, routes between a client and a non-client can still be reflected. VI.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-15 Confederation network diagram From the perspective of a non-confederation speaker, it needs not know sub-ASs in the confederation. The ID of the confederation is the number of the AS. In the above figure, AS200 is the confederation ID. The deficiency of confederation is: when changing an AS into a confederation, you need to reconfigure your routers, and the topology will be changed.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z MP_UNREACH_NLRI: Chapter 5 BGP Configuration Multiprotocol Unreachable NLRI, for withdrawing unfeasible routes The above two attributes are both optional non-transitive, so BGP speakers not supporting multi-protocol ignore the two attributes and do not forward them to peers. III. Address family MP-BGP employs address family to differentiate network layer protocols. For address family values, refer to RFC 1700 (Assigned Numbers).
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Task Remarks Configuring BGP Basic Functions Controlling Route Distribution and Reception Required Configuring BGP Route Redistribution Optional Configuring BGP Route Summarization Optional Advertising a Default Route to a Peer or Peer Group Optional Configuring BGP Route Distribution Filtering Policies Optional Configuring BGP Route Reception Filtering Policies Optional Enabling BGP and IGP Rout
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.3.1 Prerequisites The neighboring nodes are accessible to each other at the network layer. 5.3.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 5 BGP Configuration Use the command… Remarks Optional Specify the source interface for establishing TCP connections to a peer or peer group peer { group-name | ip-address } connect-interface interface-type interface-number Allow the establishment of EBGP connection to a non directly connected peer/peer group peer { group-name | ip-address } ebgp-max-hop [ hop-count ] 5-21 By default, BGP uses the outbound interface
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: z It is required to specify for a BGP router a router ID, a 32-bit unsigned integer and the unique identifier of the router in the AS. z You can specify a router ID manually. If not, the system selects an IP address as the router ID. The selection sequence is the highest IP address among loopback interface addresses; if not available, then the highest IP address of interfaces.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.4.2 Configuring BGP Route Redistribution BGP can advertise the routing information of the local AS to peering ASs, but it redistributes routing information from IGP into BGP rather than self-finding. During route redistribution, BGP can filter routing information from specific routing protocols.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Follow these steps to configure BGP route summarization: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Configure BGP route summariza tion Configure automatic route summarization summary automatic Configure manual route summarization aggregate ip-address { mask | mask-length } [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 5 BGP Configuration Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Required to choose any; Configure the filtering of outgoing redistributed routes filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | | static ] Reference a routing policy to filter routes to a peer/peer group peer { group-name | ip-
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Reference an AS path ACL to filter routing information from a peer/peer group Chapter 5 BGP Configuration Use the command… peer { group-name | ip-address } as-path-acl as-path-acl-number import Remarks sequence: z z z z z Reference an IP prefix list to filter routing information from a peer/peer group peer { group-name | ip-address } ip-prefix ip-prefix-name import Specify the maximum number of routes that can be received fr
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.4.8 Configuring BGP Route Dampening By configuring BGP route dampening, you can suppress unstable routes from neither adding them to the local routing table nor advertising them to BGP peers.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the command… To do… Configure the MED attribute Remarks Configure the default MED value default med med-value Optional Enable the comparison of MED of routes from different ASs compare-differe nt-as-med Optional Enable the comparison of MED of routes from each AS bestroute compare-med Optional Enable the comparison of MED of routes from confederation peers bestroute med-confederati on Optiona
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the command… To do… Configure repeating times of local AS number in routes from a peer/peer group Configure the AS_PATH attribute peer { group-name | ip-address } allow-as-loop [ number ] Remarks Optional The local AS number can not be repeated in routes from the peer/peer group.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: z Using a routing policy can set preferences for routes matching it. Routes not matching it use the default preferences. z If other conditions are identical, the route with the smallest MED value is selected as the best external route. z Using the peer next-hop-local command can specify the router as the next hop for routes to a peer/peer group.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration bgp command to soft-reset BGP connections, to refresh the BGP routing table and apply the new policy without tearing down BGP connections. 3) Configure BGP authentication BGP employs TCP as the transport protocol. To enhance security, you can configure BGP to perform MD5 authentication when establishing a TCP connection. BGP MD5 authentication is not for BGP packets.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Configure BGP soft reset Chapter 5 BGP Configuration Use the command… Remarks Disable BGP route-refresh and multi-protocol extensions for a peer/peer group peer { group-name | ip-address } capability-advertise conventional Enable BGP route refresh for a peer/peer group peer { group-name | ip-address } capability-advertise route-refresh Keep all original routes from a peer/peer group regardless of whether they pass the inbou
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: z The maximum keepalive interval should be one third of the holdtime and no less than 1 second. The holdtime is no less than 3 seconds unless it is set to 0. z The intervals set with the peer timer command are preferred to those set with the timer command. z Use of the peer keep-all-routes command saves all routing updates from the peer regardless of whether any filtering policy is configured.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the command… To do… Remarks Enter system view system-view — Enter BGP view bgp as-number — Create an IBGP peer group group group-name [ internal ] Optional Add a peer into the IBGP peer group peer ip-address group group-name [ as-number as-number ] Create an EBGP peer group group group-name external Specify the AS number for the group peer group-name as-number as-number Add a peer into the
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Advertise the community attribute to a peer/peer group Advertise the community attribute to a peer/peer group peer { group-name | ip-address } advertise-community Required Advertise the extended community attribute to a peer/peer group peer { group-name | ip-address } advertise-ext-community Apply a rout
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 5 BGP Configuration Use the command… Remarks Optional Configure the cluster ID of the route reflector reflector cluster-id cluster-id By default, a route reflector uses its router ID as the cluster ID. Note: z In general, it is not required to make clients of a route reflector fully meshed. The route reflector forwards routing information between clients.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: z A confederation contains 32 sub-ASs at most. The as-number of a sub-AS takes effect in the confederation only. z If routers not compliant with RFC 3065 exist in the confederation, you can use the confederation nonstandard command to make the local router compatible with these routers. 5.8 Displaying and Maintaining BGP 5.8.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Display BGP routing information originating from different ASs display bgp routing-table different-origin-as Display BGP routing flap statistics display bgp routing-table flap-info [ regular-expression as-regular-expression | as-path-acl as-path-acl-number | ip-address [ { mask | mask-length } [ longer-match ] ] ] Display routing information to or from a peer display bgp routing-t
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.8.3 Clearing BGP Information To do… Use the command… Clear dampened MBGP routing information and release suppressed routes reset bgp dampening [ ip-address [ mask | mask-length ] ] Clear route flap information reset bgp flap-info [ regexp as-path-regexp | as-path-acl as-path-acl-number | ip-address [ mask | mask-length ] ] Remarks Available in user view 5.9 BGP Configuration Examples 5.9.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] peer 9.1.3.2 as-number 65009 [SwitchB-bgp] quit # Configure Switch C. system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 9.1.3.1 as-number 65009 [SwitchC-bgp] peer 9.1.2.2 as-number 65009 [SwitchC-bgp] quit # Configure Switch D.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 9.1.1.2 4 65009 56 56 0 0 00:40:54 Established 9.1.3.2 4 65009 49 62 0 0 00:44:58 Established 200.1.1.2 4 65008 49 65 0 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches i 8.0.0.0 Chapter 5 BGP Configuration 200.1.1.2 0 100 0 65008i Note: From the above outputs, you can find Switch A has learned no route to AS65009, and Switch C has learned network 8.0.0.0 but the next hop 200.1.1.2 is unreachable, so the route is invalid. 4) Redistribute direct routes # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display BGP routing table information on Switch A.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration * i 9.1.3.0/24 9.1.3.1 0 100 0 ? *>i 200.1.1.0 9.1.3.1 0 100 0 ? You can find the route 8.0.0.0 becomes valid with the next hop being Switch A. # Ping 8.1.1.1 on Switch C. [SwitchC] ping 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=31 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=47 ms Reply from 8.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration system-view [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 3.1.1.1 as-number 65009 # Inject network 8.1.1.0/24 to the BGP routing table. [SwitchA-bgp] network 8.1.1.0 24 [SwitchA-bgp] quit # Configure Switch B. system-view [SwitchB] bgp 65009 [SwitchB-bgp] peer 3.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Destination/Mask Proto Pre Cost NextHop Interface 8.1.1.0/24 O_ASE 150 1 9.1.1.1 Vlan300 9.1.1.0/24 Direct 0 0 9.1.1.2 Vlan300 9.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 9.1.2.0/24 Direct 0 0 9.1.2.1 Vlan400 9.1.2.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.9.3 BGP Load Balancing and MED Attribute Configuration I. Network requirements z Configure BGP on all switches; Switch A is in AS65008, and Switch B and C in AS65009. z Between Switch A and B, and between Switch A and C are EBGP connections, and an IBGP connection is between Switch B and C. II. Network diagram Figure 5-18 Network diagram for BGP load balancing configuration III.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration # Configure Switch C. system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.2.2 as-number 65008 [SwitchC-bgp] peer 9.1.1.1 as-number 65009 [SwitchC-bgp] network 9.1.1.0 255.255.255.0 [SwitchC-bgp] quit # Display the routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration *> 8.0.0.0 0.0.0.0 0 0 i *> 9.1.1.0/24 200.1.1.1 0 0 65009i 200.1.2.1 0 0 65009i *> The route 9.1.1.0/24 has two next hops 200.1.1.1 and 200.1.2.1, and both are the optimal. 4) Configure MED # Configure the default MED of Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] default med 100 # Display the routing table on Switch A.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Figure 5-19 Network diagram for BGP community configuration III. Configuration procedure 1) Configure IP addresses for interfaces (omitted) 2) Configure EBGP # Configure Switch A. system-view [SwitchA] bgp 10 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 200.1.2.2 as-number 20 [SwitchA-bgp] network 9.1.1.0 255.255.255.0 [SwitchA-bgp] quit # Configure Switch B.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1 AS-path : 10 Origin : igp Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Advertised to such 1 peers: 200.1.3.2 Switch B advertised routes to Switch C in AS30.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Paths: Chapter 5 BGP Configuration 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1 Community : No-Export AS-path : 10 Origin : igp Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Not advertised to any peers yet The route 9.1.1.0/24 is not available in the routing table of Switch C. 5.9.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B. system-view [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 193.1.1.1 as-number 200 [SwitchB-bgp] peer 193.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network NextHop MED 1.0.0.0 192.1.1.1 0 LocPrf PrefVal Path/Ogn 0 100i # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Device Switch A Switch B Switch C Interface Vlan-int100 Vlan-int200 Vlan-int300 Vlan-int400 Vlan-int500 Vlan-int200 Vlan-int300 IP address 200.1.1.1/24 10.1.1.1/24 10.1.2.1/24 10.1.3.1/24 10.1.4.1/24 10.1.1.2/24 10.1.2.2/24 Device Switch D Switch E Switch F Interface Vlan-int400 Vlan-int200 Vlan-int500 Vlan-int200 Vlan-int200 Vlan-int100 IP address 10.1.3.2/24 10.1.5.1/24 10.1.4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchB-bgp] peer 10.1.1.1 as-number 65001 [SwitchB-bgp] quit # Configure Switch C. system-view [SwitchC] bgp 65003 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] confederation id 200 [SwitchC-bgp] confederation peer-as 65001 65002 [SwitchC-bgp] peer 10.1.2.1 as-number 65001 [SwitchC-bgp] quit 3) Configure IBGP connections in AS65001. # Configure Switch A.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration system-view [SwitchF] bgp 100 [SwitchF-bgp] router-id 6.6.6.6 [SwitchF-bgp] peer 200.1.1.1 as-number 200 [SwitchF-bgp] network 9.1.1.0 255.255.255.0 [SwitchF-bgp] quit 5) Verify above configuration # Display the routing table on Switch B. [SwitchB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 2.2.2.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *>i Network NextHop MED LocPrf 9.1.1.0/24 10.1.3.1 0 100 PrefVal Path/Ogn 0 100i [SwitchD] display bgp routing-table 9.1.1.0 BGP local router ID : 4.4.4.4 Local AS number : 65001 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 10.1.3.1 (1.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Device Switch A Switch B Interface Vlan-int101 Vlan-int100 Vlan-int200 Vlan-int100 Vlan-int300 IP address 1.0.0.1/8 192.1.1.1/24 193.1.1.1/24 192.1.1.2/24 194.1.1.2/24 Device Switch D Switch C Interface Vlan-int400 Vlan-int300 Vlan-int400 Vlan-int200 Figure 5-22 Network diagram for BGP path selection configuration III.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit 3) Configure BGP connections # Configure Switch A. system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 50 [SwitchA-route-policy] quit [SwitchA] route-policy apply_med_100 permit node 10 [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 100 [SwitchA-route-policy] quit # Apply routing policy apply_med_50 to the route advertised to peer 193.1.1.2 (Switch C), and apply_med_100 to the route advertised to peer 192.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchC] bgp 200 [SwitchC-bgp] peer 193.1.1.1 route-policy localpref import [SwitchC-bgp] quit # Display the routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Chapter 6 Routing Policy Configuration Note: The term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols. A routing policy is used on a router for route inspection, filtering, attributes modification when routes are received, advertised, or redistributed.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration When distributing or receiving routing information, a router can use a routing policy to filter routing information.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration V. Extended community list Extended community list (extcommunity-list) applies to BGP only. It involves two attributes: Route-Target extcommunity for VPN, Source of Origin extcommunity. An extcommunity-list specifies matching conditions according to the two attributes. VI.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Task Creating a Routing Policy Configuring a Routing Policy Defining if-match Clauses for the Routing Policy Defining apply Clauses for the Routing Policy 6.3 Defining Filtering Lists 6.3.1 Prerequisites Before configuring this task, you need to decide on: z IP-prefix list name z Matching address range z Extcommunity list sequence number 6.3.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration system-view [Sysname] ip ipv6-prefix abc index 10 deny 10.1.0.0 16 [Sysname] ip ipv6-prefix abc index 20 deny 10.2.0.0 16 [Sysname] ip ipv6-prefix abc index 30 deny 10.3.0.0 16 [Sysname] ip ipv6-prefix abc index 40 permit 0.0.0.0 0 less-equal 32 6.3.3 Defining an AS Path List You can define multiple items for an AS path ACL that is identified by number.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration 6.3.5 Defining an Extended Community List You can define multiple items for an extended community list that is identified by number. During matching, the relation between items is logic OR, that is, if routing information matches one of these items, it passes the extended community list.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do… Use the command… Remarks Enter system view system-view — Create a routing policy and enter its view route-policy route-policy-name { permit | deny } node node-number Required Note: z If a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match against the next node.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do… Use the command… Match routes having AS path attributes specified in the AS path list (s) if-match as-path as-path-number&<1-16> Match routes having community attributes in the specified community list(s) if-match community { basic-community-list-n umber [ whole-match ] | adv-community-list-num ber }&<1-16> Remarks Optional Not configured by default Optional Not configured by default Opt
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration 6.4.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches To do… Chapter 6 Routing Policy Configuration Use the command… Remarks Set a preference for the matched routing protocol apply preference preference Optional Set a preferred value for BGP routes apply preferred-value preferred-value Optional Set a tag value for RIP, OSPF or IS-IS routes apply tag value Not set by default Not set by default Optional Not set by default Note: The apply ip-address next-hop command do not apply to
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches z Chapter 6 Routing Policy Configuration On Switch B, configure route redistribution from IS-IS to OSPF and apply a routing policy to set attributes of redistributed routes, setting the cost of route 172.17.1.0/24 to 100, tag of route 172.17.2.0/24 to 20. II. Network diagram Figure 6-1 Network diagram for routing policy application to route redistribution III. Configuration procedure 1) Specify IP addresses for interfaces (omitted).
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration [SwitchB] isis [SwitchB-isis-1] is-level level-2 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable [SwitchB-Vlan-interface200] quit 3) Configure OSPF and route redistribution # Configure Switch A: enable OSPF. system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches 4) Chapter 6 Routing Policy Configuration Configure filtering lists # Configure an ACL with the number of 2002, letting pass route 172.17.2.0/24. [SwitchB] acl number 2002 [SwitchB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255 [SwitchB-acl-basic-2002] quit # Configure an IP prefix list named prefix-a, letting pass route 172.17.1.0/24. [SwitchB] ip ip-prefix prefix-a index 10 permit 172.17.1.
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches 192.168.2.0/24 Chapter 6 Routing Policy Configuration 1 Type2 1 192.168.1.2 192.168.2.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0 6.7 Troubleshooting Routing Policy Configuration 6.7.1 IPv4 Routing Information Filtering Failure I. Symptom Filtering routing information failed, while routing protocol runs normally. II.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Static Routing Configuration ............................................................................. 1-1 1.1 Introduction to IPv6 Static Routing .................................................................................... 1-1 1.1.1 Features of IPv6 Static Routes ............................................................................... 1-1 1.1.2 Default IPv6 Route .....
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 3.1.4 Timers of OSPFv3................................................................................................... 3-3 3.1.5 OSPFv3 Features Supported.................................................................................. 3-3 3.1.6 Related RFCs.......................................................................................................... 3-3 3.2 IPv6 OSPFv3 Configuration Task List ...........
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 4.5 IPv6 IS-IS Configuration Example ..................................................................................... 4-5 Chapter 5 IPv6 BGP Configuration .............................................................................................. 5-1 5.1 IPv6 BGP Overview ........................................................................................................... 5-1 5.2 Configuration Task List ...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 5.9 IPv6 BGP Configuration Examples.................................................................................. 5-23 5.9.1 IPv6 BGP Basic Configuration .............................................................................. 5-23 5.9.2 IPv6 BGP Route Reflector Configuration.............................................................. 5-25 5.10 Troubleshooting IPv6 BGP Configuration...........................
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration Chapter 1 IPv6 Static Routing Configuration Note: z The term “router” in this document refers to a Layer 3 switch running routing protocols. z At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6. 1.1 Introduction to IPv6 Static Routing Static routes are special routes that are manually configured by network administrators. They work well in simple networks.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration 1.2.1 Configuration prerequisites z Enabling IPv6 packet forwarding z Ensuring that the neighboring nodes are IPv6 reachable 1.2.2 Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration II. Network diagram Figure 1-1 Network diagram for static routes III. Configuration procedure 1) Configure the IPv6 addresses of all VLAN interfaces (Omitted) 2) Configure IPv6 static routes. # Configure the default IPv6 static route on Switch A. system-view [SwitchA] ipv6 [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on Switch B.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration Destination: ::/0 Protocol : Static NextHop : 4::2 Preference: 60 Interface : Vlan200 Cost : 0 Destination: ::1/128 Protocol NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface : Vlan100 Cost : 0 Destination: 1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLo
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Chapter 2 IPv6 RIPng Configuration Note: z The term “router” in this document refers to a Layer 3 switch running routing protocols. z At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6. 2.1 Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration z Destination address: IPv6 address of a host or a network. z Next hop address: IPv6 address of a neighbor along the path to the destination. z Egress interface: Outbound interface that forwards IPv6 packets. z Metric: Cost from the local router to the destination. z Route time: Time that elapsed since a route entry is last changed.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Figure 2-3 shows the format of the IPv6 prefix RTE. 0 7 15 31 IPv6 prefix (16 octets) Route tag Prefix length Metric Figure 2-3 IPv6 prefix RTE format z IPv6 prefix: Destination IPv6 address prefix. z Route tag: Route tag. z Prefix len: Length of the IPv6 address prefix. z Metric: Cost of a route. 2.1.3 RIPng Packet Processing Procedure I.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration 2.2 Configuring RIPng Basic Functions In this section, you are presented with the information to configure the basic RIPng features. You need to enable RIPng first before configuring other tasks, but it is not necessary for RIPng related interface configurations, such as assigning an IPv6 address. 2.2.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches z Chapter 2 IPv6 RIPng Configuration Define an IPv6 ACL before using it for route filtering. Refer to ACL configuration for related information. z Define an IPv6 address prefix list before using it for route filtering. Refer to section 6.2.2 "Defining an IPv6 Prefix List" for related information. 2.3.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 2 IPv6 RIPng Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration To do... Use the command... Remarks Enter system view system-view — Enter RIPng view ripng [ process-id ] — Configure a RIPng priority preference [ route-policy route-policy-name ] preference Optional By default, the RIPng priority is 100. 2.3.6 Configuring RIPng Route Redistribution Follow these steps to configure RIPng route redistribution: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Follow these steps to configure RIPng timers: To do... Use the command... Remarks Enter system view system-view — Enter RIPng view ripng [ process-id ] — Optional.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Enable the split horizon function Chapter 2 IPv6 RIPng Configuration Use the command... ripng split-horizon Remarks Optional Enabled by default Note: Generally, you are recommended to enable the split horizon to prevent routing loops. II. Configuring the poison reverse function The poison reverse function enables a route learned from an interface to be advertised via the interface.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration 2.4.4 Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration III. Configuration procedure 1) Configure the IPv6 address for each interface (omitted) 2) Configure basic RIPng functions # Configure Switch A.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost Peer FE80::20F:E2FF:FE00:100 1, tag 0, A, 6 Sec on Vlan-interface200 Dest 3
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost Peer FE80::20F:E2FF:FE00:100 1, tag 0, A, 2 Sec on Vlan-interface200 Dest 4
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Chapter 3 IPv6 OSPFv3 Configuration Note: z The term “router” in this document refers to a Layer 3 switch running routing protocols. z At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6. 3.1 Introduction to OSPFv3 3.1.1 OSPFv3 Overview OSPFv3 is OSPF (Open Shortest Path First) version 3 for short, supporting IPv6 and compliant with RFC2740 (OSPF for IPv6).
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Figure 3-1 OSPFv3 packet header Major fields: z Version #: Version of OSPF, which is 3 for OSPFv3. z Type: Type of OSPF packet, from 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively. z Packet Length: Packet length in bytes, including header. z Instance ID: Instance ID for a link. z 0: Reserved, which must be 0. 3.1.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.1.4 Timers of OSPFv3 Timers in OSPFv3 include: z OSPFv3 packet timer z LSA delay timer z SPF timer I. OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 3 IPv6 OSPFv3 Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.4.2 Configuring an OSPFv3 Stub Area Follow these steps to configure an OSPFv3 stub area: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Create and configure a virtual link Use the command... Remarks vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | instance instance-id ] * Required Note: Both ends of a virtual link are ABRs that are configured with the vlink-peer command. 3.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.5.3 Configuring OSPFv3 Inbound Route Filtering You can configure OSPFv3 to filter routes that are computed from received LSAs according to some rules. Follow these steps to configure inbound route filtering: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Specify the maximum number of load-balanced routes maximum load-balancing maximum Remarks Optional 4 by default 3.5.6 Configuring a Priority for OSPFv3 A router may run multiple routing protocols. The system assigns a priority for each protocol. When these routing protocols find the same route, the route found by the protocol with the highest priority is selected.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Note: z Using the import-route command on a router makes the router become an ASBR. z Since OSPFv3 is a link state based routing protocol, it cannot directly filter LSAs to be advertised. Therefore, you need to configure filtering redistributed routes before advertising routes that are not filtered in LSAs into the routing domain.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 3 IPv6 OSPFv3 Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.6.4 Ignoring MTU Check for DD Packets When LSAs are few in DD packets, it is unnecessary to check MTU in DD packets in order to improve efficiency. Follow these steps to ignore MTU check for DD packets: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 3 IPv6 OSPFv3 Configuration Use the command... Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Enable the logging on neighbor state changes log-peer-change Required Enabled by default 3.7 Displaying and Maintaining OSPFv3 To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchD] interface Vlan-interface 400 [SwitchD-Vlan-interface400] ospfv3 1 area 2 [SwitchD-Vlan-interface400] quit # Display OSPFv3 neighbor information on Switch B. [SwitchB] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------Neighbor ID Pri State Dead Time Interface Instance ID 3.3.3.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches NextHop Chapter 3 IPv6 OSPFv3 Configuration : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type : I Cost : 1 NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 3) : 4 Configure Area 2 as a stub area # Configure Switch D [SwitchD] ospfv3 [SwitchD-ospfv3-1] area 2 [SwitchD-ospfv3-1-area-0.0.0.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Type : I Cost : 1 NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 4) Type : IA Cost : 4 NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Switch C, the ABR, to make Area 2 as a totally stub area. [SwitchC-ospfv3-1-area-0.0.0.2] stub no-summary # Display OSPFv3 routing table information on Switch D.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration II. Network diagram Figure 3-3 Network diagram for OSPFv3 DR election configuration III. Configuration procedure 1) Configure IPv6 addresses for interfaces (omitted) 2) Configure OSPFv3 basic functions # Configure Switch A system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit # Configure Switch D system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchB-Vlan-interface200] quit #Configure the DR priority of Switch C as 2. [SwitchC] interface Vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 dr-priority 2 [SwitchC-Vlan-interface100] quit # Display neighbor information on Switch A. You can find DR priorities have been updated, but DR and BDR are not changed. [SwitchA] display ospfv3 peer OSPFv3 Area ID 0.0.0.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches 3.3.3.3 2 Chapter 3 IPv6 OSPFv3 Configuration Full/Backup 00:00:32 Vlan100 0 3.9 Troubleshooting OSPFv3 Configuration 3.9.1 No OSPFv3 Neighbor Relationship Established I. Symptom No OSPF neighbor relationship can be established. II. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches 3) Chapter 3 IPv6 OSPFv3 Configuration Use the display ospfv3 lsdb command to display Link State Database information to check integrity. 4) Display information about area configuration using the display current-configuration configuration command. If more than two areas are configured, at least one area is connected to the backbone. 5) In a Stub area, all routers are configured with the stub command.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration Chapter 4 IPv6 IS-IS Configuration Note: z IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to the part discussing IPv4 routing. z The term “router” in this document refers to a Layer 3 switch running routing protocols.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration 4.2 Configuring IPv6 IS-IS Basic Functions Note: You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. 4.2.1 Configuration Prerequisites Before the configuration, accomplish the following tasks first: z Enable IPv6 globally z Configure IP addresses for interfaces, and make sure all neighboring nodes are reachable. z Enable IS-IS 4.2.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration 4.3 Configuring IPv6 IS-IS Routing Information Control 4.3.1 Configuration Prerequisites You need to complete the IPv6 IS-IS basic function configuration before configuring this task. 4.3.2 Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration Note: The ipv6 filter-policy export command, usually used in combination with the ipv6 import-route command, filters redistributed routes when advertising them to other routers. If no protocol is specified, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement. 4.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration To do... Clear the IS-IS data information of a neighbor Use the command... reset isis peer system-id [ process-id ] Remarks Available in user view 4.5 IPv6 IS-IS Configuration Example I. Network requirements As shown in Figure 4-1, Switch A, Switch B, Switch C and Switch D reside in the same autonomous system, and all are enabled with IPv6.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration [SwitchA-Vlan-interface100] quit # Configure Switch B. system-view [SwitchB] isis 1 [SwitchB-isis-1] is-level level-1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] ipv6 enable [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis ipv6 enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Chapter 5 IPv6 BGP Configuration Note: z This chapter describes only configuration for IPv6 BGP. For other related information, refer to the part discussing IPv4 routing. z At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration IPv6 BGP utilizes BGP multiprotocol extensions for application in IPv6 networks. The original messaging and routing mechanisms of BGP are not changed. 5.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Task Configuring a Large Scale IPv6 BGP Network Remarks Configuring IPv6 BGP Peer Group Optional Configuring IPv6 BGP Community Optional Configuring an IPv6 BGP Route Reflector Optional 5.3 Configuring IPv6 BGP Basic Functions 5.3.1 Prerequisites Before configuring this task, you need to: z Specify IP addresses for interfaces. z Enable IPv6.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.3.3 Advertising a Local IPv6 Route Follow these steps to configure advertise a local route into the routing table: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.3.5 Specifying the Source Interface for Establishing TCP Connections Follow these steps to specify the source interface for establishing TCP connections to a BGP peer or peer group: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Allow the establishment of EBGP connection to a non directly connected peer/peer group peer { ipv6-group-name | ipv6-address } ebgp-max-hop [ hop-count ] Remarks Required Not configured by default Caution: In general, direct links should be available between EBGP peers. If not, you can use the peer ebgp-max-hop command to establish a multi-hop TCP connection in between.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter IPv6 address family view ipv6-family — Disable session establishment to a peer/peer group peer { ipv6-group-name | ipv6-address } ignore Optional Not disabled by default 5.3.9 Logging Peer State Changes Follow these steps to configure to log on the session and event information of a peer/peer group: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.4.2 Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution and filtering: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Note: With the peer default-route-advertise command used, the local router advertises a default route with itself as the next hop to the specified peer/peer group, regardless of whether the default route is available in the routing table. 5.4.4 Configuring Route Distribution Policy Follow these steps to configure policies for route distribution: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.4.5 Configuring Route Reception Policy Follow these steps to configure route reception policy: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration By default, when a BGP router receives an IBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the IBGP route is advertised by IGP can the route be advertised to EBGP peers. Follow these steps to configure IPv6 BGP and IGP route synchronization: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration z Enabled IPv6 function z Configured IPv6 BGP basic functions 5.5.2 Configuring IPv6 BGP Preference and Default LOCAL_PREF and NEXT_HOP Attributes Follow these steps to perform this configuration: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 5 IPv6 BGP Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Substitute local AS number for the AS number of a peer/peer group indicated in the AS_PATH attribute Chapter 5 IPv6 BGP Configuration Use the command... peer { ipv6-group-name | ipv6-address } substitute-as Remarks Optional Not substituted by default 5.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Enable route refresh Use the command... Remarks peer { ipv6-group-name | ipv6-address } capability-advertise route-refresh Optional Enabled by default II. Perform manual soft-reset Follow these steps to perform manual soft reset: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Configure the maximum number of load balanced routes Use the command... Remarks Required balance number By default, no load balancing is enabled. 5.7 Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter system view system-view Enter BGP view bgp as-number Enter IPv6 address family view ipv6-family — Create an IBGP peer group group ipv6-group-name [ internal ] Required Add a peer into the group peer ipv6-address group ipv6-group-name [ as-number as-number ] Required — Required Not enabled by default Not added by default II.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 5 IPv6 BGP Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration II. Apply a routing policy to routes advertised to a peer/peer group Follow these steps to apply a routing policy to routes advertised to a peer/peer group: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Note: z In general, since the route reflector forwards routing information between clients, it is not required to make clients of a route reflector fully meshed. If clients are fully meshed, it is recommended to disable route reflection between clients to reduce routing costs.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.9 IPv6 BGP Configuration Examples Note: Some examples for IPv6 BGP configuration are similar to those of BGP-4, so refer to the sections covering BGP in the IPv4 routing part for related information. 5.9.1 IPv6 BGP Basic Configuration I. Network requirements In the following figure are all IPv6 BGP switches. Between Switch A and Switch B is an EBGP connection.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration # Configure Switch C. system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer 9:3::1 as-number 65009 [SwitchC-bgp-af-ipv6] peer 9:2::2 as-number 65009 [SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit # Configure Switch D. system-view [SwitchD] ipv6 [SwitchD] bgp 65009 [SwitchD-bgp] router-id 4.4.4.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 4 65008 3 3 0 0 00:01:16 Established 9:3::2 4 65009 2 3 0 0 00:00:40 Established 9:1::2 4 65009 2 4 0 0 00:00:19 Established # Display IPv6 peer information on Switch C. [SwitchC] display bgp ipv6 peer BGP local router ID : 3.3.3.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration III. Configuration procedure 1) Configure IPv6 addresses for VLAN interfaces (omitted) 2) Configure IPv6 BGP basic functions # Configure Switch A. system-view [SwitchA] ipv6 [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 100::2 as-number 200 [SwitchA-bgp-af-ipv6] network 1:: 64 #Configure Switch B.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64. 5.10 Troubleshooting IPv6 BGP Configuration 5.10.1 No IPv6 BGP Peer Relationship Established I. Symptom Display BGP peer information using the display bgp ipv6 peer command. The state of the connection to the peer cannot become established. II.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Chapter 6 Routing Policy Configuration Note: At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6. 6.1 Introduction to Routing Policy 6.1.1 Routing Policy A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration An IP prefix list is identified by name. Each IP prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in the network prefix format. The index number indicates the matching sequence of items in the IP prefix list. During matching, the router compares the packet with the items in the ascending order.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches z Chapter 6 Routing Policy Configuration When receiving or advertising routing information, a routing protocol uses the routing policy to filter routing information. 6.2 Defining Filtering Lists 6.2.1 Prerequisites Before configuring this task, you need to decide on: z IP-prefix list name z Matching address range z Extcommunity list sequence number 6.2.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration [Sysname] ip ip-prefix abc index 40 permit :: 0 less-equal 128 6.2.3 Defining an AS Path List You can define multiple items for an AS path ACL that is identified by number. During matching, the relation between items is logical OR, that is, if the route matches one of these items, it passes the AS path ACL. Follow these steps to define an AS path ACL: To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 6 Routing Policy Configuration Use the command... Enter system view system-view Define an extended community list ip extcommunity-list ext-comm-list-number { deny | permit } { rt route-target }&<1-16> Remarks — Required Not defined by default 6.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Note: z If a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match against the next node. If routing information does not meet the node’s conditions, it will go to the next node for a match. z If a node is specified as deny, the apply clauses of the node will not be executed.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches To do... Chapter 6 Routing Policy Configuration Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Note: The apply ipv6 next-hop commands do not apply to redistributed IPv6 routes respectively. 6.4 Displaying and Maintaining the Routing Policy To do... Use the command...
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration II. Network diagram Figure 6-1 Network diagram for routing policy application to route redistribution III. Configuration procedure 1) Configure Switch A # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200.
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration # Configure the IPv6 address for VLAN-interface 100. [SwitchB] ipv6 [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 10::2 32 # Enable RIPng on VLAN-interface 100. [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Enable RIPng. [SwitchB] ripng # Display RIPng routing table information.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Basics Configuration .......................................................................................... 1-1 1.1 IPv6 Overview.................................................................................................................... 1-1 1.1.1 IPv6 Features ..........................................................................................................
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Table of Contents 3.3 Configuring IPv6 Manual Tunnel ....................................................................................... 3-4 3.3.1 Configuration Prerequisites..................................................................................... 3-4 3.3.2 Configuration Procedure ......................................................................................... 3-4 3.3.3 Configuration Example.................
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Chapter 1 IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: z IPv6 Overview z IPv6 Basics Configuration Task List z Configuring Basic IPv6 Functions z Configuring IPv6 NDP z Configuring PMTU Discovery z Configuring IPv6 TCP Properties z Configuring ICMPv6 Packet Sending z Configuring IPv6 DNS z Displaying and Mainta
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.1.1 IPv6 Features I. Header format simplification IPv6 cuts down some IPv4 header fields or move them to the IPv6 extension headers to reduce the length of the basic IPv6 header. IPv6 uses the basic header with a fixed length, thus making IPv6 packet handling simple and improving the forwarding efficiency.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches z Chapter 1 IPv6 Basics Configuration Stateless address configuration means that a host automatically configures an IPv6 address and related information on basis of its own link-layer address and the prefix information advertised by a router. In addition, a host can generate a link-local address on basis of its own link-layer address and the default prefix (FE80::/64) to communicate with other hosts on the link. V.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches z Chapter 1 IPv6 Basics Configuration Leading zeros in each group can be removed. For example, the above-mentioned address can be represented in shorter format as 2001:0:130F:0:0:9C0:876A:130B. z If an IPv6 address contains two or more consecutive groups of zeros, they can be replaced by the double-colon :: option.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: There are no broadcast addresses in IPv6. Their function is superseded by multicast addresses. The type of an IPv6 address is designated by the first several bits called format prefix. Table 1-1 lists the mappings between address types and format prefixes. Table 1-1 Mapping between address types and format prefixes Type Format prefix (binary) IPv6 prefix ID Unassigned address 00...
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches z Chapter 1 IPv6 Basics Configuration Unassigned address: The unicast address "::” is called the unassigned address and may not be assigned to any node. Before acquiring a valid IPv6 address, a node may fill this address in the source address field of an IPv6 packet, but may not use it as a destination IPv6 address. IV. Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Figure 1-2 Convert a MAC address into an EUI-64 interface identifier 1.1.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches ICMPv6 message Chapter 1 IPv6 Basics Configuration Number Function Used to respond to an RS message Router advertisement (RA) message Redirect message With the RA message suppression disabled, the router regularly sends an RA message containing information such as prefix information options and flag bits.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches 1) Chapter 1 IPv6 Basics Configuration Node A sends an NS message whose destination address is the IPv6 address of node B. 2) If node A receives an NA message from node B, node A considers that node B is reachable. Otherwise, node B is unreachable. III.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches 2) Chapter 1 IPv6 Basics Configuration The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) 3) The node automatically configures an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Figure 1-5 Working procedure of the PMTU discovery The working procedure of the PMTU discovery is as follows: 1) The source host uses its MTU to fragment packets and then sends them to the destination host.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration z RFC 2375: IPv6 Multicast Address Assignments z RFC 2460: Internet Protocol, Version 6 (IPv6) Specification.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.3.2 Configuring an IPv6 Unicast Address IPv6 site-local addresses and aggregatable global unicast addresses can be configured in the following ways: z EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the IPv6 address prefix of an interface is the configured prefix and the interface identifier is derived from the link-layer address of the interface.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: z After an IPv6 site-local address or aggregatable global unicast address is configured for an interface, a link-local address will be generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface, this link-local address takes effect.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do... Use the command... Remarks Enter system view system-view — Configure a static neighbor entry ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number } Required Caution: You can adopt either of the two methods above to configure a static neighbor entry for a VLAN interface.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.4.3 Configuring Parameters Related to an RA Message You can configure whether the interface sends an RA message, the interval for sending RA messages, and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 1-4 lists the configurable parameters in an RA message and their descriptions.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: The values of the Retrans Timer field and the Reachable Time field configured for an interface are sent to hosts via RA messages. Furthermore, this interface sends NS messages at intervals of Retrans Timer and considers a neighbor reachable within the time of Reachable Time.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches To do… Chapter 1 IPv6 Basics Configuration Use the command… Remarks Optional Set the O flag bit to 1. ipv6 nd autoconfig other-flag Configure the router lifetime in RA messages ipv6 nd ra router-lifetime value By default, the O flag bit is set to 0, that is, hosts acquire other information through stateless autoconfiguration. Optional 1,800 seconds by default.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches To do… Configure the number of attempts to send an NS message for DAD Chapter 1 IPv6 Basics Configuration Use the command… Remarks Optional ipv6 nd dad attempts value 1 by default. When the value argument is set to 0, DAD is disabled. 1.5 Configuring PMTU Discovery 1.5.1 Configuring a Static PMTU for a Specified IPv6 Address You can configure a static PMTU for a specified destination IPv6 address.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.6 Configuring IPv6 TCP Properties The IPv6 TCP properties you can configure include: z synwait timer: When a SYN packet is sent, the synwait timer is triggered. If no response packet is received before the synwait timer expires, the IPv6 TCP connection establishment fails. z finwait timer: When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Follow these steps to configure the capacity and update period of the token bucket: To do… Enter system view Use the command… Remarks — system-view Optional Configure the capacity and update period of the token bucket ipv6 icmp-error { bucket bucket-size | ratelimit interval } * By default, the capacity of a token bucket is 10 and the update period is 100 milliseconds.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.8.2 Configuring Dynamic IPv6 Domain Name Resolution If you want to use the dynamic domain name function, you can use the following command to enable the dynamic domain name resolution function. In addition, you should configure a DNS server so that a query request message can be sent to the correct server for resolution. The system can support at most six DNS servers.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.9 Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name cache information.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do… Use the command… Clear IPv6 dynamic domain name cache information reset dns ipv6 dynamic-host Clear IPv6 neighbor information reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static } Clear the corresponding PMTU reset ipv6 pathmtu { all | static | dynamic} Clear the statistics of IPv6 and ICMPv6 packets reset ipv6 statistics [ s
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration # Enable the IPv6 packet forwarding function. system-view [SwitchA] ipv6 # Configure VLAN-interface 2 to automatically generate a link-local address. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address auto link-local # Configure an EUI-64 address for VLAN-interface 2.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Display the IPv6 information of the interface on Switch B.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration bytes=56 Sequence=3 hop limit=255 time = 60 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=4 hop limit=255 time = 70 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=5 hop limit=255 time = 60 ms --- FE80::20F:E2FF:FE00:1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration bytes=56 Sequence=5 hop limit=255 time = 60 ms --- 3001::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/60/70 ms 1.11 Troubleshooting IPv6 Basics Configuration I. Symptom The peer IPv6 address cannot be pinged. II.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 2 Dual Stack Configuration Chapter 2 Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: z Dual Stack Overview z Configuring Dual Stack 2.1 Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 2 Dual Stack Configuration To do… Use the command… Enter system view system-view ipv6 Enter interface view interface interface-type interface-number Configure an IPv4 address for the interface ip address ip-address { mask | mask-length } [ sub ] Configure an IPv6 address on the interface Configure IPv6 link-local address Manually specify an IPv6 address ipv6 address { ipv6-address prefix-length | ipv6-address/prefi
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Chapter 3 Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: z Introduction to Tunneling z Tunneling Configuration Task List z Configuring IPv6 Manual Tunnel z Configuring 6to4 Tunnel z Configuring ISATAP Tunnel z Displaying and Maintaining Tunneling Configuration z Troubleshooting Tunneling Configuration 3.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Caution: The devices at both ends of an IPv6 over IPv4 tunnel must support IPv4/IPv6 dual stack. Figure 3-1 Principle of IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following way: 1) A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches z Chapter 3 Tunneling Configuration If the IPv4 address of the tunnel destination cannot be acquired from the destination address of the IPv6 packet, it needs to be configured manually. Such a tunnel is called a configured tunnel. z If the IPv4 address is embedded into the IPv6 address, the IPv4 address of the tunnel destination can automatically be acquired from the destination address of the IPv6 packet.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special addresses: ISATAP addresses. The ISATAP address format is prefix(64bit):0:5EFE:ip-address. The ip-address is in the form of a.b.c.d or abcd:efgh, where abcd:efgh represents a 32-bit source IPv4 address.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches To do… Chapter 3 Tunneling Configuration Use the command… Remarks Required Create a tunnel interface and enter tunnel interface view Configure an IPv6 address for the tunnel interface Configure a global unicast IPv6 address or a site-local address interface tunnel number By default, there is no tunnel interface on the device.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Caution: z When you create a tunnel interface on a device, the slot of the tunnel interface should be that of the source port, namely, the port sending packets. In this way, the forwarding efficiency can be improved. z After a tunnel interface is deleted, all the above features configured on the tunnel interface will be deleted.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration II. Network diagram Figure 3-3 Network diagram for an IPv6 manual tunnel III. Configuration procedure z Configuration on Switch A # Enable IPv6. system-view [SwitchA] ipv6 # Configure a link aggregation group. Disable STP on the port before adding it into the link aggregation group.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration # Enable IPv6. system-view [SwitchB] ipv6 # Configure a link aggregation group. Disable STP on the port before adding it into the link aggregation group.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses [SwitchB] display ipv6 interface Tunnel1/0/3 Tunnel1/0/3 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::C0A8:3201 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): F
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.4 Configuring 6to4 Tunnel 3.4.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and loopback interface on the device. Such an interface can serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable. 3.4.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration To do… Use the command… Remarks Required Configure a source address or interface for the tunnel source { ip-address | interface-type interface-number } Reference a link aggregation group aggregation-group aggregation-group-id By default, no source address or interface is configured for the tunnel. Required By default, no link aggregation group ID is referenced.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.4.3 Configuration Example I. Network requirements Isolated IPv6 networks are interconnected through a 6to4 tunnel over the IPv4 network. II. Network diagram Figure 3-4 Network diagram for a 6to4 tunnel III. Configuration procedure z Configuration on Switch A # Enable IPv6. system-view [SwitchA] ipv6 # Configure a link aggregation group.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration # Configure a route to VLAN-interface 100 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) [SwitchA] ip route-static 5.1.1.1 24 [nexthop] # Configure an IPv6 address for VLAN-interface 101.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration [SwitchB-Vlan-interface100] ip address 5.1.1.1 24 [SwitchB-Vlan-interface100] quit # Configure a route to VLAN-interface 100 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) [SwitchB] ip route-static 2.1.1.1 24 [nexthop] # Configure an IPv6 address for VLAN-interface 101.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Minimum = 0ms, Maximum = 13ms, Average = 3ms 3.5 Configuring ISATAP Tunnel 3.5.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and loopback interface on the device. Such an interface can serve as the source interface of a tunnel to ensure that the tunnel destination address is reachable. 3.5.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches To do… Chapter 3 Tunneling Configuration Use the command… Remarks Required Set an ISATAP tunnel tunnel-protocol ipv6-ipv4 isatap By default, the tunnel mode is manual. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.5.3 Configuration Example I. Network requirements The destination address of a tunnel is an ISATAP address. It is required that IPv6 hosts in the IPv4 network can access the IPv6 network via an ISATAP tunnel. II. Network diagram Figure 3-5 Network diagram for an ISATAP tunnel III. Configuration procedure z Configuration on the switch # Enable IPv6.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration [Switch-Vlan-interface101] ip address 2.1.1.1 255.0.0.0 [Switch-Vlan-interface101] quit # Configure an ISATAP tunnel. [Switch] interface tunnel 1/0/3 [Switch-Tunnel1/0/3] ipv6 address 2001::1/64 eui-64 [Switch-Tunnel1/0/3] source vlan-interface 101 [Switch-Tunnel1/0/3] tunnel-protocol ipv6-ipv4 isatap # Configure the tunnel to reference link aggregation group 1 in tunnel interface view.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery uses Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 2.1.1.2 router link-layer address: 2.1.1.1 preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public) preferred link-local fe80::5efe:2.1.1.
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches 1) Chapter 3 Tunneling Configuration The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up. If the physical interface is down, use the debugging tunnel event command in user view to view the cause.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Multicast Overview ...................................................................................................... 1-1 1.1 Introduction to Multicast..................................................................................................... 1-1 1.1.1 Comparison of Information Transmission Techniques............................................ 1-1 1.1.2 Roles in Multicast .........
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 2.6.4 Configuring the Function of Dropping Unknown Multicast Data ........................... 2-19 2.6.5 Configuring IGMP Report Suppression................................................................. 2-20 2.6.6 Configuring Maximum Multicast Groups that Can Be Joined on a Port................ 2-21 2.6.7 Configuring Multicast Group Replacement ........................................................... 2-22 2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents Chapter 5 PIM Configuration........................................................................................................ 5-1 5.1 PIM Overview..................................................................................................................... 5-1 5.1.1 Introduction to PIM-DM ........................................................................................... 5-2 5.1.2 How PIM-DM Works......
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 5.8.1 Failure of Building a Multicast Distribution Tree Correctly .................................... 5-52 5.8.2 Multicast Data Abnormally Terminated on an Intermediate Router ...................... 5-53 5.8.3 RPs Unable to Join SPT in PIM-SM...................................................................... 5-54 5.8.4 No Unicast Route Between BSR and C-RPs in PIM-SM ......................................
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 7.3 Configuring Multicast Routing and Forwarding.................................................................. 7-6 7.3.1 Configuration Prerequisites..................................................................................... 7-6 7.3.2 Enabling IP Multicast Routing ................................................................................. 7-7 7.3.3 Configuring Multicast Static Routes .....................
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Chapter 1 Multicast Overview Note: This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. 1.1 Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-1 Unicast transmission Assume that Hosts B, D and E need this information. The information source establishes a separate transmission channel for each of these hosts. In unicast transmission, the traffic over the network is proportional to the number of hosts that need the information.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-2 Broadcast transmission Assume that only Hosts B, D, and E need the information. If the information source broadcasts the information, Hosts A and C also receive it. In addition to information security issues, this also causes traffic flooding on the same network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-3 Multicast transmission Assume that Hosts B, D and E need the information. To receive the information correctly, these hosts need to join a receiver set, which is known as a multicast group. The routers on the network duplicate and forward the information based on the distribution of the receivers in this set. Finally, the information is correctly delivered to Hosts B, D, and E.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission Step TV transmission Multicast transmission 1 A TV station transmits a TV program through a channel. A multicast source sends multicast data to a multicast group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 1 Multicast Overview Any other point-to-multiple-point data distribution application. 1.2 Multicast Models Based on how the receivers treat the multicast sources, there are two multicast models: I.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview hosts, and the TCP/IP stack must support reception and transmission of multicast data. 1.3.1 Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided. In addition, a technique must be available to map multicast IP addresses to link-layer multicast MAC addresses. I.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Table 1-3 Some reserved multicast addresses Address Description 224.0.0.1 All systems on this subnet, including hosts and routers 224.0.0.2 All multicast routers on this subnet 224.0.0.3 Unassigned 224.0.0.4 Distance Vector Multicast Routing Protocol (DVMRP) routers 224.0.0.5 Open Shortest Path First (OSPF) routers 224.0.0.6 OSPF designated routers/backup designated routers 224.0.0.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview assigned by IANA; when set to 1, the T flag indicates a transient, or dynamically assigned multicast address. Scope: 4 bits, indicating the scope of the IPv6 internetwork for which the multicast z traffic is intended. Possible values of this field are given in Table 1-4. z Reserved: 80 bits, all set to 0 currently. z Group ID: 112 bits, identifying the multicast group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-5 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost. As a result, 32 multicast IPv4 addresses map to the same MAC address.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview 1.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview connected with the hosts. These protocols define the mechanism of establishing and maintaining group memberships between hosts and Layer 3 multicast devices. 2) Multicast routing protocols A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 1) Chapter 1 Multicast Overview IGMP Snooping/MLD Snooping Running on Layer 2 devices, Internet Group Management Protocol Snooping (IGMP Snooping) and Multicast Listener Discovery Snooping (MLD Snooping) are multicast constraining mechanisms that manage and control multicast groups by listening to and analyzing IGMP or MLD messages exchanged between the hosts and Layer 3 multicast devices, thus effectively controlling the flooding of multi
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration When configuring IGMP Snooping, go to the following sections for information you are interested in: z IGMP Snooping Overview z Configuring Basic Functions of IGMP Snooping z Configuring IGMP Snooping Port Functions z Configuring IGMP Snooping Querier z Configuring an IGMP Snooping Policy z Displaying and Maintaining IGMP Snooping z IGMP Snooping Configur
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Multicast packet transmission without IGMP Snooping Multicast packet transmission when IGMP Snooping runs Multicast router Multicast router Source Source Layer 2 switch Host A Receiver Layer 2 switch Host A Receiver Host C Receiver Host B Host C Receiver Host B Multicast packets Figure 2-1 Before and after IGMP Snooping is enabled on the Layer 2 device 2.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 2 IGMP Snooping Configuration Router port: A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device (DR or IGMP querier). In the figure, Ethernet 1/0/1 of Switch A and Ethernet 1/0/1 of Switch B are router ports. The switch registers all its local router ports (including static and dynamic router ports) in its router port list.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: The port aging mechanism of IGMP Snooping works only for dynamic ports; a static port will never age out. 2.1.3 Work Mechanism of IGMP Snooping A switch running IGMP Snooping performs different actions when it receives different IGMP messages, as follows: I. When receiving a general query The IGMP querier periodically sends IGMP general queries to all hosts and routers (224.0.0.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 2 IGMP Snooping Configuration If a forwarding table entry exists for the reported group and the port is included in the outgoing port list, which means that this port is already a member port, the switch resets the member port aging timer for that port. Note: A switch does not forward an IGMP report through a non-router port.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration forwards it through all its router ports in the VLAN and all member ports for that multicast group, and performs the following: z If any IGMP report in response to the group-specific query is heard on a member port before its aging timer expires, this means that some host attached to the port is receiving or expecting to receive multicast data for that multicast group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: z Configurations made in IGMP Snooping view are effective for all VLANs, while configurations made in VLAN view are effective only for ports belonging to the current VLAN. For a given VLAN, a configuration made in IGMP Snooping view is effective only if the same configuration is not made in VLAN view.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: z IGMP Snooping must be enabled globally before it can be enabled in a VLAN. z After enabling IGMP Snooping in a VLAN, you cannot enable IGMP and/or PIM on the corresponding VLAN interface, and vice versa. z When you enable IGMP Snooping in a specified VLAN, this function takes effect for Ethernet ports in this VLAN only. 2.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 2 IGMP Snooping Configuration Enable IGMP Snooping in the VLAN or enable IGMP on the desired VLAN interface z Configure the corresponding port groups. Before configuring IGMP Snooping port functions, prepare the following data: z Aging time of router ports, z Aging timer of member ports, and z Multicast group and multicast source addresses 2.4.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Configure member port aging time igmp-snooping host-aging-time interval Remarks Optional 260 seconds by default 2.4.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4.4 Configuring Simulated Joining Generally, a host running IGMP responds to IGMP queries from the IGMP querier. If a host fails to respond due to some reasons, the multicast router may deem that no member of this multicast group exists on the network segment, and therefore will remove the corresponding forwarding path.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4.5 Configuring Fast Leave Processing The fast leave processing feature allows the switch to process IGMP leave group messages in a fast way. With the fast leave processing feature enabled, when receiving an IGMP leave group message on a port, the switch immediately removes that port from the outgoing port list of the forwarding table entry for the indicated group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: If fast leave processing is enabled on a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group. 2.5 Configuring IGMP Snooping Querier 2.5.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: It is meaningless to configure an IGMP Snooping querier in a multicast network running IGMP. Although an IGMP Snooping querier does not take part in IGMP querier elections, it may affect IGMP querier elections because it sends IGMP general queries with a low source IP address. 2.5.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Configuring IGMP queries and responses in a VLAN Follow these steps to configure IGMP queries and responses in a VLAN: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Configure the source IP address of IGMP group-specific queries Use the command... igmp-snooping special-query source-ip { current-interface | ip-address } Remarks Optional 0.0.0.0 by default Caution: The source address of IGMP query messages may affect IGMP querier selection within the segment. 2.6 Configuring an IGMP Snooping Policy 2.6.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 2 IGMP Snooping Configuration Use the command... Remarks Enter system view system-view — Enter IGMP Snooping view igmp-snooping — Configure a multicast group filter group-policy acl-number [ vlan vlan-list ] Required No group filter is configured by default, namely hosts can join any multicast group. II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Enable multicast source port filtering Use the command... source-deny port interface-list Remarks Required Disabled by default II. Configuring multicast source port filtering on a port or a group of ports Follow these steps to configure multicast source port filtering on a port or a group of ports: To do... Enter system view Enter the corresponding view Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 2 IGMP Snooping Configuration Use the command... Remarks Enter system view system-view — Enter IGMP Snooping view igmp-snooping — Enable the function of dropping unknown multicast data drop-unknown Required Disabled by default II. Configuring the function of dropping unknown multicast data in a VLAN Follow these steps to configure the function of dropping unknown multicast data in a VLAN: To do...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 2 IGMP Snooping Configuration Use the command... Remarks Enter system view system-view — Enter IGMP Snooping view igmp-snooping — Enable IGMP report suppression report-aggregation Optional Enabled by default 2.6.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.6.7 Configuring Multicast Group Replacement For some special reasons, the number of multicast groups that can be joined on the current switch or port may exceed the number configured for the switch or the port. In addition, in some specific applications, a multicast group newly joined on the switch needs to replace an existing multicast group automatically.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: Be sure to configure the maximum number of multicast groups allowed on a port (refer to Configuring Maximum Multicast Groups that Can Be Joined on a Port) before configuring multicast group replacement. Otherwise, the multicast group replacement functionality will not take effect. 2.7 Displaying and Maintaining IGMP Snooping To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 2 IGMP Snooping Configuration IGMP is required on Router A, IGMP Snooping is required on Switch A, and Router A will act as the IGMP querier on the subnet. z Perform the following configuration so that multicast data can be forwarded through Ethernet 2/0/3 and Ethernet 2/0/4 even if Host A and Host B temporarily stop receiving multicast data for some unexpected reasons. II. Network diagram Receiver Host A Source 1.1.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/4 to this VLAN, and enable IGMP Snooping in the VLAN.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Host port(s):total 2 port. Eth2/0/3 Eth2/0/4 As shown above, Ethernet 2/0/3 and Ethernet 2/0/4 of Switch A have joined multicast group 224.1.1.1. 2.8.2 Static Router Port Configuration I. Network requirements z As shown in Figure 2-4, Router A connects to a multicast source (Source) through Ethernet 1/0/2, and to Switch A through Ethernet 1/0/1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Source Eth1/0/2 1.1.1.2/24 1.1.1.1/24 Eth1/0/1 10.1.1.1/24 Switch A Eth2/0/1 Router A IGMP querier Switch C Eth2/0/5 Eth2/0/2 Host C Receiver Eth2/0/2 Switch B Host B Host A Receiver Figure 2-4 Network diagram for static router port configuration III.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration # Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/3 to this VLAN, and enable IGMP Snooping in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port ethernet 2/0/1 to ethernet 2/0/3 [SwitchA-vlan100] igmp-snooping enable [SwitchA-vlan100] quit # Configure Ethernet 2/0/3 to be a static router port.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 2 port. Eth2/0/1 (D) ( 00:01:30 ) Eth2/0/3 (S) IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Querier Eth2/0/1 Eth2/0/2 Switch A Switch B Eth2/0/2 Eth2/0/1 Eth2/0/1 Eth2/0/3 Eth2/0/2 Receiver Receiver Receiver Host A Host B Host C Switch C Eth2/0/3 Source 1.1.1.1/24 Figure 2-5 Network diagram for IGMP Snooping querier configuration III. Configuration procedure 1) Configure switch A # Enable IGMP Snooping globally.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration # Create VLAN 100, add Ethernet 2/0/1 through Ethernet 2/0/3 to VLAN 100, and enable IGMP Snooping in this VLAN. [SwitchB] vlan 100 [SwitchB-vlan100] port ethernet 2/0/1 to ethernet 2/0/3 [SwitchB-vlan100] igmp-snooping enable 3) Configuration on Switch C # Enable IGMP Snooping globally.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Analysis IGMP Snooping is not enabled. III. Solution 1) Enter the display current-configuration command to view the running status of IGMP Snooping. 2) If IGMP Snooping is not enabled, use the igmp-snooping command to enable IGMP Snooping globally, and then use igmp-snooping enable command to enable IGMP Snooping in VLAN view.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration whether this configuration conflicts with the configured multicast group policy. If any conflict exists, remove the port as a static member of the multicast group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration Chapter 3 Multicast VLAN Configuration 3.1 Introduction to Multicast VLAN As shown in Figure 3-1, in the traditional multicast programs-on-demand mode, when hosts that belong to different VLANs, Host A, Host B and Host C require multicast programs on demand service, Router A needs to forward a separate copy of the multicast data in each VLAN.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do… Chapter 3 Multicast VLAN Configuration Use the command… Remarks Enter system view system-view — Configure a specific VLAN as a multicast VLAN multicast-vlan vlan-id enable Required Configure sub-VLANs for a specific multicast VLAN multicast-vlan vlan-id subvlan vlan-list Required Disabled by default No sub-VLAN by default.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration 3.4 Multicast VLAN Configuration Example I. Network requirements Router A connects to a multicast source through Ethernet 1/0/2 and to Switch A, z through Ethernet 1/0/1. IGMP is required on Router A, and IGMP Snooping is required on Switch A. z Router A is the IGMP querier.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration # Enable IP multicast routing, enable PIM-DM on each interface and enable IGMP on Ethernet 1/0/1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Chapter 4 IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: z IGMP Overview z Configuring Basic Functions of IGMP z Adjusting IGMP Performance z Displaying and Maintaining IGMP z IGMP Configuration Example z Troubleshooting IGMP Note: The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running IGMP
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet. In IGMPv1, the designated router (DR) elected by a multicast routing protocol (such as PIM) serves as the IGMP querier. Note: For more information about DR, refer to DR election.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 4) Chapter 4 IGMP Configuration Host C, which is on the same subnet, hears the report from Host B for joining G1. Upon hearing the report, Host C will suppress itself from sending a report message for the same multicast group, because the IGMP routers (Router A and Router B) already know that at least one host on the local subnet is interested in G1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration timer; otherwise, it assumes the querier to have timed out and initiates a new querier election process. II. “Leave group” mechanism In IGMPv1, when a host leaves a multicast group, it does not send any notification to the multicast router. The multicast router relies on host response timeout to know whether a group no longer has members. This adds to the leave latency.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration As shown in Figure 4-2, the network comprises two multicast sources, Source 1 (S1) and Source 2 (S2), both of which can send multicast data to multicast group G. Host B is interested only in the multicast data that Source 1 sends to G but not in the data from Source 2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 4 IGMP Configuration IS_IN: The source filtering mode is Include, namely, the report sender requests the multicast data from only the sources defined in the specified multicast source list. If the specified multicast source list is empty, this means that the report sender has left the reported multicast group.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Task Adjusting IGMP Performance Remarks Configuring IGMP Message Options Optional Configuring IGMP Query and Response Parameters Optional Configuring IGMP Fast Leave Processing Optional Note: z Configurations performed in IGMP view are effective on all interfaces, while configurations performed in interface view are effective on the current interface only.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration To do... Use the command... Remarks Enter system view system-view — Enable IP multicast routing multicast routing-enable Required Enter interface view interface interface-type interface-number — Enable IGMP igmp enable Disabled by default Required Disabled by default 4.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Follow these steps to configure an interface as a statically connected member of a multicast group: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.4.1 Configuration Prerequisites Before adjusting IGMP performance, complete the following tasks: z Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Enable the insertion of the Router-Alert option into IGMP messages Chapter 4 IGMP Configuration Use the command... Remarks Optional send-router-alert By default, IGMP messages carry the Router-Alert option. II. Configuring IGMP packet options on an interface Follow these steps to configure IGMP packet options on an interface: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration An appropriate setting of the maximum response time for IGMP queries allows hosts to respond to queries quickly and avoids bursts of IGMP traffic on the network caused by reports simultaneously sent by a large number of hosts when the corresponding timers expires simultaneously. z For IGMP general queries, you can configure the maximum response time to fill their Max Response time field.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 4 IGMP Configuration Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.4.4 Configuring IGMP Fast Leave Processing IGMP fast leave processing is implemented by IGMP Snooping. For details, see Configuring Fast Leave Processing. 4.5 Displaying and Maintaining IGMP To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.6 IGMP Configuration Example I. Network requirements z Receivers receive VOD information through the multicast mode. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are receivers in N1 and N2 respectively. z Switch A in the PIM network connects to N1, and both Switch B and Switch C connect to N2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Configure the OSPF protocol for interoperation among the switches. Ensure the network-layer interoperation among Switch A, Switch B and Switch C on the PIM network and dynamic update of routing information among the switches through a unicast routing protocol. The detailed configuration steps are omitted here.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Querier for IGMP: 10.110.2.1 (this router) Total 1 IGMP Group reported 4.7 Troubleshooting IGMP 4.7.1 No Member Information on the Receiver-Side Router I. Symptom When a host sends a report for joining multicast group G, there is no member information of the multicast group G on the router closest to that host. II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.7.2 Inconsistent Memberships on Routers on the Same Subnet I. Symptom Different memberships are maintained on different IGMP routers on the same subnet. II. Analysis z A router running IGMP maintains multiple parameters for each interface, and these parameters influence one another, forming very complicated relationships.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Chapter 5 PIM Configuration When configuring PIM, go to these sections for information you are interested in: z PIM Overview z Configuring PIM-DM z Configuring PIM-SM z Configuring PIM-SSM z Configuring PIM Common Information z Displaying and Maintaining PIM z PIM Configuration Examples z Troubleshooting PIM Configuration Note: The term “router” in this document refers to a router in a generic sens
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: To facilitate description, a network comprising PIM-capable routers is referred to as a “PIM domain” in this document. 5.1.1 Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: Every activated interface on a router sends hello messages periodically, and thus learns the PIM neighboring information pertinent to the interface. II. SPT establishment The process of building an SPT is the process of “flood and prune”.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-1 SPT establishment The “flood and prune” process takes place periodically. A pruned state timeout mechanism is provided. A pruned branch restarts multicast forwarding when the pruned state times out and then is pruned again when it no longer has any multicast receiver. Note: Pruning has a similar implementation in PIM-SM. III.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration IV. Assert If multiple multicast routers exist on a multi-access subnet, duplicate packets may flow to the same subnet. To shut off duplicate flows, the assert mechanism is used for election of a single multicast forwarder on a multi-access network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members. The basic implementation of PIM-SM is as follows: z PIM-SM assumes that no hosts need to receive multicast data.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration I. Neighbor discovery PIM-SM uses exactly the same neighbor discovery mechanism as PIM-DM does. Refer to Neighbor discovery. II. DR election PIM-SM also uses hello messages to elect a designated router (DR) for a multi-access network. The elected DR will be the only multicast forwarder on this multi-access network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 1) Chapter 5 PIM Configuration Routers on the multi-access network send hello messages to one another. The hello messages contain the router priority for DR election. The router with the highest DR priority will become the DR. 2) In the case of a tie in the router priority, or if any router in the network does not support carrying the DR-election priority in hello messages, the router with the highest IP address will win the DR election.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-4 BSR and C-RPs IV. RPT establishment Figure 5-5 RPT establishment in a PIM-SM domain As shown in Figure 5-5, the process of building an RPT is as follows: 1) When a receiver joins a multicast group G, it uses an IGMP message to inform the directly connected DR.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The multicast data addressed to the multicast group G flows through the RP, reaches the corresponding DR along the established RPT, and finally is delivered to the receiver. When a receiver is no longer interested in the multicast data addressed to a multicast group G, the directly connected DR sends a prune message, which goes hop by hop along the RPT to the RP.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 3) Chapter 5 PIM Configuration The subsequent multicast data from the multicast source travels along the established SPT to the RP, and then the RP forwards the data along the RPT to the receivers. When the multicast traffic arrives at the RP along the SPT, the RP sends a register-stop message to the source-side DR by unicast to stop the source registration process. VI.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration II. Relationship between BSR admin-scope regions and the global scope zone A better understanding of the global scope zone and BSR admin-scope regions should be based on two aspects: geographical space and group address range.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-8 Relationship between BSR admin-scope regions and the global scope zone in group address ranges In Figure 5-8, the group address ranges of admin-scope-scope regions BSR1 and BSR2 have no intersection, whereas the group address range of BSR3 is a subset of the address range of BSR1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The SSM model provides a solution for source-specific multicast. It maintains the relationships between hosts and routers through IGMPv3. In actual application, part of the PIM-SM technique is adopted to implement the SSM model. In the SSM model, receivers know exactly where a multicast source is located by means of advertisements, consultancy, and so on.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration As shown in Figure 5-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages denoted as (Include S, G) to the respective DRs to express their interest in the information of the specific multicast source S. If they need information from other sources than S, they send an (Exclude S, G) report.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.2 Configuring PIM-DM 5.2.1 PIM-DM Configuration Task List Complete these tasks to configure PIM-DM: Task Remarks Enabling PIM-DM Required Enabling State Refresh Optional Configuring State Refresh Parameters Optional Configuring PIM-DM Graft Retry Period Optional Configuring PIM Common Information Optional 5.2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Enable PIM-DM Chapter 5 PIM Configuration Use the command... pim dm Remarks Required Disabled by default Caution: z All the interfaces of the same router must work in the same PIM mode. z PIM-DM cannot be used for multicast groups in the SSM group grange. 5.2.4 Enabling State Refresh An interface without the state refresh capability cannot forward state refresh messages.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration control the propagation scope of state refresh messages, you need to configure an appropriate TTL value based on the network size. Follow these steps to configure state refresh parameters: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.3 Configuring PIM-SM Note: A device can serve as a C-RP and a C-BSR at the same time. 5.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration z Bootstrap timeout time z An ACL rule defining a legal C-RP address range and the range of multicast groups to be served z C-RP-Adv interval z C-RP timeout time z The IP address of a static RP z An ACL rule for register message filtering z Register suppression timeout time z Probe time z ACL rule and sequencing rule for RPT-to-SPT switchover 5.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.3.4 Configuring a BSR Note: The BSR is dynamically elected from a number of C-BSRs. Because it is unpredictable which router will finally win a BSR election, the commands introduced in this section must be configured on all C-BSRs.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration perform neighbor check and RPF check on BSR messages and discard unwanted messages. 2) When a router in the network is controlled by an attacker or when an illegal router is present in the network, the attacker can configure such a router to be a C-BSR and make it win BSR election so as to gain the right of advertising RP information in the network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Configure a global-scope C-BSR c-bsr global [ hash-length hash-length | priority priority ] * Remarks Required No global-scope C-BSRs by default III. Configuring an admin-scope C-BSR By default, a PIM-SM domain has only one BSR. The entire network should be managed by this BSR.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Configure a BSR admin-scope region boundary pim bsr-boundary Required No BSR admin-scope region boundary by default V.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: About the bootstrap timeout time: z By default, the bootstrap timeout time is determined by this formula: Bootstrap timeout = Bootstrap interval × 2 + 10. The default bootstrap interval is 60 seconds, so the default bootstrap timeout = 60 × 2 + 10 = 130 (seconds). z If this parameter is manually configured, the system will use the configured value.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration II. Configuring a C-RP In a PIM-SM domain, you can configure routers that intend to become the RP as C-RPs. The BSR collects the C-RP information by receiving the C-RP-Adv messages from C-RPs or auto-RP announcements from other routers and organizes the information into an RP-set, which is flooded throughout the entire network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration device, the device can receive these two types of messages and record the RP information carried in such messages. Follow these steps to enable auto-RP: To do... Use the command... Remarks Enter system view system-view — Enter PIM view pim — Enable auto-RP auto-rp enable Optional Disabled by default IV.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: z The commands introduced in this section are to be configured on C-RPs. z For the configuration of other timers in PIM-SM, refer to Configuring PIM Common Timers. 5.3.6 Configuring PIM-SM Register Messages Within a PIM-SM domain, the source-side DR sends register messages to the RP, and these register messages have different multicast source or group addresses.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Configure a filtering rule for register messages Chapter 5 PIM Configuration Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: Typically, you need to configure the above-mentioned parameters on the receiver-side DR and the RP only. Since both the DR and RP are elected, however, you should carry out these configurations on the routers that may win the DR election and on the C-RPs that may win RP elections. 5.4 Configuring PIM-SSM Note: The PIM-SSM model needs the support of IGMPv3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration When deploying a PIM-SM domain, you are recommended to enable PIM-SM on all interfaces of non-border routers (border routers are PIM-enabled routers located on the boundary of BSR admin-scope regions). Follow these steps to enable PIM-SM: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: The commands introduced in this section are to be configured on all routers in the PIM domain. Caution: z Make sure that the same SSM group range is configured on all routers in the entire domain. Otherwise, multicast information cannot be delivered through the SSM model.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.5.2 Configuration Prerequisites Before configuring PIM common information, complete the following tasks: z Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. z Configure PIM-DM, or PIM-SM, or PIM-SSM.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: z Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. z This filter works not only on independent multicast data but also on multicast data encapsulated in register messages. 5.5.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration new generation ID. If a PIM router finds that the generation ID in a hello message from the upstream router has changed, it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed. In this case, it triggers a join message for state update.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 5 PIM Configuration Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 5 PIM Configuration Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: If there are no special networking requirements, we recommend that you use the default settings. 5.5.6 Configuring Join/Prune Message Limits A larger join/prune message size will result in loss of a larger amount of information when a message is lost; with a reduced join/message size, the loss of a single message will bring relatively minor impact.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Switch A connects to stub network N1 through VLAN-interface 100, and to Switch z D through VLAN-interface 103. Switch B and Switch C connect to stub network N2 through their respective z VLAN-interface 200, and to Switch D through VLAN-interface 101 and VLAN-interface 102 respectively. IGMPv2 is to run between Switch A and N1, and between Switch B/Switch C and z N2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration among the switches through a unicast routing protocol. Detailed configuration steps are omitted here. 2) Enable IP multicast routing, and enable PIM-DM on each interface # Enable IP multicast routing on Switch A, enable PIM-DM on each interface, and enable IGMPv2 on VLAN-interface 100, which connects Switch A to the stub network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Carry out the display pim neighbor command to view the PIM neighboring relationships among the switches. For example: # View the PIM neighboring relationships on Switch D. [SwitchD] display pim neighbor Total Number of Neighbors = 3 Neighbor Interface Uptime Expires Dr-Priority 192.168.1.1 Vlan103 00:02:22 00:01:27 1 192.168.2.1 Vlan101 00:00:22 00:01:29 3 192.168.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry; 1 (S, G) entry (10.110.5.100, 225.1.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration N2 Ethernet Ethernet Vl an -in t1 01 Vl an -in t1 01 Ethernet N1 II. Network diagram Device Switch A Switch B Switch C Interface Vlan-int100 Vlan-int101 Vlan-int102 Vlan-int200 Vlan-int103 Vlan-int200 Vlan-int104 IP address 10.110.1.1/24 192.168.1.1/24 192.168.9.1/24 10.110.2.1/24 192.168.2.1/24 10.110.2.2/24 192.168.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration [SwitchA] display pim bsr-info Elected BSR Address: 192.168.9.2 Priority: 0 Hash mask length: 30 State: Accept Preferred Scope: Not scoped Uptime: 01:40:40 Next BSR message scheduled at: 00:01:42 # View the BSR information and the locally configured C-RP information in effect on Switch E. [SwitchE] display pim bsr-info Elected BSR Address: 192.168.9.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Assume that Host A needs to receive information addressed to the multicast group G (225.1.1.1/24). An RPT will be built between Switch A and Switch E. When the multicast source S (10.110.5.100/24) registers with the RP, an SPT will be built between Switch D and Switch E. Upon receiving multicast data, Switch A immediately switches from the RPT to the SPT.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration RP: 192.168.9.2 Protocol: pim-sm, Flag: SPT ACT UpTime: 00:00:42 Upstream interface: Vlan-interface300 Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 1 1:: Vlan-interface105 Protocol: pim-sm, UpTime: 00:00:42, Expires: 00:02:06 # View the PIM routing table information on Switch E.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration IGMPv3 is to run between Switch A and N1, and between Switch B/Switch C and z N2. N2 Ethernet Ethernet Vl an -in t1 01 Vl an -in t1 01 Ethernet N1 II. Network diagram Device Switch A Switch B Switch C Interface Vlan-int100 Vlan-int101 Vlan-int102 Vlan-int200 Vlan-int103 Vlan-int200 Vlan-int104 IP address 10.110.1.1/24 192.168.1.1/24 192.168.9.1/24 10.110.2.1/24 192.168.2.1/24 10.110.2.2/24 192.168.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration # Enable IP multicast routing on Switch A, enable PIM-SM on each interface, and enable IGMPv3 on VLAN-interface 100, which connects Switch A to the stub network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration toward the multicast source. Switches on the SPT path (Switch A and Switch D) have generated an (S, G) entry, while Switch E, which is not on the SPT path, does not have multicast routing entries. You can use the display pim routing-table command to view the PIM routing table information on each switch. For example: # View the PIM routing table information on Switch A.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.8 Troubleshooting PIM Configuration 5.8.1 Failure of Building a Multicast Distribution Tree Correctly I. Symptom None of the routers in the network (including routers directly connected with multicast sources and receivers) has multicast forwarding entries. That is, a multicast distribution tree cannot be built correctly and clients cannot receive multicast data. II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 2) Chapter 5 PIM Configuration Check that PIM is enabled on the interfaces, especially on the RPF interface. Use the display pim interface command to view the PIM information on each interface. If PIM is not enabled on the interface, use the pim dm or pim sm command to enable PIM-DM or PIM-SM. 3) Check that the RPF neighbor is a PIM neighbor. Use the display pim neighbor command to view the PIM neighbor information.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.8.3 RPs Unable to Join SPT in PIM-SM I. Symptom An RPT cannot be established correctly, or the RPs cannot join the SPT to the multicast source. II. Analysis z As the core of a PIM-SM domain, the RPs serve specific multicast groups. Multiple RPs can coexist in a network. Make sure that the RP information on all routers is exactly the same, and a specific group is mapped to the same RP.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 5 PIM Configuration The RP is the core of a PIM-SM domain. Make sure that the RP information on all routers is exactly the same, a specific group G is mapped to the same RP, and unicast routes are available to the RP. III. Solution 1) Check whether routes to C-RPs, the RP and the BSR are available.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Chapter 6 MSDP Configuration When configuring MSDP, go to these sections for information you are interested in: z MSDP Overview z MSDP Configuration Task List z Configuring Basic Functions of MSDP z Configuring an MSDP Peer Connection z Configuring SA Messages Related Parameters z Displaying and Maintaining MSDP z MSDP Configuration Examples z Troubleshooting MSDP Note: The term “router” in this d
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Caution: z MSDP is applicable only if the intra-domain multicast protocol is PIM-SM. z MSDP is meaningful only for the any-source multicast (ASM) model. 6.1.2 How MSDP Works I. MSDP peers With one or more pairs of MSDP peers configured in the network, an MSDP interconnection map is formed, where the RPs of different PIM-SM domains are interconnected in series.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration data from the multicast source arrives, the receiver-side MSDP peer forwards the data to the receivers along the RPT. z Intermediate MSDP peer: an MSDP peer with multicast remote MSDP peers, like RP 2. An intermediate MSDP peer forwards SA messages received from one remote MSDP peer to other remote MSDP peers, functioning as a relay of multicast source information.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Receiver DR 2 MSDP peers Multicast packets SA message RP 2 Join message PIM-SM 2 Register message DR 1 Source PIM-SM 4 RP 3 RP 1 PIM-SM 1 PIM-SM 3 Figure 6-2 MSDP peering relationships The process of implementing inter-domain multicast delivery by leveraging MSDP peers is as follows: 1) When the multicast source in PIM-SM 1 sends the first multicast packet to multicast group G, DR 1 encapsulates the m
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration hop towards DR 1 at the multicast source side, so that it can directly join the SPT rooted at the source over other PIM-SM domains. Then, the multicast data can flow along the SPT to RP 2 and is forwarded by RP 2 to the receivers along the RPT. Upon receiving the multicast traffic, the DR at the receiver side (DR 2) decides whether to initiate an RPT-to-SPT switchover process.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Source RP 1 RP 5 RP 9 AS 1 (1) (3) RP 2 Mesh group RP 8 AS 5 (4) (2) (7) (6) AS 3 RP 3 AS 2 (3) MSDP peers (5) RP 4 (4) RP 6 Static RPF peers RP 7 AS 4 SA message Figure 6-3 Diagram for RPF check for SA messages As illustrated in Figure 6-3, these MSDP peers dispose of SA messages according to the following RPF check rules: 1) When RP 2 receives an SA message from RP 1 Because the sourc
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration An EBGP route exists between two MSDP peers in different ASs. Because the SA message is from an MSDP peer (RP 7) in a different AS, and the MSDP peer is the next hop on the EBGP route to the source-side RP, RP 8 accepts the message and forwards it to its other peer (RP 9). 7) When RP 9 receives the SA message from RP 8 Because RP 9 has only one MSDP peer, RP 9 accepts the SA message.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 1) Chapter 6 MSDP Configuration The multicast source registers with the nearest RP. In this example, Source registers with RP 1, with its multicast data encapsulated in the register message. When the register message arrives to RP 1, RP 1 decapsulates the message. 2) Receivers send join messages to the nearest RP to join in the RPT rooted as this RP. In this example, Receiver joins the RPT rooted at RP 2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.3.2 Enabling MSDP Follow these steps to enable MSDP: To do... Use the command... Remarks Enter system view system-view — Enable IP multicast routing multicast routing-enable Required Enable MSDP and enter MSDP view msdp Disabled by default Required Disabled by default 6.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration To do... Use the command... Remarks Enter system view system-view — Enter MSDP view msdp — Configure a static RPF peer static-rpf-peer peer-address [ rp-policy ip-prefix-name ] Required No static RPF peer configured by default Note: If only one MSDP peer is configured on a router, this MSDP will be registered as a static RPF peer. 6.4 Configuring an MSDP Peer Connection 6.4.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.4.3 Configuring an MSDP Mesh Group An AS may contain multiple MSDP peers. You can use the MSDP mesh group mechanism to avoid SA message flooding among these MSDP peers and optimize the multicast traffic.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration When a new MSDP peer is created, or when a previously deactivated MSDP peer connection is reactivated, or when a previously failed MSDP peer attempts to resume operation, a TCP connection is required. You can flexibly adjust the interval between MSDP peering connection retries. Follow these steps to configure MSDP peer connection control: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration message containing the multicast packet in an SA message and sends it out. After receiving the SA message, the remote RP decapsulates the SA message and delivers the multicast data contained in the register message to the receivers along the RPT. The MSDP peers deliver SA messages to one another. Upon receiving an SA message, a router performs RPF check on the message.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Configure a filtering rule for SA request messages Chapter 6 MSDP Configuration Use the command... peer peer-address sa-request-policy [ acl acl-number ] Remarks Optional SA request messages are not filtered by default Caution: Before you can enable the device to send SA requests, be sure to disable the SA message cache mechanism. 6.5.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Configure the minimum TTL value of multicast packets to be encapsulated in SA messages Chapter 6 MSDP Configuration Use the command... peer peer-address minimum-ttl ttl-value Remarks Optional 0 by default 6.5.5 Configuring SA Message Cache To reduce the time spent in obtaining the multicast source information, you can have SA messages cached on the router.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 6 MSDP Configuration Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II. Network diagram Vl an -in t2 00 00 t4 -in an Vl an Vl Vl an -in t3 00 3 10 nt 03 -i t1 an in Vl Device Switch A Switch B Switch C Interface Vlan-int103 Vlan-int100 Vlan-int200 Vlan-int103 Vlan-int101 Loop0 Vlan-int104 Vlan-int102 Vlan-int101 Loop0 IP address 10.110.1.2/24 10.110.2.1/24 10.110.3.1/24 10.110.1.1/24 192.168.1.1/24 1.1.1.1/32 10.110.4.1/24 192.168.3.1/24 192.168.1.2/24 2.2.2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] qui
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchC-bgp] quit # Configure IBGP on Switch E, and redistribute OSPF routes. [SwitchE] bgp 200 [SwitchE-bgp] router-id 3.3.3.3 [SwitchE-bgp] peer 192.168.3.1 as-number 200 [SwitchE-bgp] import-route ospf 1 [SwitchE-bgp] quit # Redistribute BGP routes into OSPF on Switch B.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration # View the information about BGP peering relationships on Switch C. [SwitchC] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 192.168.1.1 4 100 18 16 0 1 00:12:04 Established 192.168.3.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration * *> 192.168.3.0 * i 192.168.1.1 0 0 100? 0.0.0.0 0 0 ? 192.168.3.2 0 0 ? 100 *> 192.168.3.1/32 0.0.0.0 0 0 ? *> 192.168.3.2/32 0.0.0.0 0 0 ? 192.168.3.2 0 0 ? * i 100 When the multicast source in PIM-SM 1 (Source 1) and the multicast source in PIM-SM 2 (Source 2) send multicast information, receivers in PIM-SM 1 and PIM-SM 3 can receive the multicast data.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration State: Up Up/down time: 00:15:47 Resets: 0 Connection interface: Vlan-interface101 (192.168.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] qui
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration # Configure Switch B as a static RPF peer of Switch C. [SwitchC] ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32 [SwitchC] msdp [SwitchC-msdp] peer 192.168.3.2 connect-interface vlan-interface 102 [SwitchC-msdp] static-rpf-peer 192.168.3.2 rp-policy list-c [SwitchC-msdp] quit # Configure Switch B as a static RPF peer of Switch E. [SwitchE] ip ip-prefix list-c permit 192.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchE] display msdp brief MSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 1 1 0 0 0 0 Peer's Address State Up/Down time AS SA Count Reset Count 192.168.3.1 Up 00:16:40 ? 13 0 6.7.3 Anycast RP Configuration I. Network requirements z The PIM-SM domain has multiple multicast sources and receivers. OSPF runs within the domain to provide unicast routes.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] igmp enable [SwitchB-Vlan-interface100] pim sm [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 103 [SwitchB-Vlan-interface103] pim sm [SwitchB-Vlan-interface103] quit [SwitchB] interface Vlan-interface 101 [SwitchB-Vlan-interface101] pim sm [SwitchB-Vlan-interface101] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] pim
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration You can use the display msdp brief command to view the brief information of MSDP peering relationships between the switches. # View the brief MSDP peer information on Switch B. [SwitchB] display msdp brief MSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 1 1 0 0 0 0 Peer's Address State Up/Down time AS SA Count Reset Count 2.2.2.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Protocol: pim-sm, Flag: SPT 2MSDP ACT UpTime: 00:46:28 Upstream interface: Vlan-interface103 Upstream neighbor: 10.110.2.2 RPF prime neighbor: 10.110.2.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: - , Expires: - # View the PIM routing information on Switch D. [SwitchD] display pim routing-table No information is output on Switch D.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Upstream interface: Vlan-interface104 Upstream neighbor: 10.110.4.2 RPF prime neighbor: 10.110.4.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface200 Protocol: pim-sm, UpTime: - , Expires: - 6.8 Troubleshooting MSDP 6.8.1 MSDP Peers Stay in Down State I. Symptom The configured MSDP peers stay in the down state. II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration argument, all the (S, G) entries will be filtered off, namely no (S, G) entries of the local domain will be advertised. z If the import-source command is not executed, the system will advertise all the (S, G) entries of the local domain. If MSDP fails to send (S, G) entries through SA messages, check whether the import-source command has been correctly configured. III.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches 4) Chapter 6 MSDP Configuration Verify that the C-BSR address is different from the anycast RP address.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration Chapter 7 Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: z Multicast Routing and Forwarding Overview z Configuring Multicast Routing and Forwarding z Displaying and Maintaining Multicast Routing and Forwarding z Configuration Examples z Troubleshooting Multicast Routi
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration 7.1.2 RPF Mechanism When creating multicast routing table entries, a multicast routing protocol uses the reverse path forwarding (RPF) mechanism to ensure multicast data delivery along the correct path. The RPF mechanism enables routers to correctly forward multicast packets based on the multicast route configuration.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration unicast route; instead, it relies on the existing unicast routing information or multicast static routes in creating multicast routing entries. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration Router B POS5/1 Receiver POS5/0 Source Router A 192.168.0.1/24 Multicast packets POS5/1 POS5/0 Receiver IP Routing Table on Router C Destination/Mask Interface 192.168.0.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration unicast RPF route and the optimal multicast static route respectively from the routing tables, and uses one of them as the RPF route after comparison.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration z Request, with the IGMP Type field set to 0x1F, and z Response, with the IGMP Type field set to 0x1E. III. Process of multicast traceroute 1) The querier sends a query to the last-hop router.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches z Chapter 7 Multicast Routing and Forwarding Configuration The maximum number of routing entries in a multicast forwarding table 7.3.2 Enabling IP Multicast Routing Before configuring any Layer 3 multicast functionality, you must enable IP multicast routing. Follow these steps to enable IP multicast routing: To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration To do... Use the command... Remarks Enter system view system-view — Configure a multicast static route ip rpf-route-static source-address { mask | mask-length } [ protocol [ process-id ] ] [ route-policy policy-name ] { rpf-nbr-address | interface-type interface-number } [ preference preference ] [ order order-number ] Required No multicast static route configured by default.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches To do... Chapter 7 Multicast Routing and Forwarding Configuration Use the command... Remarks Enter system view system-view — Configuring multicast load splitting multicast load-splitting { source | source-group } Required Disabled by default 7.3.6 Configuring a Multicast Forwarding Range Multicast packets do not travel without a boundary in a network.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration routing protocol. In addition, newly added downstream nodes cannot be installed to the routing entry into the forwarding table.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration To do... Use the command...
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration Caution: z The reset command clears the information in the multicast routing table or the multicast forwarding table, and thus may cause failure of multicast transmission. z When a routing entry is deleted from the multicast routing table, the corresponding forwarding entry will also be deleted from the multicast forwarding table.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration III. Configuration procedure 1) Configure the interface IP addresses and enable unicast routing on each switch Configure the IP address and subnet mask for each interface as per Figure 7-3. The detailed configuration steps are omitted here. Enable OSPF on the switches in the PIM-DM domain. Ensure the network-layer interoperation among the switches in the PIM-DM domain.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration [SwitchB] display multicast rpf-info 50.1.1.100 RPF information about source 50.1.1.100: RPF interface: Vlan-interface102, RPF neighbor: 30.1.1.2 Referenced route/mask: 50.1.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration II. Network diagram PIM-DM Switch A Vlan-int102 30.1.1.2/24 OSPF domain Vlan-int102 30.1.1.1/24 Vlan-int300 50.1.1.1/24 Switch B Vlan-int200 40.1.1.1/24 Vlan-int101 20.1.1.1/24 Switch C Vlan-int101 20.1.1.2/24 Source 2 Source 1 50.1.1.100/24 40.1.1.100/24 Vlan-int100 10.1.1.1/24 Receiver 10.1.1.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration As shown above, the RPF routes to Source 2 exist on Switch B and Switch C. The source is the configured static route. 7.6 Troubleshooting Multicast Routing and Forwarding 7.6.1 Multicast Static Route Failure I. Symptom No dynamic routing protocol is enabled on the routers, and the physic status and link layer status of interfaces are both up, but the multicast static route fails. II.
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 7 Multicast Routing and Forwarding Configuration II. Analysis If a multicast forwarding boundary has been configured through the multicast boundary command, any multicast packet will be kept from crossing the boundary. III. Solution 1) Use the display pim routing-table command to check whether the corresponding (S, G) entries exist on the router.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ................................................................................................... 1-1 1.1 802.1x Overview ................................................................................................................ 1-1 1.1.1 Architecture of 802.1x ..........................................................................................
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Table of Contents 3.2.3 VLAN Assigning ...................................................................................................... 3-3 3.2.4 ACL Assigning......................................................................................................... 3-3 3.3 Configuring MAC Authentication........................................................................................ 3-3 3.3.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration When configuring 802.1x, go to these sections for information you are interested in: z 802.1x Overview z Configuring 802.1x z Configuring a Guest VLAN z Displaying and Maintaining 802.1x z 802.1x Configuration Example z Guest VLAN Configuration Example z ACL Assigning Configuration Example 1.1 802.1x Overview The 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Figure 1-1 Architecture of 802.1x z Supplicant system: A system at one end of the LAN segment, which is authenticated by the authenticator system at the other end. A supplicant system is usually a user-end device and initiates 802.1x authentication through 802.1x client software supporting the EAP over LANs (EAPOL) protocol.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. Controlled port and uncontrolled port An authenticator provides ports for supplicants to access the LAN. Each of the ports can be regarded as two logical ports: a controlled port and an uncontrolled port.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches z Chapter 1 802.1x Configuration After a user passes the authentication, the authentication server passes information about the user to the authenticator, which then controls the status of the controlled port according to the instruction of the authentication server. 1.1.3 EAP Encapsulation over LANs I. EAPOL frame format EAPOL, defined by 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. EAP Packet Format An EAPOL frame of the type of EAP-Packet carries an EAP packet in its Packet body field. The format of the EAP packet is shown in Figure 1-4. 7 0 Code 15 Identifier 2 Length 4 Data N Figure 1-4 EAP packet format z Code: Type of the EAP packet, which can be Request, Response, Success, or Failure.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration bytes. If the EAP packet is longer than 253 bytes, it can be fragmented and encapsulated into multiple EAP-Message attributes. 7 0 15 Type Length N String EAP packets Figure 1-6 Encapsulation format of the EAP-Message attribute II. Message-Authenticator Figure 1-7 shows the encapsulation format of the Message-Authenticator attribute.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches z Chapter 1 802.1x Configuration EAP-MD5: EAP-MD5 authenticates the identity of a supplicant. The RADIUS server sends an MD5 challenge (through an EAP-Request/MD5 Challenge packet) to the supplicant. Then the supplicant encrypts the password with the offered challenge.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches 1) Chapter 1 802.1x Configuration When a user launches the 802.1x client software and enters the registered username and password, the 802.1x client software generates an EAPOL-Start frame and sends it to the authenticator to initiate an authentication process. 2) Upon receiving the EAPOL-Start frame, the authenticator responds with an EAP-Request/Identity packet for the username of the supplicant.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: In EAP relay mode, a supplicant must use the same authentication method as that of the RADIUS server, no matter whichever of the above mentioned authentication methods is used. On the device, however, you only need to execute the dot1x authentication-method eap command to enable EAP relay. II.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Different from the authentication process in EAP relay mode, it is the authenticator that generates the random challenge for encrypting the user password information in EAP termination authentication process. Consequently, the authenticator sends the challenge together with the username and encrypted password information from the supplicant to the RADIUS server for authentication. 1.1.6 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration user goes offline, all other users get offline at the same time. With the macbased method, each user of a port must be authenticated separately, and when an authenticated user goes offline, no other users are affected. Note: After an 802.1x supplicant passes authentication, the authentication server sends authorization information to the authenticator.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: z With a Hybrid port, the VLAN assigning will fail if you have configured the assigned VLAN to carry tags. z With a Hybrid port, you cannot configure an assigned VLAN to carry tags after the VLAN has been assigned. II. Guest VLAN Guest VLAN allows unauthenticated users to access some special resources.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration 1.2 Configuring 802.1x 1.2.1 Configuration Prerequisites 802.1x provides a user identity authentication scheme. However, 802.1x cannot implement the authentication scheme solely by itself. RADIUS or local authentication must be configured to work with 802.1x. z Configure the ISP domain to which the 802.1x user belongs and the AAA scheme to be used (that is, local authentication or RADIUS).
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches To do… Set the maximum number of attempts to send an authentication request to a supplicant Chapter 1 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.3 Configuring 802.1x for a Port I. Enabling 802.1x for a port Follow these steps to enable 802.1x for a port: To do… Enter system view Enable 802.1x for one or more ports In system view In Ethernet interface view Use the command… Remarks system-view — dot1x interface interface-list Required Use either approach.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches z Chapter 1 802.1x Configuration The 802.1x proxy detection function depends on the online user handshake function. Be sure to enable handshake before enabling proxy detection and to disable proxy detection before disabling handshake. z You can neither add an 802.1x-enabled port into an aggregation group nor enable 802.1x on a port being a member of an aggregation group. z Once enabled with the 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: z You can specify a tagged VLAN as the guest VLAN for a Hybrid port, but the guest VLAN does not take effect. Similarly, if a guest VLAN for a Hybrid port is in operation, you cannot configure the guest VLAN to carry tags. z Configurations in system view are effective to all ports while configurations in interface view are effective to the current port only.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration authentication when no response from the RADIUS server is received. If the RADIUS accounting fails, the authenticator gets users offline. z A server group with two RADIUS servers is connected to the switch. The IP addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration # Add local access user localuser, enable the idle cut function, and set the idle cut interval. system-view [Sysname] local-user localuser [Sysname-luser-localuser] service-type lan-access [Sysname-luser-localuser] password simple localpass [Sysname-luser-localuser] attribute idle-cut 20 [Sysname-luser-localuser] quit # Create RADIUS scheme radius1 and enter its view.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration # Set radius1 as the RADIUS scheme for users of the domain and specify to use local authentication as the secondary scheme. [Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local [Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local [Sysname-isp-aabbcc.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Update server Authenticator server VLAN 10 Eth2/0/4 VLAN 5 Eth2/0/1 VLAN 2 Eth2/0/3 VLAN 5 Eth2/0/2 Switch Internet Supplicant VLAN 5 Figure 1-13 Network diagram when the supplicant passes authentication III. Configuration procedure # Configure RADIUS scheme 2000. system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.11.1.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration [Sysname-Ethernet2/0/1] dot1x port-method portbased # Set the port access control mode to auto. [Sysname-Ethernet2/0/1] dot1x port-control auto [Sysname-Ethernet2/0/1] quit # Create VLAN 10. [Sysname] vlan 10 [Sysname-vlan10] quit # Specify port Ethernet 2/0/1 to use VLAN 10 as its guest VLAN.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. Network diagram Figure 1-14 Network diagram for ACL assigning III. Configuration procedure # Configure the IP addresses of the interfaces. (Omitted) # Configure the RADIUS scheme. system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration After completing the above configurations, you can use the ping command to verify whether the ACL 3000 assigned by the RADIUS server functions. [Sysname] ping 10.0.0.1 PING 10.0.0.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.0.0.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration Chapter 2 EAD Fast Deployment Configuration When configuring EAD fast deployment, go to these sections for information you are interested in: z EAD Fast Deployment Overview z Configuring EAD Fast Deployment z Displaying and Maintaining EAD Fast Deployment z EAD Fast Deployment Configuration Example z Troubleshooting EAD Fast Deployment 2.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration 2.2.2 Configuration Procedure I. Configuring a freely accessible network segment A freely accessible network segment, also called a free IP, is a network segment that users can access before passing 802.1x authentication. Once a free IP is configured, the fast deployment of EAD is enabled.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration III. Setting the EAD rule timeout time With the EAD fast deployment function, a user is authorized by an EAD rule (generally an ACL rule) to access the freely accessible network segment before passing authentication. After successful authentication, the occupied ACL will be released.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration II. Network diagram Internet Free IP: Eth2/0/1 WEB server 192.168.1.3/24 192.168.1.0/24 192.168.1.1/24 Host 192.168.1.10/24 Switch Figure 2-1 Network diagram for EAD fast deployment III. Configuration procedure 1) Configure the WEB server Before using the EAD fast deployment function, you need to configure the WEB server to provide the download service of 802.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.1.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Chapter 3 MAC Authentication Configuration When configuring MAC authentication, go to these sections for information you are interested in: z MAC Authentication Overview z Related Concepts z Configuring MAC Authentication z Displaying and Maintaining MAC Authentication z MAC Authentication Configuration Examples z ACL Assigning Configuration Example 3.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration If the authentication succeeds, the user will be granted permission to access the network resources. 3.1.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Caution: If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the quiet function is not effective. 3.2.3 VLAN Assigning For separation of users from restricted network resources, a more general way is to put the users and restricted resources into different VLANs.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Caution: For local authentication: z The type of username and password of a local user must be consistent with that used for MAC authentication. z All the letters in the MAC address to be used as the username and password of a local user must be in lower case. z The service type of the local user must be configured as lan-access. 3.3.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches To do… Configure the username and password for MAC authentication Chapter 3 MAC Authentication Configuration Use the command… mac-authentication user-name-format { fixed [ account name ] [ password { cipher | simple } password ] | mac-address [ with-hyphen | without-hyphen ] } Remarks Optional By default, the user’s source MAC address serves as the username and password, and the MAC address does not contain hyphen “-“.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches z Chapter 3 MAC Authentication Configuration A local user uses aaa as the username and 123456 as the password for authentication. z Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes. II. Network Diagram Figure 3-1 Network diagram for local MAC authentication III. Configuration Procedure 1) Configure MAC authentication on the switch. # Add a local user.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration User name format is fixed account Fixed username:aaa Fixed password:123456 Offline detect period is 180s Quiet period is 60s. Server response timeout value is 100s The max allowed user number is 1024 per slot Current user number amounts to 1 Current domain is aabbcc.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration # Configure a RADIUS scheme. system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Silent Mac User info: MAC ADDR From Port Port Index GigabitEthernet2/0/1 is link-up MAC address authentication is Enabled Authenticate success: 1, failed: 0 Current online user number is 1 MAC ADDR Authenticate state 00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS AuthIndex 29 3.5.3 ACL Assigning Configuration Example I.
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration [Sysname-radius-2000] key accounting abc [Sysname-radius-2000] user-name-format without-domain [Sysname-radius-2000] quit # Create an ISP domain and specify the AAA schemes.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA/RADIUS/HWTACACS Configuration ................................................................. 1-1 1.1 AAA/RADIUS/HWTACACS Overview ............................................................................... 1-1 1.1.1 Introduction to AAA ................................................................................................. 1-1 1.1.2 Introduction to RADIUS............
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Table of Contents 1.6.2 Displaying and Maintaining RADIUS..................................................................... 1-38 1.6.3 Displaying and Maintaining HWTACACS ............................................................. 1-38 1.7 AAA/RADIUS/HWTACACS Configuration Examples ...................................................... 1-39 1.7.1 AAA for Telnet Users by a HWTACACS Server .......................................
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Chapter 1 AAA/RADIUS/HWTACACS Configuration When configuring AAA/RADIUS/HWTACACS, go to these sections for information you are interested in: z AAA/RADIUS/HWTACACS Overview z AAA/RADIUS/HWTACACS Configuration Task List z Configuring AAA z Configuring RADIUS z Configuring HWTACACS z Displaying and Maintaining AAA/RADIUS/HWTACACS z AAA/RADIUS/HWTACACS Configuration Examples z
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Internet User NAS RADIUS server HWTACACS server Figure 1-1 AAA networking diagram When a user tries to establish a connection to the NAS and obtain the rights to access other networks or some network resources, the NAS authenticates the user or the corresponding connection.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration AAA can be implemented through multiple protocols. Currently, the device supports using RADIUS and HWTACACS for AAA, and RADIUS is often used in practice. 1.1.2 Introduction to RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol in the client/server model.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration II. Security authentication mechanism Information exchanged between the RADIUS client and the RADIUS server is authenticated with a shared key, which is never transmitted over the network, thus enhancing the security of information exchange. To prevent user passwords from being intercepted in non-secure networks, the passwords are encrypted during transmission.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches 3) Chapter 1 AAA/RADIUS/HWTACACS Configuration The RADIUS server authenticates the username and password. If the authentication succeeds, it sends back an Access-Accept message containing the information of user’s right. If the authentication fails, it returns an Access-Reject message. 4) The RADIUS client accepts or denies the user according to the returned authentication result.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Table 1-1 Main values of the Code field Code Packet type Description Access-Request From the client to the server. A packet of this type carries user information for the server to authenticate the user. It must contain the User-Name attribute and can optionally contain the attributes of NAS-IP-Address, User-Password, and NAS-Port. Access-Accept From the server to the client.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Value: Value of the attribute, up to 253 bytes. Its format and content depend on the z Type and Length fields. Table 1-2 RADIUS attributes No. Attribute type No.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches No. Chapter 1 AAA/RADIUS/HWTACACS Configuration Attribute type No.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Figure 1-5 Segment of a RADIUS packet containing an extended attribute 1.1.3 Introduction to HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492). Similar to RADIUS, it uses the server/client model for information exchange between NAS and HWTACACS server.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration II. Basic message exchange process of HWTACACS The following takes Telnet user as an example to describe how HWTACACS performs user authentication, authorization, and accounting. Figure 1-6 illustrates the basic message exchange process of HWTACACS. Figure 1-6 Basic message exchange process of HWTACACS for a Telnet user 1) A Telnet user applies to access the NAS.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches 4) Chapter 1 AAA/RADIUS/HWTACACS Configuration Upon receiving the request, the HWTACACS client asks the user for the username. 5) The user enters the username. 6) After receiving the username from the user, the HWTACACS client sends to the server a continue-authentication packet carrying the username. 7) The HWTACACS server sends back an authentication response, requesting the login password.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.2 AAA/RADIUS/HWTACACS Configuration Task List I. AAA configuration task list Task Remarks Creating an ISP Domain Required Configuring ISP Domain Attributes Optional Required Configuring an AAA Authentication Scheme for an ISP Domain For local authentication, refer to Configuring Local User Attributes. For RADIUS authentication, refer to Configuring RADIUS.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Task Remarks Specifying Security Policy Servers Optional Enabling the Listening Port of the RADIUS Client Optional III.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.3.2 Creating an ISP Domain For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains can be configured on a NAS. If a user does not provide the ISP domain name, the system considers that the user belongs to the default ISP domain.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Specify the maximum number of users in the ISP domain access-limit { disable | enable max-user-number } Optional Configure the idle cut function idle-cut { disable | enable minute } Optional Enable the self-service server localization function and specify the URL of the self-service server for changing user password self-service-url { disable | en
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Enter system view system-view — Create an ISP domain and enter ISP domain view domain isp-name Required Specify the default authentication scheme for all types of users authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] | Specify the authentication scheme for LAN acc
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.3.5 Configuring an AAA Authorization Scheme for an ISP Domain In AAA, authorization is a separate process at the same level as authentication and accounting. Its responsibility is to send authorization requests to the specified authorization server and to send authorization information to users authorized. Authorization scheme configuration is optional in AAA configuration.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration To do… Use the command… Specify the authorization scheme for LAN access users authorization lan-access { local | none | radius-scheme radius-scheme-name [ local ] } Specify the authorization scheme for login users authorization login { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } Specify the authorization scheme for Por
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration specified accounting server. Accounting is not required, and therefore accounting scheme configuration is optional. If you do not perform any accounting configuration, the system-default domain uses the local accounting scheme.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z With the accounting optional command configured, a user that will be disconnected otherwise can use the network resources even when there is no available accounting server or the communication with the current accounting server fails.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Optional Place the local user to the state of active or blocked LAN access, Telnet, terminal, SSH services state { active | block } service-type { lan-access | { ssh | telnet | terminal } * [ level level ] } When created, a local user is in the state of active by default, and the user can request network services.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z With the local-user password-display-mode cipher-force command configured, a local user password is always displayed in cipher text, regardless of the configuration of the password command.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Enter system view system-view — Required Tear down AAA user connections forcibly cut connection { access-type { dot1x | mac-authentication | portal } | all | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name user-name | vlan vlan-id } [ slot slot-number ] Applies to only
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.4.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Specify the primary RADIUS accounting server primary accounting ip-address [ port-number ] Specify the secondary RADIUS accounting server secondary accounting ip-address [ port-number ] Enable the device to buffer stop-accounting requests getting no responses stop-accounting-buffer enable Optional Set the maximum number of stop-accounting request
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.4.4 Setting the Shared Key for RADIUS Packets The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between them and a shared key to verify the packets. Only when the same key is used can they properly receive the packets and make responses.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75. z Refer to the timer response-timeout command in the command manual for configuring RADIUS server response timeout period. 1.4.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches z Chapter 1 AAA/RADIUS/HWTACACS Configuration If the secondary server fails, the device restores the status of the primary server to active immediately. If the primary server has resumed, the device turns to use the primary server and stops communicating with the secondary server. After accounting starts, the communication between the client and the secondary server remains unchanged.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Enter system view system-view Enable the RADIUS trap function radius trap { accounting-server-do wn | authentication-server-d own } Create a RADIUS scheme and enter RADIUS scheme view radius scheme radius-scheme-name Specify the format of the username to be sent to a RADIUS server user-name-format { with-domain | without-domain } Specify the unit for data
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z Some earlier RADIUS servers cannot recognize usernames that contain an ISP domain name, therefore before sending a username including a domain name to such a RADIUS server, the device must remove the domain name. This command is thus provided for you to decide whether to include a domain name in a username to be sent to a RADIUS server.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Enter system view system-view — Create a RADIUS scheme and enter RADIUS scheme view radius scheme radius-scheme-name Required Set the RADIUS server response timeout timer timer response-timeout seconds Optional Set the quiet timer for the primary server timer quiet minutes Set the real-time accounting interval timer realtime-accounting minute
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z If more than one interface of the device is enabled with Portal, the interfaces may use different security policy servers. You can specify up to eight security policy servers for a RADIUS scheme. z If the RADIUS server and the security policy server reside on the same physical device, you do not need to configure the IP address of the security policy server.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.5.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z It is recommended to specify only the primary HWTACACS authorization server if backup is not required. z The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the configuration fails. z You can remove an authorization server only when no active TCP connection for sending authorization packets is using it. 1.5.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: z It is recommended to specify only the primary HWTACACS accounting server if backup is not required. z The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the configuration fails. z You can remove an accounting server only when no active TCP connection for sending accounting packets is using it.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Remarks Optional Specify the format of the username to be sent to a HWTACACS server user-name-format { with-domain | without-domain } Optional Specify the unit for data flows or packets to be sent to a HWTACACS server data-flow-format { data { byte | giga-byte | kilo-byte | mega-byte } | packet { giga-packet | kilo-packet | mega-packet | one-packet } }* nas
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches To do… Chapter 1 AAA/RADIUS/HWTACACS Configuration Use the command… Set the quiet timer for the primary server timer quiet minutes Set the real-time accounting interval timer realtime-accounting minutes Remarks Optional 5 minutes by default Optional 12 minutes by default Note: z For real-time accounting, a NAS must transmit the accounting information of online users to the HWTACACS accounting server periodically.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.6.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration 1.7 AAA/RADIUS/HWTACACS Configuration Examples 1.7.1 AAA for Telnet Users by a HWTACACS Server I. Network requirements As shown in Figure 1-7, configure the switch to use the HWTACACS server to provide authentication, authorization, and accounting services to login users. The HWTACACS server is used for authentication, authentication, and accounting. Its IP address is 10.1.1.1.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration [Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49 [Switch-hwtacacs-hwtac] key authentication expert [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] key accounting expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Apply the AAA schemes to the domain.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Note: Configuration of separate AAA for other types of users is similar to that given in this example. The only difference lies in the access type. II. Network diagram Figure 1-8 Configure AAA by separate servers for Telnet users III. Configuration procedure # Configure the IP addresses of various interfaces (omitted). # Enable the Telnet server on the switch.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration [Switch-radius-rd] quit # Create local user named telnet. [Switch] local-user hello [Switch-luser-hello] service-type telnet [Switch-luser-hello] password simple hello [Switch-luser-hello] quit # Configure the AAA schemes of the ISP domain.
Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Chapter 1 AAA/RADIUS/HWTACACS Configuration Symptom2: RADIUS packets cannot reach the RADIUS server. Analysis: 1) The communication link between the NAS and the RADIUS server is down (at the physical layer and data link layer). 2) The NAS is not configured with the IP address of the RADIUS server. 3) The UDP ports for authentication/authorization and accounting are not correct.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Portal Configuration .................................................................................................... 1-1 1.1 Portal Overview.................................................................................................................. 1-1 1.1.1 Introduction to Portal ............................................................................................... 1-1 1.1.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Chapter 1 Portal Configuration When configuring portal, go to these sections for information you are interested in: z Portal Overview z Portal Configuration Task List z Displaying and Maintaining Portal z Portal Configuration Examples z Troubleshooting Portal 1.
Operation Manual – Portal H3C S7500E Series Ethernet Switches z Chapter 1 Portal Configuration Security authentication mechanism: The security authentication mechanism works after the identity authentication process to check that the required anti-virus software, virus definition updates and OS patches are installed, and no unauthorized software is installed on the terminal of a user.
Operation Manual – Portal H3C S7500E Series Ethernet Switches z During authentication, Chapter 1 Portal Configuration interacting with the portal server, the authentication/accounting server, and the security policy server for identity authentication, security authentication and accounting. z After authentication, allowing users to access the authorized Internet resources. III.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Caution: z Because a portal client uses an IP address as its ID, ensure that there is no Network Address Translation (NAT) device between the authentication client, access device, portal server, and authentication/accounting server when deploying portal authentication. This is to avoid authentication failure due to NAT operations.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration From this point of view, the difference between these two authentication modes lies in whether or not a Layer 3 forwarding device can be present between the authentication client and the access device. The former supports Layer 3 forwarding devices, while the latter does not. z User identifier In Layer 3 authentication mode, a client is uniquely identified by an IP address.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration the portal server or predefined free websites to pass, but redirects those destined for other websites to the portal server. The portal server provides a web page for the user to enter the username and password. 2) The portal server and the access device exchange Challenge Handshake Authentication Protocol (CHAP) messages. For Password Authentication Protocol (PAP) authentication, this step is skipped.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration For portal authentication, the re-DHCP authentication process is as follows: Step 1 through step 6 are the same as those in the direct authentication/Layer 3 portal authentication process. 1) After receiving an authentication acknowledgment message, the authentication client obtains a new public IP address through DHCP and notifies the portal server that it has obtained a public IP address.
Operation Manual – Portal H3C S7500E Series Ethernet Switches z Chapter 1 Portal Configuration The portal-enabled interfaces of the access device are configured with valid IP addresses or have obtained valid IP addresses through DHCP. z The portal server and the RADIUS server have been installed and configured properly. z With re-DHCP authentication, the invalid IP address check function of DHCP relay is enabled on the access device, and the DHCP server is installed and configured properly.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Caution: z The destination port number that the device uses for sending packets to the portal server unsolicitedly must be the same as that the remote portal server actually uses. z The portal server parameters are modifiable.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Note: z If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN. z You cannot configure two or more portal-free rules with the same filtering conditions. Otherwise, the system prompts that the rule already exists. 1.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration To do… Use the command… Remarks Enter system view system-view — Log out users portal delete-user { ip-address | all | interface interface-type interface-number } Required 1.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration 1.8 Portal Configuration Examples 1.8.1 Example for Configuring Direct Portal Authentication I. Network requirements z The switch is configured for direct authentication. Before portal authentication, users can access only the portal server. After passing portal authentication, they can access external networks. z A RADIUS server serves as the authentication/accounting server. II.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch-radius-rs1] primary accounting 192.168.0.112 [Switch-radius-rs1] key authentication radius [Switch-radius-rs1] key accounting radius # Specify that the ISP domain name should not be included in the username sent to the RADIUS server. [Switch-radius-rs1] user-name-format without-domain [Switch-radius-rs1] quit 2) Configure an authentication domain # Create an ISP domain named dm1 and enter its view.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration 1.8.2 Example for Configuring Re-DHCP Portal Authentication I. Network requirements z The switch is configured for re-DHCP authentication. Users obtain IP addresses through the DHCP server. Before portal authentication, they get private IP addresses. After passing portal authentication, they get public IP addresses and then can access the Internet.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration III. Configuration procedure Note: z For re-DHCP authentication, you need to configure a public address pool (20.20.20.0/24, in this example) and a private address pool (10.0.0.0/24, in this example) on the DHCP server. The configuration steps are omitted. For DHCP configuration information, refer to DHCP Configuration in this manual.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch–Vlan-interface100] portal server newpt method redhcp [Switch–Vlan-interface100] quit # Configure the IP address of the interface connected with the portal server. [Switch] interface vlan-interface 2 [Switch–Vlan-interface2] ip address 192.168.0.100 255.255.255.0 [Switch–Vlan-interface2] quit 1.8.3 Example for Configuring Layer 3 Portal Authentication I.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration # Configure the portal server as follows: z Name: newpt z IP address: 192.168.0.111 z Key: portal z Port number: 50100 z URL: http://192.168.0.111/portal. system-view [SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url http://192.168.0.111/portal # Enable portal authentication on the interface connecting Switch B.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration II. Network diagram Portal server 192.168.0.111/24 Vlan-int100 2.2.2.1/24 Host 2.2.2.2/24 Gateway : 2.2.2.1/24 Vlan-int2 192.168.0.100/24 RADIUS server Switch 192.168.0.112/24 Security policy server 192.168.0.113/24 Figure 1-7 Configure direct EAD-supported portal authentication III.
Operation Manual – Portal H3C S7500E Series Ethernet Switches 2) Chapter 1 Portal Configuration Configure an authentication domain # Create an ISP domain named dm1 and enter its view. [Switch] domain dm1 # Configure the ISP domain to use RADIUS scheme rs1.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch] quit # Configure the IP address of the interface connected with the portal server. [Switch] interface vlan-interface 2 [Switch–Vlan-interface2] ip address 192.168.0.100 255.255.255.0 1.9 Troubleshooting Portal 1.9.1 Inconsistent Keys on the Access Device and the Portal Server I.
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration When the user uses the disconnect attribute on the client to log out, the portal server actively sends a REQ_LOGOUT message to the access device.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................................................................................................... 1-1 1.1 ARP Overview.................................................................................................................... 1-1 1.1.1 ARP Function .......................................................................................................... 1-1 1.1.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration When configuring ARP, go to these sections for information you are interested in: z ARP Overview z Configuring ARP z Configuring Gratuitous ARP z Configuring ARP Source Suppression z Configuring ARP Defense Against IP Packet Attack z Displaying and Maintaining ARP 1.1 ARP Overview 1.1.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration 1.1.2 ARP Message Format Figure 1-1 ARP message format The following explains the fields in Figure 1-1. z Hardware type: This field specifies the hardware address type. The value “1” represents Ethernet. z Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value “0x0800” represents IP.
Operation Manual – ARP H3C S7500E Series Ethernet Switches 2) Chapter 1 ARP Configuration If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the source IP address and source MAC address are respectively the IP address and MAC address of Host A and the destination IP address and MAC address are respectively the IP address of Host B and an all-zero MAC address.
Operation Manual – ARP H3C S7500E Series Ethernet Switches 1) Chapter 1 ARP Configuration A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the port goes down, the corresponding dynamic ARP entry will be removed. 2) A static ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry.
Operation Manual – ARP H3C S7500E Series Ethernet Switches To do… Configure a non-permanent static ARP entry Chapter 1 ARP Configuration Use the command… Remarks Required arp static ip-address mac-address No non-permanent static ARP entry is configured by default. Caution: The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the Ethernet port following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN. 1.2.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration 1.2.4 Enabling the Support for ARP Requests from a Natural Network When learning MAC addresses, if the device finds that the source IP address of an ARP packet and the IP address of the inbound interface are not on the same subnet, the device will further judge whether these two IP addresses are on the same natural network. Suppose that the IP address of VLAN-interface 10 is 10.10.10.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration [Sysname-vlan-interface10] quit [Sysname] arp static 192.168.1.1 000f-e201-0000 10 gigabitethernet2/0/10 1.3 Configuring Gratuitous ARP 1.3.
Operation Manual – ARP H3C S7500E Series Ethernet Switches z Chapter 1 ARP Configuration The device sends large amounts of ARP request messages to the destination subnet, which increases the load of the destination subnet. z The device continuously resolves destination IP addresses, which increase the load of the CPU. To protect the device against this kind of attack, you can enable the ARP source suppression function.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration above process. This protects the device against the IP packet attack efficiently, reducing the load of the CPU. 1.5.2 Enabling ARP Defense Against IP Packet Attack The ARP defense against IP packet attack function works for forwarded packets and those originated by the device.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration Chapter 2 Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: z Proxy ARP Overview z Enabling Proxy ARP z Displaying and Maintaining Proxy ARP 2.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration 2.3 Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is enabled display proxy-arp [ interface Vlan-interface vlan-id ] Available in any view Display whether local proxy ARP is enabled display local-proxy-arp [ interface Vlan-interface vlan-id ] Available in any view 2.4 Proxy ARP Configuration Examples 2.4.1 Proxy ARP Configuration Example I.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [Switch] vlan 2 [Switch-vlan2] quit [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit 2.4.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [SwitchB-vlan2] port gigabitethernet 2/0/1 [SwitchB-vlan2] port gigabitethernet 2/0/2 [SwitchB-vlan2] port gigabitethernet 2/0/3 [SwitchB-vlan2] quit [SwitchB] interface gigabitethernet 2/0/2 [SwitchB-GigabitEthernet2/0/2] port-isolate enable [SwitchB-GigabitEthernet2/0/2] quit [SwitchB] interface gigabitethernet 2/0/3 [SwitchB-GigabitEthernet2/0/3] port-isolate enable [SwitchB-GigabitEthernet2/0/3] quit 2) Conf
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration II. Network diagram Figure 2-3 Network diagram for local proxy ARP configuration in isolate-user-vlan III. Configuration procedure 1) Configure the Switch B # Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet2/0/2 to VLAN 2, GigabitEthernet 2/0/3 to VLAN 3, and GigabitEthernet 2/0/1 to VLAN 5. Configure VLAN 5 as the isolate-user-vlan, and VLAN 2 and VLAN 3 as secondary VLANs.
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [SwitchA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0 Ping Host B on Host A to verify that the two hosts are not reachable to each other, which indicates they are isolated at Layer 2. # Configure local proxy ARP to implement communication between VLAN 2 and VLAN 3.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP Overview............................................................................................................ 1-1 1.1 Introduction to DHCP......................................................................................................... 1-1 1.2 DHCP Address Allocation.................................................................................................. 1-2 1.2.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Table of Contents 2.8 Displaying and Maintaining the DHCP Server................................................................. 2-17 2.9 DHCP Server Configuration Examples............................................................................ 2-17 2.10 Troubleshooting DHCP Server Configuration................................................................ 2-19 Chapter 3 DHCP Relay Agent Configuration ......................................
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Chapter 1 DHCP Overview When configuring ARP, go to these sections for information you are interested in: z Introduction to DHCP z DHCP Address Allocation z DHCP Message Format z DHCP Options z Protocols and Standards 1.1 Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Note: When residing in a different subnet from the DHCP server, the DHCP client can get the IP address and other configuration parameters from the server via a DHCP relay agent. For information about the DHCP relay agent, refer to Introduction to DHCP Relay Agent. 1.2 DHCP Address Allocation 1.2.1 Allocation Mechanisms DHCP supports three mechanisms for IP address allocation.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches 3) Chapter 1 DHCP Overview If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Figure 1-3 DHCP message format z op: Message type defined in option field. 1 = REQUEST, 2 = REPLY z htype,hlen: Hardware address type and length of a DHCP client. z hops: Number of relay agents a request message traveled. z xid: Transaction ID, a random number chosen by the client to identify an IP address allocation.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview 1.4 DHCP Options 1.4.1 DHCP Options Overview The DHCP message adopts the same format as the Bootstrap Protocol (BOOTP) message for compatibility, but differs from it in the option field, which identifies new features for DHCP.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview I. Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent receives a client’s request, it adds Option 82 to the request message and sends it to the server. The administrator can locate the DHCP client to further implement security control and accounting.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Figure 1-7 Sub-option 1 in verbose padding format Note: In the above figure, except that the VLAN ID field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable. z sub-option 2: Padded with the MAC address of the interface that received the client’s request. It has the same format as that in normal padding format, as shown in Figure 1-6. II.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview 1.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: z Introduction to DHCP Server z DHCP Server Configuration Task List z Enabling DHCP z Enabling the DHCP Server on an Interface z Configuring an Address Pool for the DHCP Server z Configuring the DHCP Server Security Functions z Configuring the Handling Mode for Option 82
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.1.2 DHCP Address Pool I. Address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The address pool database is organized as a tree.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration For example, two address pools are configured on the DHCP server. The ranges of IP addresses that can be dynamically assigned are 1.1.1.0/24 and 1.1.1.0/25 respectively. If the IP address of the interface receiving DHCP requests is 1.1.1.1/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/25 address pool. If no IP address is available in the 1.1.1.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Follow these steps to enable DHCP: To do… Use the command… Enter system view system-view Enable DHCP dhcp enable Remarks — Required Disabled by default. 2.4 Enabling the DHCP Server on an Interface With the DHCP server enabled on an interface, upon receiving a client’s request, the DHCP server will assign an IP address from its address pool to the DHCP client.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5 Configuring an Address Pool for the DHCP Server 2.5.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5.3 Configuring an Address Allocation Mode Caution: You can configure either the static binding or dynamic address allocation for an address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address. I.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Note: z Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration. z In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches To do… Chapter 2 DHCP Server Configuration Use the command… Remarks Optional Exclude IP addresses from automatic allocation dhcp server forbidden-ip low-ip-address [ high-ip-address ] Except IP addresses of the DHCP server interfaces, all addresses in the DHCP address pool are assignable by default. Note: z In DHCP address pool view, using the network command repeatedly overwrites the previous configuration.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches To do… Chapter 2 DHCP Server Configuration Use the command… Remarks Enter system view system-view — Enter DHCP address pool view dhcp server ip-pool pool-name — Specify DNS servers for the client dns-list ip-address&<1-8> Required Not specified by default. 2.5.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Specify the NetBIOS node type Use the command… netbios-type { b-node | h-node | m-node | p-node } Remarks Required Not specified by default. Note: If b-node is specified for the client, you need to specify no WINS server address. 2.5.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches To do… Specify gateways Chapter 2 DHCP Server Configuration Use the command… gateway-list ip-address&<1-8> Remarks Required No gateway is specified by default. 2.5.9 Configuring Option 184 Parameters for the Client with Voice Service To assign voice calling parameters along with an IP address to DHCP clients with voice service, you need to configure Option 184 on the DHCP server. For information about Option 184, refer to Option 184.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5.10 Configuring the TFTP Server and Bootfile Name for the Client This task is to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool. The DHCP clients use these parameters to contact the TFTP server, requesting the configuration file used for system initialization, which is called auto-configuration.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Specify the bootfile name Remarks Optional bootfile-name bootfile-name Not specified by default. 2.5.11 Configuring Self-Defined DHCP Options By configuring self-defined DHCP options, you can Define new DHCP options. New configuration options will come out with DHCP z development. To support these new options, you can add them into the attribute list of the DHCP server.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Option Chapter 2 DHCP Server Configuration Option name Corresponding command Command parameter 58 Renewal (T1) Time Value expired hex 59 Rebinding (T2) Time Value expired hex 66 TFTP server name tftp-server ascii 67 Bootfile name bootfile-name ascii 43 Vendor Specific Information — hex Caution: z Be cautious when configuring self-defined DHCP options because such configuration may affect the DHCP operation process.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches To do… Chapter 2 DHCP Server Configuration Use the command… Enter system view system-view Enable unauthorized DHCP server detection dhcp server detect Remarks — Required Disabled by default. Note: With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server. The administrator needs to find unauthorized DHCP servers from the log information. 2.6.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration If the server is configured to ignore Option 82, it will assign an IP address to the client without adding Option 82 in the response message. I. Configuration prerequisites Before performing this configuration, complete the following configuration on the DHCP server: z Enable DHCP z Configure the DHCP address pool II.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration The DHCP server configuration for the two types is the same. I. Network requirements z The DHCP server (Switch A) assigns IP address to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25. z The IP addresses of VLAN-interfaces 1 and 2 on Switch A are 10.1.1.1/25 and 10.1.1.129/25 respectively. z In the address pool 10.1.1.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Configure the DHCP server # Enable DHCP. system-view [SwitchA] dhcp enable # Exclude IP addresses (addresses of the DNS server, WINS server and gateways). [SwitchA] dhcp server forbidden-ip 10.1.1.2 [SwitchA] dhcp server forbidden-ip 10.1.1.4 [SwitchA] dhcp server forbidden-ip 10.1.1.126 [SwitchA] dhcp server forbidden-ip 10.1.1.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration III. Solution 1) Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address. 2) If a ping response is received, the IP address has been manually configured on the host. Execute the dhcp server forbidden-ip command on the DHCP server to exclude the IP address from dynamic allocation.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Chapter 3 DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: z Introduction to DHCP Relay Agent z Configuration Task List z Configuring the DHCP Relay Agent z Displaying and Maintaining DHCP Relay Agent Configuration z DHCP Relay Agent Configuration Example z Troubleshooting DHCP Relay Agent Configuration Note: z Th
Operation Manual – DHCP H3C S7500E Series Ethernet Switches DHCP client Chapter 3 DHCP Relay Agent Configuration DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server Figure 3-1 DHCP relay agent application No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process). The following describes the forwarding process on the DHCP relay agent.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration If the DHCP relay agent supports Option 82, it will handle a client’s request according to the contents defined in Option 82, if any. The handling strategies are described in the table below. If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Follow these steps to enable DHCP: To do… Use the command… Enter system view system-view Enable DHCP dhcp enable Remarks — Required Disabled by default. 3.3.2 Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches To do… Chapter 3 DHCP Relay Agent Configuration Use the command… Remarks Enter system view system-view — Create a DHCP server group and add a server into the group dhcp relay server-group group-id ip ip-address Required Enter interface view interface interface-type interface-number — Correlate the DHCP server group with the current interface dhcp relay server-select group-id Not created by default.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Enter system view system-view — Configure the DHCP relay agent to send a DHCP-RELEASE request dhcp relay release ip client-ip Required 3.3.5 Configuring the DHCP Relay Agent Security Functions I. Creating static bindings and enable IP address check The DHCP relay agent can dynamically record clients’ IP-to-MAC bindings after clients get IP addresses.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Note: z The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration III. Enabling unauthorized DHCP servers detection There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP addresses.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Enable the relay agent to support Option 82 dhcp relay information enable Configure the handling strategy for requesting messages containing Option 82 dhcp relay information strategy { drop | keep | replace } Configure the padding format for Option 82 dhcp relay information format { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } Remar
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Display information about the configuration of a specified or all DHCP server groups display dhcp relay server-group { group-id | all } Available in any view Display packet statistics on relay agent display dhcp relay statistics [ server-group { group-id | all } ] Available in user view Clear packet statistics from relay agent reset dhcp relay statistics [ server-g
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration [SwitchA-Vlan-interface1] dhcp select relay [SwitchA-Vlan-interface1] quit # Configure DHCP server group 1 with the DHCP server 10.1.1.1, and correlate the DHCP server group 1 with VLAN-interface 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Chapter 4 DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: z Introduction to DHCP Client z Enabling the DHCP Client on an Interface z Displaying and Maintaining the DHCP Client z DHCP Client Configuration Example Note: z The DHCP client configuration is supported only on VLAN interfaces.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Note: z An interface can be configured to acquire an IP address in multiple ways, but these ways are exclusive. The latest configuration will overwrite the previous configuration. z After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Note: To implement the DHCP client-server model, you need to perform related configuration on the DHCP server. For details, refer to DHCP Server Configuration Examples.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Chapter 5 DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: z DHCP Snooping Overview z Configuring DHCP Snooping Basic Functions z Configuring DHCP Snooping to Support Option 82 z Displaying and Maintaining DHCP Snooping z DHCP Snooping Configuration Example Note: z DHCP Snooping supports no link aggregation.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration II. Ensuring DHCP clients to obtain IP addresses from valid DHCP servers If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP addresses. With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration ports, GE2/0/3 on Switch A, GE2/0/1 on Switch B, GE2/0/3 and GE2/0/4 on Switch C, which are not directly connected to DHCP clients, from recording client’s IP-to-MAC bindings.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches If a client’s requesting message has… Chapter 5 DHCP Snooping Configuration Handling strategy Padding format Drop Random Drop the message. Keep Random Forward the message without changing Option 82. normal Forward the message after replacing the original Option 82 with the Option 82 padded in normal format. verbose Forward the message after replacing the original Option 82 with the Option 82 padded in verbose format.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Note: z You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. z You are not recommended to configure both the DHCP snooping and selective Q-in-Q function on the switch, which may result in the DHCP snooping to function abnormally. 5.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Note: z To support Option 82, it is required to perform related configuration on both the DHCP server and the device enabled with DHCP Snooping. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. z If the handling strategy of the DHCP-Snooping-enabled device is configured as replace, you need to configure a padding format for Option 82.
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration II. Network diagram Figure 5-3 Network diagram for DHCP snooping configuration III. Configuration procedure # Enable DHCP snooping. system-view [SwitchB] dhcp-snooping # Specify GigabitEthernet 2/0/1 as trusted port.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Overview .............................................................................................................. 1-1 1.1 Introduction to ACL ............................................................................................................ 1-1 1.1.1 Introduction.............................................................................................................. 1-1 1.1.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Table of Contents 2.7 IPv4 ACL Configuration Example ...................................................................................... 2-9 2.7.1 Network Requirements............................................................................................ 2-9 2.7.2 Network Diagram................................................................................................... 2-10 2.7.3 Configuration Procedure ............................
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview Chapter 1 ACL Overview In order to filter traffic, network devices use sets of rules, called access control lists (ACLs), to identify and handle packets. When configuring ACLs, go to these chapters for information you are interested in: z ACL Overview z IPv4 ACL Configuration z IPv6 ACL Configuration Note: Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout this document. 1.
Operation Manual – ACL H3C S7500E Series Ethernet Switches z Chapter 1 ACL Overview Software-based application: An ACL is referenced by a piece of upper layer software. For example, an ACL can be referenced to configure login user control behavior, thus controlling Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software, actions to be taken on packets matching the ACL depend on those defined by the ACL rules.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview 1.2.2 IPv4 ACL Naming When creating an IPv4 ACL, you can specify a unique name for it. Afterwards, you can identify the ACL by its name. An IPv4 ACL can have only one name. Whether to specify a name for an ACL is up to you. After creating an ACL, you cannot specify a name for it, nor can you change or remove the name of the ACL. Note: The name of an IPv4 ACL must be unique among IPv4 ACLs.
Operation Manual – ACL H3C S7500E Series Ethernet Switches 2) Chapter 1 ACL Overview If two rules are present with VPN instances, look at the protocol range in addition. Then compare packets against the rule with the protocol carried on IP specified prior to the other. 3) If the protocol ranges are the same, look at source IP address wildcard. Then, compare packets against the rule configured with more zeros in the source IP address wildcard prior to the other.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview II. Benefits of using the step With the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers when defining them. The system will assign a newly defined rule a number that is the smallest multiple of the step bigger than the currently biggest number. For example, with a step of five, if the biggest number is currently 28, the newly defined rule will get a number of 30.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview Table 1-2 IPv6 ACL categories Category Basic IPv6 ACL Advanced IPv6 ACL ACL number Matching criteria 2000 to 2999 Source IPv6 address 3000 to 3999 Source IPv6 address, destination IPv6 address, protocol carried on IPv6, and other Layer 3 or Layer 4 protocol header fields 1.3.2 IPv6 ACL Naming When creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify the IPv6 ACL by its name.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview II. Depth-first match for an advanced IPv6 ACL The following shows how your switch performs depth-first match in an advanced IPv6 ACL: 1) Sort rules by protocol range first, and compare packets against the rule with the protocol carried on IPv6 specified prior to other rules. 2) If two rules are present with the same protocol range, look at source IPv6 address wildcard in addition.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Chapter 2 IPv4 ACL Configuration When configuring an IPv4 ACL, go to these sections for information you are interested in: z Creating a Time Range z Configuring a Basic IPv4 ACL z Configuring an Advanced IPv4 ACL z Configuring an Ethernet Frame Header ACL z Copying an IPv4 ACL z Displaying and Maintaining IPv4 ACLs z IPv4 ACL Configuration Example 2.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration may use the time-range test from 00:00 01/01/2004 to 23:59 12/31/2004 command. z Compound time range created using the time-range time-name start-time to end-time days { from time1 date1 [ to time2 date2 ] | to time2 date2 } command. A time range thus created recurs on the day or days of the week only within the specified period.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration 2.2.1 Configuration Prerequisites If you want to reference a time range to a rule, define it with the time-range command first. 2.2.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules. z The rule specified in the rule comment command must have existed. 2.2.3 Configuration Examples # Create IPv4 ACL 2000 to deny the packets with source address 1.1.1.1 to pass.
Operation Manual – ACL H3C S7500E Series Ethernet Switches To do… Enter system view Chapter 2 IPv4 ACL Configuration Use the command… system-view Remarks –– Required Create and enter advanced IPv4 ACL view acl number acl-number [ name acl-name ] [ match-order { auto | config } ] Create or modify a rule rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment | icmp-type { icmp-type icm
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules. z The rule specified in the rule comment command must have existed. 2.3.3 Configuration Examples # Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from 129.9.0.0 to 202.38.160.0 to pass.
Operation Manual – ACL H3C S7500E Series Ethernet Switches To do… Enter system view Chapter 2 IPv4 ACL Configuration Use the command… system-view Remarks –– Required Create and enter Ethernet frame header ACL view acl number acl-number [ name acl-name ] [ match-order { auto | config } ] Create or modify a rule rule [ rule-id ] { deny | permit } [ cos vlan-pri | dest-mac dest-addr dest-mask | lsap lsap-code lsap-wildcard | source-mac sour-addr source-mask | time-range time-name | type type-code type-
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules. z The rule specified in the rule comment command must have existed. 2.4.3 Configuration Examples # Create ACL 4000 to deny frames with the 802.1p priority of 3.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: z The source IPv4 ACL and the destination IPv4 ACL must be of the same type. z The generated ACL does not take the name of the source IPv4 ACL. 2.6 Displaying and Maintaining IPv4 ACLs To do...
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration 2.7.2 Network Diagram President`s office Salary query server 192.168.1.0/24 192.168.4.1 Eth2/0/1 Eth2/0/4 Eth2/0/2 Eth2/0/3 Switch R&D department 192.168.2.0/24 Marketing department 192.168.3.0/24 Figure 2-1 Network diagram for IPv4 ACL configuration 2.7.3 Configuration Procedure 1) Create a time range for office hours # Create a periodic time range spanning 8:00 to 18:00 in working days.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration # Configure traffic behavior b_rd to deny matching packets. [Switch] traffic behavior b_rd [Switch-behavior-b_rd] filter deny [Switch-behavior-b_rd] quit # Configure class c_market for packets matching IPv4 ACL 3001. [Switch] traffic classifier c_market [Switch-classifier-c_market] if-match acl 3001 [Switch-classifier-c_market] quit # Configure traffic behavior b_ market to deny matching packets.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration Chapter 3 IPv6 ACL Configuration When configuring IPv6 ACLs, go to these sections for information you are interested in: z Creating a Time Range z Configuring a Basic IPv6 ACL z Configuring an Advanced IPv6 ACL z Copying an IPv6 ACL z Displaying and Maintaining IPv6 ACLs z IPv6 ACL Configuration Example 3.1 Creating a Time Range Refer to section Creating a Time Range z 3.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Create or modify a rule rule [ rule-id ] { deny | permit } [ fragment | logging | source { ipv6-address prefix-length | ipv6-address/prefix-length | any } | time-range time-name ] * Set a rule numbering step step step-value Remarks Required To create multiple rules, repeat this step.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64 [Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96 # Verify the configuration. [Sysname-acl6-basic-2000] display acl ipv6 2000 Basic IPv6 ACL 2000, named -none-, 2 rules, ACL's step is 5 rule 0 permit source 2030:5060::9050/64 rule 5 deny source FE80:5060::8050/96 3.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Create or modify a rule rule [ rule-id ] { deny | permit } protocol [ destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmpv6-type { icmpv6-type icmpv6-code | icmpv6-message } | logging | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-name ]
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration 3.3.3 Configuration Examples # Create IPv6 ACL 3000 to permit the TCP packets with the source address 2030:5060::9050/64 to pass. system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64 # Verify the configuration.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration 3.
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration # Configure class c_rd for packets matching IPv6 ACL 2000. [Switch] traffic classifier c_rd [Switch-classifier-c_rd] if-match acl ipv6 2000 [Switch-classifier-c_rd] quit # Configure traffic behavior b_rd to deny matching packets. [Switch] traffic behavior b_rd [Switch-behavior-b_rd] filter deny [Switch-behavior-b_rd] quit # Configure QoS policy p_rd to use traffic behavior b_rd for class c_rd.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QoS Overview .............................................................................................................. 1-1 1.1 Introduction ........................................................................................................................ 1-1 1.2 Traditional Packet Forwarding Service .............................................................................. 1-1 1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Table of Contents 4.3.1 Configuration Procedure ......................................................................................... 4-3 4.3.2 Configuration Examples .......................................................................................... 4-4 4.4 Configuring a WRR Queue ................................................................................................ 4-4 4.4.1 Configuration Procedure ..........................
Operation Manual – QoS H3C S7500E Series Ethernet Switches Table of Contents 7.3.2 Network diagram ..................................................................................................... 7-6 7.3.3 Configuration procedure..........................................................................................
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 1 QoS Overview Chapter 1 QoS Overview 1.1 Introduction Quality of Service (QoS) is a concept generally existing in occasions where service supply-demand relations exist. QoS measures the ability to meet the service needs of customers. Generally, the evaluation is not to give precise grading.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 1 QoS Overview The new services have one thing in common: they all have special requirements for delivery performances such as bandwidth, delay, and delay jitter. For example, video conferencing and VOD require the guarantee of high bandwidth, low delay and low delay jitter.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 1 QoS Overview within a certain period of time is improperly controlled and the traffic goes beyond the assignable network resources. 1.4.2 Influence of Congestion Congestion may cause a series of negative influences: z Congestion increases delay and delay jitter in packet delivery. z Excessively high delay will cause retransmission of packets.
Operation Manual – QoS H3C S7500E Series Ethernet Switches z Chapter 1 QoS Overview Congestion management: Congestion management is necessary for solving resource competition. Congestion management is generally to cache packets in the queues and arrange the forwarding sequence of the packets based on a certain scheduling algorithm. z Congestion avoidance: Excessive congestion will impair the network resources. Congestion avoidance is to supervise the network resource usage.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration Chapter 2 Traffic Classification, TP, and LR Configuration When configuring traffic classification, TP, and LR, go to these section for information you are interested in: z Traffic Classification Overview z TP and LR Overview z Traffic Evaluation and the Token Bucket z LR Configuration z Displaying and Maintaining LR 2.1 Traffic Classification Overview 2.1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration scheduling is performed on the packets; when congestion get worse, congestion avoidance is performed on the packets. 2.1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration services with low delay, low packet loss ratio, low jitter, and assured bandwidth (such as virtual leased line); Assured forwarding (AF) class: This class is further divided into four subclasses z (AF1/2/3/4) and a subclass is further divided into three drop priorities, so the AF service level can be segmented.
Operation Manual – QoS H3C S7500E Series Ethernet Switches 2) Chapter 2 Traffic Classification, TP, and LR Configuration 802.1p priority 802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2. Figure 2-2 An Ethernet frame with an 802.1Q tag header As shown in the figure above, the 4-byte 802.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration The precedence is called 802.1p priority because the related applications of this precedence are defined in detail in the 802.1p specifications. 2.2 TP and LR Overview If the traffic from users is not limited, a large amount of continuous burst packets will result in worse network congestion.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration bucket is enough to forward the packets, the traffic is conforming to the specification; otherwise, the traffic is nonconforming or excess. When the token bucket evaluates the traffic, its parameter configurations include: z Average rate: The rate at which tokens are put into the bucket, namely, the permitted average rate of the traffic.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration z Forwarding conforming packets or non-conforming packets. z Dropping conforming or non-conforming packets. z Marking a conforming packet with a new 802.1p precedence value and forwarding the packet. Marking a conforming packet with a new IP precedence value and forwarding the z packet.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 2 Traffic Classification, TP, and LR Configuration 2.4.2 LR Configuration Examples Limit the outbound rate of Ethernet 2/0/1 to 640 kbps. # Enter system view system-view # Enter interface view [Sysname] interface Ethernet 2/0/1 # Configure LR parameter and limit the outbound rate to 640 kbps [Sysname-Ethernet2/0/1] qos lr outbound cir 640 2.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Chapter 3 QoS Policy Configuration When configuring QoS policy, go to these sections for information that you are interested in: z Overview z Configuring a QoS Policy z Displaying and Maintaining QoS Policies 3.1 Overview QoS policy includes the following three elements: class, traffic behavior and policy.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration 1) Define a class and define a group of traffic classification rules in class view. 2) Define a traffic behavior and define a group of QoS actions in traffic behavior view. 3) Define a policy and specify a traffic behavior corresponding to the class in policy view. 4) Apply the QoS policy in Ethernet port view/port group view. 3.2.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Table 3-1 The form of the match-criteria argument Form acl access-list-number Description Specifies an ACL to match packets. The access-list-number argument is in the range 2000 to 4999. In a class configured with the operator and, the logical relationship between rules defined in the referenced IPv4 ACL is or. Specifies an IPv6 ACL to match IPv6 packets.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Form service-vlan-id vlan-id-list Description Specifies to match the packets of the VLANs of the operator’s network. The vlan-id-list argument is a list of VLAN IDs, in the form of vlan-id to vlan-id or multiple discontinuous VLAN IDs (separated by space). You can specify up to eight VLAN IDs for this argument at a time. VLAN ID is in the range of 1 to 4094.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration I.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration To do… Use the command… Remark IP precedence for packets remark ip-precedence ip-precedence-value Remark local precedence for packets remark local-precedence local-precedence Remark the service provider network VLAN ID for packets remark service-vlan-id vlan-id-value Remarks II.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Note: In a QoS policy with multiple class-to-traffic-behavior associations, if the action of creating an outer VLAN tag, the action of setting customer network VLAN ID, or the action of setting service provider network VLAN ID is configured in a traffic behavior, we recommend you not to configure any other action in this traffic behavior. Otherwise, the QoS policy may not function as expected after it is applied.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration To do... Use the command... Remarks Enter system view system-view — Apply the QoS policy to the specified VLAN(s) qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } Required Note: z QoS policies cannot be applied to dynamic VLANs, for example, VLANs created by GVRP. z Do not apply a QoS policy to a VLAN and the ports in the VLAN at the same time.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Table 3-2 The support for the inbound direction and the outbound direction LPU type SC LPU SA LPU EA LPU Inbound Outbound Inbound Outbound Inbound Outbound Traffic account ing Supporte d Supported Supporte d Not supported Support ed Not supported TP Supporte d Supported Supporte d Not supported Support ed Not supported Traffic filtering Supporte d Supported Supporte d Not supported Su
Operation Manual – QoS H3C S7500E Series Ethernet Switches LPU type Chapter 3 QoS Policy Configuration SC LPU SA LPU EA LPU Inbound Outbound Inbound Outbound Inbound Outbound Remark ing the DSCP precede nce for packets Supporte d Supported Supporte d Not supported Support ed Not supported Remark ing the IP precede nce for packets Supporte d Supported Supporte d Not supported Support ed Not supported Remark ing the local precede nce for packets Supporte d Not supported Supporte d
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration Caution: To ensure that a QoS policy can be applied successfully, follow these guidelines when configuring a behavior for the policy: z The action of creating an outer VLAN tag cannot be configured with any other action at the same time except the traffic filtering action or the action of setting 802.1p precedence in the same traffic behavior.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 3 QoS Policy Configuration [Sysname] interface Ethernet 2/0/1 [Sysname-Ethernet2/0/1] qos apply policy test_policy inbound [Sysname-Ethernet2/0/1] quit # Apply the QoS policy to the inbound direction of the specified VLANs. [Sysname] qos vlan-policy test_policy vlan 200 300 400 500 600 700 800 900 inbound # Apply the QoS policy globally in the inbound direction. [Sysname] qos apply policy test_policy global inbound 3.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 4 Congestion Management Chapter 4 Congestion Management When configuring congestion management, go to these section for information that you are interested in: z Overview z Congestion Management Policy z Configuring an SP Queue z Configuring a WRR Queue z Configuring SP+WRR Queues z Displaying and Maintaining Congestion Management 4.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 4 Congestion Management Figure 4-1 Diagram for SP queuing SP queue-scheduling algorithm is specially designed for critical service applications. An important feature of critical services is that they demand preferential service in congestion in order to reduce the response delay.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 4 Congestion Management Figure 4-2 Diagram for WRR queuing A port of the switch supports eight outbound queues. The WRR queue-scheduling algorithm schedules all the queues in turn to ensure that every queue can be assigned a certain service time. Assume there are eight output queues on the port.
Operation Manual – QoS H3C S7500E Series Ethernet Switches To do… Enter system view Enter port view or port group view Chapter 4 Congestion Management Use the command… Remarks system-view — Enter port view interface interface-type interface-number Perform either of the two operations. Enter port group view port-group { manual port-group-name | aggregation agg-id } Configure SP queue scheduling algorithm The configuration performed in Ethernet port view applies to the current port only.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 4 Congestion Management To do… Enter system view Enter port view or port group view Use the command… Remarks system-view — Enter port view interface interface-type interface-number Perform either of the two operations. Enter port group view port-group { manual port-group-name | aggregation agg-id } The configuration performed in Ethernet port view applies to the current port only.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 4 Congestion Management 4.5 Configuring SP+WRR Queues As required, you can configure part of the queues on the port to adopt the SP queue-scheduling algorithm and parts of queues to adopt the WRR queue-scheduling algorithm. Through adding the queues on a port to the SP scheduling group and WRR scheduling group (namely, group 1), the SP+WRR queue scheduling is implemented.
Operation Manual – QoS H3C S7500E Series Ethernet Switches z Chapter 4 Congestion Management Configure queue 0, queue 1, queue 2 and queue 3 on Ethernet2/0/1 to be in SP queue scheduling group. z Configure queue 4, queue 5, queue 6 and queue 7 on Ethernet2/0/1 to be in WRR queue scheduling group, with the weight being 2, 4, 6 and 8 respectively. II. Configuration procedure # Enter system view. system-view # Enable the SP+WRR queue scheduling algorithm on Ethernet2/0/1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping Chapter 5 Priority Mapping When configuring priority mapping, go to these sections for information you are interested in: z Priority Mapping Overview z Configuring a Priority Mapping Table z Configuring the Port Priority z Configuring Port Priority Trust Mode z Displaying and Maintaining Priority Mapping 5.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping Table 5-1 The default values of dot1p-lp mapping and dot1p-dp mapping Imported priority value dot1p-lp mapping dot1p-dp mapping 802.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping 5.2 Configuring a Priority Mapping Table You can modify the priority mapping tables in a switch as required. Follow the two steps to configure priority mapping tables: z Enter priority mapping table view; z Configure priority mapping parameters. 5.2.1 Configuration Prerequisites The new priority mapping table is determined. 5.2.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping 802.1p precedence Local precedence 6 3 7 3 II. Configuration procedure # Enter system view. system-view # Enter dot1p-lp priority mapping table view. [Sysname] qos map-table dot1p-lp # Modify dot1p-lp priority mapping parameters.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping To do… Enter system view Enter port view or port group view Use the command… Remarks system-view — Enter port view interface interface-type interface-number Perform either of the two operations. Enter port group view port-group { manual port-group-name | aggregation agg-id } Configure port priority qos priority priority-value The configuration performed in Ethernet port view applies to the current port only.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 5 Priority Mapping To do… Enter system view Enter port view or port group view Enter port view Enter port group view Configure to trust the DSCP precedence of the received packets Use the command… Remarks system-view — interface interface-type interface-number Perform either of the two operations.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 6 Traffic Mirroring Configuration Chapter 6 Traffic Mirroring Configuration When configuring traffic mirroring, go to these sections for information that you are interested in: z Overview z Configuring Traffic Mirroring z Displaying and Maintaining Traffic Mirroring z Traffic Mirroring Configuration Examples 6.1 Overview Traffic mirroring is to replicate the specified packets to the specified destination.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 6 Traffic Mirroring Configuration To do… Use the command… Remarks Enter system view system-view — Enter traffic behavior view traffic behavior behavior-name Required Configure traffic mirroring action in the traffic behavior mirror-to { cpu | interface interface-type interface-number } Required 6.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 6 Traffic Mirroring Configuration # Enter system view. system-view # Configure basic IPv4 ACL 2000 to match packets with the source IP address 192.168.0.1. [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [Sysname-acl-basic-2000] quit # Configure a traffic classification rule to use ACL 2000 for traffic classification.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration Chapter 7 VLAN Mapping Configuration 7.1 VLAN Mapping Overview VLAN mapping includes the following types: z one-to-one VLAN mapping z many-to-one VLAN mapping z one-to-two VLAN mapping z two-to-two VLAN mapping Note: Currently, the S7500E series support only one-to-one VLAN mapping. The following part introduces how one-to-one VLAN mapping is implemented and applied. 7.1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration For downlink data streams, change the SVLAN of the traffic to the original CVLAN of the traffic by applying a QoS policy to the port. 7.1.3 Applying One-to-One VLAN Mapping One-to-one VLAN mapping is mainly applied in campus networks as shown in Figure 7-1.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration 7.2 Configuring One-to-One VLAN Mapping You need to perform one-to-one VLAN mapping on the corridor switches shown in Figure 7-1 to use VLANs to isolate different services of different users. 7.2.1 Configuration prerequisites The VLAN mappings have been planned. 7.2.2 Configuration Procedure Follow these steps to configure one-to-one VLAN mapping: To do...
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration To do... Use the command...
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration To do... Use the command...
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration 7.3.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration # Configure uplink policies to map the CVLANs to different SVLANs.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration [SwitchA-classifier-c55] traffic classifier c66 [SwitchA-classifier-c66] if-match service-vlan-id 302 [SwitchA-classifier-c66] quit [SwitchA] traffic behavior b11 [SwitchA-behavior-b11] remark customer-vlan-id 1 [SwitchA-behavior-b11] traffic behavior b22 [SwitchA-behavior-b22] remark customer-vlan-id 2 [SwitchA-behavior-b22] traffic behavior b33 [SwitchA-behavior-b33] remark customer-vlan-id 3 [SwitchA-behavio
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration # Apply the uplink policy p2 to the inbound direction of GigabitEthernet 2/0/2. [SwitchA-GigabitEthernet2/0/2] qos apply policy p2 inbound # Apply the downlink policy p22 to the outbound direction of GigabitEthernet 2/0/2.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration [SwitchB-policy-p1] classifier c2 behavior b2 [SwitchB-policy-p1] classifier c3 behavior b3 [SwitchB-policy-p1] quit [SwitchB] qos policy p2 [SwitchB-policy-p2] classifier c1 behavior b4 [SwitchB-policy-p2] classifier c2 behavior b5 [SwitchB-policy-p2] classifier c3 behavior b6 [SwitchB-policy-p2] quit # Configure downlink policies to map the SVLANs to the original CVLANs.
Operation Manual – QoS H3C S7500E Series Ethernet Switches Chapter 7 VLAN Mapping Configuration [SwitchB] interface GigabitEthernet 2/0/1 [SwitchB-GigabitEthernet2/0/1] port link-type trunk [SwitchB-GigabitEthernet2/0/1] port trunk permit vlan 111 211 311 # Enable basic QinQ on GigabitEthernet 2/0/1. [SwitchA-GigabitEthernet2/0/1] qinq enable # Apply the uplink policy p1 to the inbound direction of GigabitEthernet 2/0/1.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Mirroring Configuration ...................................................................................... 1-1 1.1 Introduction to Port Mirroring ............................................................................................. 1-1 1.1.1 Classification of Port Mirroring ................................................................................ 1-1 1.1.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration Chapter 1 Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: z Introduction to Port Mirroring z Configuring Local Port Mirroring z Configuring Remote Port Mirroring z Displaying and Maintaining Port Mirroring z Port Mirroring Configuration Examples 1.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration 1.1.2 Implementing Port Mirroring Port mirroring is implemented through port mirroring groups, which fall into these three categories: local port mirroring group, remote source port mirroring group, and remote destination port mirroring group. Two port mirroring implementation modes are introduced in the following section. I.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches z Chapter 1 Port Mirroring Configuration Destination device Destination device contains destination mirroring port, and remote destination port mirroring groups are created on destination devices. Upon receiving a mirrored packet, the destination device checks to see if the VLAN ID of the received packet is the same as that of the remote mirroring VLAN of the remote destination port mirroring group.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration Note: z A local mirroring group is effective only when it has both source ports and the destination port configured. z It is not recommended to enable STP, RSTP or MSTP on the destination port; otherwise, the mirroring function may be affected. z Do not use the destination mirroring port for any purpose other than port mirroring.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration To do… Configure the remote port mirroring VLAN for the mirroring group Use the command… mirroring-group group-id remote-probe vlan rprobe-vlan-id Remarks Required Note: z All ports in a remote mirroring group belong to the same device. A remote source mirroring group can have only one outbound mirroring port.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration To do… Add a port to the port mirroring group as the destination port In system view Use the command… mirroring-group group-id monitor-port monitor-port-id interface interface-type interface-number In interface view [ mirroring-group group-id ] monitor-port quit Enter destination interface view Add the port to the remote port mirroring VLAN interface interface-type interface-number The port
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration 1.4 Displaying and Maintaining Port Mirroring To do… Use the command… Display the configuration of a port mirroring group display mirroring-group { group-id | all | local | remote-destination | remote-source } Remarks Available in any view 1.5 Port Mirroring Configuration Examples 1.5.1 Local Port Mirroring Configuration Example I.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration III. Configuration procedure Configure Switch C. # Create a local port mirroring group. system-view [SwitchC] mirroring-group 1 local # Add port Ethernet 2/0/1 and Ethernet 2/0/2 to the port mirroring group as source ports. Add port Ethernet 2/0/3 to the port mirroring group as the destination port.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration Ethernet 2/0/2 to the port mirroring group as two source ports. Configure port Ethernet 2/0/3 as the outbound mirroring port. z Configure port Ethernet 2/0/3 of Switch A, port Ethernet 2/0/1 and Ethernet 2/0/2 of Switch B, and port Ethernet 2/0/1 of Switch C as trunk ports and configure them to permit packets of VLAN 2. z Create a remote destination mirroring group on Switch C.
Operation Manual – Port Mirroring H3C S7500E Series Ethernet Switches Chapter 1 Port Mirroring Configuration [SwitchA-Ethernet2/0/3] port link-type trunk [SwitchA-Ethernet2/0/3] port trunk permit vlan 2 2) Configure Switch B. # Configure port Ethernet 2/0/1 as a trunk port and configure the port to permit the packets of VLAN 2.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SNMP Configuration.................................................................................................... 1-1 1.1 SNMP Overview................................................................................................................. 1-1 1.1.1 SNMP Mechanism .................................................................................................. 1-1 1.1.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration When configuring SNMP, go to these sections for information you are interested in: z SNMP Overview z SNMP Configuration z Configuring SNMP Logging z Trap Configuration z Displaying and Maintaining SNMP z SNMP Configuration Example z SNMP Logging Configuration Example 1.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches z Chapter 1 SNMP Configuration Get operation: NMS gets the value of a certain variable of Agent through this operation. z Set operation: NMS can reconfigure certain values in the Agent MIB (Management Information Base) to make the Agent perform certain tasks by means of this operation. z Trap operation: Agent sends Traps to the NMS through this operation. z Inform operation: NMS sends Traps to other NMSs through this operation. 1.1.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Figure 1-1 Relationship between NMS, Agent and MIB MIB stores data using a tree structure. The node of the tree is the managed object and can be uniquely identified by a path starting from the root node. As illustrated in the following figure, the managed object B can be uniquely identified by a string of numbers {1.2.1.1}. This string of numbers is the OID of the managed object B.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches To do… Chapter 1 SNMP Configuration Use the command… Remarks Optional Configure SNMP Agent system information snmp-agent sys-info { contact sys-contact | location sys-location | version { all | { v1 | v2c | v3 }* } } The defaults are as follows: Hangzhou H3C Technologies Co., Ltd. for contact, Hangzhou, China for location, and SNMP v3 for the version.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches To do… Chapter 1 SNMP Configuration Use the command… Enter system view system-view Remarks — Required Disabled by default Enable SNMP Agent snmp-agent You can enable SNMP Agent through this command or any commands that begin with snmp-agent.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Caution: The validity of a USM user depends on the engine ID of the SNMP agent. If the engine ID used for USM user creation is not identical to the current engine ID, the USM user is invalid. 1.3 Configuring SNMP Logging 1.3.1 Introduction to SNMP Logging SNMP logs the GET and SET operations that NMS performs to SNMP Agent.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Note: z Logs occupy storage space of the device, thus affecting the performance of the device. Therefore, you are recommended to disable SNMP logging. z When SNMP logging is enabled, SNMP logs will be output to the information center of the device. z The priority of SNMP log is informational, meaning it is a common prompt of the device.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks Optional Set to enable the device to send Traps of interface state change Transmission of Traps of interface state change is allowed by default. enable snmp trap updown Caution: To enable an interface to send SNMP Traps when its state changes, you need to enable the Link up/down Trap packet transmission function on an interface and globally.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Note: The extended linkUp/linkDown Traps comprise the standard linkUp/linkDown Traps defined in RFC plus interface description and interface type. If the extended messages are not supported on NMS, you can disable this function and enable the device to send standard linkUp/linkDown Traps. 1.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration II. Network diagram Agent Vlan-int2 1.1.1.1/24 Console NMS 1.1.1.2/24 Terminal Figure 1-3 Network diagram for SNMP (on a switch) III. Configuration procedure 1) Configuring SNMP Agent # Configure the SNMP basic information, including version and community name.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration Note: The configurations on the agent and the NMS must match. 1.7 SNMP Logging Configuration Example I. Network requirements z NMS and Agent are connected through an Ethernet z The IP address of NMS is 1.1.1.2/24 z The IP address of the VLAN interface on Agent is 1.1.1.1/24 z Configure community name, access right and SNMP version on Agent II.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 1 SNMP Configuration The following log information is displayed on the terminal when NMS performs the z GET operation to Agent. %Jan 1 02:49:40:566 2006 Sysname SNMP/6/GET: seqNO = <10> srcIP = <1.1.1.2> op = node = value=<> The following log information is displayed on the terminal when NMS performs the z SET operation to Agent.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration Chapter 2 RMON Configuration When configuring RMON, go to these sections for information you are interested in: z RMON Overview z Configuring RMON z Displaying and Maintaining RMON z RMON Configuration Example 2.1 RMON Overview This section covers these topics: z Introduction z RMON Groups 2.1.1 Introduction Remote Monitoring (RMON) is a type of IETF-defined MIB.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches z Chapter 2 RMON Configuration Embedding RMON agents in network devices such as routers, switches, and hubs to provide the RMON probe function. RMON NMSs exchange data with RMON agents with basic SNMP commands to gather network management information, which, due to system resources limitation, may not cover all MIB information but four groups of information, alarm, event, history, and statistics, in most cases.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration III. Private alarm group The private alarm group calculates the sampled values of alarm variables and compares the result with the defined threshold, thereby realizing a more comprehensive alarming function. System handles the prialarm alarm table entry (as defined by the user) in the following ways: z Periodically samples the prialarm alarm variables defined in the prialarm formula.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration To do… Use the command… Remarks Enter system view system-view — Create an event entry in the event table rmon event entry-number [ description string ] { log | log-trap log-trapcommunity | none | trap trap-community } [ owner text ] Optional Enter Ethernet interface view interface interface-type interface-number — Create an entry in the history table rmon history entry-number buckets number interval
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration Note: z Two entries with the same configuration cannot be created. If the parameters of a newly created entry are identical to the corresponding parameters of an existing entry, the system considers their configurations the same and the creation fails. Refer to Table 2-1 for the parameters to be compared for different entries.
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration To do… Use the command… Remarks Display RMON history information and the latest history sampling information display rmon history [ interface-type interface-number ] Available in any view Display RMON alarm configuration information display rmon alarm [ entry-number ] Available in any view Display RMON prialarm configuration information display rmon prialarm [ entry-number ] Available in any view Disp
Operation Manual – SNMP-RMON H3C S7500E Series Ethernet Switches Chapter 2 RMON Configuration Statistics entry 1 owned by user1-rmon is VALID. Interface : Ethernet2/0/1
Operation Manual – NTP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NTP Configuration ....................................................................................................... 1-1 1.1 NTP Overview.................................................................................................................... 1-1 1.1.1 Applications of NTP................................................................................................. 1-1 1.1.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Chapter 1 NTP Configuration When configuring NTP, go to these sections for information you are interested in: z NTP Overview z Configuring the Operation Modes of NTP z Configuring the Local Clock as a Reference Source z Configuring Optional Parameters of NTP z Configuring Access-Control Rights z Configuring NTP Authentication z Displaying and Maintaining NTP z NTP Configuration Examples 1.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Advantages of NTP: z NTP uses a stratum to describe the clock precision, and is able to synchronize time among all devices within the network. z NTP supports access control and MD5 authentication. z NTP can unicast, multicast or broadcast protocol messages. 1.1.2 How NTP Works Figure 1-1 shows the basic work flow of NTP. Switch A and Switch B are interconnected over a network.
Operation Manual – NTP H3C S7500E Series Ethernet Switches z Chapter 1 NTP Configuration When the NTP message leaves Switch B, Switch B timestamps it. The timestamp is 11:00:02 am (T3). z When Switch A receives the NTP message, the local time of Switch A is 10:00:03 am (T4). Up to now, Switch A has sufficient information to calculate the following two important parameters: z The roundtrip delay of NTP message: Delay = (T4–T1) – (T3-T2) = 2 seconds.
Operation Manual – NTP H3C S7500E Series Ethernet Switches 1 0 LI 4 VN Chapter 1 NTP Configuration 7 Mode 15 Stratum 23 Poll 31 Precision Root delay (32 bits) Root dispersion (32 bits) Reference identifier (32 bits) Reference timestamp (64 bits) Originate timestamp (64 bits) Receive timestamp (64 bits) Transmit timestamp (64 bits) Authenticator (optional 96 bits) Figure 1-2 Clock synchronization message format Main fields are described as follows: z LI: 2-bit leap indicator.
Operation Manual – NTP H3C S7500E Series Ethernet Switches z Chapter 1 NTP Configuration Originate Timestamp: the local time at which the request departed the client for the service host. z Receive Timestamp: the local time at which the request arrived at the service host. z Transmit Timestamp: the local time at which the reply departed the service host for the client. z Authenticator: authentication information. 1.1.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Symmetric peers mode Figure 1-4 Symmetric peers mode A device working in the symmetric active mode periodically sends clock synchronization messages, with the Mode field in the message set to 1 (symmetric active); the device that receives this message automatically enters the symmetric passive mode and sends a reply, with the Mode field in the message set to 2 (symmetric passive).
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration the network delay between client and the server. Then, the client enters the broadcast client mode and continues listening to broadcast messages, and synchronizes its local clock based on the received broadcast messages. IV.
Operation Manual – NTP H3C S7500E Series Ethernet Switches z Chapter 1 NTP Configuration The NTP client on a CE can be synchronized to the NTP server on a provider edge device (PE). z The NTP client on a PE can be synchronized to the NTP server on a CE through a designated VPN instance. z The NTP client on a PE can be synchronized to the NTP server on another PE through a designated VPN instance. z The NTP server on a PE can synchronize the NTP clients on multiple CEs in different VPNs.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Note: A single Switch Can have a maximum of 128 associations at the same time, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command, while a dynamic association is a temporary association created by the system during operation.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Note: z In the ntp-service unicast-server command, ip-address must be a host address, rather than a broadcast address, a multicast address or the IP address of the local clock. z When the interface sending the NTP packet is specified by the source-interface argument, the source IP address of the NTP packet will be configured as the primary IP address of the specified interface.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Note: z In the symmetric mode, you should use the ntp-service refclock-master command or any NTP configuration command in Configuring the Operation Modes of NTP to enable NTP; otherwise, a symmetric-passive peer will not process NTP packets from a symmetric-active peer.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration 1.4 Configuring Optional Parameters of NTP 1.4.1 Configuring the Interface to Send NTP Messages After you specify the interface used to send NTP messages, the source IP address of the NTP message will be configured as the primary IP address of the specified interface.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration 1.5 Configuring Access-Control Rights With the following command, you can configure the NTP service access-control right to the local device. There are four access-control rights, as follows: z query: control query permitted. This level of right permits the peer device to perform control query to the NTP service on the local Switch But does not permit the peer device to synchronize its clock to the local device.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Note: The access-control right mechanism provides only a minimum degree of security protection for the system running NTP. A more secure method is identity authentication. 1.6 Configuring NTP Authentication The NTP authentication feature should be enabled for a system running NTP in a network where there is a high security demand.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration 1.6.2 Configuration Procedure I.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration To do… Use the command… Remarks Required Configure an NTP authentication key ntp-service authentication-keyid keyid authentication-mode md5 value Configure the key as a trusted key ntp-service reliable authentication-keyid keyid No authentication key is configured to be trusted by default Enter interface view interface interface-type interface-number — Broadcast server mode: Required ntp-service broadcast-s
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration 1.8 NTP Configuration Examples 1.8.1 Configuring NTP Server/Client Mode I. Network requirements z The local clock of Switch A is to be used as a reference source, with the stratum level of 2. z Switch B works in the server/client mode and Switch A is to be used as the NTP server of Switch B. II. Network diagram Figure 1-7 Network diagram for NTP server/client mode configuration III.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration [SwitchB] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Apr 25 2007 (C6D94F67.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Switch A 3.0.1.31/24 3.0.1.32/24 3.0.1.33/24 Switch B Switch C Figure 1-8 Network diagram for NTP symmetric peers mode configuration III. Configuration procedure 1) Configuration on Switch A: # Specify the local clock as the reference source, with the stratum level of 2.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Apr 25 2007 (C6D95647.153F7CED) As shown above, Switch B has been synchronized to Switch C, and the clock stratum level of Switch B is 2, while that of Switch C is 1.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Vlan-int2 3.0.1.31/24 Switch C Vlan-int3 1.0.1.11/24 Vlan-int3 1.0.1.10/24 Switch A Vlan-int2 3.0.1.30/24 Switch B Vlan-int2 3.0.1.32/24 Switch D Figure 1-9 Network diagram for NTP broadcast mode configuration (on switches) III. Configuration procedure 1) Configuration on Switch C: # Specify the local clock as the reference source, with the stratum level of 2.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration # View the NTP status of Switch D after clock synchronization. [SwitchD] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Apr 25 2007 (C6D95F6F.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Vlan-int2 3.0.1.31/24 Switch C Vlan-int3 1.0.1.11/24 Vlan-int3 1.0.1.10/24 Switch A Vlan-int2 3.0.1.30/24 Switch B Vlan-int2 3.0.1.32/24 Switch D Figure 1-10 Network diagram for NTP multicast mode configuration (on switches) III. Configuration procedure 1) Configuration on Switch C: # Specify the local clock as the reference source, with the stratum level of 2.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms Peer dispersion: 34.30 ms Reference time: 16:01:51.713 UTC Apr 25 2007 (C6D95F6F.B6872B02) As shown above, Switch D has been synchronized to Switch C, and the clock stratum level of Switch D is 3, while that of Switch C is 2.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration [SwitchA-Vlan-interface3] ntp-service multicast-client # View the NTP status of Switch A after clock synchronization. [SwitchA] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 40.00 ms Root dispersion: 10.83 ms Peer dispersion: 34.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Figure 1-11 Network diagram for configuration of NTP server/client mode with authentication III. Configuration procedure 1) Configuration on Switch A: # Specify the local clock as the reference source, with the stratum level of 2. system-view [SwitchA] ntp-service refclcok-master 2 2) Configuration on Switch B: system-view # Enable NTP authentication on Switch B.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 1.05 ms Peer dispersion: 7.81 ms Reference time: 14:53:27.371 UTC Apr 25 2007 (C6D94F67.5EF9DB22) As shown above, Switch B has been synchronized to Switch A, and the clock stratum level of Switch B is 3, while that of Switch A is 2.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Vlan-int2 3.0.1.31/24 Switch C Vlan-int3 1.0.1.11/24 Vlan-int3 1.0.1.10/24 Switch A Vlan-int2 3.0.1.30/24 Switch B Vlan-int2 3.0.1.32/24 Switch D Figure 1-12 Network diagram for configuration of NTP broadcast mode with authentication (on switches) III. Configuration procedure 1) Configuration on Switch C: # Specify the local clock as the reference source, with the stratum level of 3.
Operation Manual – NTP H3C S7500E Series Ethernet Switches Chapter 1 NTP Configuration Now, Switch D can receive broadcast messages through VLAN-interface 2, and Switch C can send broadcast messages through VLAN-interface 2. Upon receiving a broadcast message from Switch C, Switch D synchronizes its clock to that of Switch C. # View the NTP status of Switch D after clock synchronization. [SwitchD] display ntp-service status Clock status: synchronized Clock stratum: 4 Reference clock ID: 3.0.1.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DNS Configuration....................................................................................................... 1-1 1.1 DNS Overview ................................................................................................................... 1-1 1.1.1 Static Domain Name Resolution ............................................................................. 1-1 1.1.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration Chapter 1 DNS Configuration When configuring DNS, go to these sections for information you are interested in: z DNS Overview z Configuring the DNS Client z Configuring the DNS Proxy z Displaying and Maintaining DNS z DNS Configuration Examples z Troubleshooting DNS Configuration Note: This document only covers IPv4 DNS configurations. For introduction to IPv6 DNS configurations, refer to IPv6 Configuration.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration 1.1.2 Dynamic Domain Name Resolution I. Resolving procedure Dynamic domain name resolution is implemented by querying the DNS server. The resolution procedure is as follows: 1) A user program sends a name query to the resolver of the DNS client. 2) The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration For example, a user can configure com as the suffix for aabbcc.com. The user only needs to type aabbcc to get the IP address of aabbcc.com. The resolver can add the suffix and delimiter before passing the name to the DNS server. z If there is no dot in the domain name (for example, aabbcc), the resolver will consider this a host name and add a DNS suffix before query.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration Figure 1-2 DNS proxy networking application II. Operation of a DNS proxy 1) A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy, that is, the destination address of the request is the IP address of the DNS proxy. 2) The DNS proxy searches the local static domain name resolution table after receiving the request.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration Note: The IP address you last assign to the host name will overwrite the previous one if there is any. You may create up to 50 static mappings between domain names and IP addresses. 1.2.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration 1.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=2 ms --- host.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms 1.5.2 Dynamic Domain Name Resolution Configuration Example I.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration # Enter DNS server configuration page. Select Start > Programs > Administrative Tools > DNS. # Create zone com. In Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone. Figure 1-5 Create a zone # Create a mapping between the host name and IP address.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration In Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 1-7. Enter host name host and IP address 3.1.1.1. Figure 1-7 Add a mapping between domain name and IP address 2) Configure the DNS client # Enable dynamic domain name resolution. system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms --- host.com ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/3 ms 1.5.3 DNS Proxy Configuration Example I. Network requirements z Specify Switch A as the DNS server of Switch B (the DNS client). z Switch A acts as a DNS proxy.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration This configuration may vary with different DNS servers. When a Windows 2000 server acts as the DNS server, refer to Dynamic Domain Name Resolution Configuration Example for related configuration information. 2) Configure the DNS proxy # Specify the DNS server 4.1.1.1. system-view [SwitchA] dns server 4.1.1.1 # Enable DNS proxy.
Operation Manual – DNS H3C S7500E Series Ethernet Switches Chapter 1 DNS Configuration 1.6 Troubleshooting DNS Configuration I. Symptom After enabling the dynamic domain name resolution, the user cannot get the correct IP address. II. Solution z Use the display dns dynamic-host command to verify that the specified domain name is in the cache. z If there is no defined domain name, check that dynamic domain name resolution is enabled and the DNS client can communicate with the DNS server.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management Configuration ................................................................... 1-1 1.1 File System Management .................................................................................................. 1-1 1.1.1 File System Overview ............................................................................................. 1-1 1.1.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration Chapter 1 File System Management Configuration When configuring the file system management, go to these sections for information you are interested in: z File System Management z Configuration File Management z Displaying and Maintaining Device Configuration Note: Throughout this document, a filename can be entered as either of the following: z A fully qualified filename with
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration 1.1.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration To do… Use the command… Empty the recycle bin reset [ /force ] recycle-bin Remarks Optional Available in user view Optional Display the contents of a file Currently only a .txt file can be displayed.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration 1.1.4 Storage Device Operations I. Naming rules Naming rules of the storage devices are as follows: z If there is only one storage device of the same type on the device, the physical device name of the storage device is the storage device name. For example, for a device with only one CF card, the physical device name of the CF card is cf.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration When a device is unmounted, it is in a logically disconnected state, you can then remove the storage device from the system safely. To mount a device, you are reconnecting the logically disconnected device to the system.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration To do… Use the command… Remarks Enter system view system-view — Set the operation prompt mode of the file system file prompt { alert | quiet } Optional The default is alert. 1.1.6 File System Operations Example # Display the files and the subdirectory under the current directory.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration 1.2 Configuration File Management The device provides the configuration file management function with a user-friendly operating interface for you to manage the configuration files conveniently.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration 1.2.2 Saving the Current Configuration You can modify the configuration on your device at the command line interface (CLI). To use the modified configuration for your subsequent startups, you must save it (using the save command) as a configuration file. I. Modes in saving the configuration z Fast saving mode.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration Note: z Fast saving mode is suitable for environments where power supply is stable. The safe mode, however, is preferred where stable power supply is unavailable or remote maintenance is involved. z The extension name of the configuration file must be .cfg. z If you press after entering the save command, you can save the configuration file in an interactive way.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration Note: If you specify the file-name argument when executing the save command, the system saves the current configuration with specified path; if you do not specify the file-name argument and enable the configuration file saving synchronization function, the system automatically saves the current configuration to the SMB. 1.2.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration Caution: The configuration file must use “.cfg” as its extension name and the startup configuration file must be saved under the root directory of the device 1.2.6 Backing up/Restoring the Configuration File for Next Startup I.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 1 File System Management Configuration Note: Before backup, you should: z Ensure that the server is reachable, the server is enabled with TFTP service, and the client has permission to read and write. z Use the display startup command (in user view) to verify if you have set the startup configuration file, and use the dir command to verify if this file exists.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches To do… Display current configuration Chapter 1 File System Management Configuration Use the command… display current-configuration [ [ configuration [ configuration ] | controller | interface [ interface-type ] [ interface-number ] ] [ by-linenum ] [ | { begin | include | exclude } text ] ] Remarks Available in any view Note: For detailed description of the display this and display current-configuration commands, refer to S
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration Chapter 2 FTP Configuration When configuring FTP, go to these sections for information you are interested in: z FTP Overview z Configuring the FTP Client z Configuring the FTP Server z Displaying and Maintaining FTP 2.1 FTP Overview 2.1.1 Introduction to FTP The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and client over a TCP/IP network.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration Figure 2-1 FTP Configuration Caution: z The FTP function is available when a route exists between the FTP server and the FTP client. z When a device serving as the FTP server logs onto the device using IE, some IE functions are not supported because multiple user connections are established, and the device supports only one connection currently. 2.2 Configuring the FTP Client 2.2.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration The source address specified with the ftp client source command is valid for all ftp connections and the source address specified with the ftp command is valid only for the current FTP connection.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration To do… Log onto the remote FTP server directly in user view Log onto the remote FTP server indirectly in FTP client view Use the command… Remarks ftp ipv6 [ server-address [ service-port ] [ source ipv6 source-ipv6-address ] [ -i interface-type interface-number ] ] Use either approach.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches To do… Chapter 2 FTP Configuration Use the command… Remarks Download a file from the FTP server get remotefile [ localfile ] Optional Upload a file to the FTP server put localfile [ remotefile ] Optional View the working directory of the remote FTP server pwd Optional Find the working path of the FTP client lcd Optional Create a directory on the FTP server mkdir directory Optional Set the data transfer mode to
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration 2.2.3 FTP Client Configuration Example I. Network requirements z Use your device as an FTP client to download a startup file from the FTP server. z The IP address of the FTP server is 10.1.1.1/16. z On the FTP server, an FTP user account has been created for the FTP client, with the username being abc and the password being pwd. The PC performs operations on the device through Console port.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration Password: 230 User logged in. [ftp] binary 200 Type set to I. [ftp] get aaa. app bbb.app 227 Entering Passive Mode (10.1.1.1,4,1). 125 BINARY mode data connection already open, transfer starting for aaa.app. .....226 Transfer complete. FTP: 5805100 byte(s) received in 19.898 second(s) 291.74Kbyte(s)/sec.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches To do… Chapter 2 FTP Configuration Use the command… Enter system view system-view Enable the FTP server ftp server enable Remarks — Required Disabled by default. Optional 30 minutes by default.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches To do… Chapter 2 FTP Configuration Use the command… Remarks Optional Specify the directory an FTP user can access work-directory directory-name By default, the FTP users can access the root directory of the device. Optional Set the priority level of the FTP user 0 by default level level To upload files to an FTP server, you need to set the FTP user level to 3.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration system-view [Sysname] local-user abc [Sysname-luser-abc] password simple pwd [Sysname-luser-abc] level 3 # Specify abc to use FTP, and authorize its access to certain directory. [Sysname-luser-abc] service-type ftp [Sysname-luser-abc] work-directory flash:/ [Sysname-luser-abc] quit # Enable FTP server. [Sysname] ftp server enable [Sysname] quit # Check files on your device.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 2 FTP Configuration Note: z When upgrading the configuration file with FTP, put the new file under the root directory. z After you finish upgrading the BootROM program through FTP, you must execute the bootrom upgrade command to refresh the system configuration.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 3 TFTP Configuration Chapter 3 TFTP Configuration When configuring TFTP, go to these sections for information you are interested in: z TFTP Overview z Configuring the TFTP Client z Displaying and Maintaining the TFTP Client z TFTP Client Configuration Example 3.1 TFTP Overview 3.1.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 3 TFTP Configuration Figure 3-1 TFTP configuration diagram Before using TFTP, the administrator needs to configure IP addresses for the TFTP client and server, and make sure that there is a route between the TFTP client and server, or the administrator can use the tftp command to log onto the remote TFTP server to upload or download files. 3.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches z Chapter 3 TFTP Configuration If the source address is specified with the tftp client source command and then with the tftp command, the source address configured with the latter one is used to communicate with a TFTP server. The source address specified with the tftp client source command is valid for all tftp connections and the source address specified with the tftp command is valid only for the current tftp connection.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 3 TFTP Configuration 3.3 Displaying and Maintaining the TFTP Client To do… Display the configuration of the TFTP client Use the command… display tftp client configuration Remarks Available in any view 3.4 TFTP Client Configuration Example I. Network requirements z Use a PC as the TFTP server and your device as the TFTP client. z PC uses IP address 1.2.1.1.
Operation Manual – File System Management H3C S7500E Series Ethernet Switches Chapter 3 TFTP Configuration # Assign VLAN-interface 1 an IP address 1.1.1.1/16, making sure that the port connected to PC belongs to the same VLAN. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address 1.1.1.1 255.255.0.0 [Sysname-Vlan-interface1] return # Download an application file aaa. app from the TFTP server. (Before that, make sure that adequate memory is available.) tftp 1.2.1.1 get aaa.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Information Center Configuration.............................................................................. 1-1 1.1 Information Center Overview ............................................................................................. 1-1 1.1.1 Introduction to Information Center........................................................................... 1-1 1.1.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Chapter 1 Information Center Configuration When configuring information center, go to these sections for information you are interested in: z Information Center Overview z Configuring Information Center z Displaying and Maintaining Information Center z Information Center Configuration Examples 1.1 Information Center Overview 1.1.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Table 1-1 Severity description Severity Severity value Description emergencies 0 The system is unavailable.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Information channel number Default channel name 4 logbuffer Log buffer (Receives log information, a buffer inside the router for recording information.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Module name Description ETH Ethernet module FTPS FTP Server module GARP Generic Attribute Registration Protocol module HA High Availability module HWCM Huawei Configuration Management MIB module IFNET Interface management module IP Internet Protocol module ISIS Intermediate System-to-Intermediate System intra-domain routing information exchange protocol module L2V L2 VPN
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Module name Description VLAN Virtual Local Area Network module VOS Virtual Operating System module VRRP Virtual Router Redundancy Protocol module VTY Virtual Type Terminal module To sum up, the major task of the information center is to output the three types of information of the modules onto the ten channels in terms of the eight severity levels and according to the user’s setti
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration II. Timestamp Timestamp records the time when system information is generated to allow users to check and identify system events. Note that there is a space between the timestamp and sysname (host name) fields. III. Sysname Sysname is the system name of the current host. You can use the sysname command to modify the system name.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Task Remarks Setting to Output System Information to the Trap Buffer Optional Setting to Output System Information to the Log Buffer Optional Setting to Output System Information to the SNMP NMS Optional Setting to Save System Information to a Log File Optional Configuring Synchronous Information Output Optional 1.2.2 Setting to Output System Information to the Console I.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Table 1-4 Default output rules for different output destinations Output destina tion Module s allowe d Consol e LOG TRAP DEBUG Enable d/disab led Severit y Enable d/disab led Severit y Enable d/disab led Severit y default (all module s) Enable d warning s Enable d debuggi ng Enable d debuggi ng Monitor terminal default (all module s) Enable d warning s Enable d debug
Operation Manual – Information Center H3C S7500E Series Ethernet Switches To do… Chapter 1 Information Center Configuration Use the command… Remarks Optional Enable the monitoring of system information on the console terminal monitor Enable the display of debugging information on the console terminal debugging Enable the display of log information on the console terminal logging Enable the display of trap information on the console terminal trapping Enabled on the console and disabled on the mo
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration To do… Use the command… Configure the output rules of the system information info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * Configure the format of the time stamp info-center timestamp { debugging | log | trap } { boot
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration 1.2.4 Setting to Output System Information to a Log Host To do… Use the command… Enter system view system-view Enable information center info-center enable Name the channel with a specified channel number info-center channel channel-number name channel-name Remarks — Optional Enabled by default Optional Refer to Table 1-2 for default channel names.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches To do… Chapter 1 Information Center Configuration Use the command… Name the channel with a specified channel number info-center channel channel-number name channel-name Configure the channel through which system information can be output to the trap buffer and specify the buffer size info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ] * Configure the output rules of the system information in
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration To do… Use the command… Configure the output rules of the system information info-center source { module-name | default } channel { channel-number | channel-name } [ debug { level severity | state state } * | log { level severity | state state } * | trap { level severity | state state } * ] * Configure the format of the timestamp info-center timestamp { debugging | log | trap } { boot
Operation Manual – Information Center H3C S7500E Series Ethernet Switches To do… Configure the format of the timestamp Chapter 1 Information Center Configuration Use the command… Remarks Optional info-center timestamp { debugging | log | trap } { boot | date | none } The time stamp format for log, trap and debugging information is date by default. Note: To ensure that system information can be output to the SNMP NMS, you need to make the necessary configurations on the SNMP agent and the NMS.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Note: z To ensure that the device works normally, use the info-center logfile size-quota command to set a logfile to be no smaller than 1 MB and no larger than 10 MB. z Use the info-center logfile switch-directory command to manually configure the directory to which a log file can be saved. The configuration will be invalid after system reboot or the primary/backup switchover. 1.2.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration 1.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration III. Configuration procedure Before the configuration, make sure that there is a route between Device and PC. 1) Configuring the device # Enable information center. system-view [Sysname] info-center enable # Specify the host with IP address 1.2.0.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration # MyDevice configuration messages local4.info /var/log/MyDevice/information Note: Be aware of the following issues while editing the /etc/syslog.conf file: z Comments must be on a separate line and must begin with the # sign. z The selector/action pair must be separated with a tab key, rather than a space. z No redundant spaces are allowed in the file name.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches 1) Chapter 1 Information Center Configuration Configuring the device # Enable information center. system-view [Sysname] info-center enable # Specify the host with IP address 1.2.0.1/16 as the log host, use channel loghost to output log information (optional, loghost by default), and specify local5 as the logging facility. [Sysname] info-center loghost 1.2.0.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration Note: Be aware of the following issues while editing the /etc/syslog.conf file: z Comments must be on a separate line and must begin with the # sign. z The selector/action pair must be separated with a tab key, rather than a space. z No redundant spaces are allowed in the file name. z The device name and the accepted severity of the log information specified by the /etc/syslog.
Operation Manual – Information Center H3C S7500E Series Ethernet Switches Chapter 1 Information Center Configuration III. Configuration procedure # Enable information center. system-view [Sysname] info-center enable # Use channel console to output log information to the console (optional, console by default). [Sysname] info-center console channel console # Disable the output of log, trap, and debugging information of all modules on the channel console.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Basic Configurations................................................................................................... 1-1 1.1 Basic Configurations.......................................................................................................... 1-1 1.1.1 Entering/Exiting System View .................................................................................
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Table of Contents 3.2.9 Identifying and Diagnosing Pluggable Transceivers ............................................... 3-9 3.3 Displaying and Maintaining Device Management Configuration ..................................... 3-11 3.4 Device Management Configuration Example .................................................................. 3-12 3.4.1 Remote Upgrade Configuration Example ...............................
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Chapter 1 Basic Configurations While performing basic configurations of the system, go to these sections for information you are interested in: z Basic Configurations z CLI Features 1.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations 1.1.2 Configuring the Device Name To do… Use the command… Enter system view system-view Configure the device name sysname sysname Remarks — Optional The device name is H3C by default. 1.1.3 Configuring the System Clock I.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Table 1-1 Relationship between the configuration and display of the system clock Configuration 1 2 1 and 2 System clock displayed by the display clock command Example Configure: clock datetime 1:00 2007/1/1 date-time Display: 01:00:00 UTC Mon 01/01/2007 The original system clock ± zone-offset date-time ± zone-offset Configure: clock timezone zone-time add 1 Display: 02:00:00 zon
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Configuration System clock displayed by the display clock command If date-time is not in the summer time range, date-time is displayed.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Configuration 1, 2 and 3 or 1, 3 and 2 Chapter 1 Basic Configurations System clock displayed by the display clock command If the value of "date-time"±"zone-offset" is not in the summer-time range, "date-time"±"zone-offset" is displayed. If the value of "date-time"±"zone-offset" is in the summer-time range, "date-time"±"zone-offset"+” summer-offset” is displayed.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches z Chapter 1 Basic Configurations incoming banner, also called user interface banner, displayed when a user interface is activated by a Modem user. z login banner, welcome information at login authentications, displayed when password and scheme authentications are configured. z motd banner, welcome information displayed before authentication. z legal banner, also called authorization information.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations To do… Use the command… Configure the banner to be displayed before login header motd text Remarks Optional 1.1.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Hotkey Chapter 1 Basic Configurations Function Displays the next command in the history command buffer. Displays the previous command in the history command buffer. Redisplays the current line information. Pastes the content in the clipboard. Deletes all the characters in a continuous string to the left of the cursor.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Table 1-3 Default command levels Level Privilege Command 0 Visit ping, tracert, telnet 1 Monitor refresh, reset, send 2 System All configuration commands except for those at manage level 3 Manage FTP, TFTP, Xmodem, and file system operation commands Follow these steps to configure user level and command level: To do… Use the command… Remarks Optional Switch the user leve
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Caution: z When you configure the password for switching user level with the super password command, the user level is defaulted to 3 if no user level is specified. z You can switch to a lower user level unconditionally. To switch to a higher user level, however, you need to enter the password needed (The password can be set with the super password command.).
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations diagnostic-information command has the same effect as that of the commands display clock, display version, display device, and display current-configuration. Note: z For the detailed description of the display users command, refer to Login Configuration Commands. z Support for the display configure-user and display current-configuration command varies with devices.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations example, for the keyword Ethernet, you only need to input eth when you execute a command with this keyword. 1.2.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches 4) Chapter 1 Basic Configurations Enter a character string followed by a . All the commands starting with this string are displayed. c? cd clock copy 5) Enter a command followed by a character string and a . All the keywords starting with this string are listed.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Key Chapter 1 Basic Configurations Function key Deletes the character to the left of the cursor and move the cursor back one character. Left-arrow key or The cursor moves one character space to the left. Right-arrow key or The cursor moves one character space to the right.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Character Chapter 1 Basic Configurations Meaning Remarks $ Ending sign, the string before it appears only at the end of a line. Regular expression "user$” matches a string ends with “user”, not “userA”. . Full stop, a wildcard used in place of any character, including blank None * Asterisk, used to match a subexpression zero or multiple times before it zo* can map to “z” and “zoo”.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Action Function Displays information on the previous page. Displays information on the next page. 1.2.7 Saving History Commands The CLI can automatically save the commands that have been used. You can invoke and repeatedly execute them as needed. By default, the CLI can save up to ten commands for each user.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 1 Basic Configurations Table 1-7 Common command line errors Error information Cause The command was not found. % Unrecognized command found at '^' position. The keyword was not found. Parameter type error The parameter value is beyond the allowed range. % Incomplete command found at '^' position. Incomplete command % Ambiguous command found at '^' position.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 2 System Maintaining and Debugging Chapter 2 System Maintaining and Debugging When maintaining and debugging the system, go to these sections for information you are interested in: z System Maintaining and Debugging Overview z System Maintaining and Debugging z System Maintaining Example 2.1 System Maintaining and Debugging Overview 2.1.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 2 System Maintaining and Debugging II. The tracert command By using the tracert command, you can trace the routers involved in delivering a packet from source to destination. This is useful for identification of failed node(s) in the event of network failure. The tracert command involves the following steps in its execution: 1) The source device sends a packet with a TTL value of 1 to the destination device.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Debugging information Protocol debugging switch 1 2 ON 1 2 Protocol debugging switch ON 3 1 Screen output switch Debugging information 3 OFF Chapter 2 System Maintaining and Debugging 3 ON OFF 3 1 Screen output switch OFF ON 1 3 Figure 2-1 The relationship between the protocol and screen debugging switch Note: Displaying debugging information on the terminal is the most commonly used way to outpu
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches To do… View the routes from the source to the destination Chapter 2 System Maintaining and Debugging Use the command… Remarks tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * remote-system Optional tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * remote-system Optional Used in IPv4 network Available in any view Used in IPv6 n
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 2 System Maintaining and Debugging Note: z The debugging commands are usually used by administrators in diagnosing network failure. z Output of the debugging information may reduce system efficiency, especially during execution of the debugging all command. z After completing the debugging, you are recommended to use the undo debugging all command to disable all the debugging functions.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Chapter 3 Device Management When configuring device management, go to these sections for information you are interested in: z Device Management Overview z Configuring Device Management z Displaying and Maintaining Device Management Configuration z Device Management Configuration Example Note: File names in this document comply with the following rules: z Path + file name (namely, a
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management 3.2 Configuring Device Management 3.2.1 Rebooting a Device When a fault occurs to a running device, you can remove the fault by rebooting the device, depending on the actual situation. You can set a time at which the device can automatically reboot. You can also set a delay so that the device can automatically reboot in the delay.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management 3.2.2 Specifying a Boot ROM File for the Next Device Boot A Boot ROM file is an application file used to boot the device. When multiple Boot ROM files are available on the storage device, you can specify a file for the next device boot by executing the following command.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Note: Restart the device to validate the upgraded Boot ROM. 3.2.4 Configuring a Detection Interval When detecting an exception on a port, the operation, administration and maintenance (OAM) module will automatically shut down the port. The device will detect the status of the port when a detection interval elapses. If the port is still shut down, the device will recover it.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management If you repeatedly insert and remove different subcards or interface cards to create or delete a large amount of logical interface, the interface indexes will be used up, which will result in interface creation failures. To avoid such a case, you can clear all 16bit interface indexes saved but not used in the current system in user view.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Table 3-1 Traffic forwarding modes supported by S7500E SRPUs SRPU model LSQ1SRP2X B LSQ1SRPB LSQ1MPUA Supported traffic forwarding mode Enhanced Layer 2 forwarding mode Standard forwarding mode Enhanced Layer 2 forwarding mode with the MAC extension function LSQ1SRP1C B Standard forwarding mode with the MAC extension function Standard forwarding mode with the route extension function F
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches To do… Chapter 3 Device Management Use the command… Remarks Enter system view system-view — Configure the traffic forwarding mode of the SRPU switch-mode { l2-enhanced | standard } Optional Restore the default traffic forwarding mode undo switch-mode Optional standard by default.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Note: z The S7500E series Ethernet switches support multiple types of LPUs, where only EA LPUs support working mode configuration. z The working mode configuration of an LPU does not affect the service processing capability of the whole switch, but that of the LPU only. II.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Note: z When the SRPU of the S7500E switch is LSQ1SRP1CB, it is recommended not to modify the default working mode the EA LPUs as other modes.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management Note: For pluggable transceivers supported by S7500E series Ethernet switches, refer to H3C S7500E Series Ethernet Switches Installation Manual. II.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches To do… Chapter 3 Device Management Use the command… Remarks Display the current alarm information of the pluggable transceiver(s) display transceiver alarm interface [ interface-type interface-number ] Available for all pluggable transceivers Display the currently measured value of the digital diagnosis parameters of the anti-spoofing optical transceiver(s) customized by H3C display transceiver diagnosis interfa
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management 3.4 Device Management Configuration Example 3.4.1 Remote Upgrade Configuration Example I. Network requirements z Device serves as the FTP Client. The aaa.app program which includes both the software upgrade file and the Boot ROM file is saved under the aaa directory of the FTP Server. z The IP address of a VLAN interface on Device is 1.1.1.1/24, the IP address of the FTP Server is 2.2.2.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches z Chapter 3 Device Management Configuration on Device Caution: If the size of the Flash on the device is not large enough, delete the original application programs from the Flash before downloading. # Enter the following command in user view to log in to FTP Server. ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.
Operation Manual – System Maintaining and Debugging H3C S7500E Series Ethernet Switches Chapter 3 Device Management # When the SRPUs of the device work in the active-standby mode, you need to upgrade the program of the standby SRPU, specify it as the application program for the next boot, and upgrade the Boot ROM file. If the standby SRPU is in slot 1, the command is as follows: copy aaa.app slot1#flash:/ boot-loader file slot1#flash:/aaa.
Operation Manual – HA H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VRRP Configuration .................................................................................................... 1-1 1.1 Introduction to VRRP ......................................................................................................... 1-1 1.1.1 VRRP Overview ...................................................................................................... 1-1 1.1.
Operation Manual – HA H3C S7500E Series Ethernet Switches Table of Contents 2.3 Displaying and Maintaining HA..........................................................................................
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration When configuring VRRP, go to these sections for information you are interested in: z Introduction to VRRP z Configuring VRRP for IPv4 z Configuring VRRP for IPv6 z IPv4-Based VRRP Configuration Examples z IPv6-Based VRRP Configuration Examples z Troubleshooting VRRP Note: At present, the interfaces that VRRP involves can only be VLAN interfaces unless otherwise specified. 1.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Apparently, this approach to enabling hosts on a network to communicate with external networks is easy to configure but it imposes a very high requirement of performance stability on the device acting as the gateway. A common way to improve system reliability is to use more egress gateways, introducing the problem of routing among the multiple egresses.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Virtual router Switch A Host A Switch B Network Host B Switch C Host C Figure 1-2 Network diagram for VRRP As shown in Figure 1-2, Switch A, Switch B, and Switch C form a virtual router, which has its own IP address. Hosts on the Ethernet use the virtual router as the default gateway.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration II. Working mode A switch in a standby group can work in one of the following two modes: z Non-preemption mode Once a switch in the standby group becomes the master, it stays as the master as long as it operates normally, even if a backup switch is assigned a higher priority later.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration II. VRRP preemption delay timer In an unstable network, a backup switch may fail to receive the packets from the master switch due to network congestion, thus causing the members in the group to change their states frequently. This problem can be addressed through setting the VRRP preemption delay timer.
Operation Manual – HA H3C S7500E Series Ethernet Switches z Chapter 1 VRRP Configuration IP Address: Virtual IP address entry of the standby group. The allowed number is given by the Count IP Addrs field. z Authentication Data: Authentication key. Currently, this field is used only for simple authentication and is 0 for any other authentication modes. II.
Operation Manual – HA H3C S7500E Series Ethernet Switches z Chapter 1 VRRP Configuration Authentication Data: Authentication key. Currently, this field is used only for simple authentication and is 0 for any other authentication modes. 1.1.5 Principles of VRRP z With VRRP enabled, the switches determine their respective roles in the standby group by priority. The switch with the highest priority becomes the master, while the others are the backups.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Figure 1-5 VRRP in master/backup mode At the beginning, Switch A is the master and therefore can forward packets to external networks, while Switch B and Switch C are backups and are thus in the state of listening. If Switch A fails, Switch B and Switch C will elect for the new master. The new master takes over the forwarding task to provide services to hosts on the LAN. II.
Operation Manual – HA H3C S7500E Series Ethernet Switches Virtual router 1 Chapter 1 VRRP Configuration Virtual router 2 Master Backup Virtual router 3 Switch A Backup Host A Switch B Backup Backup Master Network Host B Switch C Master Backup Backup Host C Figure 1-6 VRRP in load balancing mode A switch can be in multiple standby groups and hold a different priority in different group.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Task Remarks Configuring Standby Group Priority, Preemption Mode and Interface Tracking Optional Configuring VRRP Packet Attributes Optional 1.2.2 Enabling Users to Ping Virtual IP Addresses You can configure whether the master switch responds to the received ICMP echo requests, that is, whether the virtual IP address of a standby group can be successfully pinged.
Operation Manual – HA H3C S7500E Series Ethernet Switches z Chapter 1 VRRP Configuration Virtual IP address is associated with real MAC address of the interface When an IP address owner exists in a standby group, if you associate the virtual IP address with the virtual MAC address, two MAC addresses are associated with an IP address.
Operation Manual – HA H3C S7500E Series Ethernet Switches To do… Chapter 1 VRRP Configuration Use the command… Remarks Enter system view system-view — Enter the specified interface view interface interface-type interface-number — Create standby group and configure virtual IP address of the standby group vrrp vrid virtual-router-id virtual-ip virtual-address Required Standup group is not created by default.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration II. Configuration procedure By configuring switch priority, preemption mode and interface tracking, you can decide which switch in the standby group serves as the Master.
Operation Manual – HA H3C S7500E Series Ethernet Switches To do… Chapter 1 VRRP Configuration Use the command… Remarks Enter system view system-view — Enter the specified interface view interface interface-type interface-number — Configure the authentication mode and authentication key when the standby groups send and receive VRRP packets vrrp vrid virtual-router-id authentication-mode { md5 | simple } key Optional Configure the time interval for the Master in the standby group to send VRRP ad
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.3 Configuring VRRP for IPv6 1.3.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.3.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.3.4 Creating Standby Group and Configuring Virtual IPv6 Address You need to configure a virtual IPv6 address for a standby group when creating the standby group. A VRRP standby group is created automatically when you specify the first virtual IPv6 address for the standby group.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.3.5 Configuring Standby Group Priority, Preemption Mode and Interface Tracking I. Configuration prerequisites Before configuring these features, you should first create the standby group and configure the virtual IPv6 address. II. Configuration procedure By configuring standby group priority, preemption mode and interface tracking, you can decide which switch in the standby group serves as the Master.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.3.6 Configuring VRRP Packet Attributes I. Configuration prerequisites Before configuring the relevant attributes of VRRP packets, you should first create the standby group and configure the virtual IPv6 address. II.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.4 IPv4-Based VRRP Configuration Examples This section provides these configuration examples: z Single VRRP Standby Group Configuration Example z VRRP Interface Tracking Configuration Example z Multiple VRRP Standby Group Configuration Example 1.4.1 Single VRRP Standby Group Configuration Example I. Network requirements z Host A needs to access Host B on the Internet, using 202.38.160.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration [SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create standby group 1 and set its virtual IP address to be 202.38.160.111. [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority of Switch A in standby group 1 to 110. [SwitchA-Vlan-interface2] vrrp vrid 1 priority 110 # Set Switch A to work in preemption mode. The preemption delay is five seconds.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration IPv4 Standby Information: Run Method : VIRTUAL-MAC Virtual IP Ping : Enable Interface : Vlan-interface2 VRID : 1 Adver. Timer : 1 Admin Status : UP State : Backup Config Pri : 100 Run Pri : 100 Preempt Mode : YES Delay Time : 5 Auth Type : NONE Virtual IP : 202.38.160.111 Master IP : 202.38.160.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Internet is not available, packets sent from Host A to Host B are forwarded by Switch B. II. Network diagram Virtual IP address: 202.38.160.111/24 Vlan-int2 202.38.160.1/24 Vlan-int3 Switch A 202.38.160.3/24 203.2.3.1/24 Internet Host B Host A Vlan-int2 202.38.160.2/24 Switch B Figure 1-8 Network diagram for VRRP interface tracking III. Configuration procedure 1) Configure Switch A # Configure VLAN 2.
Operation Manual – HA H3C S7500E Series Ethernet Switches 2) Chapter 1 VRRP Configuration Configure Switch B # Configure VLAN 2. system-view [SwitchB] vlan 2 [SwitchB-vlan2] port GigabitEthernet 2/0/5 [SwitchB-vlan2] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0 # Create a standby group 1 and set its virtual IP address to 202.38.160.111. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration VRID : 1 Adver. Timer : 5 Admin Status : UP State : Backup Config Pri : 100 Run Pri : 100 Preempt Mode : YES Delay Time : 0 Auth Type : SIMPLE TEXT Key : hello Virtual IP : 202.38.160.111 Master IP : 202.38.160.1 The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.
Operation Manual – HA H3C S7500E Series Ethernet Switches Master IP Chapter 1 VRRP Configuration : 202.38.160.2 The above information indicates that if VLAN-interface 3 on Switch A is not available, the priority of Switch A is reduced to 80 and it becomes the backup. Switch B becomes the master and packets sent from Host A to Host B are forwarded by Switch B. 1.4.3 Multiple VRRP Standby Group Configuration Example I. Network requirements z In the segment 202.38.160.0/24, some hosts use 202.38.160.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Configure the priority of Switch A in standby group 1 to 110. [SwitchA-Vlan-interface2] vrrp vrid 1 priority 110 # Create a standby group 2 and set its virtual IP address to 202.38.160.112. [SwitchA-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 2) Configure Switch B # Configure VLAN 2.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Config Pri : 100 Run Pri : 100 Preempt Mode : YES Delay Time : 0 Auth Type : NONE Virtual IP : 202.38.160.112 Master IP : 202.38.160.2 # Display detailed information of the standby group on Switch B. [SwitchB-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Method : VIRTUAL-MAC Virtual IP Ping : Enable Interface : Vlan-interface2 VRID : 1 Adver.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration 1.5.1 Single VRRP Standby Group Configuration Example I. Network requirements z Host A needs to access Host B on the Internet, using FE80::10 as its default gateway. z Switch A and Switch B belong to standby group 1 with the virtual IP address of FE80::10.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110 # Set Switch A to work in preemption mode. [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode # Enable Switch A to send RA messages. [SwitchA-Vlan-interface2] undo ipv6 nd ra halt 2) Configure Switch B # Configure VLAN 2.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Virtual IP Ping : Enable Interface : Vlan-interface2 VRID : 1 Adver.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration II. Network diagram Virtual IPv6 address: FE80::10 Vlan-int2 FE80::1 Vlan-int3 Switch A Gateway: FE80::10 Internet Host B Host A Vlan-int2 FE80::2 Switch B Figure 1-11 Network diagram for VRRP interface tracking III. Configuration procedure 1) Configure Switch A # Configure VLAN 2.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3 reduced 30 2) Configure Switch B # Configure VLAN 2.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration # Display detailed information of standby group 1 on Switch B. [SwitchB-Vlan-interface2] display vrrp ipv6 verbose IPv6 Standby Information: Run Method : VIRTUAL-MAC Virtual IP Ping : Enable Interface : Vlan-interface2 VRID : 1 Adver.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Admin Status : UP State : Master Config Pri : 100 Run Pri : 100 Preempt Mode : YES Delay Time : 5 Auth Type : SIMPLE TEXT Key : hello Virtual IP : FE80::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::2 The above information indicates that if VLAN-interface 3 on Switch A is not available, the priority of Switch A reduces to 80 and it becomes the backup.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration [SwitchA] vlan 2 [SwitchA-vlan2] port GigabitEthernet 2/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create standby group 1 and set its virtual IP address to FE80::10.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration Preempt Mode : YES Delay Time : 0 Auth Type : NONE Virtual IP : FE80::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1 Interface : Vlan-interface2 VRID : 2 Adver.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and the host with the default gateway of FE80::10 accesses the Internet through Switch A; in standby group 2 Switch A is the backup, Switch B is the master and the host with the default gateway of FE80::20 accesses the Internet through Switch B. Note: Multiple standby groups are commonly used in actual networking.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 1 VRRP Configuration The VRRP advertisement interval is set too short. Solution: Increase the interval to sent VRRP advertisement or introduce a preemption delay.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 2 HA Configuration Chapter 2 HA Configuration When configuring HA, go to these sections for information you are interested in: z Introduction to HA z Configuring HA z Displaying and Maintaining HA 2.1 Introduction to HA High Availability (HA) feature can be used to achieve a higher degree of system availability.
Operation Manual – HA H3C S7500E Series Ethernet Switches Chapter 2 HA Configuration To do… Use the command… Remarks Enable automatic synchronization between the AMB and SMB slave auto-update config Optional Enable the manual switchover between the AMB and SMB slave switchover { enable | disable } Optional Manually configure switchover between the AMB and SMB slave switchover Optional Manually restart the SMB slave restart Optional Enabled by default.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Configuration....................................................................................................... 1-1 1.1 SSH Overview.................................................................................................................... 1-1 1.1.1 Algorithm and Key................................................................................................... 1-1 1.1.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Table of Contents 2.3.6 Terminating the Connection to the Remote SFTP Server ...................................... 2-6 2.4 SFTP Configuration Example ............................................................................................
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Chapter 1 SSH Configuration When configuring SSH, go to these sections for information you are interested in: z SSH Overview z Configuring the Device as an SSH Server z Configuring the Device as an SSH Client z Displaying and Maintaining SSH z SSH Server Configuration Examples z SSH Client Configuration Examples 1.1 SSH Overview Secure Shell (SSH) offers an approach to securely logging into a remote device.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm. 1.1.2 Asymmetric Key Algorithm Asymmetric key algorithm means that a key pair exists at both ends. The key pair consists of a private key and a public key. The public key is effective for both ends, while the private key is effective only for the local end.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration protocol version number, while the software version number is used for debugging. z The client receives and resolves the packet. If the protocol version of the server is lower but supportable, the client uses the protocol version of the server; otherwise, the client uses its own protocol version. z The client sends to the server a packet that contains the number of the protocol version it decides to use.
Operation Manual – SSH H3C S7500E Series Ethernet Switches z Chapter 1 SSH Configuration The server authenticates the client. If the authentication fails, the server informs the client by sending a message, which includes a list of available methods for re-authentication. z The client selects a method from the list to initiate another authentication. z The above process repeats until the authentication succeeds or the authentication times timeout and the session is torn down.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration V. Interactive session In this stage, the server and the client exchanges data in this way: z The client encrypts and sends the command to be executed to the server. z The server decrypts and executes the command, and then encrypts and sends the result to the client. z The client decrypts and displays the result on the terminal.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration 1.2.2 Enabling SSH Server Follow these steps to enable SSH server: To do… Use the command… Enter system view system-view Enable the SSH server function ssh server enable Remarks — Required Disabled by default 1.2.3 Configuring the User Interfaces for SSH Clients An SSH client accesses the device through a VTY user interface. Therefore, you need to configure the user interfaces for SSH clients to allow SSH login.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration 1.2.4 Configuring RSA Keys I. Creating the RSA key pair For successful SSH login, you must create the RSA key pair first. Follow these steps to create an RSA key pair: To do… Use the command… Remarks Enter system view system-view — Create the local RSA key pair public-key local create rsa Required By default, there is no RSA key pair.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration 1.2.5 Configuring a Client Public Key Note: This configuration task is only necessary for SSH users using publickey authentication. For an SSH user that uses publickey authentication to login, the server must be configured with the client RSA host public key in advance, and the corresponding private key for the client must be specified on the client.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration To do… Use the command… Remarks — Return from public key code view to public key view public-key-code end Return from public key view to system view peer-public-key end When you exit public key code view, the system automatically saves the public key. — II.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Caution: z After passing AAA authentication, an AAA user without SSH user account still can log on to the server using password authentication and Stelnet or SFTP service. z An SSH server supports up to 1024 SSH users. z The service type of an SSH user can be Stelnet or SFTP. stelnet, or the secure Telnet protocol, refers to the traditional SSH service. For information about stelnet, refer to SSH Overview.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration z Setting the SSH user authentication timeout period z Setting the maximum number of SSH authentication attempts Setting the above parameters can help avoid malicious guess at and cracking of the keys and usernames, securing your SSH connections. Follow these steps to set the SSH management parameters: To do… Use the command… Enter system view system-view Enable the SSH server to work with SSH1.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration 1.3.2 Specifying a Source IP address/Interface for SSH Client This configuration task allows you to specify a source IP address or interface for the client to access the SSH server, improving service manageability.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration II. Disable first-time authentication For successful authentication of an SSH client not supporting first-time authentication, the server host public key must be configured on the client and the public key name must be specified. Follow these steps to disable first-time authentication: To do...
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration To do...
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration To do… Use the command… Remarks Display the mappings between host public keys and SSH servers saved on a client display ssh server-info Available in any view Display information about a specified or all SSH users on the SSH server display ssh user-information [ username ] Available in any view 1.5 SSH Server Configuration Examples 1.5.1 When Using Password Authentication I.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration [Switch-ui-vty0-4] authentication-mode scheme # Enable the user interface to support SSH. [Switch-ui-vty0-4] protocol inbound ssh [Switch-ui-vty0-4] quit # Create local user “client001”, and set the user command privilege level to 3.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-3 SSH client configuration interface From the window shown in Figure 1-3, click Open. If the connection is normal, you will be prompted to enter the username client001 and password aabbcc. . 1.5.2 When Using Publickey Authentication I. Network requirements z The host (SSH client) and the switch (SSH server) are directly connected through the Ethernet interfaces.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure 1) Configure the SSH server # Generate an RSA key pair and enable SSH server. system-view [Switch] public-key local create rsa [Switch] ssh server enable # Configure an IP address for VLAN-interface 1, which the SSH client will use as the destination for SSH connection. [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-5 Generate a client key pair (1) While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1-6. Otherwise, the process bar stops moving and the key pair generating process is stopped.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-6 Generate a client key pair (2) After the key pair is generated, click Save public key to save the key in a file by entering a file name (key.pub in this case).
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-7 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the key (“private” in this case).
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration # Specify the private key file and establish a connection with the SSH server Launch PuTTY.exe to enter the following interface. In the Host Name (or IP address) text box, enter the IP address of the server (192.168.1.40). Figure 1-9 SSH client configuration interface (1) Select Connection/SSH/Auth. The following window appears.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-10 SSH client configuration interface (2) From the window shown in Figure 1-10, click Open. If the connection is normal, you will be prompted to enter the username client002 to enter the configuration interface. 1.6 SSH Client Configuration Examples 1.6.1 When Using Password Authentication I.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Configure the SSH server # Create an RSA key pair and enable the SSH server. system-view [SwitchB] public-key local create rsa [SwitchB] ssh server enable # Create an IP address for VLAN-interface 1, which the SSH client will use as the destination for SSH connection. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration [SwitchA-pkey-key-code]308201B73082012C06072A8648CE3804013082011F0281810 0D757262C4584C44C211F18BD96E5F0 [SwitchA-pkey-key-code]61C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE 65BE6C265854889DC1EDBD13EC8B274 [SwitchA-pkey-key-code]DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B0 6FD60FE01941DDD77FE6B12893DA76E [SwitchA-pkey-key-code]EBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B3 68950387811C7DA33021500C773218C [Sw
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration 1.6.2 When Using Publickey Authentication I. Network requirements z As shown in Figure 1-12, Switch A (the SSH client) needs to log on to Switch B (the SSH server) through SSH protocol. z Publickey authentication is used; the algorithm is RSA. II. Network diagram Figure 1-12 SSH client configuration (using publickey authentication) III.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration Note: Before performing the following tasks, you must generate an RSA key pair (using the client software) on the client, save the public key in a file named key.pub, and then upload the file to the SSH server through FTP or TFTP. For details, refer to Configuring the SSH Client. # Import the remote public key from the file key.pub. [SwitchB] public-key peer Switch001 import sshkey key.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n ***************************************************************** * Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service Chapter 2 SFTP Service When configuring SFTP, go to these sections for information you are interested in: z SFTP Overview z Configuring an SFTP Server z Configuring an SFTP Client z SFTP Configuration Example 2.1 SFTP Overview The secure file transfer protocol (SFTP) is a new feature in SSH 2.0. SFTP uses the SSH connection to provide secure data transfer.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service Note: When the device functions as the SFTP server, only one client can access the SFTP server at a time. If the SFTP client uses WinSCP, a file on the server cannot be modified directly; it can only be downloaded to a local place, modified, and then uploaded to the server. 2.2.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service 2.3.2 Establishing a Connection to the SFTP Server This configuration task is to enable the SFTP client to establish a connection with the remote SFTP server and enter SFTP client view.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Establish a connection to the remote SFTP server and enter SFTP client view sftp [ ipv6 ] server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Change the working director
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Establish a connection to the remote SFTP server and enter SFTP client view sftp [ ipv6 ] server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Change the name of a specif
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Remarks Establish a connection to the remote SFTP server and enter SFTP client view sftp [ ipv6 ] server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Display a list of
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service II. Network diagram Figure 2-1 Network diagram for SFTP configuration III. Configuration procedure Configure the SFTP server (Switch B) # Generate an RSA key pair and enable SSH server. system-view [SwitchB] public-key local create rsa [SwitchB] ssh server enable # Configure an IP address for VLAN-interface 1, which the SSH client uses as the destination for SSH connection.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service Note: If you set the SSH authentication method to publickey, you need to configure the host public key of SwitchA. For the specific configuration, refer to When Using Publickey Authentication. # Enable the SFTP server. [SwitchB] sftp server enable Configure the SFTP client (Switch A) # Configure an IP address for VLAN-interface 1.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service This operation may take a long time.Please wait... File successfully Removed sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.
Operation Manual – SSH H3C S7500E Series Ethernet Switches Chapter 2 SFTP Service -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2 -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk sftp-client> # Terminate the connection to the remote SFTP server.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 PoE Configuration ....................................................................................................... 1-1 1.1 PoE Overview .................................................................................................................... 1-1 1.1.1 Introduction to PoE.................................................................................................. 1-1 1.1.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration Chapter 1 PoE Configuration When configuring PoE, go to these sections for information you are interested in: z PoE Overview z PoE Configuration Task List z Configuring the PoE Power z Configuring the PSE z Configuring the PoE Interface z Configuring PoE Power Management z Configuring the PoE Monitoring Function z Upgrading PSE Processing Software Online z Enabling the PSE to Detect Nonstandard PDs z
Operation Manual – PoE H3C S7500E Series Ethernet Switches z Chapter 1 PoE Configuration PSE PSE is a card or subcard. PSE manages its own PoE interfaces independently. PSE examines the Ethernet cables connected to PoE interfaces, searches for the devices, classifies them, and supplies power to them. When detecting that a PD is unplugged, the PSE stops supplying power to the PD. An Ethernet interface with the PoE capability is called PoE interface. Currently, a PoE interface can be an FE or GE interface.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration 1.3 Configuring the PoE Power The maximum PoE power refers to the maximum power that the device can provide for all PSEs. To avoid a power failure to the PSE owing to overload, the sum of the power consumption of all PSEs should not exceed the maximum power of the device.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration Usually, you can adopt the command line to configure a single PoE interface, and adopt a PoE configuration file to configure multiple PoE interfaces at the same time. Caution: You can adopt either mode to configure, modify, or delete a PoE configuration parameter under the same PoE interface.
Operation Manual – PoE H3C S7500E Series Ethernet Switches To do… Configure a description for the PD connected to the PoE interface Chapter 1 PoE Configuration Use the command… Remarks Optional poe pd-description string By default, no description for the PD connected to the PoE interface is available. 1.5.2 Configuring PoE Interfaces Through a PoE Configuration File A PoE configuration file is used to configure at the same time multiple PoE interfaces with the same attributes to simplify operations.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration Caution: z After a PoE configuration file is applied to a PoE interface, other PoE configuration files can not take effect on this PoE interface. z If a PoE configuration file is already applied to a PoE interface, you must execute the undo apply poe-profile command to remove the application to the interface before deleting or modifying the PoE configuration file.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration PSE will preempt the power of the PSE with a lower priority level. In the latter case, the PSE whose power is preempted will be disconnected, but its configuration will remain unchanged. After you change the priority of the PSE from critical to a lower level, other PSEs will have an opportunity of being powered.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration Note: If the sudden increase of the power of the PD results in PSE power overload, power supply to the PD on the PoE interface with a lower priority will be stopped.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration z Monitoring PoE power means monitoring the voltage of the PoE power. z When the current power utilization of the PSE is above or below the alarm threshold for the first time, the system will send a Trap message. z When the PSE starts or stops supplying power to a PD, the system will send a Trap message, too. z Configuring PoE Power Monitoring 1.7.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration 1.8 Upgrading PSE Processing Software Online You can upgrade the PSE processing software online in either of the following two modes: z refresh mode This mode enables you to update the PSE processing software without deleting it. Normally, you can upgrade the PSE processing software in the refresh mode through the command line. z full mode This mode deletes the PSE processing software and reloads it.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration 1.10 Displaying and Maintaining PoE To do… Use the command… Display the mapping between ID, module, and slot of all PSEs.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration 1.11 PoE Configuration Example I. Network requirements z The device is equipped with two PoE-supporting cards, which are inserted in Slot 3 and Slot 5 respectively. The PSE IDs are 10 and 16. z Allocate 400 watts to PSE 10, provided the default maximum power to PSE in PSE 16 can meet the requirements. z GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 are connected to IP telephones.
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration [Sysname] interface gigabitethernet 3/0/2 [Sysname-GigabitEthernet3/0/2] poe enable [Sysname-GigabitEthernet3/0/2] quit [Sysname] interface gigabitethernet 5/0/1 [Sysname-GigabitEthernet5/0/1] poe enable [Sysname-GigabitEthernet5/0/1] quit [Sysname] interface gigabitethernet 5/0/2 [Sysname-GigabitEthernet5/0/2] poe enable [Sysname-GigabitEthernet5/0/2] quit # Set the power priority level of GigabitEthernet 3/0/2 to cri
Operation Manual – PoE H3C S7500E Series Ethernet Switches Chapter 1 PoE Configuration Solution: z In the first case, you can solve the problem by removing the original configurations of those configurations. z In the second case, you need to modify some configurations in the PoE configuration file. z In the third case, you need to remove the application of the undesired PoE configuration file to the PoE interface.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 RRPP Configuration .................................................................................................... 1-1 1.1 RRPP Overview ................................................................................................................. 1-1 1.1.1 Basic Concepts in RRPP ........................................................................................ 1-1 1.1.2 RRPP Packets....
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration Chapter 1 RRPP Configuration When configuring RRPP, go to these sections for information you are interested in: z RRPP Overview z RRPP Configuration Task List z Configuring Master Node z Configuring Transit Node z Configuring Edge Node z Configuring Assistant Edge Node z Displaying and Maintaining RRPP z RRPP Typical Configuration Examples 1.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration I. RRPP domain The interconnected devices with the same domain ID and control VLANs constitute an RRPP domain. An RRPP domain contains multiple RRPP rings, in which one ring serves as the primary ring and other rings serve as subrings. You can set a ring as either the primary ring or a subring. As shown in Figure 1-1, Domain 1 is an RRPP domain, including two RRPP rings: Ring 1 and Ring 2.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration primary ring and an assistant-edge node on the subring. This node is used in conjunction with the edge node to detect the integrity of the primary ring and perform loop guard. As shown in Figure 1-1, Ring 1 is the primary ring and Ring 2 is a subring.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration z The Hello timer is used for the primary port to send Health packets. z The Fail timer is used for the secondary port to receive Health packets from the master node. If the secondary port receives the Health packets before the Fail timer expires, the overall ring is in health state. Otherwise, the ring transits into disconnect state until the secondary port receives the Health packet again.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration 1.1.3 Typical RRPP Networking Here are several typical networking applications. I. Single ring Domain1 Device A Device B Transit node Master node Ring1 Transit node Transit node Device C Device D Figure 1-2 Single ring There is only a single ring in the network topology. In this case, you only need to define an RRPP domain. II.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration III. Single-domain intersecting rings Figure 1-4 Single-domain intersecting rings There are two or more rings in the network topology and two common nodes between rings. In this case, you only need to define an RRPP domain, and set one ring as the primary ring and other rings as subrings. IV.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration 1.1.4 How RRPP Works I. Polling mechanism The primary port of the master node sends Health packets across the control VLAN periodically. z If the ring works properly, the secondary port of the master node will receive Health packets and the master node will maintain it in block state. z If the ring is torn down, the secondary port of the master node will not receive Health packets after the timeout timer expires.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration 1.1.5 Protocols and Standards Related standard: RFC 3619. 1.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration Note: z If you need to transparently transmit RRPP packets on a device without enabling RRPP, you should ensure only the two ports accessing an RRPP ring permits the packets of the control VLAN. Otherwise, the packets from other VLANs may go into the control VLAN in transparent transmission mode and strike the RRPP ring.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration To do… Use the command… Remarks Required Enable RRPP rrpp enable By default, RRPP is disabled. Caution: z The control VLAN configured for an RRPP domain must be a new one. z Control VLAN configuration is required for configuring an RRPP ring. z To use the undo rrpp domain command to remove an RRPP domain, you must ensure the RRPP domain has no RRPP ring. 1.3.2 Master Node Configuration Example I.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration 1.4 Configuring Transit Node 1.4.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches z Chapter 1 RRPP Configuration Specify the device as the transit node of primary ring 1 in RRPP domain 1, GigabitEthernet 3/0/1 as the primary port and GigabitEthernet 3/0/2 as the secondary port. II.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches To do… Chapter 1 RRPP Configuration Use the command… Remarks Required Enable the primary ring ring ring-id enable By default, the RRPP ring is disabled. Required Enable the subring ring ring-id enable By default, the RRPP ring is disabled. Return to system view quit — Enable RRPP rrpp enable Required By default, RRPP is disabled. Caution: z The control VLAN configured for an RRPP domain must be a new one.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration [Sysname-GigabitEthernet3/0/1] link-delay 0 [Sysname-GigabitEthernet3/0/1] quit [Sysname] interface gigabitethernet 3/0/2 [Sysname-GigabitEthernet3/0/2] link-delay 0 [Sysname-GigabitEthernet3/0/2] quit [Sysname] interface gigabitethernet 3/0/4 [Sysname-GigabitEthernet3/0/4] link-delay 0 [Sysname-GigabitEthernet3/0/4] quit [Sysname] rrpp domain 1 [Sysname-rrpp-domain1] control-vlan 4092 [Sysname-rrpp-domain1] ring 1 no
Operation Manual – RRPP H3C S7500E Series Ethernet Switches To do… Chapter 1 RRPP Configuration Use the command… Remarks Required Enable the primary ring ring ring-id enable By default, the RRPP ring is disabled. Required Enable the subring ring ring-id enable By default, the RRPP ring is disabled. Return to system view quit — Enable RRPP rrpp enable Required By default, RRPP is disabled. Caution: z The control VLAN configured for an RRPP domain must be a new one.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration [Sysname-GigabitEthernet3/0/1] link-delay 0 [Sysname-GigabitEthernet3/0/1] quit [Sysname] interface gigabitethernet 3/0/2 [Sysname-GigabitEthernet3/0/2] link-delay 0 [Sysname-GigabitEthernet3/0/2] quit [Sysname] interface gigabitethernet 3/0/4 [Sysname-GigabitEthernet3/0/4] link-delay 0 [Sysname-GigabitEthernet3/0/4] quit [Sysname] rrpp domain 1 [Sysname-rrpp-domain1] control-vlan 4092 [Sysname-rrpp-domain1] ring 1 no
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration 1.8.1 Configuring Single Ring Topology I.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration [DeviceA-GigabitEthernet3/0/1] link-delay 0 [DeviceA-GigabitEthernet3/0/1] quit [DeviceA] interface gigabitethernet 3/0/2 [DeviceA-GigabitEthernet3/0/2] link-delay 0 [DeviceA-GigabitEthernet3/0/2] quit [Device A] rrpp domain 1 [Device A-rrpp-domain1] control-vlan 4092 [Device A-rrpp-domain1] ring 1 node-mode master primary-port gigabitethernet 3/0/1 secondary-port gigabitethernet 3/0/2 level 0 [Device A-rrpp-domain1]
Operation Manual – RRPP H3C S7500E Series Ethernet Switches 4) Chapter 1 RRPP Configuration Perform the following configuration on Device D: system-view [DeviceD] interface gigabitethernet 3/0/1 [DeviceD-GigabitEthernet3/0/1] link-delay 0 [DeviceD-GigabitEthernet3/0/1] quit [DeviceD] interface gigabitethernet 3/0/2 [DeviceD-GigabitEthernet3/0/2] link-delay 0 [DeviceD-GigabitEthernet3/0/2] quit [Device D] rrpp domain 1 [Device D-rrpp-domain1] control-vlan 4092 [Device D-rrpp-domain1] ring 1 no
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration Figure 1-7 Networking diagram for single-domain intersecting rings configuration II. Configuration considerations First, determine the primary ring and subring in an RRPP domain, node mode of a device on each RRPP ring, and then perform the following configuration on a per-device basis: z Create an RRPP domain. z Specify the control VLAN for the RRPP domain.
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration [Device A] rrpp enable 2) Perform the following configuration on Device B: system-view [DeviceB] interface gigabitethernet 3/0/1 [DeviceB-GigabitEthernet3/0/1] link-delay 0 [DeviceB-GigabitEthernet3/0/1] quit [DeviceB] interface gigabitethernet 3/0/2 [DeviceB-GigabitEthernet3/0/2] link-delay 0 [DeviceB-GigabitEthernet3/0/2] quit [DeviceB] interface gigabitethernet 3/0/3 [DeviceB-GigabitEthernet3/0/3] lin
Operation Manual – RRPP H3C S7500E Series Ethernet Switches Chapter 1 RRPP Configuration [Device C] rrpp enable 4) Perform the following configuration on Device D: system-view [DeviceD] interface gigabitethernet 3/0/1 [DeviceD-GigabitEthernet3/0/1] link-delay 0 [DeviceD-GigabitEthernet3/0/1] quit [DeviceD] interface gigabitethernet 3/0/2 [DeviceD-GigabitEthernet3/0/2] link-delay 0 [DeviceD-GigabitEthernet3/0/2] quit [Device D] rrpp domain 1 [Device D-rrpp-domain1] control-vlan 4092 [Device D
Operation Manual – Appendix H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ..................................................................................................................
Operation Manual – Appendix H3C S7500E Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms A AAA Authentication, Authorization and Accounting ABR Area Border Router ACL Access Control List ARP Address Resolution Protocol AS Autonomous System ASBR Autonomous System Border Router B BDR Backup Designated Router C CAR Committed Access Rate CLI Command Line Interface CoS Class of Service D DHCP Dynamic Host Configuration Protocol DR Designated Router D-V Distance Vector Ro
Operation Manual – Appendix H3C S7500E Series Ethernet Switches Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol IGP Interior Gateway Protocol IP Internet Protocol L LSA Link State Advertisement LSDB Link State DataBase M MAC Medium Access Control MIB Management Information Base N NBMA Non Broadcast MultiAccess NIC Network Information Center NMS Network Management System NVRAM Nonvolatile RAM O OSPF Open Shortest Path First P PIM
Operation Manual – Appendix H3C S7500E Series Ethernet Switches Appendix A Acronyms T TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol ToS Type of Service TTL Time To Live U UDP User Datagram Protocol V VLAN Virtual LAN VOD Video On Demand VRRP Virtual Router Redundancy Protocol W WRR Weighted Round Robin X XID eXchange Identification XRN eXpandable Resilient Networking A-3
