H3C SecPath Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. SecPath Series
  6. Operation manual
H3C SecPath Series Operation Manual

H3C SecPath Series Operation Manual

Hide thumbs Also See for SecPath Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Operation Manual - User Access
H3C SecPath Series Security Products
Chapter 1 PPP Configuration ....................................................................................................... 1-1
1.1 Introduction to PPP ............................................................................................................ 1-1
1.1.1 Introduction to PPP ................................................................................................. 1-1
1.2 Configuring PPP ................................................................................................................ 1-2
1.2.1 Configuring PPP Encapsulation on the Interface.................................................... 1-3
1.2.2 Configuring the Polling Interval ............................................................................... 1-3
1.2.4 Configuring PPP Negotiation Parameters............................................................... 1-7
1.2.5 Configuring PPP Link Quality Control ................................................................... 1-12
1.2.6 Displaying and Debugging PPP ............................................................................ 1-12
1.3 Configuring PPP Link Efficiency Mechanism................................................................... 1-13
1.3.1 Configuring IPHC .................................................................................................. 1-14
1.3.2 Configuring PPP STAC-LZS Compression........................................................... 1-16
1.4 Typical PPP Configuration Example................................................................................ 1-17
1.4.1 PAP Authentication ............................................................................................... 1-17
1.4.2 CHAP Authentication ............................................................................................ 1-18
1.5 Troubleshooting PPP....................................................................................................... 1-19
Chapter 2 PPPoE Server Configuration ...................................................................................... 2-1
2.1 Introduction to PPPoE ....................................................................................................... 2-1
2.2 PPPoE Server Configuration ............................................................................................. 2-1
2.2.1 Creating a Virtual Template .................................................................................... 2-1
2.2.2 Enabling/Disabling PPPoE Server .......................................................................... 2-2
2.2.3 Configuring PPPoE Server Parameters.................................................................. 2-2
2.3 Displaying and Debugging PPPoE Server ........................................................................ 2-3
2.4 PPPoE Configuration Example.......................................................................................... 2-4
Chapter 3 PPPoE Client Configuration ....................................................................................... 3-1
3.1 Introduction to PPPoE Client ............................................................................................. 3-1
3.2 Configuring the PPPoE Client............................................................................................ 3-2
3.2.1 Configuring a Dialer Interface ................................................................................. 3-2
3.2.2 Configuring a PPPoE Session ................................................................................ 3-3
3.2.3 Resetting/Deleting a PPPoE Session ..................................................................... 3-4
3.3 Displaying and Debugging the PPPoE Client.................................................................... 3-5
3.4 Typical PPPoE Client Configuration Example ................................................................... 3-5
3.4.1 Typical PPPoE Client Configuration Example ........................................................ 3-5

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading

Related Manuals for H3C SecPath Series

Summary of Contents for H3C SecPath Series

  • Page 1: Table Of Contents

    Operation Manual – User Access H3C SecPath Series Security Products Table of Contents Table of Contents Chapter 1 PPP Configuration ....................... 1-1 1.1 Introduction to PPP ......................1-1 1.1.1 Introduction to PPP ....................1-1 1.2 Configuring PPP ........................ 1-2 1.2.1 Configuring PPP Encapsulation on the Interface............ 1-3 1.2.2 Configuring the Polling Interval ................
  • Page 2 Operation Manual – User Access H3C SecPath Series Security Products Table of Contents 3.4.2 Connecting a LAN to the Internet Through an ADSL Modem......... 3-7 Chapter 4 VLAN Configuration ....................4-1 4.1 Introduction to VLAN......................4-1 4.2 Basic VLAN Configuration ....................4-3 4.3 Displaying and Debugging VLAN ..................

  • Page 3: Chapter 1 Ppp Configuration

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Chapter 1 PPP Configuration 1.1 Introduction to PPP 1.1.1 Introduction to PPP The Point-to-Point Protocol (PPP) is one of link layer protocols that bearing network layer packets over point-to-point link. It has found wide application since it can provide user authentication, support synchronous/asynchronous communication and, can be expanded easily.

  • Page 4: Configuring Ppp

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration key (password) and then send the generated cipher text and its own user name back to the authenticator (Response). The authenticator encrypts the original random packet with the authenticatee...

  • Page 5: Configuring Ppp Encapsulation On The Interface

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Configure the data link protocol encapsulated on the interface to be PPP Configure the polling interval Configure PPP authentication mode, user name and user password Advanced PPP configuration tasks include:...

  • Page 6: Configuring Ppp Authentication Mode And Username And User Password

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration 1.2.3 Configuring PPP Authentication Mode and Username and User Password The local and the peer support both CHAP and PAP authentication approaches between them. The configuration procedures in both approaches will be described in the following subsections.
  • Page 7 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration If a received username includes a domain name, this domain name is used for authentication (if the name does not exist, authentication is denied). Otherwise, the domain name configured for PPP authentication applies.
  • Page 8 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration III. Configuring the local to be authenticated by the peer using PAP Table 1-5 Configure the local to be authenticated by the peer with the PAP approach...

  • Page 9: Configuring Ppp Negotiation Parameters

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Note: When configuring CHAP authentication, you should configure the same username with the local-user command executed as that with the ppp chap user command executed for the peer. You should also configure the same password for both sides. If the peer...
  • Page 10 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration address thus assigned by the remote interface. When accessing the Internet via an ISP, you may make this configuration to get an IP address from the ISP.
  • Page 11 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Table 1-9 Assign directly the specified IP address for the peer on the interface Operation Command Assign an IP address for the PPP user remote address ip-address...
  • Page 12 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Table 1-11 Assign an IP address for the PPP user using the address pool for the domain Operation Command ip pool pool-number low-ip-address Define a global IP address pool...
  • Page 13 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Table 1-12 Enable/disable forced IP address assignment with PPP IPCP negotiation Operation Command Forbid the peer to use a self-configured ppp ipcp remote-address forced fix IP address in PPP IPCP negotiation.

  • Page 14: Configuring Ppp Link Quality Control

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration 1.2.5 Configuring PPP Link Quality Control You may use PPP link quality control (LQC) to monitor quality of PPP links. The system shuts down a link when its quality decreased below the forbidden-percentage and brings it up when its quality ameliorates exceeding the resumptive-percentage.

  • Page 15: Configuring Ppp Link Efficiency Mechanism

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Operation Command debugging ppp { chap { all | event | error | packet | Enable part of debug state }| pap { all | event | error | packet | state }|...

  • Page 16: Configuring Iphc

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration RTP header cpmpression incoming packets Sending queue queue Traffic classifying Non RTP traffic Figure 1-2 IP header compression II. STAC-LZS compression STAC-LZS compression is a link-layer data compression standard developed by Stac Electronics.
  • Page 17 Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration You must configure IP header compression at the endpoints of a link. Perform the following configuration in interface view. Table 1-16 Enable/disable IPHC Operation Command Enable IPHC.

  • Page 18: Configuring Ppp Stac-Lzs Compression

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration 1.3.2 Configuring PPP STAC-LZS Compression Perform the following configuration in interface view. The current system version supports the Stac compression described in RFC 1974. Table 1-19 Configure PPP STAC-LZS compression...

  • Page 19: Typical Ppp Configuration Example

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration Operation Command Clear all statistics about IP header reset ppp compression iphc compression [ interface-type interface-number ] Clear all statistics about Stac-lzs header reset ppp compression stac-lzs...

  • Page 20: Chap Authentication

    H3C SecPath Series Security Products Chapter 1 PPP Configuration [H3C-Dialer1] dialer-group 1 [H3C-Dialer1] dialer bundle 1 [H3C-Dialer1] ip address ppp-negotiate [H3C-Dialer1] ppp pap local-user secpath2 password simple pwd # Configure PPPoE session. [H3C] interface ethernet 1/0/0 [H3C-Ethernet1/0/0] pppoe-client dial-bundle-number 1 1.4.2 CHAP Authentication I.

  • Page 21: Troubleshooting Ppp

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 1 PPP Configuration # Configure PPPoE session. [H3C] interface ethernet 1/0/0 [H3C-Ethernet1/0/0] pppoe-client dial-bundle-number 1 1.5 Troubleshooting PPP Fault 1: The link never turns into the up state. Problem solving: This problem may arise from the PPP authentication failure due to the incorrect configuration of PPP authentication parameters.

  • Page 22: Chapter 2 Pppoe Server Configuration

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 2 PPPoE Server Configuration Chapter 2 PPPoE Server Configuration 2.1 Introduction to PPPoE Point-to-Point Protocol over Ethernet (PPPoE) establishes a network comprising a large number of hosts by making use of the Ethernet, and makes the hosts access the Internet through a remote access device while performing access control and accounting on each host.

  • Page 23: Enabling/Disabling Pppoe Server

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 2 PPPoE Server Configuration Table 2-1 Create/delete a virtual template Operation Command Create a virtual template and enter its view. interface virtual-template number undo interface virtual-template Delete the specified virtual template.

  • Page 24: Enabling/Disabling The Pppoe Server To Output Ppp-Related Log

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 2 PPPoE Server Configuration Perform the following configuration in system view. Table 2-3 Configure PPPoE server parameters Operation Command Configure the maximum number of pppoe-server max-sessions PPPoE sessions allowed to be set up...

  • Page 25: Pppoe Configuration Example

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 2 PPPoE Server Configuration Table 2-5 Displaying and debugging PPPoE server Operation Command Display the status and statistics of display pppoe-server session { all | PPPoE sessions packet } In the table, the parameter all indicates to display all information of each session, packet indicates to display packet statistics of each session.
  • Page 26 Operation Manual – User Access H3C SecPath Series Security Products Chapter 2 PPPoE Server Configuration # Configure virtual-template parameters on the firewall. [H3C] interface virtual-template 1 [H3C-Virtual-Template1] ppp authentication-mode chap domain system [H3C-Virtual-Template1] ppp chap user NE [H3C-Virtual-Template1] remote address pool 1 [H3C-Virtual-Template1] ip address 1.1.1.1 255.0.0.0...

  • Page 27: Chapter 3 Pppoe Client Configuration

    PPPoE client dialing software in order to access the Internet via ADSL. SecPath series firewalls perform the PPPoE client function (namely the PPPoE client dialing function), by which the user can access the Internet without installing any client dialing software on his PC.

  • Page 28: Configuring The Pppoe Client

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 3 PPPoE Client Configuration Ethernet PPPo E C lient ADSL M odem PPPoE Session PPPo E Serv er Figure 3-1 Typical PPPoE network diagram In the above figure, the PCs are connected to a SecPath firewall running the PPPoE client.

  • Page 29: Configuring A Pppoe Session

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 3 PPPoE Client Configuration Table 3-1 Configuring a Dialer interface Operation Command dialer-rule dialer-group { protocol-name Configure a Dialer Rule { permit | deny } | acl acl-number }...

  • Page 30: Resetting/Deleting A Pppoe Session

    Delete PPPoE session dial-bundle-number number SecPath Series Firewalls support two kinds of PPPoE connection mode: always-on mode and packet triggering mode. Always-on mode: When the physical line is UP, the firewall will quickly initiate PPPoE call to create a PPPoE session. The PPPoE session will always exist unless the user deletes it via the undo pppoe-client command.

  • Page 31: Displaying And Debugging The Pppoe Client

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 3 PPPoE Client Configuration When a PPPoE session works in permanent on-line mode, if it is terminated by the reset pppoe-client command, the firewall will automatically recreate a PPPoE session in 16 seconds.
  • Page 32 [H3C-Dialer1] dialer user secpath1 [H3C-Dialer1] dialer-group 1 [H3C-Dialer1] dialer bundle 1 [H3C-Dialer1] ip address ppp-negotiate [H3C-Dialer1] ppp pap local-user secpath2 password simple pwd # Configure a PPPoE session. [H3C] interface ethernet 1/0/0 [H3C-Ethernet1/0/0] pppoe-client dial-bundle-number 1 When CHAP authentication applies, configure the firewalls as follows: Configure SecPath1 # Add a PPPoE user.

  • Page 33: Connecting A Lan To The Internet Through An Adsl Modem

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 3 PPPoE Client Configuration [H3C] dialer-rule 1 ip permit [H3C] interface dialer 1 [H3C-Dialer1] dialer user secpath1 [H3C-Dialer1] dialer-group 1 [H3C-Dialer1] dialer bundle 1 [H3C-Dialer1] ip address ppp-negotiate [H3C-Dialer1] ppp chap user secpath2...
  • Page 34 [H3C-Dialer1] dialer user secpathb [H3C-Dialer1] dialer-group 1 [H3C-Dialer1] dialer bundle 1 [H3C-Dialer1] ip address ppp-negotiate [H3C-Dialer1] ppp pap local-user adsluser password cipher 123456 # Configure a PPPoE session. [H3C] interface ethernet 2/0/0 [H3C-Ethernet2/0/0] pppoe-client dial-bundle-number 1 # Configure a LAN interface and the default route.
  • Page 35 Operation Manual – User Access H3C SecPath Series Security Products Chapter 3 PPPoE Client Configuration # Add a local IP address pool with nine IP addresses [H3C] ip pool 1 1.1.1.2 1.1.1.10 # Configure RADIUS scheme [H3C] radius scheme cams [H3C-radius-cams] primary authentication 10.110.91.146 1812...

  • Page 36: Chapter 4 Vlan Configuration

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 4 VLAN Configuration Chapter 4 VLAN Configuration 4.1 Introduction to VLAN Ethernet is a kind of data network communication technology, which is based on the shared communication medium of CSMA/CD (Carrier Sense Multiple Access with Collision Detection).
  • Page 37 Operation Manual – User Access H3C SecPath Series Security Products Chapter 4 VLAN Configuration VLAN A LAN Switch VLAN B VLAN A LAN Switch VLAN A VLAN B VLAN B SecPath Figure 4-1 Example of VLAN The buildup of VLAN is not restricted by physical locations, that is to say, one VLAN can spread within one switch or across switches, or even across routers.

  • Page 38: Basic Vlan Configuration

    VLAN to implement the interconnection among VLANs. Usually, this is a kind of layer 3 (IP layer) interconnection. SecPath series firewall support the VLAN application. 4.2 Basic VLAN Configuration Perform the following configuration in system view or Ethernet subinterface view.

  • Page 39: Typical Vlan Configuration Example

    Operation Manual – User Access H3C SecPath Series Security Products Chapter 4 VLAN Configuration Table 4-2 Displaying and debugging VLAN Operation Command Display the maximum number of processed packets configured on a display vlan max-packet-process vid specified VLAN Display the packet statistics of the...
  • Page 40 Operation Manual – User Access H3C SecPath Series Security Products Chapter 4 VLAN Configuration II. Network diagram Internet eth 4/0/0.2 LAN Sw itch 4.0.0.1/8 SecPath VLAN 20 eth 4/0/0.1 3.0.0.1/8 eth3/0/0.1 VLAN 10 eth3/0/0.2 1.0.0.1/8 2.0.0.1/8 VLAN 10 VLAN 20...
  • Page 41 Operation Manual – User Access H3C SecPath Series Security Products Chapter 4 VLAN Configuration # Set the maximum number of packets that VLAN10 can process into 100000 per second and that VLAN20 can process into 200000 per second. [H3C] max-packet-process 100000 10...

Table of Contents