Page 1: Configuration Guide
3Com Switch 8800 Configuration Guide www.3com.com Part No. DUA1750-2BAA01 Published: December 2005...
Page 2 LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
Page 3: About This Manual
3Com Switch 8800 Installation Guide 3Com Switch 8800 Command Reference Guide Organization 3Com Switch 8800 Configuration Guide consists of the following parts: MPLS This module introduces the configuration on MPLS and BGP/MPLS VPN features. This module introduces the configuration on STP feature. Security This module presents the configuration on 802.1x, AAA and RADIUS protocols, and...
Page 4 Switch 8800 Configuration Guide This module focuses on power over Ethernet (PoE) configuration. NAT & VPLS This module presents the configurations on NAT and VPLS. Appendix This appendix offers the acronyms in this manual. Intended Audience The manual is intended for the following readers:...
Page 5 Switch 8800 Configuration Guide Convention [ x | y | ... ] * III. GUI conventions Convention < > IV. Keyboard operation Format <Key> <Key1+Key2> <Key1, Key2> Description selected. Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.
Page 6 Switch 8800 Configuration Guide V. Mouse operation Action Select Click Double-Click Drag VI. Symbols Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution: Means reader be extremely careful during the operation.
Page 7: Table Of Contents
3Com Switch 8800 Configuration Guide Chapter 1 Product Overview ... 1-1 1.1 Product Overview... 1-1 1.2 Function Features ... 1-1 Chapter 2 Logging into Switch ... 2-1 2.1 Setting Up Configuration Environment Through the Console Port... 2-1 2.2 Setting Up Configuration Environment Through Telnet... 2-3 2.2.1 Connecting a PC to the Switch Through Telnet...
Page 8 3Com Switch 8800 Configuration Guide 6.2.4 Setting the Duplex Attribute of the Ethernet Port ... 6-2 6.2.5 Setting Speed on the Ethernet Port ... 6-2 6.2.6 Setting the Cable Type for the Ethernet Port ... 6-3 6.2.7 Enabling/Disabling Flow Control for the Ethernet Port... 6-3 6.2.8 Permitting/Forbidding Jumbo Frame to Pass the Ethernet Port ...
Page 9 3Com Switch 8800 Configuration Guide 8.4.1 Creating/Deleting a VLAN Protocol Type... 8-4 8.4.2 Associating/Dissociating a Port with/from a Protocol-Based VLAN... 8-5 8.5 Displaying VLAN ... 8-5 8.6 VLAN Configuration Example ... 8-6 Chapter 9 GARP/GVRP Configuration... 9-1 9.1 Configuring GARP ... 9-1 9.1.1 GARP Overview ...
Page 10 3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration ... 13-1 13.1 Introduction to DHCP... 13-1 13.1.1 How DHCP Works... 13-1 13.2 Configuring General DHCP ... 13-3 13.2.1 Enabling/Disabling DHCP Service ... 13-4 13.2.2 Configuring Processing Method of DHCP Packets... 13-4 13.2.3 Enabling/Disabling Fake DHCP Server Detection ...
Page 11 3Com Switch 8800 Configuration Guide 15.2 Displaying and Debugging IP Performance... 15-2 15.3 Troubleshooting IP Performance ... 15-3 Chapter 16 IP Routing Protocol Overview ... 16-5 16.1 Introduction to IP Route and Routing Table ... 16-5 16.1.1 IP Route and Route Segment ... 16-5 16.1.2 Route Selection through the Routing Table ...
Page 12 19.1.3 OSPF Packets... 19-2 19.1.4 LSA Type... 19-3 19.1.5 Basic Concepts Related to OSPF ... 19-3 19.1.6 OSPF Features Supported by the Switch 8800 ... 19-5 19.2 Configuring OSPF... 19-6 19.2.1 Configuring Router ID ... 19-7 19.2.2 Enabling OSPF... 19-7 19.2.3 Entering OSPF Area View...
Page 13 3Com Switch 8800 Configuration Guide 20.1.1 Terms of IS-IS Routing Protocol ... 20-1 20.1.2 Two-level Structure of IS-IS Routing Protocol ... 20-2 20.1.3 NSAP Structure of IS-IS Routing Protocol ... 20-4 20.1.4 IS-IS Routing Protocol Packets... 20-5 20.2 Configuring Integrated IS-IS ... 20-6 20.2.1 Enabling IS-IS and Entering the IS-IS View...
Page 14 3Com Switch 8800 Configuration Guide 21.2.2 Configuring Basic Features for BGP Peer ... 21-5 21.2.3 Configuring application features of a BGP peer (group)... 21-8 21.2.4 Configuring Route Filtering of a Peer (group) ... 21-12 21.2.5 Configuring Network Routes for BGP Distribution ... 21-14 21.2.6 Configuring the Interaction Between BGP and IGP ...
Page 15 3Com Switch 8800 Configuration Guide 23.1.3 Application of Multicast ... 23-7 23.2 Implementation of IP Multicast... 23-7 23.2.1 IP Multicast Addresses... 23-7 23.2.2 IP Multicast Protocols... 23-9 23.3 RPF Mechanism for IP Multicast Packets ... 23-10 Chapter 24 IGMP Snooping Configuration ... 24-1 24.1 IGMP Snooping Overview ...
Page 16 3Com Switch 8800 Configuration Guide 27.2.3 Configuring the IGMP Version ... 27-3 27.2.4 Configuring the Interval to Send IGMP Query Message... 27-4 27.2.5 Configuring the Interval and the Number of Querying IGMP Packets ... 27-4 27.2.6 Configuring the Present Time of IGMP Querier ... 27-5 27.2.7 Configuring Maximum Response Time for IGMP Query Message...
Page 17 3Com Switch 8800 Configuration Guide 29.2.11 Configuring RP to Filter the Register Messages Sent by DR ... 29-7 29.2.12 Limiting the range of legal BSR... 29-7 29.2.13 Limiting the range of legal C-RP ... 29-8 29.2.14 Clearing multicast route entries from PIM routing table ... 29-8 29.2.15 Clearing PIM Neighbors ...
Page 18 3Com Switch 8800 Configuration Guide 31.2.6 Configuring MBGP Timer ... 31-5 31.2.7 Configuring MBGP Peer (Group) ... 31-5 31.2.8 Configuring MBGP Route Aggregation ... 31-9 31.2.9 Configuring an MBGP Route Reflector ... 31-9 31.2.10 Configure MBGP Community Attributes ... 31-10 31.2.11 Importing IGP Routing Information into MBGP ...
Page 19 38.2 Configuring MSTP ... 38-12 38.2.1 Configuring the MST Region for a Switch... 38-13 38.2.2 Specifying the Switch as a Primary or a Secondary Root bridge ... 38-15 38.2.3 Configuring the MSTP Running Mode ... 38-16 38.2.4 Configuring the Bridge Priority for a Switch ... 38-17 38.2.5 Configuring the Max Hops in an MST Region...
Page 20 39.2.2 Setting the Port Access Control Mode ... 39-6 39.2.3 Setting Port Access Control Method ... 39-7 39.2.4 Checking the Users that Log on the Switch via Proxy ... 39-7 39.2.5 Setting Supplicant Number on a Port... 39-8 39.2.6 Setting the Authentication in DHCP Environment... 39-8 39.2.7 Configuring Authentication Method for 802.1x User ...
Page 21 3Com Switch 8800 Configuration Guide 40.2 AAA Configuration ... 40-6 40.2.1 Creating/Deleting an ISP Domain ... 40-6 40.2.2 Configuring Relevant Attributes of an ISP Domain ... 40-7 40.2.3 Configuring Self-Service Server URL ... 40-8 40.2.4 Creating/Deleting a Local User ... 40-9 40.2.5 Setting the Attributes of a Local User ...
Page 22 41.2.4 Adding/Deleting a Virtual IP Address... 41-5 41.2.5 Configuring the Priority of Switches in the Virtual Router ... 41-5 41.2.6 Configuring Preemption and Delay for a Switch Within a Virtual Router ... 41-6 41.2.7 Configuring Authentication Type and Authentication Key... 41-7 41.2.8 Configuring Virtual Router Timer...
Page 23 45.3 Displaying and Debugging Device Management... 45-4 45.4 Device Management Configuration Example ... 45-5 45.4.1 Using the Switch as an FTP Client to Implement the Remote Upgrade ... 45-5 45.4.2 Use the Switch as an FTP Server to Implement the Remote Upgrade ... 45-7 Chapter 46 System Maintenance and Debugging...
Page 24 3Com Switch 8800 Configuration Guide 46.1.1 Setting a Name for a Switch... 46-1 46.1.2 Setting the System Clock ... 46-1 46.1.3 Setting the Time Zone... 46-1 46.1.4 Setting the Summer Time ... 46-2 46.2 Displaying the State and Information of the System... 46-2 46.3 System Debugging ...
Page 25 3Com Switch 8800 Configuration Guide 47.5 SNMP Configuration Example ... 47-9 Chapter 48 RMON Configuration ... 48-1 48.1 RMON Overview ... 48-1 48.2 Configuring RMON ... 48-1 48.2.1 Adding/Deleting an Entry to/from the Event Table... 48-2 48.2.2 Adding/Deleting an Entry to/from the Alarm Table... 48-2 48.2.3 Adding/Deleting an Entry to/from the Extended RMON Alarm Table ...
Page 26 3Com Switch 8800 Configuration Guide 50.2.3 SFTP Client Configuration ... 50-18 50.2.4 SFTP Configuration Example... 50-22 Chapter 51 PoE Configuration ... 51-1 51.1 PoE Overview ... 51-1 51.1.1 PoE on the Switch... 51-1 51.1.2 External PSE4500-A Power System ... 51-2 51.2 PoE Configuration...
Page 27: Chapter 1 Product Overview
Chapter 1 Product Overview 1.1 Product Overview The Switch 8800 is a large-capacity, modularized L2/L3 switch. It is mainly designed for broadband MAN, backbone, switching core and convergence center of large-sized enterprise network and campus network. It provides diverse services and can be used in constructing a stable and high-performance IP network.
Page 28 3Com Switch 8800 Configuration Guide Features IP routing DHCP Relay Link aggregation Mirror Quality Service (QoS) Security features MPLS Management Maintenance Loading updating Implementation Supports static routing Supports Routing Information Protocol (RIP) v1/v2 Supports Open Shortest Path First (OSPF) Supports Border Gateway Protocol (BGP)
Page 29: Chapter 2 Logging Into Switch
Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable. RS-232 Serial port...
Page 30 Enter to show the command line prompt such as <SW8800>. Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help. For details of specific commands, refer to the following chapters.
Page 31: Setting Up Configuration Environment Through Telnet
Note: By default, the password is required for authenticating the Telnet user to log in the switch. If a user logs in via the Telnet without password, he will see the prompt “Login password has not been set !”. <SW8800> system-view Enter system view , return user view with Ctrl+Z.
Page 32: Telneting A Switch Through Another Switch
IP addresses must be configured in the same network segment. Otherwise, the two switches must establish a route that can reach each other. As shown in the figure below, after you telnet to a switch, you can run telnet command to log in and configure another switch.
Page 33: Setting Up Configuration Environment Through A Dial-Up The Modem
Note: By default, the password is required for authenticating the Telnet user to log in the switch. If a user logs in via the Telnet without password, he will see the prompt “Login password has not been set !.”. <SW8800> system-view...
Page 34 Note: By default, the password is required for authenticating the Modem user to log in the switch. If a user logs in via the Modem without password, he will see the prompt “Login password has not been set !.”. <SW8800> system-view System View: return to User View with Ctrl+Z..
Page 35 Step 4: Enter the preset login password on the remote terminal emulator and wait for the prompt such as <SW8800>. Then you can configure and manage the switch. Enter “?” to get the immediate help. For details of specific commands, refer to the following chapters.
Page 36: Chapter 3 Command Line Interface
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface 3.1 Command Line Interface The Switch 8800 provides a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port and AUX port.
Page 37 [ level level ] { simple | cipher } password.) For the sake of confidentiality, on the screen the user cannot see the password that he entered. Only when correct password is input for three times, can the user switch to the higher level. Otherwise, the original user level will remain unchanged.
Page 38 3Com Switch 8800 Configuration Guide Route policy view Basic ACL view Advanced ACL view Layer-2 ACL view Conform-level view WRED index view RADIUS server group view ISP domain view MPLS view VPNv4 sub-address family view VPN-instance sub-address family view Remote-peer view...
Page 39 3Com Switch 8800 Configuration Guide Command view Ethernet view: Port view Configure Ethernet parameters Configure VLAN VLAN view parameters Configure VLAN interface interface parameters for a view VLAN or a VLAN aggregation Local-user Configure view user parameters User Configure interface...
Page 40 3Com Switch 8800 Configuration Guide Command view Configure PIM view parameters Configure MSDP MSDP view parameters Enter the IPv4 multicast IPv4 sub-address multicast family view to sub-addres configure MBGP family multicast view extension parameters Configure RIP view parameters Configure OSPF...
Page 41 3Com Switch 8800 Configuration Guide Command view Advanced Define the rule of ACL view advanced ACL Layer-2 Define the rule of ACL view layer-2 ACL Configure "DSCP Conform-level Service mapping and”EXP Conform-level- Conform-le >service vel view parameters”map ping table and "Local-preceden...
Page 42: Features And Functions Of Command Line
3Com Switch 8800 Configuration Guide Command view VPN-instan Configure instance subaddres subaddress family family view parameters Configure MPLS Remote-pe peer er view parameters VSI-LDP Configure some view VPLS features Specify VSI view mode Configure TACACS+ TACACS+ view protocol parameters Combine...
Page 43 Input the first letters of a keyword of a command and press <Tab> key. If no other keywords are headed by this letters, then this unique keyword will be displayed automatically. To switch to the Chinese display for the above information, perform the language-mode command. Specify the language environment...
Page 44: Displaying Characteristics Of Command Line
3Com Switch 8800 Configuration Guide 3.3.2 Displaying Characteristics of Command Line Command line interface provides the following display characteristics: For users’ convenience, the instruction and help information can be displayed in both English and Chinese. For the information to be displayed exceeding one screen, pausing function is provided.
Page 45: Common Command Line Error Messages
3Com Switch 8800 Configuration Guide 3.3.4 Common Command Line Error Messages All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error messages will be reported to users. The common error messages are listed in the following table.
Page 46 3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface Press <Tab> after typing the incomplete key word and the system will execute the partial help: If the key word matching the typed one is unique, the system will replace the typed one with the complete key word and display it in <Tab>...
Page 47: Chapter 4 User Interface Configuration
Console user interface. AUX user interface AUX user interface is used to log in the switch locally or remotely with a modem via the AUX port. A switch can only have one AUX user interface. The local configuration for it is similar to that for the Console user interface.
Page 48: User Interface Configuration
3Com Switch 8800 Configuration Guide VTY is numbered after AUX user interface. The absolute number of the first VTY is incremented by 1 than the AUX user interface number. II. Relative number The relative number is in the format of “user interface type” + “number”. The “number”...
Page 49: Configuring Asynchronous Port Attributes
3Com Switch 8800 Configuration Guide When the users log in the switch, if a connection is activated, the login header will be displayed. After the user successfully logs in the switch, the shell header will be displayed. Perform the following configuration in system view.
Page 50: Configuring Terminal Attributes
Configure the stop bit Restore the default stop bit By default, an asynchronous port supports 1 stop bit. Note that setting 1.5 stop bits is not available on the Switch 8800. V. Configuring the data bit Table 4-7 Configure the data bit...
Page 51 After such user logs out, he cannot log in again. In this case, a user can log in to the switch through the user interface only when the terminal service is enabled again.
Page 52: Managing Users
3Com Switch 8800 Configuration Guide IV. Setting the screen length If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
Page 53 In the following example, local username and password authentication are configured. Perform username and password authentication when a user logs in through VTY 0 user interface and set the username and password to zbr and 3Com respectively. [SW8800-ui-vty0] authentication-mode scheme...
Page 54 3Com Switch 8800 Configuration Guide Note: By default, password is required to be set for authenticating local users and remote Modem users log in via the AUX port, and Telnet users log in through Ethernet port. If no password has been set, the following prompt will be displayed “Login password has not been set !.”...
Page 55 3Com Switch 8800 Configuration Guide Note: When a user logs in the switch, the command level that it can access depends on two points. One is the command level that the user itself can access, the other is the set command level of this user interface.
Page 56: Configuring Modem Attributes
3Com Switch 8800 Configuration Guide 4.2.6 Configuring Modem Attributes When logging in the switch via the Modem, you can use the following commands to configure these parameters. Perform the following configuration in AUX user interface view. Table 4-19 Configure Modem attributes...
Page 57: Displaying And Debugging User Interface
3Com Switch 8800 Configuration Guide Table 4-21 Configure to automatically run the command Configure to automatically run the command Configure not to automatically run the command Note the following points: After executing this command, the user interface can no longer be used to carry out the routine configurations for the local system.
Page 58: Chapter 5 Management Interface Configuration
Chapter 5 Management Interface Configuration 5.1 Management Interface Overview The Switch 8800 provides a 10/100Base-TX management interface on the Fabric. The management interface can connect a background PC for software loading and system debugging, or a remote network management station for remote system management.
Page 59: Chapter 6 Ethernet Port Configuration
Chapter 6 Ethernet Port Configuration 6.1 Ethernet Port Overview The Switch 8800 provides conventional Ethernet ports, fast Ethernet ports, 1000 Mbps Ethernet ports and 10 Gbps Ethernet ports. The configurations of these Ethernet ports are basically the same, which will be described in the following sections.
Page 60: Enabling/Disabling An Ethernet Port
3Com Switch 8800 Configuration Guide 6.2.2 Enabling/Disabling an Ethernet Port After configuring the related parameters and protocol of the port, you can use undo shutdown command to enable the port. If you do not want a port to forward data any more, use shutdown command to disable it.
Page 61: Setting Speed On The Ethernet Port
3Com Switch 8800 Configuration Guide Note that, 10/100 Mbps electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode. The10/100/1000 Mbps electrical Ethernet port can operate in full duplex, half duplex or auto-negotiation mode. When the port operates at 1000 Mbps or in auto mode, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).
Page 62: Enabling/Disabling Flow Control For The Ethernet Port
6.2.7 Enabling/Disabling Flow Control for the Ethernet Port After enabling flow control in both the local and the peer switch, if congestion occurs in the local switch, the switch will inform its peer to pause packet sending. Once the peer switch receives this message, it will pause packet sending, and vice versa.
Page 63: Setting The Ethernet Port Broadcast Suppression Ratio
3Com Switch 8800 Configuration Guide Note that, the values can be consecutive, but the effective values are discrete. The effective frame length for the FE port is 1552. The effective frame length for the GE port and 10 GE port is 1552, 9022, 9192 and 10240. You can execute the display interface command to view the configured effective value for the port.
Page 64: Setting The Link Type For The Ethernet Port
You can configure three types of ports concurrently on the same switch, but you cannot switch between trunk port and hybrid port. You must turn it first into access port and then set it as other type. For example, you cannot configure a trunk port directly as hybrid port, but first set it as access port and then as hybrid port.
Page 65: Setting The Default Vlan Id For The Ethernet Port
3Com Switch 8800 Configuration Guide Operation Add the current trunk port to specified VLANs Remove the current access port from to a specified VLAN Remove the current hybrid port from to specified VLANs Remove the current trunk port from specified VLANs Note that the access port shall be added to an existing VLAN other than VLAN 1.
Page 66: Setting The Vlan Vpn Feature
3Com Switch 8800 Configuration Guide By default, the VLAN of hybrid port and trunk port is VLAN 1 and that of the access port is the VLAN to which it belongs 6.2.14 Setting the VLAN VPN Feature VLAN Tag consists of 12 bits (defined by IEEE802.1Q), so Ethernet Switches can support up to 4k VLANs.
Page 67 3Com Switch 8800 Configuration Guide QoS setting Port setting LACP Note: Using copy configuration command will clear protocol VLAN attributes of the destination port, but it can not copy protocol VLAN attributes of source port to the destination port. Using the copy configuration command, you can only copy the configurations of Ethernet ports, GigabitEthernet ports and aggregation groups.
Page 68: Setting Port Hold Time
Table 6-18 Set the Ethernet port in loopback mode Set the Ethernet port in loopback mode Remove loopback configuration on the port By default, the Ethernet port is set in loopback mode. At present, the Switch 8800 does not support external loopback mode. Command...
Page 69: Displaying And Debugging Ethernet Port
Clear the statistics information of the port Note: The Switch 8800 does not support external loopback mode. When 802.1x is enabled on the port, its statistics information can not be cleared. By default, the display counters command displays the statistic information of all the ports.
Page 70: Ethernet Port Troubleshooting
II. Network diagram Switch A Figure 6-1 Network diagram for Ethernet port configuration III. Configuration procedure The following configurations are used for Switch A. Please configure Switch B in the similar way. Enter the Ethernet port view of GigabitEthernet2/1/1. [SW8800] interface gigabitethernet2/1/1 Set the GigabitEthernet2/1/1 as a trunk port and allows VLANs 2, 6 through 50, and 100 to pass.
Page 71: Chapter 7 Link Aggregation Configuration
The VLAN setting includes permitted VLAN types, default VLAN ID. The port setting includes port link type. One Switch 8800 can support up to 728 aggregation groups (seven load sharing aggregation groups at most), with each group containing a maximum of eight ports.
Page 72: Aggregation Types
3Com Switch 8800 Configuration Guide operation key. The management key of an LACP-enabled dynamic aggregation port is 0 by default. The management key of an LACP-enabled static aggregation port is the same as the aggregation group ID. In a dynamic aggregation group, the member ports must have the same operation key.
Page 73: Load Sharing
I. Types of Load sharing In terms of load balancing, link aggregation may be load balancing aggregation and non-load balancing aggregation The Switch 8800 allocates IP packet load sharing according to destination and source IP addresses. The switches allocate non-IP packet load sharing according to source and destination MAC addresses.
Page 74 3Com Switch 8800 Configuration Guide protocol types in determining if to use IP or MAC addresses. The packet with 0800 ETYPE Ethernet field is IP packet. In general, the system only provides limited resources. The system will always allocate hardware aggregation resources to the load balancing aggregation groups with higher priority levels.
Page 75: Link Aggregation Configuration
3Com Switch 8800 Configuration Guide 7.2 Link Aggregation Configuration The following sections describe link aggregation tasks: Enabling/Disabling LACP at Port Creating/Deleting an Aggregation Group Adding/Deleting an Ethernet Port into/from an Aggregation Group Setting/Deleting Aggregation Group Description Configuring System Priority Configuring Port Priority...
Page 76: Creating/Deleting An Aggregation Group
3Com Switch 8800 Configuration Guide You cannot enable LACP at the mirroring port, the port with static MAC address configured, and the port with static ARP configured, port with 802.1x enabled. You are inhibited to enable LACP at the port in a manual aggregation group.
Page 77: Setting/Deleting Aggregation Group Description
3Com Switch 8800 Configuration Guide Table 7-3 Add/delete an Ethernet port into/from an aggregation group Operation Ethernet aggregation group (Ethernet port view) Delete an Ethernet port from the aggregation port (Ethernet port view) Aggregate Ethernet ports (system view) Note that: You cannot add the mirrored port, port with static MAC address configured, port with static ARP configured, port with 802.1x enabled, and VPN port into an...
Page 78: Configuring System Priority
3Com Switch 8800 Configuration Guide Note: If you save the current configuration using the save command, the static and dynamic LACP aggregation groups and their description strings remains on the system after rebooting, but not the dynamic LACP aggregation groups, or their description strings.
Page 79: Displaying And Debugging Link Aggregation
3Com Switch 8800 Configuration Guide 7.3 Displaying and Debugging Link Aggregation After the above configuration, execute the display command in any view to display the running of the link aggregation configuration, and to verify the effect of the configuration. In user view, execute the reset command to clear statistics on the LACP-enabled port, and the debugging command to enable LACP debugging.
Page 80: Link Aggregation Configuration Example
Link aggregation Figure 7-1 Network diagram for link aggregation configuration III. Configuration procedure The following only lists the configuration for switch A, and that on switch B is similar. In manual aggregation mode Create aggregation group 1. [SW8800] link-aggregation group 1 mode manual Add Ethernet ports Ethernet2/1/1 to Ethernet2/1/3 into aggregation group 1.
Page 81 3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration Enable LACP on Ethernet ports Ethernet2/1/1 to Ethernet2/1/3. [SW8800] interface ethernet2/1/1 [SW8800-Ethernet2/1/1] lacp enable [SW8800-Ethernet1/1/1] interface ethernet2/1/2 [SW8800-Ethernet2/1/2] lacp enable [SW8800-Ethernet2/1/2] interface ethernet2/1/3 [SW8800-Ethernet2/1/3] lacp enable You must set basic configuration, rate and duplex attribute consistent at both ends to aggregate successfully the LACP-enabled ports into a dynamic aggregation group and achieve load sharing.
Page 82: Chapter 8 Vlan Configuration
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration 8.1 VLAN Overview Virtual local area network (VLAN) groups the devices in a LAN logically, not physically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Q in 1999 to standardize the VLAN implementations.
Page 83: Specifying A Description Character String For A Vlan Or Vlan Interface
3Com Switch 8800 Configuration Guide Table 8-1 Create/Delete a VLAN Operation Create a VLAN and enter the VLAN view Delete a specified VLAN Note that the default VLAN, namely VLAN 1, cannot be deleted. 8.2.2 Specifying a Description Character String for a VLAN or VLAN interface You can use the following commands to specify a description character string for a VLAN or VLAN interface.
Page 84: Shutting Down/Bringing Up A Vlan Interface
3Com Switch 8800 Configuration Guide 8.2.4 Shutting down/Bringing up a VLAN Interface You can use the following commands to shut down/bring up a VLAN interface. Perform the following configuration in VLAN interface view. Table 8-4 Shut down/bring up a VLAN interface...
Page 85: Configuring Protocol-Based Vlan
3Com Switch 8800 Configuration Guide 8.4 Configuring Protocol-Based VLAN The following sections describe the protocol-based VLAN configuration tasks: Creating/Deleting a VLAN Protocol Type Associating/Dissociating a Port with/from a Protocol-Based VLAN 8.4.1 Creating/Deleting a VLAN Protocol Type You can use the following commands to create/delete a VLAN protocol type.
Page 86: Displaying Vlan
3Com Switch 8800 Configuration Guide Note: The port to be associated with a protocol-based VLAN must be of Hybrid type and in this VLAN. The same protocol can be configured in the different VLANs, but cannot be configured repeatedly in the same VLAN.
Page 87: Vlan Configuration Example
3Com Switch 8800 Configuration Guide 8.6 VLAN Configuration Example I. Network requirements Create VLAN2 and VLAN3. Add Ethernet3/1/1 and Ethernet4/1/1 to VLAN2. Add Ethernet3/1/2 and Ethernet4/1/2 to VLAN3. II. Network diagram E3/1/1 E4/1/1 VLAN 2 Figure 8-1 Network diagram for VLAN configuration III.
Page 88: Chapter 9 Garp/Gvrp Configuration
VLAN and multicast addresses. GARP dose not exist in a switch as an entity. A GARP participant is called GARP application. The main GARP applications at present are GVRP (GARP VLAN registration protocol) and GMRP.
Page 89: Setting The Garp Timer
Then, LeaveAll timer is restarted and a new cycle begins. When the switch receives some GARP registration information, it does not send the Join Message immediately. Instead, it enables a Hold timer and sends the Join Message upon timeout of the Hold timer.
Page 90: Displaying And Debugging Garp
GARP VLAN Registration Protocol (GVRP) is a GARP application. Based on GARP operating mechanism, GVRP provides maintenance of the dynamic VLAN registration information in the switch and propagates the information to other switches. All the Chapter 9 GARP/GVRP Configuration Command...
Page 91: Enabling/Disabling Global Gvrp
3Com Switch 8800 Configuration Guide GVRP-supporting switches can receive VLAN registration information from other switches and dynamically update the local VLAN registration information including the active members and through which port those members can be reached. All the GVRP-supporting switches can propagate their local VLAN registration information to other switches so that the VLAN information can be consistent on all GVRP-supporting devices in one switching network.
Page 92: Enabling/Disabling Port Gvrp
3Com Switch 8800 Configuration Guide Table 9-3 Enable/disable global GVRP Operation Enable global GVRP Disable global GVRP By default, global GVRP is disabled. 9.2.3 Enabling/Disabling Port GVRP You can use the following command to enable/disable the GVRP on a port.
Page 93: Displaying And Debugging Gvrp
3Com Switch 8800 Configuration Guide Table 9-5 Set the GVRP registration type Operation Set GVRP registration type Restore the default GVRP registration type By default, GVRP registration type is normal. 9.2.5 Displaying and Debugging GVRP After the above configuration, execute the display command in any view to display the running of GVRP configuration, and to verify the configuration.
Page 94 3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration III. Configuration procedure Configure Switch A: Enable GVRP globally. [SW8800] gvrp Set Ethernet3/1/1 as a Trunk port and allows all the VLANs to pass through. [SW8800] interface ethernet3/1/1 [SW8800-Ethernet3/1/1] port link-type trunk [SW8800-Ethernet3/1/1] port trunk permit vlan all Enable GVRP on the Trunk port.
Page 95: Chapter 10 Super Vlan Configuration
10.2.1 Configuring a Super VLAN Note: You can configure multiple super VLANs for a switch. The configured VLAN port and IP address configurations are the same as common VLAN configurations. A sub VLAN configuration is the same as a common VLAN configuration. The following table describes the specific commands to configure a sub VLAN.
Page 96 3Com Switch 8800 Configuration Guide Number Enter VLAN view Set the VLAN type VLAN Create VLAN and enter sub VLAN view ports VLANs Configure mapping relation between VLANs and sub VLANs Display configuration information To cancel the configurations, use the corresponding undo commands.
Page 97: Super Vlan Configuration Example
3Com Switch 8800 Configuration Guide 10.2.2 Super VLAN Configuration Example I. Network requirements Super VLAN 10 and sub VLANs including VLAN 2, VLAN 3 and VLAN 5 need configuring. VLAN2 contains port 1 and 2; VLAN3 contains port 3 and 4; VLAN5 contains port 5 and 6.
Page 98: Chapter 11 Ip Address Configuration
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration 11.1 Introduction to IP Address 11.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device that accesses the Internet. It consists of two fields: net-id field and host-id field. IP addresses are allocated by Network Information Center (NIC) of American Defense Data Network (DDN).
Page 99 3Com Switch 8800 Configuration Guide Table 11-1 IP address classes and ranges Network Address class 0.0.0.0 to 127.255.2 55.255 128.0.0.0 191.255.2 55.255 192.0.0.0 223.255.2 55.255 IP network range range available Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing.
Page 100: Subnet And Mask
3Com Switch 8800 Configuration Guide Network Address class range 224.0.0.0 239.255.2 55.255 240.0.0.0 255.255.2 55.254 Other 255.255.2 addresses 55.255 11.1.2 Subnet and Mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast. The traditional IP address allocation method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concept of mask and subnet is proposed.
Page 101: Configuring Ip Address
3Com Switch 8800 Configuration Guide 138.38.160.0, 138.38.192.0 and 138.38.224.0 (Refer to the following figure). Each subnet can contain more than 8000 hosts. ClassB ClassB 10001010, 00100110, 000 00000, 00000000 10001010, 00100110, 000 00000, 00000000 138.38.0.0 138.38.0.0 Standard Standard 11111111, 11111111, 000 00000, 00000000...
Page 102: Configuring The Ip Address Of The Vlan Interface
11.2.2 Configuring the IP Address of the VLAN Interface You can configure an IP address for every VLAN interface of the switch. Generally, it is enough to configure one IP address for an interface. You can also configure ten IP addresses for an interface at most, so that it can be connected to several subnets.
Page 103: Troubleshooting Ip Address Configuration
Check the configuration of the switch. Use the display arp command to view the ARP entry table that the switch maintains. Check which VLAN includes the port of the switch used to connect to the host. Check whether the VLAN has been configured with a VLAN interface. Then check whether the IP address of the VLAN interface and that of the host are on the same network segment.
Page 104: Chapter 12 Arp Configuration
ARP mapping table. When a dynamic ARP mapping entry is not in use for a specified period of time, the host removes it from the ARP mapping table so as to save the memory space and shorten the interval for the switch to search ARP mapping table.
Page 105: Configuring Arp
ARP. Note that: As long as a switch operates, its static ARP mapping entries remain valid unless you perform operations that make ARP invalid, such as change or remove VLAN virtual interfaces, remove a VLAN, or remove an interface from a VLAN. These operations cause the corresponding ARP mapping entries to be automatically removed.
Page 106: Configuring The Dynamic Arp Aging Timer
3Com Switch 8800 Configuration Guide 12.2.2 Configuring the Dynamic ARP Aging Timer For purpose of flexible configuration, the system provides the following commands to assign dynamic ARP aging period. When the system learns a dynamic ARP entry, its aging period is based on the current value configured.
Page 107: Displaying And Debugging Arp
12.4.1 Introduction to the Scheme of Preventing Attack from Packets A scheme of preventing attack from packets is designed against some typical attack modes on the 8800 series switches. The scheme can prevent attacks from IP, ARP, 802.1x and unknown multicast packets.
Page 108 3Com Switch 8800 Configuration Guide Table 12-5 Enable/Disable the scheme of preventing attack from packets Operation Enable/Disable preventing attack from packets By default, the scheme of preventing attack from IP packets is enabled; the scheme of preventing attack from ARP packets and dot1x packets is disabled.
Page 109: Chapter 13 Dhcp Configuration
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration 13.1 Introduction to DHCP 13.1.1 How DHCP Works This is a world where networks are ever-growing in both size and complexity, and the network configuration is getting more and more complex. As is often the case, the...
Page 110 IP address. Types of address pools of DHCP server Global address pool, valid for the entire switch. An address pool of this type is created using the dhcp server ip-pool command in system view. VLAN interface address pool, valid for a specific VLAN interface. An address pool...
Page 111: Configuring General Dhcp
3Com Switch 8800 Configuration Guide Selection. The DHCP client only receives the first arriving DHCP_Offer packet if there are DHCP_Offer packets from several DHCP servers. Then, it retrieves the IP address carried in the packet, and broadcasts a DHCP_Request packet to each DHCP server.
Page 112: Enabling/Disabling Dhcp Service
DHCP service is disabled by default. 13.2.2 Configuring Processing Method of DHCP Packets You can perform the configurations listed in the following tables on your switch. After that, the switch processes the DHCP packets it received from DHCP clients in the methods you have configured.
Page 113: Enabling/Disabling Fake Dhcp Server Detection
IP addresses to access network. This kind of DHCP servers are known as fake DHCP servers. With fake DHCP server detection enabled, the switch can record information (such as the IP addresses) about the DHCP servers. This helps administrators to detect fake DHCP servers in time and take proper measures.
Page 114: Configuring Dhcp Server
3Com Switch 8800 Configuration Guide 13.3 Configuring DHCP Server The following sections describe the DHCP server configuration tasks: Creating a Global DHCP IP Address Pool Configuring IP Address Assignment Mode Forbidding Specified IP Addresses to Be Automatically Assigned Configuring Lease Time For DHCP Address Pool...
Page 115: Configuring Ip Address Assignment Mode
3Com Switch 8800 Configuration Guide So, you can configure the parameters (such as domain name) that are common to all levels in the address pool structure or some subnets only for the network segment or for corresponding subnets. The display dhcp server tree command displays the tree-like structure of address pool, where address pools on the same level are sorted by the time they are created.
Page 116 3Com Switch 8800 Configuration Guide Perform the following configuration in DHCP address pool view. Table 13-6 Configure static address binding for a global DHCP address pool Operation Configure an IP address to be statically bound Free a statically bound IP address...
Page 117: Forbidding Specified Ip Addresses To Be Automatically Assigned
3Com Switch 8800 Configuration Guide Caution: A binding in a VLAN interface address pool cannot be overwritten directly. If an IP-to-MAC address binding entry is configured and you want to modify it, you must remove it and redefine a new one.
Page 118: Configuring Lease Time For Dhcp Address Pool
3Com Switch 8800 Configuration Guide You can set multiple IP address ranges that are not assigned automatically by executing the dhcp server forbidden-ip command multiple times. 13.3.4 Configuring Lease Time For DHCP Address Pool You can configure different lease times for different DHCP address pools. But you can configure only one lease time for one DHCP address pool and all the address in the same pool will have the same lease time.
Page 119: Configuring Dhcp Client Domain Names
3Com Switch 8800 Configuration Guide Operation Restore the lease time of DHCP address pools of multiple VLAN interfaces to the default value The default lease times for global address pools and VLAN interface address pools are all one day. 13.3.5 Configuring DHCP Client Domain Names You can configure a domain name used by DHCP clients for each address pool on a DHCP server.
Page 120: Configuring Dns Server Address For Dhcp Clients
3Com Switch 8800 Configuration Guide Table 13-15 Configure a DHCP client domain name for multiple VLAN interfaces Operation Configure a DHCP client domain name for DHCP address pools of multiple VLAN interfaces Remove the DHCP client domain name configured for DHCP address pools of...
Page 121: Configuring Netbios Server Address For Dhcp Clients
3Com Switch 8800 Configuration Guide Table 13-17 Configure DNS server address for current VLAN interface Configure addresses for the DHCP address pool of the current VLAN interface Remove one or all DNS server addresses configured for the DHCP address pool of the current VLAN interface III.
Page 122 3Com Switch 8800 Configuration Guide Table 13-19 Configure NetBIOS server address for a global DHCP address pool Configure one or more NetBIOS server addresses for a global DHCP address pool Remove one or all NetBIOS server addresses configured for a global DHCP address pool II.
Page 123: Configuring Netbios Node Type For Dhcp Clients
3Com Switch 8800 Configuration Guide 13.3.8 Configuring NetBIOS Node Type for DHCP Clients For DHCP clients communicating in wide area network (WAN) by NetBIOS protocol, the mapping between their host names and IP addresses must be established. According to the ways they establish their mappings, NetBIOS nodes fall into the following four types: b-node: Nodes of this type establish their mappings by broadcasting.
Page 124: Configuring Custom Dhcp Options
3Com Switch 8800 Configuration Guide Table 13-24 Configure a NetBIOS node type for multiple VLAN interfaces Operation Configure NetBIOS node types for DHCP clients of multiple VLAN interface DHCP address pools Remove NetBIOS configurations interface DHCP address pools By default, the DHCP clients of global and VLAN interface address pools are all of h-node type.
Page 125: Configuring Outbound Gateway Address For Dhcp Clients
3Com Switch 8800 Configuration Guide III. Configuring custom DHCP options for multiple VLAN interfaces Perform the following configuration in system view. Table 13-27 Configure custom DHCP options for multiple VLAN interfaces Operation Configure a custom DHCP option for DHCP address pools of multiple VLAN...
Page 126: Displaying And Debugging The Dhcp Server
3Com Switch 8800 Configuration Guide the DHCP server receives no response after sending all these packets, it considers the IP address is not used by other devices in this network and assigns the IP address to this DHCP client. Otherwise, it does not assign the IP address.
Page 127: Clearing The Configuration Information Of The Dhcp Server
13.3.14 DHCP Server Configuration Example I. Network requirements As shown in Figure 13-2, two DHCP clients at the same network segment (10.110.0.0) are connected to the following switch through a port in VLAN2. The switch, acting as a Chapter 13 DHCP Configuration Command...
Page 128 3Com Switch 8800 Configuration Guide DHCP server, is supposed to assign IP addresses to the two DHCP clients without the help of any DHCP Relay. II. Network diagram DHCP cli e nt DHCP cli e nt DHCP cli e nt...
Page 129: Configuring Dhcp Relay
3Com Switch 8800 Configuration Guide 13.4 Configuring DHCP Relay 13.4.1 Introduction to DHCP Relay This is a world where networks are ever-growing in both size and complexity, and the network configuration is getting more and more complex. As is often the case, the...
Page 130: Configuring Dhcp Relay
3Com Switch 8800 Configuration Guide After receiving the packet, the DHCP server generates configuration information accordingly and sends it to the DHCP client through the DHCP Relay to complete the dynamic configuration of the DHCP client. Note that the entire configuration procedure may goes through multiples times of such interactions.
Page 131: Displaying And Debugging Dhcp Relay
III. Enable/Disable DHCP security on a VLAN interface If you enable the DHCP security feature on a VLAN interface, the switch performs user address checking on the VLAN interface to prevent unauthorized binding request. If you disable the DHCP security feature on a VLAN interface, the switch does not perform user address checking on the VLAN interface.
Page 132: Dhcp Relay Configuration Example
As shown in Figure 13-4, two DHCP clients located at the same network segment (10.110.0.0) are connected to a switch through a port in VLAN 2. The switch, acting as a DHCP relay, is supposed to forward DHCP packets between the two DHCP clients and the DHCP server with the IP address of 202.38.1.2.
Page 133 Note: Besides the above configurations for DHCP Relay, you need to configure address pool on the DHCP server and make sure the DHCP server and the switch interface connecting the two DHCP clients is routing reachable with each other. 13-25...
Page 134: Chapter 14 Dns Configuration
For example, if a user wants to search the domain name “3Com.com”, he can configure the “com” in the suffix list and input Chapter 14 DNS Configuration...
Page 135: Configuring Static Domain Name Resolution
“3Com.com” automatically to search. When the domain name suffix is used, if the input domain name does not include “.”, like “3Com”, the system regards it as a host name and add a domain name suffix to search. After all the domain names are failed to be searched out in this way, the system finally searches with the primarily input domain name.
Page 136: Configure The Ip Address Of Domain Name Server
3Com Switch 8800 Configuration Guide this function when you do not want to perform dynamic domain name resolution sometimes. Perform the following configuration in system view. Table 14-2 Enable/disable dynamic domain name resolution Enable dynamic domain name resolution Disable dynamic domain name resolution By default, dynamic domain name resolution is disabled.
Page 137: Displaying And Debugging Domain Name Resolution
14.5 DNS Configuration Example I. Network requirements As the client, the switch uses dynamic domain name resolution. The IP address of the domain name server is 172.16.1.1. The configured suffix of the domain name is “com”. There is a route between the switch and the server.
Page 138: Troubleshooting Domain Name Resolution Configuration
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms The routing configuration between the switch and the domain name sever is omitted here, and refer to the related chapter for the configuration. 14.6 Troubleshooting Domain Name Resolution Configuration Fault: Domain name resolution fails.
Page 139: Chapter 15 Ip Performance Configuration
3Com Switch 8800 Configuration Guide Chapter 15 IP Performance Configuration 15.1 Configuring IP Performance IP performance configuration includes: Configuring TCP Attributes 15.1.1 Configuring TCP Attributes TCP attributes that can be configured include: synwait timer: When sending the syn packets, TCP starts the synwait timer. If response packets are not received before synwait timeout, the TCP connection is terminated.
Page 140: Displaying And Debugging Ip Performance
3Com Switch 8800 Configuration Guide 15.2 Displaying and Debugging IP Performance After the above configuration, execute the display command in any view to display the running of the IP performance configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear IP, TCP and UDP statistics information.
Page 141: Troubleshooting Ip Performance
3Com Switch 8800 Configuration Guide Operation Enable connections Disable connections Enable connections Disable connections Enable the debugging of TCP events Disable the debugging of TCP events Enable the debugging of the MD5 authentication Disable the debugging of the MD5 authentication 15.3 Troubleshooting IP Performance...
Page 142 3Com Switch 8800 Configuration Guide Use the debugging tcp packet command to enable the TCP debugging to trace the TCP packets. Operations include: <SW8800> terminal debugging <SW8800> debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet...
Page 143: Chapter 16 Ip Routing Protocol Overview
Note: A router that is referred to in the following or its icon represents a generalized router or a Switch 8800 running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS chapter in this book.
Page 144: Route Selection Through The Routing Table
3Com Switch 8800 Configuration Guide Figure 16-1 The concept of route segment As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the actual length of the signal transmission path.
Page 145 3Com Switch 8800 Configuration Guide with the mask 255.255.0.0 is located will be 129.102.0.0. It is made up of several consecutive "1"s, which can also be expressed in the dotted decimal format. Output interface: It indicates an interface through which an IP packet should be forwarded.
Page 146: Routing Management Policy
16.2 Routing Management Policy For the Switch 8800, you can configure manually the static route to a specific destination, and configure dynamic routing protocol to interact with other routers on the network. The routing algorithm can also be used to discover routes. For the configured static routes and dynamic routes discovered by the routing protocol, the Switch 8800 implements unified management.
Page 147: Supporting Load Sharing And Route Backup
The Switch 8800 supports eight routes to implement load sharing. II. Route backup The Switch 8800 supports route backup. When the main route fails, the system will automatically switch to a backup route to improve the network reliability. In order to achieve static route backup, the user can configure multiple routes to the same destination according to actual situations.
Page 148: Routes Shared Between Routing Protocols
The Switch 8800 can import the information of another routing protocol. Each protocol has its own route importing mechanism. For details, refer to the description about "Importing an External Route"...
Page 149: Chapter 17 Static Route Configuration
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration 17.1 Introduction to Static Route 17.1.1 Static Route A static route is a special route configured manually by an administrator. You can set up an interconnecting network with the static route configuration. The problem for such...
Page 150: Configuring Static Route
3Com Switch 8800 Configuration Guide there is no default route and the destination address of the packet fails in matching any entry in the routing table, this packet will be discarded, and an internet control message protocol (ICMP) packet will be sent to the originating host to inform that the destination host or network is unreachable.
Page 151: Configuring A Default Route
17.2.3 Deleting All the Static Routes You can use the undo ip route-static command to delete one static route. The Switch 8800 also provides a special command for you to delete all static routes at one time, including the default routes.
Page 152: Displaying And Debugging Static Route
I. Network requirements As shown in Figure 17-1, the masks of all the IP addresses are 255.255.255.0. It is required that all the hosts or the Switch 8800 can be interconnected in pairs by static route configuration. display ip routing-table...
Page 153 3Com Switch 8800 Configuration Guide II. Network diagram 1.1.2. 1/2 4 1.1.2. 1/2 4 1.1.1. 2/24 1.1.1. 2/24 Switch A Switch A Host 1. 1.1. 1 Host 1. 1.1. 1 Figure 17-1 Network diagram for the static route configuration example III.
Page 154: Troubleshooting Static Route Faults
17.5 Troubleshooting Static Route Faults Symptom: The switch is not configured with the dynamic routing protocol and both the physical status and the link layer protocol status of the interface is UP, but the IP packets cannot be forwarded normally.
Page 155: Chapter 18 Rip Configuration
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration 18.1 Introduction to RIP Routing Information Protocol (RIP) is a relatively simple interior gateway protocol (IGP), which is mainly applied to small scale networks. It is easy to implement RIP. You can configure and maintain RIP more easily than OSPF and IS-IS, so RIP still has a wide application in actual networking.
Page 156: Rip Enabling And Running
3Com Switch 8800 Configuration Guide Period update is triggered periodically to send all RIP routes to all neighbors. If the RIP route is not updated (a router receives the update packets from the neighbor) when the Timeout timer expires, this route is regarded as unreachable.
Page 157: Enabling Rip And Entering Rip View
3Com Switch 8800 Configuration Guide If the link, which does not support broadcast or multicast packets, runs RIP, you need to configure RIP to send any packet to the specified destination, establishing RIP neighbors correctly. In NBMA link networking through a Frame Relay sub-interface and others, to ensure the routing information can be correctly transmitted, you possibly need to disable split horizon.
Page 158: Configuring Unicast Of The Packets
3Com Switch 8800 Configuration Guide Table 18-2 Enable RIP Interface Operation Enable RIP on the specified network Disable RIP on the specified network Note that after the RIP task is enabled, you should also specify its operating network segment, for RIP only operates on the interface on the specified network segment. For an interface that is not on the specified network segment, RIP does not receive or send routes on it, nor forwards its interface route, as if this interface does not exist at all.
Page 159: Setting Additional Routing Metric
3Com Switch 8800 Configuration Guide Table 18-4 Configure Split Horizon Operation Enable split horizon Disable split horizon By default, split horizon of the interface is enabled. 18.2.5 Setting Additional Routing Metric Additional routing metric is the input or output routing metric added to an RIP route. It does not change the metric value of the route in the routing table, but adds a specified metric value when the interface receives or sends a route.
Page 160: Configuring Route Filtering
3Com Switch 8800 Configuration Guide Perform the following configuration in RIP view. Table 18-6 Configure RIP to import routes of other protocols Operation Configure RIP to import routes of other protocols Cancel the imported routing information of other protocols Set the default routing metric Restore the default routing metric By default, RIP does not import the route information of other protocols.
Page 161: Disabling Rip To Receive Host Route
3Com Switch 8800 Configuration Guide II. Configuring RIP to filter the routes advertised by RIP Table 18-8 Configure RIP to filter the advertised routes Operation Configure RIP to filter the advertised routing information Cancel filtering the advertised routing information By default, RIP does not filter the received and advertised routing information.
Page 162: Enabling Rip-2 Route Aggregation Function
3Com Switch 8800 Configuration Guide 18.2.9 Enabling RIP-2 Route Aggregation Function The so-called route aggregation means that different subnet routes in the same natural network can be aggregated into one natural mask route for transmission when they are sent to the outside (i.e. other network). Route aggregation can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table.
Page 163: Configuring Rip Timers
3Com Switch 8800 Configuration Guide broadcast packets. In addition, this mode can also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2. When an interface is running in RIP-2 broadcast mode, the RIP-1 packets can also be received.
Page 164: Configuring Rip-1 Zero Field Check Of The Interface Packet
3Com Switch 8800 Configuration Guide always become unreachable at the point when a new period starts, the actual value of Garbage-collection timer is three to four times that of Period Update timer. Note: You must consider network performance when adjusting RIP timers, and configure all the routers that are running RIP, so as to avoid unnecessary traffic or network jitter.
Page 165: Setting Rip-2 Packet Authentication
3Com Switch 8800 Configuration Guide Enable the interface to send RIP update packet Disable the interface to send RIP update packet The undo rip work command and the undo network command have similar but not all the same functions. Neither of the two commands configures an interface to receive or send RIP route.
Page 166: Displaying And Debugging Rip
18.4 Typical RIP Configuration Example I. Network requirements As shown in Figure 18-1, switch C connects to the subnet 117.102.0.0 through the Ethernet port. The Ethernet ports of switches A and Switch B are respectively connected to the network 155.10.1.0 and 196.38.165.0. Switch C, Switch A and Switch B are connected via Ethernet 110.11.2.0.
Page 167 3Com Switch 8800 Configuration Guide II. Network diagram Ethernet Interface address: 110.11.2.3/24 SwitchC Network address: 117.102.0.0/16 Figure 18-1 Network diagram for RIP configuration III. Configuration procedure Note: The following configuration only shows the operations related to RIP. Before performing the following configuration, make sure the Ethernet link layer can work normally.
Page 168: Troubleshooting Rip Faults
[Switch C-rip] network 110.11.2.0 18.5 Troubleshooting RIP Faults Symptom: The Switch 8800 cannot receive the update packets when the physical connection to the peer routing device is normal. Solution: RIP does not operate on the corresponding interface (for example, the undo rip work command is executed) or this interface is not enabled through the network command.
Page 169: Chapter 19 Ospf Configuration
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.1 OSPF Overview 19.1.1 Introduction to OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used, which is...
Page 170: Ospf Packets
3Com Switch 8800 Configuration Guide A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the nodes in the autonomous system. The external routing information is the leave node. A router, which advertises the routes, also tags them and records the additional information of the autonomous system.
Page 171: Lsa Type
3Com Switch 8800 Configuration Guide 19.1.4 LSA Type I. Five basic LSA types As mentioned previously, OSPF calculates and maintains routing information from LSAs. RFC2328 defines five LSA types as follows: Router-LSAs: Type-1. Each router generates Router-LSAs, which describe the link state and cost of the local router.
Page 172 3Com Switch 8800 Configuration Guide II. DR and BDR Designated Router (DR) In multi-access networks, if any two routers establish adjacencies, the same LSA will be transmitted repeatedly, wasting bandwidth resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only the DR (and the BDR) can establish adjacencies with other routers in this network.
Page 173: Ospf Features Supported By The Switch 8800
Area 0 Area 8 Figure 19-1 Area and route aggregation 19.1.6 OSPF Features Supported by the Switch 8800 The Switch 8800 supports the following OSPF features: Support stub areas: OSPF defines stub areas to decrease the overhead when the routers within the area receive ASE routes.
Page 174: Configuring Ospf
3Com Switch 8800 Configuration Guide Authenticator: OSPF provides clear text authenticator and MD5 encryption authenticator to authenticate packets transmitted between neighboring routers in the same area. Flexible configuration for the router port parameter: On the router port, you can configure the following OSPF parameters: output cost, Hello packet interval, retransmission interval, port transmission delay, route precedence, invalid time for adjacent routers, packet authentication mode, packet authenticator, and others.
Page 175: Configuring Router Id
3Com Switch 8800 Configuration Guide Configuring to fill the MTU field when an interface transmits DD packets Setting an SPF calculation interval for OSPF Configurations related to OSPF networking Configuring OSPF authentication Prohibit OSPF packet receiving/sending Configuring OSPF virtual link...
Page 176: Entering Ospf Area View
3Com Switch 8800 Configuration Guide By default, OSPF is disabled. When enabling OSPF, pay attention to the following points: The default OSPF process ID is 1. If no process ID is specified in the command, the default one is adopted.
Page 177: Configuring Ospf To Import Routes Of Other Protocols
3Com Switch 8800 Configuration Guide 19.2.5 Configuring OSPF to Import Routes of Other Protocols The dynamic routing protocols on the router can share the routing information. As far as OSPF is concerned, the routes discovered by other routing protocols are always processed as the external routes of AS.
Page 178 3Com Switch 8800 Configuration Guide The routes that can be imported include Direct, Static, RIP, IS-IS, or BGP and in addition, the routes of other OSPF processes. Note: It is recommended to configure the imported route type, cost and tag for the import-route command simultaneously.
Page 179: Configuring Ospf To Import Default Routes
3Com Switch 8800 Configuration Guide III. Configuring the default interval and number for OSPF to import external routes OSPF can import the external routing information and broadcast it to the entire autonomous system. Importing routes too often and importing too many external routes at one time will greatly affect the performance of the device.
Page 180: Configuring Ospf Route Filtering
3Com Switch 8800 Configuration Guide The broadcasting scope of Type-5 LSA or Type-7 LSA advertising the default route is the same as that of the common Type-5 LSA or Type-7 LSA. Perform the following configuration in OSPF view. Table 19-8 Configure OSPF to import the default route...
Page 181: Configuring The Route Summary Of Ospf
3Com Switch 8800 Configuration Guide By default, OSPF will not filter the received routing information. II. Configuring filtering the routes imported to OSPF Use the filter-policy export command to configure the ASBR router to filter the external routes imported to OSPF. This command is only valid for the ASBR router.
Page 182 By default, route summary is disabled on ABRs. II. Configuring summarization of imported routes by OSPF OSPF of the Switch 8800 supports route summarization of imported routes. Perform the following configurations in OSPF view. Table 19-12 Configure summarization of imported routes by OSPF...
Page 183: Setting Ospf Route Preference
3Com Switch 8800 Configuration Guide 19.2.9 Setting OSPF Route Preference Since maybe multiple dynamic routing protocols are running on one router concurrently, the problem of route sharing and selection between various routing protocols occurs. The system sets a preference for each routing protocol, which will be used in tie-breaking in case different protocols discover the same route.
Page 184 3Com Switch 8800 Configuration Guide II. Setting a dead timer for the neighboring routers The dead timer of neighboring routers refers to the interval in which a router will regard the neighboring router as dead if no Hello packet is received from it. The user can set a dead timer for the neighboring routers.
Page 185: Configuring The Network Type On The Ospf Interface
3Com Switch 8800 Configuration Guide 19.2.11 Configuring the Network Type on the OSPF Interface The route calculation of OSPF is based upon the topology of the adjacent network of the local router. Each router describes the topology of its adjacent network and transmits it to all the other routers.
Page 186: Configuring Nbma Neighbors For Ospf
3Com Switch 8800 Configuration Guide Table 19-17 Configure a network type for an OSPF interface Configure the network type on the interface Restore the default network type of the OSPF interface By default, OSPF determines the network type based on the link layer type. After the interface has been configured with a new network type, the original network type of the interface is removed automatically.
Page 187 3Com Switch 8800 Configuration Guide If DR fails due to some faults, the routers on the network must elect a new DR and synchronize with the new DR. The process will take a relatively long time, during which, the route calculation is incorrect. In order to speed up this process, OSPF puts forward the concept of BDR.
Page 188: Configuring An Interval Required For Sending Lsu Packets
Configure the cost for sending packets on an interface Restore the default cost for packet transmission on the interface For the Switch 8800, the default cost for running OSPF on the VLAN interface is 10. 19.2.16 Configuring to Fill the MTU Field When an Interface Transmits DD Packets OSPF-running routers use Database Description (DD) packets to describe their own LSDBs during LSDB synchronization.
Page 189: Setting A Shortest Path First (Spf) Calculation Interval For Ospf
3Com Switch 8800 Configuration Guide Table 19-22 Configure whether the MTU field will be filled in when an interface transmits DD packets Operation Enable an interface to fill in the MTU field when transmitting DD packets Disable the interface to fill the MTU field when transmitting DD packets By default, the interface does not fill in the MTU field when transmitting DD packets.
Page 190: Configuring Ospf Authentication
Thereby, the capability for OSPF to adapt to the networking can be enhanced, which will hence reduce the consumption of system resources. On a switch, this command can disable/enable the specified VLAN interface to send OSPF packets.
Page 191: Configuring Ospf Virtual Link
3Com Switch 8800 Configuration Guide Disable authentication By default, the interface is not configured with either simple authentication or MD5 authentication. 19.2.20 Configuring OSPF Virtual Link According to RFC2328, after the area partition of OSPF, not all the areas are equal. In which, an area is different from all the other areas.
Page 192: Configuring Stub Area Of Ospf
3Com Switch 8800 Configuration Guide Table 19-27 Configure an OSPF virtual link Operation Create and configure a virtual link Remove the created virtual link area-id and router-id have no default value. By default, hello timer is 10 seconds, retransmit 5 seconds, trans-delay 1 second, and the dead 40 seconds.
Page 193: Configuring Nssa Area Of Ospf
3Com Switch 8800 Configuration Guide Table 19-28 Configure stub area of OSPF Configure an area to be the stub area Remove the configured stub area Configure the cost of the default route transmitted by OSPF to the stub area Remove the cost of the default route to the stub area By default, the stub area is not configured, and the cost of the default route to the stub area is 1.
Page 194: Configuring Ospf And Network Management System (Nms)
3Com Switch 8800 Configuration Guide Perform the following configuration in OSPF area view. Table 19-29 Configure NSSA of OSPF Operation Configure an area to be the NSSA area Cancel the configured NSSA Configure the default cost value of the route to the NSSA...
Page 195: Resetting The Ospf Process
By default, MIB is bound to the first enabled OSPF process. II. Configuring OSPF TRAP You can configure the switch to send multiple types of SNMP TRAP packets in case of OSPF anomalies. In addition, you can configure the switch to send SNMP TRAP packets when a specific process is abnormal by specifying the process ID.
Page 196: Displaying And Debugging Ospf
3Com Switch 8800 Configuration Guide 19.3 Displaying and Debugging OSPF After the above configuration, execute the display command in any view to display the running of the OSPF configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the OSPF module.
Page 197: Typical Ospf Configuration Example
Configure Switch A and Switch C as DR and BDR respectively. The priority of Switch A is 100, which is the highest on the network, so it is elected as the DR. Switch C has the second highest priority, that is, 2, so it is elected as the BDR. The priority of Switch B is 0, which means that it cannot be elected as the DR.
Page 198 Note that Switch A has three peers. The state of each peer is full, which means that adjacency is set up between Switch A and each peer. (Switch A and Switch C should set up adjacencies with all the routers on the network for them to be DR and BDR on the network respectively.) Switch A is DR,...
Page 199: Configuring Ospf Virtual Link
If all Switches on the network are removed and added back again, Switch B will be elected as the DR (with the priority of 200), and Switch A becomes the BDR (with a priority of 100). To switch off and restart all of the switches will bring about a new round of DR/BDR selection.
Page 200 3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration III. Configuration procedure Configure Switch A [Switch A] interface Vlan-interface 1 [Switch A-Vlan-interface1] ip address 196.1.1.1 255.255.255.0 [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255...
Page 201: Troubleshooting Ospf Faults
3Com Switch 8800 Configuration Guide 19.5 Troubleshooting OSPF Faults Symptom 1: OSPF has been configured in accordance with the earlier-mentioned steps, but OSPF on the router cannot run normally. Solution: Check according to the following procedure. Local troubleshooting: Check whether the protocol between two directly connected routers is in normal operation.
Page 202 3Com Switch 8800 Configuration Guide As shown in Figure 19-5: RTA and RTD are configured to belong to only one area, whereas RTB (area0 and area1) and RTC (area1 and area 2) are configured to belong to two areas. In which, RTB also belongs to area0, which is compliant with the requirement.
Page 203: Chapter 20 Integrated Is-Is Configuration
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration 20.1 Introduction to Integrated IS-IS Intermediate System-to-Intermediate System (IS-IS) intra-domain routing information exchange protocol is designed by the international organization for standardization (ISO) for connection-less network protocol (CLNP). This protocol is a dynamic routing protocol.
Page 204: Two-Level Structure Of Is-Is Routing Protocol
3Com Switch 8800 Configuration Guide II. Link types IS-IS routing protocol is applied to IS-IS routing protocol can run on point to point Links, such as PPP, HDLC and others. IS-IS routing protocol can also run on broadcast links, such as Ethernet, Token-Ring and others.
Page 205 3Com Switch 8800 Configuration Guide Routing Domain Boundary IS-IS Area End system Intermediate system Subnetwork Path Level 1 IS-IS Routing Figure 20-1 IS-IS topology Chapter 20 Integrated IS-IS Configuration Area 1 Routing Domain 1 Routing Domain 2 Interdomain Routing 20-3...
Page 206: Nsap Structure Of Is-Is Routing Protocol
In general, you only need to configure an area address for a router. The area addresses of all nodes are the same in an area. To support the seamless combination, segmentation and conversion, the Switch 8800 supports up to three area addresses. System ID System ID uniquely identifies terminal system or router in a route area.
Page 207: Is-Is Routing Protocol Packets
Point-to-Point IIH. II. LSP Link state packet (LSP) can switch link state information. LSP can be divided into Level-1 LSP and Level-2 LSP. Level-2 routers transmit Level-2 LSPs; Level-1 routers transmit Level-1 LSPs; Level-1-2 routers transmit both Level-2 LSPs and Level-1 LSPs.
Page 208: Configuring Integrated Is-Is
3Com Switch 8800 Configuration Guide III. SNP Sequence Number Packet (SNP) can confirm the LSPs last received from neighbors. SNPs function as acknowledge packets, but SNPs function more validly. SNP includes complete SNP (CSNP) and partial SNP (PSNP). SNP can be further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP and Level-2 PSNP.
Page 209 3Com Switch 8800 Configuration Guide Enabling IS-IS on the Specified Interface Setting Priority for DIS Election Setting Router Type Setting Interface Circuit Level Configuration related to IS-IS route Configuring IS-IS to Import Routes of Other Protocols Configuring IS-IS Route Filtering...
Page 210: Enabling Is-Is And Entering The Is-Is View
3Com Switch 8800 Configuration Guide Configuring IS-IS Route Metric Type Setting IS-IS Link State Routing Cost Configuring IS-IS Timers Setting to Discard the LSPs with Checksum Errors Setting LSP Refreshment Interval Setting Lifetime of LSP Setting Parameters Related to SPF...
Page 211 3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Delete a NET undo network-entity network-entity-title The format of the network-entity-title argument is X…X.XXXXXXXXXXXX.XX, among which the first “X…X” is the area address, the twelve Xs in the middle is the System ID of the router.
Page 212: Enabling Is-Is On The Specified Interface
3Com Switch 8800 Configuration Guide 20.2.3 Enabling IS-IS on the Specified Interface After enabling IS-IS, you need to specify on which Interfaces the IS-IS will be run. Perform the following configuration in interface view. Table 20-3 Enable IS-IS on the specified interface...
Page 213: Setting Interface Circuit Level
3Com Switch 8800 Configuration Guide Table 20-5 Set the router type Operation Set the router type Restore the default router type By default, the router type is level-1-2. 20.2.6 Setting Interface Circuit Level Perform the following configuration in Interface view.
Page 214: Configuring Is-Is Route Filtering
3Com Switch 8800 Configuration Guide Table 20-7 Import routes of other protocols Operation Import routes of other protocols Cancel importing routes from other protocols If the level is not specified in the command for importing the route, it defaults to importing the routes into level-2.
Page 215: Configuring Is-Is Routing Leak
3Com Switch 8800 Configuration Guide protocol specifies the routing protocol sources for advertising routes, which can be direct, static, rip, bgp, ospf, ospf-ase, and so on. Note: The filter-policy import command only filters the ISIS routes received from the neighbors, and routes that cannot pass the filter will not be added to the routing table.
Page 216: Setting To Generate Default Route
3Com Switch 8800 Configuration Guide By default, the system disables route summarization. 20.2.11 Setting to Generate Default Route In the IS-IS route domain, the Level-1 router only has the LSDB of the local area, so it can only generate the routes in the local areas. But the Level-2 router has the backbone LSDB in the IS-IS route domains and generates the backbone network routes only.
Page 217: Configuring Is-Is Route Metric Type
3Com Switch 8800 Configuration Guide 20.2.13 Configuring IS-IS Route Metric Type IS-IS routing protocol has two styles of route metric: Narrow: The value of route metric ranges from 1 to 63. Wide: The value of route metric ranges from 1 to 16,777,215.
Page 218 3Com Switch 8800 Configuration Guide Perform the following configuration in interface view. Table 20-16 Set the Hello packet broadcast interval Operation Set Hello packet interval, measured in seconds. Restore the default Hello packet interval on the interface Usually, on the broadcast links, there exist level-1 and level-2 hello packets. For different packets, different broadcast intervals should be set.
Page 219 3Com Switch 8800 Configuration Guide Table 20-18 Set the LSP packet transmission interval Set LSP packet interval on the interface, measured in milliseconds. Restore the default LSP packet interval on the interface By default, the LSP packet is transmitted via the interface every 33 milliseconds.
Page 220: Setting Is-Is Authentication
3Com Switch 8800 Configuration Guide By default, the number of the invalid Hello packets is set to 3. If this command does not specify Level-1 or Level-2, the system regard the invalid Hello packets are set for both Level-1 and Level-2 routers.
Page 221: Setting The Mesh Group Of The Interface
III. Setting the IS-IS to use the MD5 algorithm compatible with that of the other vendors You must configure this command when the switch needs to authenticate the devices of other vendors using MD5 algorithm in IS-IS. Perform the following configuration in IS-IS view.
Page 222: Setting Overload Flag Bit
3Com Switch 8800 Configuration Guide Table 20-24 Set the mesh group of the interface Operation Add an interface to a mesh group Remove the interface from the mesh group By default, the LSP is flooded normally from the interface. When configured with the mesh-blocked keyword, it will not flood the LSP to other interfaces.
Page 223: Setting To Log The Peer Changes
3Com Switch 8800 Configuration Guide Table 20-26 Set to discard the LSPs with checksum errors Set to discard the LSP with checksum error Set to ignore the LSP checksum error By default, the LSP checksum error is ignored. 20.2.20 Setting to Log the Peer Changes After peer changes log is enabled, the IS-IS peer changes will be output on the configuration terminal until the log is disabled.
Page 224: Setting Parameters Related To Spf
3Com Switch 8800 Configuration Guide Perform the following configuration in IS-IS view. Table 20-29 Set Lifetime of LSP Operation Set lifetime of LSP Restore the default LSP lifetime By default, LSP can live for 1200 seconds (20 minutes). 20.2.23 Setting Parameters Related to SPF I.
Page 225: Enabling/Disabling The Interface To Send Packets
3Com Switch 8800 Configuration Guide By default, SPF calculation is not divided into slices but runs to the end once, which can also be implemented by setting the seconds argument to 0. After slice calculation is set, the routes that are not processed once will be calculated in one second.
Page 226: Resetting All The Is-Is Data Structure
The silent-interface command is only used to restrain the IS-IS packets not to be sent on the interface, but the interface routes can still be sent from other interfaces. On a switch, this command can disable/enable the specified VLAN interface to send IS-IS packets.
Page 227: Typical Integrated Is-Is Configuration Example
3Com Switch 8800 Configuration Guide Display IS-IS SPF calculation log Display IS-IS routing information Display IS-IS neighbor information Display mesh group information Enable IS-IS debugging Disable IS-IS debugging 20.4 Typical Integrated IS-IS Configuration Example I. Network requirements As is shown in Figure 20-3, Switches A, B, C and D belong to the same autonomous system.
Page 228 3Com Switch 8800 Configuration Guide II. Network diagram Vlan-interface 101 100.0.0.1/24 Switch A Vlan-interface 100 100.10.0.1/24 Vlan-interface 102 100.20.0.1/24 Vlan-interface 102 100.20.0.2/24 Switch D Vlan-interface 100 100.30.0.1/24 Figure 20-3 IS-IS configuration example III. Configuration procedure Configure Switch A [Switch A] isis [Switch A-isis] network-entity 86.0001.0000.0000.0005.00...
Page 229 3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Configure Switch C [Switch C] isis [Switch C-isis] network-entity 86.0001.0000.0000.0007.00 [Switch C] interface vlan-interface 101 [Switch C-Vlan-interface101] ip address 200.10.0.2 255.255.255.0 [Switch C-Vlan-interface101] isis enable [Switch C] interface vlan-interface 100 [Switch C-Vlan-interface100] ip address 200.20.0.1 255.255.255.0...
Page 230: Chapter 21 Bgp Configuration
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration 21.1 BGP/MBGP Overview 21.1.1 Introduction to BGP Border gateway protocol (BGP) is an inter-autonomous system (inter-AS) dynamic route discovery protocol. Three early versions of BGP are BGP-1 (RFC1105), BGP-2 (RFC1163) and BGP-3 (RFC1267). The current version is BGP-4 (RFC1771) that is applied to advertised structures and supports classless inter-domain routing (CIDR).
Page 231: Bgp Message Types
A BGP speaker calls peers other BGP speakers which exchange information with it and multiple related peers compose a peer group. I. Route advertisement policy In the Switch 8800, these policies are used by BGP when advertising routes: If there are multiple routes available, a BGP speaker only selects the optimum one.
Page 232: Mbgp
Once the connection is set up, a BGP speaker will advertise all its BGP routes to its peers. II. Route selection policy In the Switch 8800, these policies are adopted for BGP to select routes: First discard the routes unreachable to the next hop. First select the routes with the highest local preference.
Page 233: Bgp Peer And Peer Group
II. Relationship between peer configuration and peer group configuration In the Switch 8800, a BGP peer must belong to a peer group. If you want to configure a BGP peer, you need first to create a peer group and then add a peer into the group.
Page 234: Enabling Bgp
3Com Switch 8800 Configuration Guide Configuring application features of a BGP peer (group) Configuring Route Filtering of a Peer (group) BGP route configuration Configuring Network Routes for BGP Distribution Configuring the Interaction Between BGP and IGP Configuring BGP Route Summarization...
Page 235 3Com Switch 8800 Configuration Guide Perform the following configurations in BGP view. I. Creating a peer group A BGP peer must belong to a peer group. Before configuring a BGP peer, a peer group to which the peer belongs must be created first.
Page 236 3Com Switch 8800 Configuration Guide Delete a peer If you want to add a peer to an IBGP peer group, this command cannot specify AS numbers. When a peer is added to an EBGP peer group and the peer group is defined with an AS number, all its member peers inherits the configuration of the group.
Page 237: Configuring Application Features Of A Bgp Peer (Group)
3Com Switch 8800 Configuration Guide higher than the timer command that is used to configure timers for the whole BGP peers. Perform the following configuration in BGP view. Table 21-7 Configure timer of a peer (group) Operation Configure keep-alive message interval...
Page 238 3Com Switch 8800 Configuration Guide Table 21-9 Configure to permit connections with EBGP peer groups on indirectly connected networks Configure to permit connections with EBGP peer groups on indirectly connected networks Configure to permit connections with EBGP peer groups on directly connected network only By default, only the connections with EBGP peer groups on directly connected networks are permitted.
Page 239 3Com Switch 8800 Configuration Guide After you use the peer default-route-advertise command, the local router will send a default route with the next hop as itself to the peer unconditionally, even if there is no default route in BGP routing table.
Page 240 3Com Switch 8800 Configuration Guide Table 21-14 Configure to send the community attributes to a peer group Operation Configure to send the community attributes to a peer group Configure not to send the community attributes to a peer group By default, the BGP speaker does not send the community attributes to a peer group.
Page 241: Configuring Route Filtering Of A Peer (Group)
TCP link. 21.2.4 Configuring Route Filtering of a Peer (group) The Switch 8800 supports filtering imported and advertised routes for peers (groups) through Route-policy, AS path list, ACL and ip prefix list. The route filtering policy of advertised routes configured for each member of a peer group must be same with that of the peer group but their route filtering policies of ingress routes may be different.
Page 242 3Com Switch 8800 Configuration Guide Operation Configure the egress route policy for a peer group Remove the egress route policy of a peer group II. Configuring route filtering policy based on IP ACL for a peer (group) Table 21-19 Configure route filtering policy based on IP ACL for a peer (group)
Page 243: Configuring Network Routes For Bgp Distribution
3Com Switch 8800 Configuration Guide IV. Configuring route filtering policy based on address prefix list for a peer (group) Table 21-21 Configure route filtering policy based on address prefix list for a peer (group) Configure the ingress route filtering policy...
Page 244: Configuring Bgp Route Summarization
Perform the following configuration in BGP view. Table 21-24 Configure not to synchronize with IGP Cancel the synchronization of BGP and IGP By default, BGP does not synchronize with IGP. The Switch 8800 does not support synchronization of BGP and IGP. 21.2.7 Configuring BGP Route Summarization There are two modes of BGP route summarization: summary: The summary of the BGP subnet routes.
Page 245: Configuring Bgp Route Filtering
3Com Switch 8800 Configuration Guide Table 21-25 Configure BGP route summarization Operation Configure automatic function of the subnet routes Cancel the summary automatic function of the subnet routes Configure aggregation function Cancel local route aggregation function By default, the BGP will not perform local route aggregation.
Page 246: Configuring Bgp Route Dampening
3Com Switch 8800 Configuration Guide II. Configuring to filter the routes advertised by the BGP Perform the following configuration in the BGP view. Table 21-27 Configure to filter the routes advertised by the BGP Operation Configure to filter the routes...
Page 247: Configuring Bgp Preference
3Com Switch 8800 Configuration Guide suppressed. With time going, the penalty value will decrease according to power function, and when it decreases to certain specific threshold, the route suppression will be eliminated and the route will be re-advertised. Perform the following configuration in BGP view.
Page 248: Configuring Bgp Timer
3Com Switch 8800 Configuration Guide The ebgp-value, ibgp-value and local-value arguments are in the range of 1 to 256. By default, the first two is 256 and the last one is 130. 21.2.11 Configuring BGP Timer After you established BGP connections between routers, a router sends Keepalive packets to the peer periodically.
Page 249: Configuring Med For As
3Com Switch 8800 Configuration Guide By default, the local preference is 100. 21.2.13 Configuring MED for AS Multi-Exit Discriminators (MED) attribute is the external metric for a route. AS uses the local preference to select the route to the outside, and uses the MED to determine the optimum route for entering the AS.
Page 250: Configuring Bgp Route Reflector
3Com Switch 8800 Configuration Guide 21.2.15 Configuring BGP Route Reflector To ensure the interconnection between IBGP peers, it is necessary to establish a fully connected network. If there are many IBGP peers, large overhead is needed to establish a fully connected network.
Page 251: Configuring Bgp As Confederation Attribute
3Com Switch 8800 Configuration Guide By default, the route reflection between clients is allowed. If the clients are fully connected, for the purpose of overhead reduction, it is recommended to use the undo reflect between-clients command to disable the route reflection between clients.
Page 252 3Com Switch 8800 Configuration Guide Table 21-37 Configure confederation_ID Operation Configure confederation_ID Cancel confederation_ID By default, the confederation_ID is not configured. The configured confederation_ID and the existing AS number of a peer or peer group cannot be the same. II. Configuring sub-AS belonging to the confederation Configure confederation_ID first, and then configure the sub-AS belonging to the confederation.
Page 253: Clearing Bgp Connection
3Com Switch 8800 Configuration Guide By default, the configured confederation is consistent with RFC1965. 21.2.17 Clearing BGP Connection After the user changes BGP policy or protocol configuration, they must cut off the current connection so as to enable the new configuration.
Page 254 3Com Switch 8800 Configuration Guide Table 21-42 Display and debug BGP Operation Display the routing information in BGP routing table Display filtered AS path information in the BGP Display CIDR routes Display the routing information of the specified BGP community...
Page 255: Typical Bgp Configuration Example
3Com Switch 8800 Configuration Guide Operation Enable/Disable debugging Enable/Disable BGP Open debugging Enable /Disable BGP packet debugging Enable/Disable BGP Update packet debugging Enable/Disable information debugging of BGP normal functions. Enable/Disable BGP Update packet debugging Reset BGP flap information 21.4 Typical BGP Configuration Example 21.4.1 Configuring BGP AS Confederation Attribute...
Page 256 3Com Switch 8800 Configuration Guide II. Network diagram AS1001 172.68.10.1 156.10.1.1 156.10.1.2 Switch E AS200 Figure 21-2 Network diagram for AS confederation configuration III. Configuration procedure Configure Switch A: [Switch A] bgp 1001 [Switch A-bgp] confederation id 100 [Switch A-bgp] confederation peer-as 1002 1003...
Page 257: Configuring Bgp Route Reflector
Switch B receives an update packet passing EBGP and transmits it to Switch C. Switch C is a reflector with two clients: Switch B and Switch D. When Switch C receives a route update from Switch B, it will transmit such information to Switch D. It is required to establish an IBGP connection between Switch B and Switch D, because Switch C reflects information to Switch D.
Page 258: Configure Vlan
3Com Switch 8800 Configuration Guide [Switch A-Vlan-interface100] quit [Switch A] bgp 100 [Switch A-bgp] network 1.0.0.0 255.0.0.0 [Switch A-bgp] group ex external [Switch A-bgp] peer 192.1.1.2 group ex as-number 200 Configure Switch B: Configure VLAN 2: [Switch B] interface Vlan-interface 2 [Switch B-Vlan-interface2] ip address 192.1.1.2 255.255.255.0...
Page 259: Configuring Bgp Routing
All switches are configured with BGP, and IGP in AS 200 utilizes OSPF. Switch A is in AS 100, and Switch B, Switch C and Switch D are in AS 200.Switch A, Switch B, and Switch C operate EBGP. Switch B, Switch C and Switch D operate IBGP.
Page 260 [Switch A-route-policy] apply cost 100 [Switch A-route-policy] quit Apply route policy set_med_50 to egress route update of Switch C (193.1.1.2), and apply route policy set_med_100 on the egress route of Switch B (192.1.1.2) [Switch A] bgp 100 [Switch A-bgp] peer ex193 route-policy apply_med_50 export...
Page 261 After above configuration, due to the fact that the MED attribute of route 1.0.0.0 discovered by Switch C is less than that of Switch B, Switch D will first select the route 1.0.0.0 from Switch C. If the MED attribute of Switch A is not configured, the local preference on Switch C is...
Page 262: Troubleshooting Bgp
By then, due to the fact that the Local preference attribute value (200) of the route 1.0.0.0 learned by Switch C is more than that of Switch B (Switch B is not configured with local Preference attribute, 100 by default), Switch D will also first select the route 1.0.0.0 from Switch C.
Page 263 3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration covering large network segment cannot be imported. For example, route 10.1.1.0/24 can be imported, while 10.0.0.0/8 may cause error. 21-34...
Page 264: Chapter 22 Ip Routing Policy Configuration
22.1.1 Filter In the Switch 8800, five kinds of filters, Route-policy, acl, as-path, community-list, and ip-prefix, are provided to be called by the routing protocols. The following sections introduce these filters respectively.
Page 265: Routing Policy Application
3Com Switch 8800 Configuration Guide II. ip-prefix The function of the ip-prefix is similar to that of the acl, but it is more flexible and easy for the users to understand. When the ip-prefix is applied to the routing information filtering, its matching objects are the destination address information domain of the routing information.
Page 266: Configuring A Route-Policy
3Com Switch 8800 Configuration Guide Configuring ip-prefix Configuring the AS Path List Configuring a Community Attribute List Note: For the configuration of ACL, refer to the QoS/ACL operation part of this manual. Applications of routing policies include: Importing Routing Information Discovered by Other Routing Protocols Configuring Route Filtering 22.2.1 Configuring a Route-policy...
Page 267 3Com Switch 8800 Configuration Guide satisfies all the if-match clauses of the node, it will be denied by the node and will not take the test of the next node. If not, however, the route will take the test of the next node.
Page 268 3Com Switch 8800 Configuration Guide Cancel the matched next-hop of the routing information set by ACL Cancel the matched next-hop of the routing information set by address prefix list Match the routing cost of the routing information Cancel the matched routing cost of the...
Page 269 3Com Switch 8800 Configuration Guide Operation Set the next-hop address of the routing information Cancel the next-hop address of the routing information Import the route to IS-IS level-1, level-2 or level-1-2 Remove the function of importing the route to IS-IS...
Page 270: Configuring Ip-Prefix
3Com Switch 8800 Configuration Guide 22.2.2 Configuring ip-prefix A prefix-list is identified by an ip-prefix-name. Each IP prefix-list may include multiple entries each specifying an IP prefix matching range. IP prefix entries are identified by index-numbers. The order in which IP prefix entries are matched against depends on the order of their index numbers.
Page 271: Configuring A Community Attribute List
3Com Switch 8800 Configuration Guide 22.2.4 Configuring a Community Attribute List In BGP, community attribute is optional and transitive. Some community attributes known globally are called standard community attributes. Some community attributes are for special purpose. You can also define expanded community attribute.
Page 272: Configuring Route Filtering
3Com Switch 8800 Configuration Guide Operation Cancel the setting for importing routes of other protocols By default, the routes discovered by other protocols will not be advertised. Note: In different routing protocol views, the parameter options are different. For details, respectively refer to the import-route command in different protocols.
Page 273: Displaying And Debugging The Routing Policy
3Com Switch 8800 Configuration Guide Table 22-9 Configure to filter the advertised routes Operation Configure to filter the routes advertised by the protocol Cancel the filtering of the routes advertised by the protocol By far, the route policy supports importing the routes discovered by the following protocols into the routing table: direct: The hop (or host) to which the local interface is directly connected.
Page 274: Typical Ip Routing Policy Configuration Example
Import three static routes through enabling the OSPF protocol on the Switch A. The route filtering rules can be configured on Switch B to make the received three static routes partially visible and partially shielded. It means that routes in the network segments 20.0.0.0 and 40.0.0.0 are visible while those in the network...
Page 275: Troubleshooting Routing Policy
3Com Switch 8800 Configuration Guide Configure Switch B: Configure the IP address of VLAN interface. [Switch B] interface vlan-interface 100 [Switch B-Vlan-interface100] ip address 10.0.0.2 255.0.0.0 Configure the access control list. [Switch B] acl number 2000 [Switch B-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.255...
Page 276: Chapter 23 Ip Multicast Overview
Chapter 23 IP Multicast Overview Note: An Ethernet switch functions as a router when it runs IP multicast protocol. A router that is referred to in the following represents a generalized router or a layer 3 Ethernet switch running IP multicast protocol.
Page 277: Advantages Of Multicast
3Com Switch 8800 Configuration Guide over the network if there is a large number of users in need of this infomration. As the bandwidth would turn short, the unicast mode is incapable of massive transmission. II. Data transmission in broadcast mode In broadcast mode, every user on the network receives the information regardless of their needs.
Page 278: Application Of Multicast
3Com Switch 8800 Configuration Guide Multicast Multicast Server Server Figure 23-3 Data transmission in multicast mode Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the information can reach them smoothly. The routers on the network duplicate and forward the information according to the distribution of these users in the group.
Page 279: Implementation Of Ip Multicast
3Com Switch 8800 Configuration Guide Occasional communication for training and cooperation Data storage and finance (stock) operation Point-to-multipoint data distribution With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace. In addition, the multicast service becomes popular and prevalent gradually.
Page 280 3Com Switch 8800 Configuration Guide Table 23-1 Ranges and meanings of Class D addresses Class D address range 224.0.0.0∼224.0.0.255 224.0.1.0∼238.255.255.255 239.0.0.0∼239.255.255.255 Reserved multicast addresses that are commonly used are described in the following table. Table 23-2 Reserved multicast address list Class D address range 224.0.0.0...
Page 281: Ip Multicast Protocols
3Com Switch 8800 Configuration Guide Class D address range …… II. Ethernet Multicast MAC Addresses When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver. However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific members.
Page 282: Rpf Mechanism For Ip Multicast Packets
3Com Switch 8800 Configuration Guide Multicast Server Figure 23-5 Application positions of multicast-related protocols I. Multicast group management protocol Multicast groups use Internet group management protocol (IGMP) as the management protocols. IGMP runs between the host and multicast router and defines the membership establishment and maintenance mechanism between them.
Page 283 3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview uses the source address of a received multicast packet to query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the shortest path from the receiving station to the source. If a source tree is used, the source address is the address of the source host sending the multicast packet.
Page 284: Chapter 24 Igmp Snooping Configuration
IGMP host, it will add the host to the corresponding multicast table. If the switch hears IGMP leave message from an IGMP host, it will remove the host from the corresponding multicast table. The switch continuously listens to the IGMP messages to create and maintain MAC multicast address table on Layer 2.
Page 285: Implement Igmp Snooping
MAC multicast group: The multicast group is identified with MAC multicast address and maintained by the Ethernet switch. Router port aging time: Time set on the router port aging timer. If the switch has not received any IGMP general query message before the timer times out, it considers the port no longer as a router port.
Page 286 3Com Switch 8800 Configuration Guide II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement IGMP...
Page 287: Igmp Snooping Configuration
And then the switch checks if the corresponding IP multicast group exists. If it does not exist, the switch creates a new IP multicast group and adds the port received the report message to it. If it exists, the switch adds the port to it.
Page 288: Configuring Router Port Aging Time
Otherwise, IGMP Snooping does not take effect. 24.2.2 Configuring Router Port Aging Time This task is to manually configure the router port aging time. If the switch has not received any general query message from the router before the router port is aged, it will remove the port from all MAC multicast groups.
Page 289: Configuring Aging Time Of Multicast Group Member Ports
VLAN if no member port exists. Since the router port is that connected to the router with IGMP/PIM enabled and the router sends regularly IGMP Query and PIM Hello packets, the switch can identify the router port. If there is no router port, multicast packets shall be dropped, instead of being forwarded.
Page 290: Displaying And Debugging Igmp Snooping
3Com Switch 8800 Configuration Guide Caution: If IGMP snooping is not enabled on the VLAN (nor Layer 3 multicast), unknown multicast packets are broadcasted within the VLAN no matter whether this function is enabled or not. That is, to make unknown multicast packets not be broadcasted with a VLAN, you must enable igmp-snooping in this VLAN and enable igmp-snooping nonflooding-enable globally.
Page 291: Troubleshoot Igmp Snooping
3Com Switch 8800 Configuration Guide To implement IGMP Snooping on the switch, you need to enable IGMP Snooping on the switch first. The switch is connected with the router via the router port, and connected with user PC through the non-router ports.
Page 292 3Com Switch 8800 Configuration Guide If IGMP Snooping is not enabled, input the igmp-snooping enable command in system view to enable IGMP Snooping. Then, use the same command in VLAN view to enable IGMP Snooping in the corresponding VLAN. Multicast forwarding table set up by IGMP Snooping is wrong.
Page 293: Chapter 25 Multicast Vlan Configuration
To solve this problem, we provide the multicast VLAN feature. With this feature, you can add switch ports to a multicast VLAN and enable IGMP Snooping to allow users in different VLANs to share the same multicast VLAN. In this way, multicast flow is transmitted in one multicast VLAN instead of multiple user VLANs and bandwidth is greatly saved.
Page 294: Multicast Vlan Configuration Example
3Com Switch 8800 Configuration Guide Item ports corresponding VLANs To cancel the configurations, use the corresponding undo commands. Note: A port can only belong to one multicast VLAN. The type of the ports connected to user terminals must be hybrid untagged.
Page 295 3Com Switch 8800 Configuration Guide II. Network diagram Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Figure 25-1 Network diagram for multicast VLAN configuration III. Configuration procedure Before performing the following configurations, you should configure the IP addresses and connect the devices correctly.
Page 296 3Com Switch 8800 Configuration Guide Chapter 25 Multicast VLAN Configuration Configure Switch B Enable IGMP Snooping. <Switch B> system-view [Switch B] igmp-snooping enable Enable IGMP-Snooping on VLAN 2 and VLAN 3. [Switch B] vlan 2 [Switch B-vlan 2] igmp-snooping enable...
Page 297: Chapter 26 Common Multicast Configuration
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration 26.1 Introduction to Common Multicast Configuration The multicast common configuration is for both the multicast group management protocol and the multicast routing protocol. The configuration includes enabling multicast, displaying multicast routing table and multicast forwarding table, etc.
Page 298: Configuring Multicast Route Number Limit
3Com Switch 8800 Configuration Guide 26.2.2 Configuring multicast route number limit Because too many multicast routes may exhaust the router memory, you need to limit the number of multicast routes. Perform the following configuration in system view. Table 26-2 Configuring multicast route limit...
Page 299: Controlled Multicast Configuration
3Com Switch 8800 Configuration Guide 26.3 Controlled Multicast Configuration 26.3.1 Controlled Multicast Overview The controlled multicast feature controls user’s authority to join multicast groups. This feature is based on ports: users must first pass the 802.1x authentication set for their ports.
Page 300: Controlled Multicast Configuration Example
3Com Switch 8800 Configuration Guide Caution: In local user view, before executing this command, you must configure user service type to LAN-ACCESS, which is the only one supported by controlled multicast at present. 26.3.3 Controlled Multicast Configuration Example I. Network reuirements As shown in Figure 26-1, HostA and HostB join the multicast group.
Page 301: Displaying And Debugging Common Multicast Configuration
3Com Switch 8800 Configuration Guide [SW8800-GigabitEthernet2/1/1] dot1x [SW8800-GigabitEthernet2/1/2] dot1x Configure the authentication mode on the controlled ports to port-based mode. [SW8800-GigabitEthernet2/1/1] dot1x –method portbased [SW8800-GigabitEthernet2/1/2] dot1x –method portbased Create a local-user in system view. Then set the password and service type for the user.
Page 302 3Com Switch 8800 Configuration Guide Operation Enable multicast kernel routing debugging Disable multicast kernel routing debugging The multicast routing tables can be layered as follows: Each multicast routing protocol has a multicast routing table of itself. All the multicast routing tables can be summarized into the multicast kernel routing tables.
Page 303: Chapter 27 Igmp Configuration
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration 27.1 IGMP Overview 27.1.1 Introduction to IGMP Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring routers.
Page 304: Igmp Configuration
3Com Switch 8800 Configuration Guide address is elected as the querier when there are multiple multicast routers on the same network segment. II. Leaving group mechanism In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group.
Page 305: Enabling Multicast
By default, IGMP Version 2 is used. Caution: All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1 system, a router cannot automatically switch to Version 1. igmp enable undo igmp enable...
Page 306: Configuring The Interval To Send Igmp Query Message
3Com Switch 8800 Configuration Guide 27.2.4 Configuring the Interval to Send IGMP Query Message Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast routers send query messages periodically to refresh their knowledge of members present on their networks.
Page 307: Configuring The Present Time Of Igmp Querier
3Com Switch 8800 Configuration Guide I. Configuring interval for querying IGMP packets Table 27-4 Configuring interval for querying IGMP packets Operation Configure interval for querying IGMP packets Restore te default query interval By default, the interval is 1 second. II. Configuring the number of last member querying...
Page 308: Configuring The Limit Of Igmp Groups On An Interface
3Com Switch 8800 Configuration Guide maximum response time. When any timer becomes 0, the host will send the membership report message of the multicast group. Setting the maximum response time reasonably can enable the host to respond to query messages quickly. In this case, the router can fast master the existing status of the members of the multicast group.
Page 309: Limiting Multicast Groups That An Interface Can Access
When the interface receives IGMP query packet, the router will respond, thus ensuring that the network segment where the interface located can normally receive multicast packets. For an Ethernet switch, you can configure a port in a VLAN interface to join a multicast group. Perform the following configuration in the corresponding view.
Page 310: Deleting Igmp Groups Joined On An Interface
3Com Switch 8800 Configuration Guide Table 27-10 Limiting multicast groups an interface can access Operation Limit the range of allowed multicast groups on current interface (in VLAN interface view) Remove the filter set on the interface (in VLAN interface view)
Page 311: Displaying And Debugging Igmp
3Com Switch 8800 Configuration Guide 27.3 Displaying and Debugging IGMP After the above configuration, execute display command in any view to display the running of IGMP configuration, and to verify the effect of the configuration. Execute debugging command in corresponding views for the debugging of IGMP.
Page 312: Chapter 28 Pim-Dm Configuration
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration 28.1 PIM-DM Overview 28.1.1 Introduction to PIM-DM PIM-DM (Protocol Independent Multicast, Dense Mode) belongs to dense mode multicast routing protocols. PIM-DM is suitable for small networks. Members of multicast groups are relatively dense in such network environments.
Page 313 IP address will be the upstream neighbor of the (S, G) entry, which is responsible for forwarding the (S, G) multicast packet. Note: Currently assert mechanism is not available on the Switch 8800. 28-2...
Page 314: Pim-Dm Configuration
3Com Switch 8800 Configuration Guide IV. Graft When the pruned downstream node needs to be restored to the forwarding state, the node will send a graft packet to inform the upstream node. 28.2 PIM-DM Configuration PIM-DM basic configuration includes: Enabling multicast...
Page 315: Configuring The Time Intervals For Ports To Send Hello Packets
3Com Switch 8800 Configuration Guide 28.2.3 Configuring the Time Intervals for Ports to Send Hello Packets When protocol independent multicast (PIM) protocol is enabled for a port, the port sends Hello packets periodically. The time intervals to send Hello packets vary with the bandwidth and type of the connected networks.
Page 316: Configuring The Filtering Of Multicast Source/Group
3Com Switch 8800 Configuration Guide 28.2.5 Configuring the Filtering of Multicast Source/Group You can set to filter the source (and group) address of multicast data packets via this command. When this feature is configured, the router filters not only multicast data, but the multicast data encapsulated in the registration packets.
Page 317: Clearing Multicast Route Entries From Pim Routing Table
3Com Switch 8800 Configuration Guide Table 28-6 Configuring the maximum number of PIM neighbor on an interface Configure the maximum number of PIM neighbor on an interface Restore the limit of PIN neighbor to the default value By default, the PIM neighbors on the interface are limited to 128.
Page 318: Pim-Dm Configuration Example
3Com Switch 8800 Configuration Guide Table 28-9 Displaying and debugging PIM-DM Operation Display the PIM multicast routing table Display the PIM interface information Display the information about PIM neighboring routers Display BSR information Display RP information Enable the PIM debugging...
Page 319 3Com Switch 8800 Configuration Guide VL AN10 VL AN10 VL AN10 Multicast Multicast Multicast Multicast Multicast Lanswitch1 Lanswitch1 Lanswitch1 Source Source Source Source Source Figure 28-2 PIM-DM configuration networking III. Configuration procedure This section only introduces Lanswitch1 configuration procedure, while Lanswitch2 and Lanswitch3 configuration procedures are similar.
Page 320: Chapter 29 Pim-Sm Configuration
When the data traffic is sufficient, the multicast data flow can switch over to the SPT (Shortest Path Tree) rooted on the source to reduce network delay. PIM-SM does not depend on the specified unicast routing protocol but uses the present unicast routing table to perform the RPF check.
Page 321: Preparations Before Configuring Pim-Sm
3Com Switch 8800 Configuration Guide I. Build the RP shared tree (RPT) When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the receivers of multicast group G. In this way, the leaf routers calculate the corresponding rendezvous point (RP) for multicast group G and then send join messages to the node of the next level toward the rendezvous point (RP).
Page 322: Pim-Sm Configuration
It should be noted that there can be only one BSR in a network but you can configure multiple candidate-BSRs. In this case, once a BSR fails, you can switch over to another BSR. A BSR is elected among the C-BSRs automatically. The C-BSR with the highest priority is elected as the BSR.
Page 323: Enabling Multicast
3Com Switch 8800 Configuration Guide It should be noted that at least one router in an entire PIM-SM domain should be configured with Candidate-RPs and Candidate-BSRs. 29.2.1 Enabling Multicast Refer to Chapter 26 Common Multicast Configuration. 29.2.2 Enabling PIM-SM This configuration can be effective only after multicast is enabled.
Page 324: Configuring Candidate-Rps
3Com Switch 8800 Configuration Guide At first, each candidate BSR considers itself as the BSR of the PIM-SM domain, and sends Bootstrap message by taking the IP address of the interface as the BSR address. When receiving Bootstrap messages from other routers, the candidate BSR will compare the BSR address of the newly received Bootstrap message with that of itself.
Page 325: Configuring Static Rp
3Com Switch 8800 Configuration Guide Operation Remove candidate-RP configured When configuring RP, if the range of the served multicast group is not specified, the RP will serve all multicast groups. Otherwise, the range of the served multicast group is the multicast group in the specified range.
Page 326: Configuring The Filtering Of Multicast Source/Group
3Com Switch 8800 Configuration Guide By default, no domain border is set. After this configuration is performed, a bootstrap message can not cross the border but other PIM packets can. This configuration can effectively divide a network into domains using different BSRs.
Page 327: Limiting The Range Of Legal C-Rp
3Com Switch 8800 Configuration Guide Perform the following configuration in PIM view. Table 29-7 Limiting the range of legal BSR Operation Set the limit legal BSR range Restore to the default setting For detailed information of bsr-policy, please refer to the command manual.
Page 328: Pim-Sm Configuration Example
3Com Switch 8800 Configuration Guide Table 29-9 Displaying and debugging PIM-SM Operation Display information Display information Enable PIM-SM debugging Disable PIM-SM debugging 29.4 PIM-SM Configuration Example I. Networking requirements In actual network, we assume that the switches can intercommunicate and the IP address of each VLAN interface has been configured.
Page 329 3Com Switch 8800 Configuration Guide II. Networking diagram Host A Host A VLAN11 VLAN11 VLAN12 VLAN12 LS_A LS_A VLAN10 VLAN10 VLAN10 VLAN10 Figure 29-2 PIM-SM configuration networking III. Configuration procedure Configure LS_A Enable PIM-SM. [SW8800] multicast routing-enable [SW8800] vlan 10...
Page 330 3Com Switch 8800 Configuration Guide [SW8800-vlan-interface12] quit Configure LS_B Enable PIM-SM. [SW8800] multicast routing-enable [SW8800] vlan 10 [SW8800-vlan10] port ethernet 2/1/2 to ethernet 2/1/3 [SW8800-vlan10] quit [SW8800] interface vlan-interface 10 [SW8800-vlan-interface10] igmp enable [SW8800-vlan-interface10] pim sm [SW8800-vlan-interface10] quit [SW8800] vlan 11...
Page 331 3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Enable PIM-SM. [SW8800] multicast routing-enable [SW8800] vlan 10 [SW8800-vlan10] port ethernet 2/1/2 to ethernet 2/1/3 [SW8800-vlan10] quit [SW8800] interface vlan-interface 10 [SW8800-vlan-interface10] igmp enable [SW8800-vlan-interface10] pim sm [SW8800-vlan-interface10] quit [SW8800] vlan 11...
Page 332: Chapter 30 Msdp Configuration
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.1 MSDP Overview 30.1.1 Introduction Multicast source discovery protocol (MSDP) is used to discover multicast source information in other PIM-SM domains. No ISP would like to forward multicast traffic depending on the RP of competitors, though it has to obtain information from the source and distribute it among its members, regardless of the location of the source RP.
Page 333: Working Principle
3Com Switch 8800 Configuration Guide 30.1.2 Working Principle I. Indentifying multicast source and receiving multicast data As shown in Figure 30-1, the RPs of PIM-SM domains 1, 2 and 3 establish peer relationship between them. Domain 3 contains a group member.
Page 334 If the SA message is from a MSDP peer that is the RP of the multicast source as from Switch A to Switch B, it is received and forwarded to other peers. If the SA message is from a MSDP peer that has only one peer as from Switch B to Switch A, it is received.
Page 335: Enabling Msdp
3Com Switch 8800 Configuration Guide case when the message is from Switch E to Switch F, it is received and forwarded to other peers. If the SA message is sent from a MSDP peer in a different domain which is the next autonomous domain along the optimal path to the RP in the domain of source, as from Switch D to Switch F, it is received and forwarded to other peers.
Page 336: Configuring Msdp Peers
3Com Switch 8800 Configuration Guide 30.2.2 Configuring MSDP Peers To run MSDP, you need to configure MSDP peers locally. Please perform the following configurations in MSDP view. Table 30-2 Configuring MSDP peers Operation Configure MSDP peers Remove MSDP peer configuration...
Page 337: Configuring Originating Rp
3Com Switch 8800 Configuration Guide rp-policy parameter are configured, any peer that receives an SA message will forward it to the other peers. Not using the rp-policy parameter universally: According to the configuration sequence, only the first static RPF peer whose connection state is UP is activated.
Page 338: Configuring The Maximum Number Of Sa Caching
3Com Switch 8800 Configuration Guide 30.2.6 Configuring the Maximum Number of SA caching To prevent DoS (Deny of Service) attacks, you can set the maximum number of SAs cached on the router. Perform the following configuration in MSDP view. Table 30-6 Configuring the maximum number of SA caching...
Page 339: Controlling The Source Information Forwarded
3Com Switch 8800 Configuration Guide qualified (S, G) entries in the multicast routing table when creating SA messages, that is, to control the (S,G) entries imported from the multicast routing table to the domain. Please perform the following configurations in MSDP view.
Page 340: Controlling The Received Source Information
3Com Switch 8800 Configuration Guide I. Using MSDP outbound filter MSDP outbound filter of are functional in: Filtering off all the (S, G) entries Forwarding only the SA messages permitted by the advanced ACL Please perform the following configurations in MSDP view.
Page 341: Configuring Msdp Mesh Group
3Com Switch 8800 Configuration Guide Table 30-12 Controlling the received source information Filter off the SA messages from a specified MSDP peer Receive the SA messages permitted by the advanced ACL from a specified MSDP peer Remove the filtering rule over received...
Page 342: Shutting Msdp Peers Down
3Com Switch 8800 Configuration Guide Table 30-14 Configuring the MSDP connection retry period Configuring the MSDP connection retry period Restore the default value of MSDP connection retry interval By default, MSDP connection is retried at the interval of 30 seconds.
Page 343: Displaying And Debugging Msdp
3Com Switch 8800 Configuration Guide 30.3 Displaying and Debugging MSDP I. Displaying and Debugging MSDP After the above configuration, execute display commands in any view to display the running information of MSDP and to verify the effect of the configuration.
Page 344: Msdp Configuration Examples
BGP or MBGP running among them (Note that MBGP is not supported in the basic code; the extended option is required). To enable Switch D to receive the specified source information from PIM-SM domains 1, 2 and 3, you can configure static RPF peers with the parameter rp-policy.
Page 345: Configuring Anycast Rp
To configure Anycast RP in the PIM-SM domain, establish MSDP peer relationship between Switch A and Switch B; use the address of loopback0 on Switch A and Switch B to send SA messages outside; set Loopback10 interface on Switch A and Switch B as BSR/RP and configure the Anycast RP address.
Page 346 3Com Switch 8800 Configuration Guide II. Networking diagram SwitchE SwitchE SwitchB SwitchB E1/1/2 E1/1/2 Loopback0 Loopback0 10.10.1.1 10.10.1.1 E1/1/3 E1/1/3 Vlan-interface20 Vlan-interface20 10.10.3.1/24 10.10.3.1/24 Loopback0 : MSDP peer address Loopback0 : MSDP peer address & Originating-RP & Originating-RP Figure 30-4 Networking diagram for Anycast RP configuration III.
Page 347: Configure Ospf
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchB-LoopBack10] igmp enable [SwitchB-LoopBack10] pim sm [SwitchB-LoopBack10] quit Configure the IP address of Vlan-interface10 and enable IGMP and PIM-SM. [SwitchB] interface Vlan-interface10 [SwitchB-Vlan-interface10] ip address 10.10.2.1 255.255.255.0 [SwitchB-Vlan-interface10] igmp enable [SwitchB-Vlan-interface10] pim sm...
Page 348 3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchA] vlan 10 [SwitchA-vlan10] port ethernet1/1/2 [SwitchA-vlan10] quit [SwitchA] vlan 20 [SwitchA-vlan20] port ethernet1/1/3 [SwitchA-vlan20] quit Enable multicast. [SwitchA] multicast routing-enable Configure the IP address of interface loopback0. [SwitchA] interface loopback0 [SwitchA-LoopBack0] ip address 10.21.1.1 255.255.255.255...
Page 349: Msdp Integrated Networking
3Com Switch 8800 Configuration Guide [SwitchA-ospf-1] quit Configure Switch B as its MSDP peer. [SwitchA] msdp [SwitchA-msdp] peer 10.10.1.1 connect-interface loopback 0 Configure Originating RP. [SwitchA-msdp] originating-rp loopback0 [SwitchA-msdp] quit Configure C-RP and BSR. [SwitchA] pim [SwitchA-pim] c-rp loopback 10 [SwitchA-pim] c-bsr loopback 10 30 30.4.3 MSDP Integrated Networking...
Page 350 3Com Switch 8800 Configuration Guide II. Networking diagram PIM-SM domain 2 PIM-SM domain 2 Loopback0 Loopback0 10.28.1.1 10.28.1.1 SwitchG SwitchG Loopback10 Loopback10 10.1.1.1 10.1.1.1 Vlan-interface30 Vlan-interface30 SRC B SRC B Ethernet: 10.26.2.0 Ethernet: 10.26.2.0 E1/1/2 E1/1/2 Loopback10 Loopback10 SwitchE SwitchE 10.1.1.1...
Page 351 3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration Enable multicast. [SwitchA] multicast routing-enable Configure the IP address of interface loopback0 and enable PIM-SM. [SwitchA] interface loopback0 [SwitchA-LoopBack0] ip address 10.25.1.1 255.255.255.255 [SwitchA-LoopBack0] pim sm [SwitchA-LoopBack0] quit Configure the IP address of interface loopback10 and enable PIM-SM.
Page 352 3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchA-bgp] peer 10.27.1.2 group in [SwitchA-bgp] peer in connect-interface loopback0 [SwitchA-bgp] ipv4-family multicast [SwitchA-bgp-af-mul] peer in enable [SwitchA-bgp-af-mul] peer 10.26.1.2 group in [SwitchA-bgp-af-mul] peer 10.27.1.2 group in [SwitchA-bgp-af-mul] peer in next-hop-local...
Page 353 3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchE] multicast routing-enable Configure the IP address of interface loopback0 and enable PIM-SM. [SwitchE] interface loopback0 [SwitchE-LoopBack0] ip address 10.26.1.2 255.255.255.255 [SwitchE-LoopBack0] pim sm [SwitchE-LoopBack0] quit Configure the IP address of interface lookback10 and enable PIM-SM.
Page 354 3Com Switch 8800 Configuration Guide [SwitchE-bgp] ipv4-family multicast [SwitchE-bgp-af-mul] peer in enable [SwitchE-bgp-af-mul] peer 10.25.1.1 group in [SwitchE-bgp-af-mul] peer 10.27.1.2 group in [SwitchE-bgp-af-mul] peer in next-hop-local [SwitchE-bgp-af-mul] quit [SwitchE-bgp] group ex external [SwitchE-bgp] peer 10.29.1.1 group ex as-number 300 [SwitchE-bgp] peer ex default-route-advertise...
Page 355: Chapter 31 Mbgp Multicast Extension Configuration
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension 31.1 MBGP Multicast Extension Overview 31.1.1 Introduction At present, the most widely used inter-domain unicast routing protocol is BGP-4. Because the multicast topology may be different from the unicast topology, BGP-4 must be modified in order to implement the transmission of inter-domain multicast routing information.
Page 356: Mbgp Operating Mode And Message Type
3Com Switch 8800 Configuration Guide I. MP_REACH_NLRI attribute MP_REACH_NLRI is an optional non-transitive attribute, and can be used to: Send the routing information of a new reachable protocol. Send the next hop information about the new protocol with the same coding mode as that of NLRI.
Page 357: Mbgp Multicast Extension Configuration
3Com Switch 8800 Configuration Guide 31.2 MBGP Multicast Extension Configuration Basic configuration tasks of MBGP multicast extension include: Enable MBGP multicast extension protocol Specify the network routes notified by the MBGP multicast extension Advanced configuration tasks of MBGP multicast extension include:...
Page 358: Specifying Network Routes Notified By Mbgp Multicast Extension
3Com Switch 8800 Configuration Guide Table 31-1 Enabling MBGP multicast extension protocol Operation Enter the MBGP multicast address family view Remove the MBGP multicast address family view By default, the system does not run the MBGP multicast extension protocol. 31.2.2 Specifying Network Routes Notified by MBGP Multicast Extension The network command is used to specify the network routes to be advertised to MBGP peers, as well as the mask and route policy of this network route.
Page 359: Configuring Local Preference
3Com Switch 8800 Configuration Guide 31.2.5 Configuring Local Preference Different local preference can be configured as a reference of the MBGP route selection. When an MBGP router gets routes with the same destination but different next hops through different neighbors, it will choose the route with the highest local preference.
Page 360 3Com Switch 8800 Configuration Guide II. Enabling a peer (group) Please perform the following configurations in IPV4 multicast sub-address family view. Table 31-3 Enabling a peer (group) Operation Enable the specified peer (group) Disable the specified peer (group) III. Adding an MBGP peer to the group Please perform the following configurations in IPV4 multicast sub-address family view.
Page 361 3Com Switch 8800 Configuration Guide By default, there is no route reflector in an AS. It is generally unnecessary to configure this command for a peer group. This command is reserved for the occasional compatibility with the network equipments of other vendors.
Page 362 3Com Switch 8800 Configuration Guide Table 31-9 Configuring IP-ACL-based route filtering policy for a peer (group) Operation Configure filteriing policy for incoming packets Remove incoming cnfiguration Configure routing outgoing packets Remove outgoing cnfiguration By default, a peer (group) does not perform route filtering based on the IP ACL.
Page 363: Configuring Mbgp Route Aggregation
3Com Switch 8800 Configuration Guide Operation Remove outgoing cnfiguration By default, a peer (group) does not perform route filtering based on the prefix list. 31.2.8 Configuring MBGP Route Aggregation MBGP supports the manual aggregation of routes. Manual aggregation aggregates the local MBGP routes.
Page 364: Configure Mbgp Community Attributes
3Com Switch 8800 Configuration Guide 31.2.10 Configure MBGP Community Attributes Within the MBGP, a community is a set of destinations with some characteriestics in common. A community is not limited to a network or an AS has no physical boundary.
Page 365: Resetting Bgp Connections
3Com Switch 8800 Configuration Guide 31.2.14 Resetting BGP Connections After changing the MBGP policy or protocol configuration, users must disconnect the present BGP connection to make the new configuration effective. For details, refer to “BGP Configuration” of the Routing Protocol part of this manual.
Page 366: Mbgp Multicast Extension Configuration Example
All switches are configured with MBGP. The IGP in AS200 uses OSPF. Switch A is AS100 and serves as the MBGP neighbor of Switch B and Switch C in AS200. Switch B and Switch C run IBGP for Switch D in AS200. Switch D is also in AS200.
Page 367 [SwitchA] route-policy set_med_100 permit node 10 [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 100 Apply the routing policy set_med_50 to the exported route updates of Switch C (193.1.1.2). Apply the routing policy set_med_100 to the exported route updates of Switch B (192.1.1.2).
Page 368 3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchB-vlan40] quit [SwitchB] interface vlan-interface 40 [SwitchB-Vlan-interface40] ip address 194.1.1.2 255.255.255.0 [SwitchB-Vlan-interface40] quit [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit...
Page 369 3Com Switch 8800 Configuration Guide [SwitchC-bgp] group c2 internal [SwitchC-bgp] peer 194.1.1.2 group c2 [SwitchC-bgp] peer 195.1.1.1 group c2 [SwitchC-bgp] ipv4-family multicast [SwitchC-bgp-af-mul] peer c1 enable [SwitchC-bgp-af-mul] peer c2 enable Configure the local preference attribute of Switch C. Add ACL 2000 on Switch C to permit network 1.0.0.0.
Page 370 3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit [SwitchD] bgp 200 [SwitchD-bgp] undo synchronization [SwitchD-bgp] group d1 internal [SwitchD-bgp] peer 194.1.1.2 group d1 [SwitchD-bgp] peer 195.1.1.2 group d1 [SwitchD-bgp] ipv4-family multicast [SwitchD-bgp-af-mul] peer d1 enable To make the configuration effective, you need to use the reset bgp all command on all MBGP neighbors.
Page 371: Acl Overview
ACLs classify packets using a series of matching rules, which can be source addresses, destination addresses and port IDs. ACLs can be used globally on the switch or just at a port, through which the switch determines whether to forward or drop the packets.
Page 372 Name-based basic ACLs Number-based advanced ACLs Name-based advanced ACLs Number-based L2 ACLs Name-based L2 ACLs Number-based user ACLs Name-based user ACLs The requirements for the various ACLs available on the switch are listed in the following table. Chapter 32 ACL Configuration 32-2...
Page 373: Acl Configuration
3Com Switch 8800 Configuration Guide Table 32-1 Requirements for defining ACLs Item Number-based basic ACL Number-based advanced ACL Number-based L2 ACL Number-based user ACL Name-based basic ACL Name-based advanced ACL Name-based L2 ACL Name-based user ACL Maximum sub-rules for an ACL...
Page 374 3Com Switch 8800 Configuration Guide Table 32-3 ACL configuration tasks Item Enter the system view Configure time range Define template Enter the ACL view Define sub-rules Exit ACL view Enter port view Apply a defined flow template in the Ethernet port...
Page 375 3Com Switch 8800 Configuration Guide start-time and end-time days-of-the-week define period time range together. start-time start-date and end-time end-date define absolute time range together. If a time range only defines the period time range, the time range is only active within the period time range.
Page 376 3Com Switch 8800 Configuration Guide Table 32-6 Length of template elements Name dmac dport dscp ip-precedence ethernet-protocol fragment-flags icmp-code icmp-type ip-protocol smac sport tcp-flag vlanid c-tag-cos c-tag-vlanid bt-flag Note: The numbers listed in the table are not the actual length of these elements in IP packets, but their length in flow template.
Page 377 Apply the user-defined flow template Cancel the applied flow template 32.2.3 Defining ACL The switch supports several types of ACLs, which are described in this section. Follow these steps to define an ACL Enter the corresponding ACL view Define ACL rules...
Page 378 3Com Switch 8800 Configuration Guide Note: If the time-range keyword is not selected, the ACL will be effective at any time after being activated. You can define multiple rules for the ACL by using the rule command several times. If the ACL is sent directly to hardware for packet filtering and traffic classification, the auto matching order is available and the user-defined (config) matching order becomes ineffective.
Page 379 3Com Switch 8800 Configuration Guide Table 32-9 Define advanced ACL Operation Enter advanced ACL view (system view) Define an ACL rule (advanced ACL view) Delete an ACL rule (advanced ACL view) Delete an ACL or all ACLs (system view) Note that the port1 and port2 parameters in the command should be TCP/UDP ports for advanced applications.
Page 380: Displaying And Debugging Acl Configurations
3Com Switch 8800 Configuration Guide 32.2.4 Activating ACL After defining an ACL, you must activate it. This configuration activates those ACLs to filter or classify the packets forwarded by hardware. For interface cards, perform the following configurations in Ethernet port view or port group view.
Page 381: Acl Configuration Example
3Com Switch 8800 Configuration Guide Display ACL configuration Display information Display configuration information of flow template Clear ACL statistics The display acl config command only displays the ACL matching information processed by the CPU. You can use the display qos-interface traffic-statistic commands to view the ACL matching information during data forwarding.
Page 382: Basic Acl Configuration Example
I. Network requirements With proper basic ACL configuration, during the time range from 8:00 to 18:00 everyday the switch filters the packets from the host with source IP 10.1.1.1 (the host is connected through the port Ethernet2/1/1 to the switch.) II.
Page 383 Only the commands concerning ACL configuration are listed here. Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily Define the traffic with source IP 10.1.1.1. Create a name-based basic ACL “traffic-of-host” and enter it.
Page 384 3Com Switch 8800 Configuration Guide Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily Define a user-defined flow template [SW8800] flow-template user-defined slot 3 ethernet-protocol smac 0-0-0 dmac 0-0-0 Define the traffic with source MAC 00e0-fc01-0101 and destination MAC 00e0-fc01-0303.
Page 385: Qos Overview
A classification rule can be very simple. For example, the switch can identify the packets of different priority levels according to the ToS (type of service) field in the packet headers. It can also be very complex. For example, it may...
Page 386 3Com Switch 8800 Configuration Guide There are two key steps in packet filtering: Step 1: Classify the traffic at the port according to a specific rule. Step 2: Run filtering operation (deny or permit) to the identified traffic. By default, deny operation is selected.
Page 387 3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Figure 33-2 Ethernet frame with 802.1Q tag header In the above figure, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag header after the source address in Ethernet header. The 802.1Q tag header contains a 2-byte TPID (Tag protocol Identifier, with the value 8100) and a 2-byte TCI (tag control information).
Page 388 Figure 33-4 Priority queues SP algorithm is designed for key services. One of the characteristics of key services is these services should be processed first to minimize response delay during switch congestion. For example, there are eight outbound queues at the port, numbered respectively as 7 to 0, with priority levels in descending order.
Page 389 The system can make traffic statistics based on flow for further analysis. 33.2 Introduction to Port Group-Based QoS Configuration To configure QACL for a port group on the Switch 8800, you only need to create a port group and configure QACL for the group. Then the configuration becomes valid for all members in the group.
Page 390 3Com Switch 8800 Configuration Guide Item Apply flow template Activate ACL Configure local precedence port Configure traffic policing Configure traffic shaping Configure traffic priority Configure traffic redirection Configure queue scheduling algorithm Configure drop algorithm Configure traffic mirroring Configure traffic statistics...
Page 391 3Com Switch 8800 Configuration Guide Item Display configuration For the common interface boards except XP4, note that: The port group members must be on the same board and each port can only be added to one port group. The aggregated port cannot be added to the port group. If a port group member is to be aggregated, it exits from the port group automatically and the configuration of the primary port in an aggregated group overrides that of this port.
Page 392: Qos Configuration
Create a number-based basic ACL 2000 and enter it. [SW8800] acl number 2000 Define ACL rule for the traffic from PC1. [SW8800-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range 3Com [SW8800-acl-basic-2000] quit Create a port group. Create port group 1 and enter the port group view.
Page 393 The result calculated from the user-defined CIR, CBS, EBS, PIR and actual traffic when the switch runs traffic policing, in the range of 0 to 2. It is used as a parameter in the traffic-limit command (here the value depends on the calculated result).
Page 394 3Com Switch 8800 Configuration Guide After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The switch first gets its local precedence and drop precedence according to the packet 802.1p priority value, by searching in the CoS — >...
Page 395 In the traffic supervision action, the switch uses the service parameters allocated according to the DSCP + Conform-Level —> Service parameter mapping table and the EXP + Conform-Level —>...
Page 396 3Com Switch 8800 Configuration Guide Restore the default values of the Local-precedence + Conform-Level —> mapping table (conform level view) The system provides default mapping tables. II. Configuring traffic policing The purpose of this configuration task is to implement traffic policing on ACL-matched data streams, and then take normal actions on data streams within the traffic limit and take other actions (discarding packets, for example) on those exceeding the limit.
Page 397 3Com Switch 8800 Configuration Guide Note: The parameters of traffic policy must be the same if you configure the same tc-index for different traffic; otherwise the system prompts you for the wrong configuration. For traffic policing configuration over the port group, all ports in the group shares the same bandwidth, that is, the traffic parameters you define take effect on all ports in the group.
Page 398 Configure traffic shaping Remove traffic shaping setting The switch supports traffic shaping based on port, that is, all traffic on the port is shaped. It also supports traffic shaping for a specific queue. You can choose to achieve one of them by selecting different parameters in the command.
Page 399 3Com Switch 8800 Configuration Guide Remove traffic setting which applies IP group ACL and link group ACL at same time Configure traffic which only applies link group Remove traffic setting which only applies link group ACL system-index index here is the system index for an ACL rule. When delivering a rule, the system assigns an index to it, for convenience of later retrieval.
Page 400 3Com Switch 8800 Configuration Guide Table 33-9 Configure traffic redirection Operation Configure traffic redirection which only applies IP group Remove traffic redirection setting which only applies IP group ACL Configure traffic redirection which applies IP group ACL and link group ACL at same...
Page 401 All-WRR mode: The outbound queues are divided into WRR queue 1 and WRR queue 2. The switch first schedules the queues in the WRR queue1. If no packets are waiting for being forwarded in WRR queue 1, then it begins to schedule the queues in WRR queue 2.
Page 402 I. Configuring WRED parameters The switch provides four sets of default WRED parameters, respectively numbered as 0 to 3. Each set includes 80 parameters, 10 parameters for each of the eight queues. The ten parameters are green-min-threshold, yellow-min-threshold, red-min-threshold, green-max-threshold, yellow-max-threshold, red-max-threshold, green-max-prob, yellow-max-prob, red-max-prob and exponent.
Page 403 3Com Switch 8800 Configuration Guide II. Configuring drop algorithm Please perform the following configurations in Ethernet port view. Table 33-12 Configure drop algorithm Operation Configure drop algorithm Restore the default algorithm By default, tail drop mode is selected. See the corresponding Command Manual for details of the commands.
Page 404 Up to 20 mirroring groups can be configured at a port, with each group including one monitoring port and multiple monitored ports. Note: The Switch 8800 supports cross-board mirroring, that is, the monitoring and monitored ports can be at different boards. Consider these issues when configuring port mirroring: For intra-board mirroring, only one monitoring port can be configured for the mirroring groups in the same direction.
Page 405 3Com Switch 8800 Configuration Guide port. You can only choose port B on board 2 as its monitoring port when configuring a second mirroring group in the same direction on board 1. One mirroring group can contain as many as 24 monitored ports at most.
Page 406 3Com Switch 8800 Configuration Guide Configure traffic statistics which only applies link group ACL Remove traffic statistics setting which only applies link group ACL Display traffic statistics for the port Note: The system counts the traffic on all ports in the group after you use the traffic-statistic command in port group view.
Page 407 3Com Switch 8800 Configuration Guide Operation Display traffic configuration of a port Display queue configuration of a port Display traffic configuration of a port Display the parameter settings for traffic policing Display QoS configuration of a VLAN Display traffic configuration of a VLAN...
Page 408: Configuration Example
3Com Switch 8800 Configuration Guide 33.4 Configuration Example 33.4.1 Traffic Shaping Configuration Example I. Network requirements Set traffic shaping for the outbound queue 2 at the port GE7/1/8: maximum rate 500kbps, burst size 12k bytes. II. Network diagram GE7/1/1 GE7/1/1...
Page 409 1.0.0.1/8 1.0.0.1/8 Figure 33-8 Network diagram for priority configuration III. Configuration procedure Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily Define the traffic from PC1. GE3/1/1 GE3/1/1 E3/0/1 E3/0/1...
Page 410 Create a number-based basic ACL 2000 and enter it. [SW8800] acl number 2000 Define ACL rule for the traffic from PC1. [SW8800-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range 3Com Define the CoS—> Conform-Level mapping table. Define the CoS — > Conform-Level mapping table. The switch allocates drop precedence (all as 0 for the sake of simplification) for them when receiving packets.
Page 411 [SW8800] acl number 2000 Define ACL rule for the traffic from PC1. [SW8800-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range 3Com Modify the next hop for the packets from PC1. Define the next hop for the packets from PC1 as 2.0.0.1.
Page 412 3Com Switch 8800 Configuration Guide 33.4.5 Queue Scheduling Configuration Example I. Network requirements Modify the correspondence between 802.1p priority levels and local priority levels to change the mapping between 802.1p priority levels and queues. That is, put packets into outbound queues according to the new mapping. Use WRR algorithm for the queues 0 to 5 at the port GE7/1/1.
Page 413 3Com Switch 8800 Configuration Guide Use WRR algorithm for the queues 0 to 5. Set the queues 0, 1 and 2 into WRR queue 1, with weight respectively as 20, 20 and 30; set the queues 3, 4 and 5 into WRR queue 2, with weight respectively as 20, 20 and 40.
Page 414 33.4.7 Traffic Statistics Configuration Example I. Network requirements Suppose the IP address of PC1 is 1.0.0.1 and that of PC2 is 2.0.0.1. The switch is up-linked through the port GE7/1/8. Count the packets sent from the switch to PC1 during the time range from 8:00 to 18:00 every day.
Page 415 3Com Switch 8800 Configuration Guide Count the packets to PC1 and display the result using the display command. [SW8800-GigabitEthernet7/1/1] traffic-statistic inbound ip-group 2000 rule 0 [SW8800] display qos-interface GigabitEthernet7/1/1 traffic-statistic GigabitEthernet7/1/1: traffic-statistic Inbound: Matches: Acl 2000 rule 0 12002688 bytes (green 1270244416 byte(s), yellow 1895874880 byte(s), red...
Page 416: Configuring Acl For Telnet Users
The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access (currently the Switch 8800 does not support it). The security control over the access measures is provided with the switches to prevent illegal users from logging on to and accessing the devices.
Page 417 3Com Switch 8800 Configuration Guide Operation Delete a sub-rule (basic ACL view) Delete an ACL or all ACLs (system view) Enter advanced ACL view from system view Define sub-rule( ACL view) Delete a sub-rule(advanced ACL view ) Delete an ACL or all ACLs (system view) You can define multiple rules for an ACL by using the rule command several times.
Page 418: Configuring Acl For Snmp Users
[SW8800] user-interface vty 0 4 [SW8800-user-interface-vty0-4] acl 2000 inbound 34.3 Configuring ACL for SNMP Users The Switch 8800 supports remote network management (NM) and the user can use SNMP to access them. Proper ACL configuration can prevent illegal users from logging onto the switches.
Page 419 3Com Switch 8800 Configuration Guide 34.3.2 Importing ACL Import the defined ACL into the commands with SNMP community, username and group name configured, to achieve ACL control over SNMP users. Perform the following configurations in system view. Table 34-3 Import ACL...
Page 420 [SW8800-acl-basic-2000] rule 3 deny source any [SW8800-acl-baisc-2000] quit Import the ACL. [SW8800] snmp-agent community read 3Com acl 2000 [SW8800] snmp-agent group v3 3Comgroup acl 2000 [SW8800] snmp-agent usm-user v3 3Comuser 3Comgroup acl 2000 Chapter 34 Logon User ACL Control Configuration...
Page 421: Chapter 35 Mpls Architecture
Chapter 35 MPLS Architecture Note: A Switch 8800 running MPLS can serve as a router. Routers mentioned in this manual can be either a router in common sense, or a layer 3 Ethernet switch running MPLS. To enable MPLS function on the Switch 8800, you must select the interface cards that support MPLS.
Page 422: Label
3Com Switch 8800 Configuration Guide 35.2.2 Label I. Label definition A label is a locally significant short identifier with fixed length, which is used to identify a FEC. When reaching at MPLS network ingress, packets are divided into different FECs, based on their FECs, different labels are encapsulated into the packets.
Page 423 Upstream and downstream are just on a relative basis: For a packet forwarding process, the transmit router serves as upstream LSR and receive router serves as downstream LSR. Currently, the Switch 8800 adopts the DU label distribution mode. Label assignment control mode There are two modes to control the assignment and distribution of labels: independent mode and ordered mode.
Page 424: Ldp
FEC or the LSR serves as LSP (Label Switching Path) egress node. Note: Currently, the Switch 8800 adopts the ordered label control mode. Label retention mode There are two label-retention modes: liberal label retention mode and conservative label retention mode.
Page 425: Forwarding Labeled Packets
3Com Switch 8800 Configuration Guide with labels, distributes label binding messages, establishes and maintains label forwarding table. The network consisting of LSRs is called MPLS domain. The LSR that is located at the edge of the domain is called edge LSR (LER, Labeled Edge Router). It connects an MPLS domain with a non-MPLS domain or with another MPLS domain, classifies packets, distributes labels (as ingress LER) and distracts labels (as egress LER).
Page 426: Establishing Lsp
3Com Switch 8800 Configuration Guide 35.3.3 Establishing LSP Actually, the establishment of LSP refers to the process of binding FEC with the label, and then advertising this binding to the adjacent LSR on LSP. This process is implemented through LDP, which regulates the message in interactive processing and message structure between LSRs as well as routing mode.
Page 427: Lsp Tunnel And Hierarchy
3Com Switch 8800 Configuration Guide received the returned label map message from its downstream LSR. Usually, the upstream LSR selects the downstream LSR according to the information in its routing table. In Figure 35-4, LSRs on the way along LSP1 use the sequential label control mode, and the LSR F on LSP2 uses independent label control mode.
Page 428: Mpls And Other Protocols
3Com Switch 8800 Configuration Guide As shown in Figure 35-5, LSP <R2 R21 R22 R3> is a tunnel between R2 and R3. II. Multi-layer label stack In MPLS, a packet may carry multiple labels which are in the form of stack. Operations to the stack follow the “last in first out”...
Page 429 The basic structure of MPLS-based VPN is shown in Figure 35-6. CE is the customer edge device, and it may either be a router or a switch, or perhaps a host. PE is a service provider edge router, which is located on the backbone network. PE is responsible for the management of VPN customers, establishing LSP connection between various PEs, route allocation among different branches of the same VPN customer.
Page 430: Chapter 36 Mpls Basic Capability Configuration
Enable LDP Enter VLAN interface view and enable MPLS and LDP on the interface Then the routing switch can provide MPLS forwarding and LDP signaling functions. If you want to modify the default parameters or enable some special functions, for example, manually creating LSP or explicit route, you can configure according to the methods in configuration list.
Page 431: Enabling Mpls And Entering Mpls View
3Com Switch 8800 Configuration Guide Table 36-1 Define MPLS LSR ID Operation Define LSR ID Delete LSR ID By default, LSR ID is not defined. 36.2.2 Enabling MPLS and Entering MPLS View In system view, you can first enable MPLS globally and enter MPLS view using the mpls command.
Page 432: Ldp Configuration
3Com Switch 8800 Configuration Guide be the ingress node, an intermediate node (also called transit node), or the egress node. Note that an LSP operates normally only after all the LSRs along the LSP have been properly configured. The undo static-lsp command is used to delete a specified LSP established manually.
Page 433: Enabling Ldp On Vlan Interface
3Com Switch 8800 Configuration Guide Table 36-5 Enable/disable LDP view Operation Enable LDP protocol Disable LDP By default, LDP is disabled. 36.3.2 Enabling LDP on VLAN interface To make the VLAN interface support LDP, you must enable LDP function on virtual interface in VLAN interface mode.
Page 434: Configuring Session Parameters
3Com Switch 8800 Configuration Guide There is no default remote-peer. II. Configuring an address for the remote-peer You can specify the address of any LDP-enabled interface on the remote-peer or the address of the loopback interface on the LSR that has advertised the route as the address of the remote-peer.
Page 435 3Com Switch 8800 Configuration Guide Table 36-9 Configure basic session hold-time Operation Configure session hold-time Return to the default value By default, the session-holdtime is 60 seconds and hello-holdtime is 15 seconds. Perform the following configuration in remote-peer view. Table 36-10 Configure remote session hold-time...
Page 436: Configuring Ldp Loop Detection Control
3Com Switch 8800 Configuration Guide 36.3.5 Configuring LDP Loop Detection Control I. Enabling loop detection It is used to enable or disable the loop detection function during LDP signaling process. The loop detection includes maximum hop count mode and path vector mode.
Page 437: Configuring Ldp Authentication Mode Between Every Two Routers
3Com Switch 8800 Configuration Guide III. Setting the maximum hop count in path vector mode When path vector mode is adopted for loop detection, it is also necessary to specify the maximum value of LSP path. In this way, when one of the following conditions is met, it is considered that a loop happens and the LSP establishment fails.
Page 438 3Com Switch 8800 Configuration Guide Table 36-16 Display the static LSP information Operation Display the static LSP information II. Displaying MPLS-enabled interfaces After accomplishing the configuration tasks mentioned previously, you can execute the display command in any view to view the information related to the MPLS-enabled interfaces and thus to evaluate the effect of the configurations.
Page 439: Displaying And Debugging Ldp
3Com Switch 8800 Configuration Guide V. Trapping MPLS This command is used to enable the trap function of MPLS during an LSP/LDP setup process. Perform the following configuration in system view. Table 36-20 Enable the trap function of MPLS Operation...
Page 440: Typical Mpls Configuration Example
3Com Switch 8800 Configuration Guide II. LDP debugging commands Execute debugging command in user view for the debugging of various messages related to LDP Table 36-22 Enable/disable debugging for MPLS LDP Operation Enable debugging for MPLS LDP Disable debugging for...
Page 441 3Com Switch 8800 Configuration Guide II. Network diagram Switch A Switch A VLAN201 VLAN201 168.1.1.1 168.1.1.1 Figure 36-1 Network diagram III. Configuration procedure Configure Switch A Configure LSR ID and enable MPLS and LDP. [SW8800] mpls lsr-id 168.1.1.1 [SW8800] mpls...
Page 442 [SW8800-Vlan-interface202] ip address 100.10.1.2 255.255.255.0 [SW8800-Vlan-interface202] mpls [SW8800-Vlan-interface202] mpls ldp enable [SW8800-Vlan-interface202] mpls ldp transport-ip interface [SW8800-Vlan-interface202] quit Enable OSPF on the interfaces respectively connecting Switch B with Switch A, Switch D and Switch C. [SW8800] Router id 172.17.1.1 [SW8800] ospf [SW8800-ospf-1] area 0 [SW8800-ospf-1-area-0.0.0.0] network 168.1.0.0 0.0.255.255...
Page 443 3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Configure LSR ID and enable MPLS and LDP. [SW8800] mpls lsr-id 100.10.1.1 [SW8800] mpls [SW8800-mpls] quit [SW8800] mpls ldp Configure IP address and enable LDP and MPLS for VLAN interface 202.
Page 444: Troubleshooting Mpls Configuration
3Com Switch 8800 Configuration Guide 36.6 Troubleshooting MPLS Configuration Symptom: Session cannot be setup with the peer after LDP is enabled on the interface. Troubleshooting: Cause 1: Loop detection configuration is different at the two ends. Solution: Check loop detection configuration at both ends to see if one end is configured while the other end is not (this will result in session negotiation failure).
Page 445: Chapter 37 Bgp/Mpls Vpn Configuration
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration 37.1 BGP/MPLS VPN Overview Traditional VPN, for which layer 2 tunneling protocols (L2TP, L2F and PPTP, and so on.) or layer 3 tunnel technology (IPSec, GRE and so on.) is adopted, is a great success and is therefore widely used.
Page 446: Bgp/Mpls Vpn Model
It may be a router or a switch which cannot sense the existence of VPN. PE (Provider Edge) router: It is the Provider Edge router, namely the edge device of the provider network, which connects with your CE directly.
Page 447 3Com Switch 8800 Configuration Guide VPNs. These disadvantages not only increase the network operating cost, but also bring relevant management and security issues. The nested VPN is a better solution. Its main idea is to transfer VPNv4 route between PE and CE of common BGP MPLS/VPN such that user themselves can manage their internal VPN division, and the service provider can be saved from participating into users' internal VPN management.
Page 448 PE routers, so routing errors may occur for the different meaning in two systems. The solution is to switch IPv4 addresses to VPN-IPv4 address to generate globally unique addresses before advertising them, so PE routers is required to support MP-BGP.
Page 449: Bgp/Mpls Vpn Implementation
3Com Switch 8800 Configuration Guide Import Route Targets: ( IRT1, IRT2, ... ,IRTm ) Figure 37-3 Route filtering through matching VPN Target attribute Note: The routes for other VPNs will not appear in the VPN's routing table by using VPN Target attribute to filter routing information received at PE router, so the CE-transmitted data will only be forwarded within the VPN.
Page 450 3Com Switch 8800 Configuration Guide LSPs must be set up between PEs for VPN data traffic forwarding with MPLS LSP. The PE router which receives packets from CE and create label protocol stack is called ingress LSR, while the BGP next hop (egress PE router) is egress LSR. Using LDP to create fully connected LSPs among PEs.
Page 451: Nested Bgp/Mpls Vpn Implementation
3Com Switch 8800 Configuration Guide Each P router on LSP forwards MPLS packets using exterior-layer label to the penultimate-hop router, namely the P router before PE2. The penultimate-hop router extracts the exterior-layer and sends MPLS packet to PE2. PE2 looks up in the MPLS forwarding table according to the interior-layer label and destination address to determine the egress interface for labeling operation and the packet.
Page 452: Introduction To Ospf Multi-Instance
3Com Switch 8800 Configuration Guide As shown in Figure 37-5, the PEs directly connected with user devices are called UPE (underlayer PE or user-end PE); the devices in the core network connected with the UPEs are called SPE (superstratum PE or service-provider-end PE).
Page 453: Introduction To Multi-Role Host
3Com Switch 8800 Configuration Guide interface, routing table, and sends VPN routing information over MPLS network using BGP/OSPF interaction. If supporting OSPF multi-instance, one router can run multiple OSPF procedures, which can be bound to different VPN instances. In practice, you can create one OSPF instance for each service type.
Page 454: Bgp/Mpls Vpn Configuration
3Com Switch 8800 Configuration Guide compromised method brings additional configuration burden and has limitation in actual use. To resolve this problem, the idea of multi-role host is generated. Specifically to say, this idea is to differentiate the accesses to different VPNs through configuring policy routing based on IP addresses, and transmit downstream data flow from PE to CE by configuring static routing.
Page 455 3Com Switch 8800 Configuration Guide I. Creating static route If you select static route mode for CE-PE route switching, you should then configure a private static route pointing to PE on CE. Perform the following configuration in the system view.
Page 456: Configuring Pe Router
3Com Switch 8800 Configuration Guide 37.2.2 Configuring PE Router I. Configuring basic MPLS capability It includes configuring MPLS LSR ID, enable MPLS globally and enable MPLS in the corresponding VLAN interface view. See MPLS Basic Capacity Configure for details. II. Defining BGP/MPLS VPN site Create vpn-instance and enter vpn-instance view The VPN instance is associated with a site.
Page 457 3Com Switch 8800 Configuration Guide Configure vpn-instance description Perform the following configuration in vpn-instance view Table 37-5 Configure vpn-instance description Operation Configure vpn-instance description Delete vpn-instance description Configure vpn-target attribute for the vpn-instance VPN-target attribute, a BGP extension community attribute, controls advertisement of VPN routing information.
Page 458 3Com Switch 8800 Configuration Guide By default, the value is both. In general all sites in a VPN can be interconnected, and the import-extcommunity and export-extcommunity attributes are the same, so you can execute the command only with the both option.
Page 459 3Com Switch 8800 Configuration Guide Table 37-8 Configure basic ACL Operation Configure basic ACL Delete basic ACL Defines subrules for the basic ACL Perform the following configuration in corresponding ACL view. Table 37-9 Define subrules of the ACL Operation Define the subrule of basic ACL...
Page 460 3Com Switch 8800 Configuration Guide Both VLAN ID and IP address-based packet redirection. Perform the following configuration in the Ethernet port view. Table 37-12 Configure packet redirection at the Ethernet port on the B card Operation Configure redirection specific port on the supporting MPLS card.
Page 461 3Com Switch 8800 Configuration Guide You can configure a static route pointing to CE on PE for it to learn VPN routing information from CE. Perform the following configuration in the system view. Table 37-14 Configure static route in vpn-instance routing table...
Page 462 3Com Switch 8800 Configuration Guide routes should also be imported into OSPF. Here only introduces OSPF multi-instance configuration in detail. First step: Configure OSPF procedure. Perform the following configuration in the system view. Table 37-16 Configure OSPF procedure Operation Configure an OSPF procedure Delete an OSPF procedure By default, the procedure index is 1.
Page 463 3Com Switch 8800 Configuration Guide Caution: The configured value will not take effect unit the command reset ospf is executed. Step 3: Configure tag for imported VPN route (optional) If a VPN site links to multiple PEs, routing ring may present when the routes learned by MPLS/BGP are received by another PE router in being advertised by category-5/-7 LSA of a PE to the VPN site.
Page 464 3Com Switch 8800 Configuration Guide Table 37-19 Configure sham link Operation Configure sham link Delete a sham link By default, the cost value is 1, dead value is 40 seconds, hello value is 10 seconds, retransmit value is 5 seconds and trans-delay value is 1 second.
Page 465 3Com Switch 8800 Configuration Guide By default, BGP neighbor is active while MBGP neighbor is inactive. You should activate MBGP neighbor in VPNv4 sub-address family view. Perform the following configuration in VPNv4 sub-address family view. Table 37-22 Activate/deactivate peer (group)
Page 466 3Com Switch 8800 Configuration Guide In the case of standard BGP, BGP tests routing loop via AS number to avoid generating routing loop. In the case of Hub&Spoke networking, however, PE carries the AS number of the local autonomous system when advertising the routing information to CE, if EBGP is run between PE and CE.
Page 467 3Com Switch 8800 Configuration Guide Table 37-26 Permit BGP session over any operable TCP interface Operation Permit BGP session over any operable TCP interface Use the best local address for TCP connection BGP creates BGP adjacency to the peer end using specific interfaces, which is usually the loopback interface.
Page 468 3Com Switch 8800 Configuration Guide Table 37-29 Enable/disable IBGP peer group Operation Enable a peer group Disable a specific peer group Step 4: Configure the local address as the next hop in route advertisement (optional) Since the default value is no configuration, you must show clearly to add in this configuration command when configuring MBGP of PE-PE.
Page 469: Configuring P Router
3Com Switch 8800 Configuration Guide Operation Remove to advertise default route to the peer (group) Step 7: Configure BGP neighbor as the UPE of BGP/MPLS VPN This command is only used for UPE (user port function) of BGP/MPLS VPN. Configuring the following commands in the VPNv4 sub-address family view.
Page 470 3Com Switch 8800 Configuration Guide II. Displaying IP routing table associated with vpn-instance After the above configuration, you can execute display command in any view to display the corresponding information in the IP routing tables related to vpn-instance, and to verify the effect of the configuration.
Page 471: Typical Bgp/Mpls Vpn Configuration Example
3Com Switch 8800 Configuration Guide V. Displaying MPLS l3vpn-lsp information Table 37-38 Display MPLS l3vpn-lsp information Operation Display MPLS l3vpn LSP information Display MPLS l3vpn LSP vpn-instance information VI. Displaying sham link Table 37-39 Display sham link Operation Display sham link 37.4 Typical BGP/MPLS VPN Configuration Example...
Page 472 3Com Switch 8800 Configuration Guide II. Network diagram AS 65410 AS 65410 VLAN201 VLAN201 168.1.1.1/16 168.1.1.1/16 VPN-A VPN-A VLAN202 VLAN202 168.1.1.2/16 168.1.1.2/16 202.100.1.1./32 202.100.1.1./32 VLAN202 VLAN202 AS 65420 AS 65420 168.2.1.2/16 168.2.1.2/16 VLAN201 VLAN201 168.2.1.1/16 168.2.1.1/16 VPN-B VPN-B Figure 37-8 Network diagram for integrated BGP/MPLS VPN III.
Page 473 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on the other three CE switches (CE2 to CE4) is similar to that on CE1, the details are omitted here. Configure PE1 Configure vpn-instance for VPN-A on PE1, as well as other associated attributes to control advertisement of VPN routing information.
Page 474 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] mpls lsr-id 202.100.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1] vlan 201 [PE1-vlan201] port gigabitethernet 2/1/1 [PE1-vlan201] quit [PE1] interface Vlan-interface 201 [PE1-Vlan-interface201] ip address 172.1.1.1 255.255.0.0 [PE1-Vlan-interface201] mpls...
Page 475 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [P-LoopBack 0] quit [P] vlan 301 [P-vlan301] port gigabitethernet 3/1/1 [P-vlan301] quit [P] interface Vlan-interface 301 [P-Vlan-interface301] ip address 172.1.1.2 255.255.0.0 [P-Vlan-interface301] mpls [P-Vlan-interface301] mpls ldp enable [P-Vlan-interface301] quit [P] vlan 302...
Page 476 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [P-ospf-1] import-route direct Configure PE3 Note: The configuration on PE3 is similar to that on PE1, you should pay more attention to VPN routing attribute setting on PE3 to get information about how to control advertisement of a same VPN routing information (with same VPN-target) over MPLS network.
Page 477: Hybrid Bgp/Mpls Vpn Configuration Example
3Com Switch 8800 Configuration Guide [PE3] mpls lsr-id 202.100.1.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3] vlan 201 [PE3-vlan201] interface gigabitethernet 2/1/1 [PE3-vlan201] quit [PE3] interface Vlan-interface 201 [PE3-Vlan-interface201] ip address 172.3.1.1 255.255.0.0 [PE3-Vlan-interface201] mpls [PE3-Vlan-interface201] mpls ldp enable...
Page 478 3Com Switch 8800 Configuration Guide Two Switch 8800s serve as PE devices, which support MPLS feature. CE-1 and CE-2 are two mid-range switches; a Layer 2 switch serves as both CE-3 and CE-4, which is accessed directly with users. Two PEs are configured with the same interface cards: Slot 2 holds the common interface card with FE ports (B card) and slot 3 holds the enhanced interface card with GE ports (C card).
Page 479 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on VPN-B is similar to that on VPN-A and only VPN-A configuration is detailed here. [PE1] ip vpn-instance vpna [PE1-vpn-vpna] route-distinguisher 100:1 [PE1-vpn-vpna] vpn-target 100:1 both [PE1-vpn-vpna] quit Bind the VLAN interface connecting PE 1 and CE-1 to VPN-A.
Page 480 3Com Switch 8800 Configuration Guide Globally enable MPLS. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1] mpls ldp Configure the public network interface and enable MPLS on it. [PE1] interface loopback0 [PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack0] quit [PE1] vlan 100...
Page 481 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on VPN-B is similar to that on VPN-A and only VPN-A configuration is detailed here. [PE2] ip vpn-instance vpna [PE2-vpn-vpna] route-distinguisher 100:1 [PE2-vpn-vpna] vpn-target 100:1 both [PE2-vpn-vpna] quit Configure the VLAN interface connecting PE 2 with CE-3 and bind the VLAN interface to VPN-A.
Page 482 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn] peer 2 enable [PE2-bgp-af-vpn] peer 1.1.1.9 group 2 Globally enable MPLS. [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2] mpls ldp Configure the public network interface and enable MPLS on it.
Page 483 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: Cautions and configuration limitations in hybrid networking: For a trunk port on the common interface card, you can configure to redirect MPLS VPN of multiple VLANs to the same destination port.
Page 484: Extranet Configuration Example
3Com Switch 8800 Configuration Guide 37.4.3 Extranet Configuration Example I. Network requirements Company A and Company B are located at City A and City B respectively. Their headquarters is located at City C. They respectively own VPN1 and VPN2. In this case, VPN function is provided by MPLS. There are some shared resources at the City C for the two VPNs.
Page 485 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration III. Configuration procedure Note: This configuration procedure has omitted configurations between PE and P, and configurations on CEs. For these details refer to the former example. Configure PE-A: Configure VPN-instance 1 for VPN1 on PE-A, so that it can transceive VPN routing information of VPN-target 111:1.
Page 486 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE-A-mpls] quit [PE-A] mpls ldp Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE-A] bgp 100 [PE-A-bgp] group 20 internal [PE-A-bgp] peer 20.1.1.1 group 20...
Page 487 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE-C-LoopBack0] ip address 20.1.1.1 255.255.255.255 [PE-C-LoopBack0] quit Configure MPLS basic capacity. [PE-C] mpls lsr-id 20.1.1.1 [PE-C] mpls [PE-C-mpls] quit [PE-C] mpls ldp Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view.
Page 488: Hub&Spoke Configuration Example
3Com Switch 8800 Configuration Guide [PE-B] vlan 301 [PE-B-vlan301] port gigabitethernet 3/1/1 [PE-B-vlan301] quit [PE-B] interface Vlan-interface 301 [PE-B-Vlan-interface301] ip binding vpn-instance vpn-instance3 [PE-B-Vlan-interface301] ip address 172.17.0.1 255.255.0.0 [PE-B-Vlan-interface301] quit Configure loopback interface [PE-B] interface loopback 0 [PE-B-LoopBack0] ip address 30.1.1.1 255.255.255.255 [PE-B-LoopBack0] quit Configure MPLS basic capacity.
Page 489 3Com Switch 8800 Configuration Guide Set up IBGP adjacency between PE1 and PE2 or PE1 and PE3, but not between PE2 and PE3, that is, VPN routing information cannot be exchanged between PE2 and PE3. Create two VPN-instances on PE1, import VPN routes of VPN-target 100:11 and 100:12, set VPN-target for VPN routes advertised as 100:2.
Page 490 3Com Switch 8800 Configuration Guide II. Network diagram Spoke Site Spoke Site Spoke Site VLAN201 VLAN201 172.15.0.1/16 172.15.0.1/16 Figure 37-11 Network diagram for Hub&Spoke III. Configuration procedure Note: The following contents are omitted in this case: MPLS basic capacity configuration between PEs, configuration between PE and P, configuration between CEs.
Page 491 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn-instance2 [PE1-bgp-af-vpn-instance] import-route static [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] group 17216 external [PE1-bgp-af-vpn-instance] peer 172.16.1.1 group 17216 as-number 65002 [PE1-bgp-af-vpn-instance] quit [PE1-bgp] ipv4-family vpn-instance vpn-instance3...
Page 492 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp] peer 22.1.1.1 group 22 as-number 100 [PE1-bgp] peer 22.1.1.1 connect-interface loopback 0 [PE1-bgp] group 33 [PE1-bgp] peer 33.1.1.1 group 33 as-number 100 [PE1-bgp] peer 33.1.1.1 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 22 enable [PE1-bgp-af-vpn] peer 22.1.1.1 group 22...
Page 493 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-LoopBack0] quit Set up MP-IBGP adjacency between PE2 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE2] bgp 100 [PE2] group 11 [PE2-bgp] peer 11.1.1.1 group 11 as-number 100...
Page 494: Ce Dual-Home Configuration Example
3Com Switch 8800 Configuration Guide [PE3] interface loopback 0 [PE3-LoopBack0] ip address 33.1.1.1 255.255.255.255 [PE3-LoopBack0] quit Set up MP-IBGP adjacency between PE3 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE3] bgp 100 [PE3-bgp] group 11 [PE3-bgp] peer 11.1.1.1 group 11...
Page 495 3Com Switch 8800 Configuration Guide II. Network diagram AS:65003 AS:65003 VLAN211 VLAN211 192.168.13.2/24 192.168.13.2/24 192.168.13.1/24 192.168.13.1/24 30.1.1.2/24 30.1.1.2/24 Loopback0 Loopback0 1.1.1.1/32 1.1.1.1/32 VLAN211 VLAN211 172.11.11.1/24 172.11.11.1/24 VLAN211 VLAN211 172.11.11.2/24 172.11.11.2/24 VLAN212 VLAN212 172.12.12.2/24 172.12.12.2/24 AS:65001 AS:65001 Figure 37-12 Network diagram for CE dual-home III.
Page 496 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-vpn-vpn-instance1.2] quit Set up MP-EBGP adjacency between PE1 and CE1, import intra-CE1 VPN routes learned into VPN-instance 1.1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn-instance1.1 [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] import-route static [PE1-bgp-af-vpn-instance] group 17211 external [PE1-bgp-af-vpn-instance] peer 172.11.11.2 group 17211 as-number 65001...
Page 497 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Configure MPLS basic capacity, enable LDP on the interface connecting PE1 and PE2 and the interface connecting PE1 and PE3. [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp...
Page 498 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp] peer 3.3.3.3 group 3 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 2 enable [PE1-bgp-af-vpn] peer 2.2.2.2 group 2 [PE1-bgp-af-vpn] peer 3 enable [PE1-bgp-af-vpn] peer 3.3.3.3 group 3...
Page 499 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 17222 as-number 65002 [PE2-bgp-af-vpn] quit [PE2-bgp] quit Bind the interface connecting PE2 and CE1 to VPN-instance 2.1 and the interface connecting PE2 and CE2 to VPN-instance 2.2.
Page 500: Cross-Domain Bgp/Mpls Vpn Configuration Example
3Com Switch 8800 Configuration Guide [PE3-bgp-af-vpn-instance] import-route direct [PE3-bgp-af-vpn-instance] import-route static [PE3-bgp-af-vpn-instance] group 192 external [PE3-bgp-af-vpn-instance] peer 192.168.13.2 group 192 as-number 65003 [PE3-bgp-af-vpn-instance] quit [PE3-bgp] quit Set up MP-EBGP adjacency between PE3 and CE4, import intra-CE4 VPN routes learned into VPN-instance3.2.
Page 501 3Com Switch 8800 Configuration Guide II. Network diagram VLAN205 VLAN205 10.1.1.2/24 10.1.1.2/24 10.1.1.2/24 10.1.1.2/24 10.1.1.2/24 10.1.1.2/24 PE1:1.1.1.1/32 PE1:1.1.1.1/32 VLAN201 VLAN201 172.11.11.1/24 172.11.11.1/24 172.11.11.1/24 172.11.11.1/24 VLAN201 VLAN201 172.11.11.2/24 172.11.11.2/24 172.11.11.2/24 172.11.11.2/24 192.168.11.10 192.168.11.10 192.168.11.10 192.168.11.10 192.168.11.10 192.168.11.10 Figure 37-13 Network diagram for ASBR III.
Page 502 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] vlan 205 [PE1-vlan205] port gigabitethernet 2/2/1 [PE1-vlan205] quit [PE1] interface Vlan-interface 205 [PE1-Vlan-interface205] mpls [PE1-Vlan-interface205] mpls ldp enable [PE1-Vlan-interface205] ip address 10.1.1.2 255.255.255.0 Bind the VLAN interface with the VPN-instance.
Page 503 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp Configure the VLAN interface connecting CE. [PE2] vlan 203 [PE2-vlan203] port gigabitethernet 2/1/1 [PE2-vlan203] quit [PE2] vlan 204 [PE2-vlan204] port gigabitethernet 2/1/2 [PE2-vlan204] quit Configure loopback interface.
Page 504 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-12 external [PE2-bgp-af-vpn-instance] peer 172.12.12.2 group 172-12 as-number 65012 [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-22 external [PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 172-22 as-number 65022...
Page 505: Cross-Domain Bgp/Mpls Vpn Configuration Example — Option C
3Com Switch 8800 Configuration Guide [P1-Vlan-interface206] mpls ldp enable [P1-Vlan-interface206] ip address 98.98.98.1 255.255.255.0 [P1-Vlan-interface206] quit Configure IBGP neighbors and EBGP neighbors. [P1] bgp 100 [P1-bgp] group 1 internal [P1-bgp] peer 1.1.1.1 group 1 [P1-bgp] peer 1.1.1.1 connect-interface loopback0 [P1-bgp] group 4 external [P1-bgp] peer 98.98.98.2 group 4 as-number 200...
Page 506 3Com Switch 8800 Configuration Guide III. Configuration procedure Configuring OSPF on the MPLS backbone network Configuring basic MPLS capability on the MPLS backbone network Configuring a VPN instance on PEs. Configuring MP-BGP Configure OSPF as the IGP protocol on the MPLS backbone network; making OSPFs on PEs can learn routes from each other.
Page 507 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] interface pos1/1/0 [PE2-Pos1/1/0] ip address 162.1.1.2 255.255.0.0 [PE2-Pos1/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 162.1.0.0 0.0.255.255 [PE2-ospf-1-area-0.0.0.0] network 202.200.1.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit Configure ASBR-PE2 [ASBR-PE2] interface loopback0 [ASBR-PE2-LoopBack0] ip address 202.200.1.1 255.255.255.255...
Page 508 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-Pos1/1/0] mpls ldp [PE1-Pos1/1/0] quit Configure basic MPLS capability on ASBR-PE1, enable LDP on the interface connected to PE1, and enable MPLS on the interface connected to ASBR-PE2. [ASBR-PE1] mpls lsr-id 172.1.1.1...
Page 509 3Com Switch 8800 Configuration Guide Create a VPN instance on each PE, and bind the instance to the interface connected to the corresponding CE. Configure CE1 [CE1] interface ethernet 1 [CE1-Ethernet1] ip address 168.1.1.2 255.255.0.0 [CE1-Ethernet1] quit Create a VPN instance on PE1 and bind it to the interface connected to CE1...
Page 510 3Com Switch 8800 Configuration Guide Note: Enable the exchanging of label-carried IPv4 route between the following routers: PE1 and ASBR-PE1, PE2 and ASBR-PE2, ASBR-PE1 and ASBR-PE2. Make each ASBR-PE change the next hop to its own when it advertises routes to the PE in the same AS.
Page 511 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [ASBR-PE1-acl-basic-2001] quit [ASBR-PE1] route-policy rtp-ebgp permit node 1 [ASBR-PE1-route-policy] if-match acl 2001 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy rtp-ibgp permit node 10 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit Configure ASBR-PE1: set up EBGP peer relation with ASBR-PE2, and IBGP peer relation with PE1.
Page 512: Hierarchical Bgp/Mpls Vpn Configuration Example
3Com Switch 8800 Configuration Guide [PE2-bgp] group 30 external [PE2-bgp] peer 30 ebgp-max-hop [PE2-bgp] peer 202.100.1.2 group 30 as-number 100 [PE2-bgp] peer 202.100.1.2 connect-interface loopback0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpn] peer 30 enable [PE2-bgp-af-vpn] peer 202.100.1.2 group 30 [PE2-bgp-af-vpn] quit [PE2-bgp] quit Configure ASBR-PE2: configure the route policy.
Page 513 3Com Switch 8800 Configuration Guide networks at the city level into a single MPLS VPN will impose a high requirement in performance on the equipment on the entire network, in the event that the network topology size is large. However, the requirement in equipment performance can become lower if this MPLS VPN is separated into two VPNs, the network at the province level and the network at the city level, for example.
Page 514 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [SPE] mpls ldp Configure VPN-instance [SPE] ip vpn-instance vpn1 [SPE-vpn-vpn1] route-distinguisher 100:1 [SPE-vpn-vpn1] vpn-target 100:1 both Configure interfaces (So far as a PE router concerned, its LOOPBACK 0 interface must be assigned with a host address of 32-bit mask.
Page 515 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Configure the basic MPLS capability. [UPE] mpls lsr-id 1.0.0.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp Configure VPN-instance [UPE] ip vpn-instance vpn1 [UPE-vpn-vpn1] route-distinguisher 100:1 [UPE-vpn-vpn1] vpn-target 100:1 both Configure interfaces...
Page 516: Ospf Multi-Instance Sham Link Configuration Example
3Com Switch 8800 Configuration Guide 37.4.9 OSPF Multi-instance sham link Configuration Example I. Network requirements As shown in the following picture, a company connects to a WAN through OSPF multi-instance function of a router. OSPF is bind to VPN1.MPLS VPN backbone runs between PEs and OSPF runs between PE and CE.
Page 517 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] vlan 203 [PE1-vlan203] port gigabitethernet 2/1/3 [PE1-vlan203] quit [PE1] interface Vlan-interface 203 [PE1-Vlan-interface203] ip address 168.1.12.1 255.255.255.0 [PE1-Vlan-interface203] mpls [PE1-Vlan-interface203] mpls ldp enable [PE1-Vlan-interface203] quit [PE1] vlan 201 [PE1-vlan201] port gigabitethernet 2/1/1...
Page 518 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp-af-vpn-instance] import-route ospf-ase 100 [PE1-bgp-af-vpn-instance] import-route ospf-nssa 100 [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] undo synchronization Create and activate peer in MBGP. [PE1-bgp-af-vpn] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer fc enable [PE1-bgp-af-vpn] peer fc advertise-community [PE1-bgp-af-vpn] peer 50.1.1.2 group fc...
Page 519 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-Vlan-interface203] mpls ldp enable [PE2-Vlan-interface203] quit [PE2] vlan 201 [PE2-vlan201] port gigabitethernet 2/1/1 [PE2-vlan201] quit [PE2] interface Vlan-interface 201 [PE2-Vlan-interface201] ip binding vpn-instance vpn1 [PE2-Vlan-interface201] ip address 20.1.1.2 255.255.255.0 [PE2-Vlan-interface201] ospf cost 1...
Page 520 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn] peer fc enable [PE2-bgp-af-vpn] peer fc advertise-community [PE2-bgp-af-vpn] peer 50.1.1.1 group fc Configure OSPF and import BGP and direct-connect route. [PE2] ospf 100 router-id 2.2.2.2 vpn-instance vpn1 [PE2-ospf-100] import-route bgp [PE2-ospf-100] import-route static [PE2-ospf-100] area 0.0.0.0...
Page 521: Nested Bgp/Mpls Vpn Configuration Example
3Com Switch 8800 Configuration Guide [CE1-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255 Configure CE2 Configure interface. [CE2] vlan 202 [CE2-vlan202] port gigabitethernet 2/1/2 [CE2-vlan202] quit [CE2] interface Vlan-interface 202 [CE2-Vlan-interface202] ip address 12.1.1.2 255.255.255.0 [CE2-Vlan-interface202] ospf cost 100 [CE2-Vlan-interface202] quit [CE2] vlan 201...
Page 522 3Com Switch 8800 Configuration Guide II. Network diagram Pos1/1/0: Pos1/1/0: 18.1.1.2/8 18.1.1.2/8 VPN1 VPN1 AS50003 AS50003 Pos2/1/0: Pos2/1/0: 18.1.1.1/8 18.1.1.1/8 VPN3 VPN3 cust_pe1 cust_pe1 6.6.6.6 6.6.6.6 Pos2/1/0: Pos2/1/0: 15.1.1.2/8 15.1.1.2/8 VPN1 VPN1 AS50001 AS50001 Figure 37-17 Network diagram for nested VPN III.
Page 523 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-ospf-area-0.0.0.0] network 10.0.0.0 0.255.255.255 Configure prov_pe2 <SW8800> system-view [SW8800] sysname prov_pe2 [prov_pe2] interface LoopBack0 [prov_pe2-LoopBack0] ip address 4.4.4.4 255.255.255.255 [prov_pe2-LoopBack0] quit [prov_pe2] interface pos 1/1/0 [prov_pe2-Pos1/1/0] link-protocol ppp [prov_pe2-Pos1/1/0] ip address 10.1.1.2 255.0.0.0...
Page 524 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-bgp] quit Configure prov_pe2 [prov_pe2] bgp 100 [prov_pe2-bgp] group ibgp internal [prov_pe2-bgp] peer 5.5.5.5 group ibgp [prov_pe2-bgp] peer 5.5.5.5 connect-interface LoopBack0 [prov_pe2-bgp] ipv4-family vpnv4 [prov_pe2-bgp-af-vpn] peer ibgp enable [prov_pe2-bgp-af-vpn] peer ibgp next-hop-local [prov_pe2-bgp-af-vpn] peer 5.5.5.5 group ibgp...
Page 525 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe2-Pos3/1/0] ip binding vpn-instance customer_vpn [prov_pe2-Pos3/1/0] link-protocol ppp [prov_pe2-Pos3/1/0] ip address 2.1.1.2 255.0.0.0 [prov_pe2-Pos3/1/0] mpls [prov_pe2-Pos3/1/0] quit Configure cust_pe1 <SW8800> system-view [SW8800] sysname cust_pe1 [cust_pe1] interface LoopBack0 [cust_pe1-LoopBack0] ip address 6.6.6.6 255.255.255.255 [cust_pe1-LoopBack0] quit [cust_pe1] mpls lsr-id 6.6.6.6...
Page 526 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-bgp-af-vpn] peer ebgp vpn-instance customer_vpn enable [prov_pe1-bgp-af-vpn] peer 1.1.1.1 vpn-instance customer_vpn group ebgp [prov_pe1-bgp-af-vpn] peer 1.1.1.1 vpn-instance customer_vpn route-policy comm import [prov_pe1-bgp-af-vpn] quit Configure prov_pe1 to access CE5 [prov_pe1-bgp] ipv4-family vpn-instance vpn1 [prov_pe1-bgp-af-vpn-instance] group ebgp external [prov_pe1-bgp-af-vpn-instance] peer 18.1.1.2 group ebgp as-number 50003...
Page 527: Ospf Multi-Instance Ce Configuration Example
3Com Switch 8800 Configuration Guide On each Customer PE, configure the sub-VPN that accesses the network through the Customer PE. Configure cust_pe1 [cust_pe1] ip vpn-instance vpn1 [cust_pe1-vpn-instance] route-distinguisher 1:1 [cust_pe1-vpn-instance] vpn-target 1:1 [cust_pe1-vpn-instance] quit [cust_pe1] interface pos 2/1/0 [cust_pe1-Pos2/1/0] ip binding vpn-instance vpn1 [cust_pe1-Pos2/1/0] link-protocol ppp [cust_pe1-Pos2/1/0] ip address 15.1.1.2 255.0.0.0...
Page 528 3Com Switch 8800 Configuration Guide II. Network diagram Figure 37-18 Network diagram for OSPF multi-instance CE configuration III. Configuration procedure Configuring CE router Configure instance vpn1 [CE] ip vpn-instance vpn1 [CE-vpn-vpn1] route-distinguisher 100:1 [CE-vpn-vpn1] vpn-target 100:1 export-extcommunity [CE-vpn-vpn1] vpn-target 100:1 import-extcommunity...
Page 529: Multi-Role Host Configuration Example
3Com Switch 8800 Configuration Guide [CE] vlan 203 [CE-vlan203] port gigabitethernet 2/1/3 [CE-vlan203] quit [CE] interface Vlan-interface 203 [CE-Vlan-interface203] ip binding vpn-instance vpn2 [CE-Vlan-interface203] ip address 20.1.1.2 255.255.255.0 Configure VLAN204 [CE] vlan 204 [CE-vlan204] port gigabitethernet 2/1/4 [CE-vlan204] quit [CE] interface Vlan-interface 204 [CE-Vlan-interface204] ip binding vpn-instance vpn2 [CE-Vlan-interface204] ip address 20.2.1.2 255.255.255.0...
Page 530 3Com Switch 8800 Configuration Guide II. Network diagram 172.18.0.1/16 172.18.0.1/16 172.18.0.1/16 172.18.0.1/16 Ethernet2/1/0 Ethernet2/1/0 Ethernet2/1/0 Ethernet2/1/0 AS65410 AS65410 AS65410 AS65410 172.18.0.2/16 172.18.0.2/16 172.18.0.2/16 172.18.0.2/16 Ethernet1/1/0 Ethernet1/1/0 Ethernet1/1/0 Ethernet1/1/0 20.2.1.1/24 20.2.1.1/24 20.2.1.1/24 20.2.1.1/24 Ethernet3/1/0 Ethernet3/1/0 Ethernet3/1/0 Ethernet3/1/0 20.2.1.2/24 20.2.1.2/24 20.2.1.2/24 20.2.1.2/24...
Page 531 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] interface Ethernet1/1/0 [PE2-Ethernet1/1/0] ip address 192.168.1.2 24 [PE2-Ethernet1/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit...
Page 532 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] mpls lsr-id 2.2.2.9 [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface Ethernet1/1/0 [PE2-Ethernet1/1/0] mpls [PE2-Ethernet1/1/0] mpls ldp [PE2-Ethernet1/1/0] quit Create a VPN instance for VPN1 on PE2, and bind Ethernet2/1/0 to VPN1.
Page 533 3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [CE3-Ethernet1/1/0] quit [CE3] bgp 65430 [CE3-bgp] import-route direct [CE3-bgp] group 10 external [CE3-bgp] peer 20.3.1.2 group 10 as-number 100 [CE3-bgp] quit Configure PE1: set up IBGP peer relation with PE2 in BGP-VPNv4 sub-address family view;...
Page 534: Troubleshooting
[PE1-vpn-vpn2] vpn-target 100:1 import-extcommunity 37.5 Troubleshooting I. Symptom 1 In central server topology networking mode, the local end switch (spoke PE) cannot learn the routing information of the peer end switch (spoke PE). Solution: Check whether the BGP adjacent of spoke PE and hub PE is created correctly.
Page 535 VPN capacity. V. Symptom 5 During ASBR configuration, VPN route interior label does not switch on the ASBR. Solution: Check whether the VPN neighbor is created correctly using the display bgp vpnv4 all peer command.
Page 536: Chapter 38 Mstp Region-Configuration
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration 38.1 Introduction to MSTP MSTP stands for Multiple Spanning Tree Protocol, which is compatible with Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). STP is not fast in state transition. Even on a point-to-point link or a edge port, it has to take an interval twice as long as forward delay before the port transits to the forwarding state.
Page 537: Mstp Concepts
3Com Switch 8800 Configuration Guide CIST: common and internal spanning tree MSTI: multiple spanning tree instance Area D0 VLAN 1 mapped to Instance 1, domain root as B VLAN 2 mapped to Instance 2, domain root as C Other VLANs mapped to...
Page 538 MST region have different topology and their region roots may also be different. For example, the region root of the STI 1 is the switch B and that of the STI 2 is the switch C, as shown in Figure 38-1.
Page 539 In this figure, the switch A, B, C, and D make up a MST region. Port 1 and 2 on switch A connects to the common root bridge; port 5 and 6 on switch C forms a loop; port 3 and 4 on switch D connects to other MST regions in the downstream direction.
Page 540 3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Figure 38-3 BPDU packet format Figure 38-4 MSTI information format of the last part in BPDU packets Besides field root bridge priority, root path cost, local bridge priority and port priority, the field flags which takes one byte in an instance is also used for role selection.
Page 541: Mstp Principles
I. CIST calculation The CIST root is the highest-priority switch elected from the switches on the entire network through comparing their configuration BPDUs. MSTP calculates and generates IST in each MST region; at the same time it regards each MST region as a single "switch"...
Page 542 Switch B via the port AP1. To Switch B, the designated bridge is Switch A and the designated port is AP1. In the figure, Switch B and Switch C are connected to the LAN and Switch B forwards BPDU to LAN. So the designated bridge of LAN is Switch B and the designated port is BP2.
Page 543 3Com Switch 8800 Configuration Guide priorities of Switch A, B and C are 0, 1 and 2 and the path costs of their links are 5, 10 and 4 respectively. Initial state When initialized, each port of the switches generates the configuration BPDU taking itself as the root with a root path cost as 0, designated bridge IDs as their own switch IDs and the designated ports as their ports.
Page 544 ID with that in the optimum configuration BPDU, the path cost to root with 5, sets the designated bridge as the local switch ID and the designated port ID as the local port ID. Thus, the configuration BPDU becomes {0, 5, 1, BP2}.
Page 545 3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration CP2 receives from the BP2 of Switch B the configuration BPDU {1, 0, 1, BP2} that has not been updated and then the updating process is launched. The configuration BPDU is updated as {1, 0, 1, BP2}.
Page 546: Mstp Implementation On The Switch
STP and RSTP packets and calculate the spanning tree with them. Besides the basic MSTP functions, the Switch 8800 also provides some features that are easy to manage from users’ point of view. These features include root bridge hold, secondary root bridge, ROOT protection, BPDU protection, loop protection, hot swapping of the interface boards, master/slave switchover, and so on.
Page 547: Configuring Mstp
3Com Switch 8800 Configuration Guide 38.2 Configuring MSTP MSTP configuration includes: Configuring the MST Region for a Switch Specifying the Switch as a Primary or a Secondary Root bridge Configuring the MSTP Running Mode Configuring the Bridge Priority for a Switch...
Page 548: Configuring The Mst Region For A Switch
CIST is spanning tree instance 0. 38.2.1 Configuring the MST Region for a Switch Which MST region a switch belongs to is determined with the configurations of the region name, VLAN mapping table, and MSTP revision level. You can perform the following configurations to put a switch into an MST region.
Page 549 A user enables MSTP using the stp enable command. By default, the MST region name is the switch MAC address, all the VLANs in the MST region are mapped to the STI 0, and the MSTP region revision level is 0. You can restore the default settings of MST region, using the undo stp region-configuration command in system view.
Page 550: Specifying The Switch As A Primary Or A Secondary Root Bridge
After a switch is configured as the primary root bridge or the secondary root bridge, users cannot modify the bridge priority of the switch. You can configure the current switch as the primary or secondary root bridge of the STI (specified by the instance instance-id parameter). If the instance-id takes 0, the current switch is specified as the primary or secondary root bridge of the CIST.
Page 551: Configuring The Mstp Running Mode
“Configure the Hello Time of the switch”. Note: You can configure the current switch as the root of several STIs. However, it is not necessary to specify two or more roots for an STI. In other words, do not specify the root for an STI on two or more switches.
Page 552: Configuring The Bridge Priority For A Switch
3Com Switch 8800 Configuration Guide Restore the default MSTP running mode Generally, if there is a STP switch on the switching network, the port connected to it will automatically transit from MSTP mode to STP-compatible mode. But the port cannot automatically transit back to MSTP mode after the STP switch is removed.
Page 553: Configuring The Switching Network Diameter
3Com Switch 8800 Configuration Guide discards the configuration BPDU with 0 hops left. This makes it impossible for the switch beyond the max hops to take part in the spanning tree calculation, thereby limiting the scale of the MST region.
Page 554: Configuring The Time Parameters Of A Switch
BPDU can be propagated throughout the network. The switch sends Hello packet periodically at an interval specified by Hello Time to check if there is any link fault. Max Age specifies when the configuration BPDU will expire. The switch will discard the expired configuration BPDU.
Page 555 The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a link, the switch may consider it as a link fault and the network device will recalculate the spanning tree accordingly.
Page 556: Setting The Timeout Factor Of A Specific Bridge
Generally, if the switch does not receive the STP packets from the upstream switch for 3 times of hello time, the switch will decide the upstream switch is dead and will recalculate the topology of the network. Then, in a steady network, the recalculation may be caused when the upstream is busy.
Page 557: Configuring A Port As An Edge Port Or Non-Edge Port
Hello Time and too many network resources will be occupied. The default value is recommended. By default, the max transmission speed on every Ethernet port of the switch is 3. 38.2.10 Configuring a Port as an Edge Port or Non-edge Port An edge port refers to the port not directly connected to any switch or indirectly connected to a switch over the connected network.
Page 558: Configuring The Path Cost Of A Port
38.2.11 Configuring the Path Cost of a Port Path Cost is related to the speed of the link connected to the port. On the MSTP switch, a port can be configured with different path costs for different STIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing.
Page 559: Stp Path Cost Calculation Standards On Stp Port
By default, MSTP is responsible for calculating the path cost of a port. 38.2.12 STP Path Cost Calculation Standards on STP port The Switch 8800 uses its own legacy path calculation but both DOT1T and DOT1D-1998 path cost calculation can be used, as well. By default, the DOT1T is applied.
Page 560 Table 38-17 Correspondence between the rate range and the path cost values Rate range [0, 10] (10, 100] (100,1000] (1000,10000] > 10000 III. The Switch 8800 legacy calculation standard Calculating the rate Aggregation port Chapter 38 MSTP Region-configuration Path cost value 99 (for full-duplex port) 95 (for aggregation port)
Page 561: Configuring The Priority Of A Port
With other things being equal, the port with the highest priority will be elected as the root port. On the MSTP switch, a port can have different priorities in different STIs and plays different roles respectively. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing.
Page 562: Configuring The Port (Not) To Connect With The Point-To-Point Link
Generally, a smaller value represents a higher priority. If all the Ethernet ports of a switch are configured with the same priority value, the priorities of the ports will be differentiated by the index number. The change of Ethernet port priority will lead to spanning tree recalculation.
Page 563 3Com Switch 8800 Configuration Guide Configure MSTP to automatically detect if the port is directly connected with the point-to-point link. Configure MSTP to automatically detect if the port is directly connected with the point-to-point link, as defaulted. II. Configuration in Ethernet port view Perform the following configuration in Ethernet port view.
Page 564: Configuring The Mcheck Variable Of A Port
The port of an MSTP switch operates in either STP-compatible or MSTP mode. Suppose a port of an MSTP switch on a switching network is connected to an STP switch, the port will automatically transit to operate in STP-compatible mode. However, the port stays in STP-compatible mode and cannot automatically transit back to MSTP mode when the STP switch is removed.
Page 565: Configuring The Switch Protection Function
The root port and other blocked ports maintain their states according to the BPDUs send by uplink switch. Once the link is blocked or has trouble, then the ports cannot receive BPDUs and the switch will select root port again. In this case, the former root port will turn into specified port and the former blocked ports will enter forwarding state, as a result, a link loop will be generated.
Page 566 IV. TC-protection As a general rule, the switch deletes the corresponding entries in the MAC address table and ARP table upon receiving TC-BPDU packets. Under malicious attacks of TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a very short period.
Page 567: Enabling/Disabling Mstp On The Device
Disable TC protection (from system view) By default, only the protection from TC-BPDU packet attack is enabled on the switch. BPDU protection, Root protection and loop protection are disabled. After configured with BPDU protection, the switch will disable the edge port through MSTP which receives a BPDU, and notify the network manager at same time.
Page 568: Enable/Disable Address Table Reset On Specified Port
3Com Switch 8800 Configuration Guide Table 38-27 Enable/Disable MSTP on a device Enable MSTP on a device. Disable MSTP on a device. Restore the disable state of MSTP, as defaulted. Only if MSTP has been enabled on the device will other MSTP configurations take effect.
Page 569: Enabling/Disabling Mstp On A Port
You can use the following command to enable/disable MSTP on a port. You may disable MSTP on some Ethernet ports of a switch to spare them from spanning tree calculation. This is a measure to flexibly control MSTP operation and save the CPU resources of the switch.
Page 570: Displaying And Debugging Mstp
3Com Switch 8800 Configuration Guide Table 38-31 Enable/Disable MSTP on a port Operation Enable MSTP on a port. Disable MSTP on a port. You can enable/disable MSTP on a port with either of the earlier-mentioned measures. Note that redundant route may be generated after MSTP is disabled.
Page 571: Typical Mstp Configuration Example
30 function at the distribution and access layers, and VLAN 40 functions at the access layer only. So the root of instance 1 can be configured as Switch A, root of instance 3 can be Switch B, and root of instance 4 can be Switch C.
Page 572 3Com Switch 8800 Configuration Guide III. Configuration procedure Configurations on Switch A MST region [SW8800] stp region-configuration [SW8800-mst-region] region-name example [SW8800-mst-region] instance 1 vlan 10 [SW8800-mst-region] instance 3 vlan 30 [SW8800-mst-region] instance 4 vlan 40 [SW8800-mst-region] revision-level 0 Manually activate MST region configuration.
Page 573: Mst Region
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration MST region [SW8800] stp region-configuration [SW8800-mst-region] region-name example [SW8800-mst-region] instance 1 vlan 10 [SW8800-mst-region] instance 3 vlan 30 [SW8800-mst-region] instance 4 vlan 40 [SW8800-mst-region] revision-level 0 Manually activate MST region configuration.
Page 574: Chapter 39 802.1X Configuration
The typical application environment is as follows: Each physical port of the LAN Switch only connects to one user workstation (based on the physical port) and the wireless LAN access environment defined by the IEEE 802.11 standard (based on the logical port), etc.
Page 575: X System Architecture
3Com Switch 8800 Configuration Guide is to be encapsulated in the packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the Authentication Server. Such procedure is called EAP Relay. There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port.
Page 576: Implementing 802.1X On Ethernet Switches
AAA configuration. 39.1.4 Implementing 802.1x on Ethernet Switches The Switch 8800 not only supports the port access authentication method regulated by 802.1x, but also extends and optimizes it in the following way: Support to connect several End Stations in the downstream via a physical port.
Page 577: X Configuration
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Checking the Users that Log on the Switch via Proxy Setting Supplicant Number on a Port Setting the Authentication in DHCP Environment Configuring Authentication Method for 802.1x User Enabling/Disabling Guest VLAN...
Page 578: Enabling/Disabling 802.1X
3Com Switch 8800 Configuration Guide Configuring 802.1x Timers Enabling/Disabling quiet-period Timer Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements. 39.2.1 Enabling/Disabling 802.1x The following command can be used to enable/disable the 802.1x on the specified port...
Page 579: Setting Port Access Control Method
3Com Switch 8800 Configuration Guide auto (automatic identification mode, which is also called protocol control mode). That is, the initial state of the port is unauthorized. It only permits EAPoL packets receiving/transmitting and does not permit the user to access the network resources. If the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources.
Page 580: Checking The Users That Log On The Switch Via Proxy
Restore the maximum number of users on the port to the default value By default, 802.1x allows up to 1024 supplicants on each port for the Switch 8800, and a Switch 8800 can accommodate a total of 2048 supplicants. 39.2.6 Setting the Authentication in DHCP Environment If in DHCP environment the users configure static IP addresses, you can set 802.1x to...
Page 581: Configuring Authentication Method For 802.1X User
IP addresses in DHCP environment Enable the switch to trigger the authentication over them By default, the switch can trigger the user ID authentication over the users who configure static IP addresses in DHCP environment. 39.2.7 Configuring Authentication Method for 802.1x User The following commands can be used to configure the authentication method for 802.1x user.
Page 582 Set the maximum times of the authentication request message retransmission Restore the default maximum retransmission times By default, the max-retry-value is 2. That is, the switch can retransmit the authentication request message to a supplicant for 2 times at most. dot1x guest-vlan...
Page 583: Configuring 802.1X Timers
3Com Switch 8800 Configuration Guide 39.2.10 Configuring 802.1x Timers The following commands are used for configuring the 802.1x timers. Perform the following configuration in system view. Table 39-10 Configure 802.1x timers Operation Configure timers Restore default settings of the timers handshake-period: This timer begins after the user has passed the authentication.
Page 584: Enabling/Disabling Quiet-Period Timer
You can use the following commands to enable/disable a quiet-period timer of an Authenticator (such as a Switch 8800). If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for a while (which is specified by dot1x timer quiet-period command) before launching the authentication again.
Page 585: X Configuration Example
As shown in Figure 39-2, the workstation of a user is connected to the port Ethernet 3/1/1 of the Switch. The switch administrator will enable 802.1x on all the ports to authenticate the supplicants so as to control their access to the Internet. The access control mode is configured as based on the MAC address All the supplicants belong to the default domain 3Com163.net, which can contain up to...
Page 586: Chapter 40 Aaa And Radius/Tacacs+ Protocol Configuration
3Com Switch 8800 Configuration Guide II. Network diagram Ethernet3/1/1 Supplicant Supplicant Figure 39-2 Enable 802.1x and RADIUS to perform AAA on the supplicant III. Configuration procedure Note: The following examples concern most of the AAA/RADIUS configuration commands. For details, refer to the chapter AAA and RADIUS/TACACS+ Protocol Configuration.
Page 587 3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration [SW8800-radius-radius1] primary accounting 10.11.1.2 Set the IP address of the secondary authentication/accounting RADIUS servers. [SW8800-radius-radius1] secondary authentication 10.11.1.2 [SW8800-radius-radius1] secondary accounting 10.11.1.1 Set the encryption key when the system exchanges packets with the authentication RADIUS server.
Page 588: Aaa And Radius/Tacacs+ Protocol Overview
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol 40.1 AAA and RADIUS/TACACS+ Protocol Overview 40.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
Page 589: Tacacs+ Protocol Overview
3Com Switch 8800 Configuration Guide in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server. RADIUS server has a user database recording all the information of user authentication and network service access.
Page 590 Supports the authorization of different users to use the configuration commands of the routing module of the switch. Working as a client of TACACS+, the switch sends the username and password to the TACACS server for authentication, as shown in the following figure: Terminal User...
Page 591 3Com Switch 8800 Configuration Guide The TACACS server sends back an authentication response, requesting for the login password. Upon receiving the response, the TACACS client requests the user for the login password. After receiving the login password, the TACACS client sends an authentication continuance packet carrying the login password to the TACACS server.
Page 592: Implementing Aaa/Radius On A Switch
40.1.4 Implementing AAA/RADIUS on a Switch By now, we understand that in the above-mentioned AAA/RADIUS framework, a Switch 8800, serving as the user access device (NAS), is the client end of RADIUS. In other words, the AAA/RADIUS concerning client-end is implemented on the Switch 8800.
Page 593: Aaa Configuration
(i.e. 3Com163.net) following the @ is the ISP domain name. When a Switch 8800 controls user access, as for an ISP user whose username is in userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.
Page 594: Configuring Relevant Attributes Of An Isp Domain
AAA policy ( RADIUS scheme applied etc.) For the Switch 8800, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name, the system will put it into the default domain.
Page 595: Configuring Self-Service Server Url
3Com Switch 8800 Configuration Guide users already online. An ISP is in active state once it is created, that is, at that time, all the users in the domain are allowed to request network services. Maximum number of supplicants specifies how many supplicants can be contained in the ISP.
Page 596: Creating/Deleting A Local User
3Com Switch 8800 Configuration Guide Once this function is enabled on the switch, users can locate the self-service server through the following operations: Select "Change user password" on the 802.1x client. After the client opens the default explorer (IE or NetScape), locate the specified URL page used to change the user password on the self-service server.
Page 597: Setting The Attributes Of A Local User
3Com Switch 8800 Configuration Guide 40.2.5 Setting the Attributes of a Local User The attributes of a local user include its password display mode, state, service type and some other settings. I. Setting the password display mode Perform the following configuration in system view.
Page 598: Disconnecting A User By Force
At present, a switch supports VLAN IDs delivered by RADIUS servers to be of string type. The port is added to the VLANs on a switch with their IDs matching the one delivered by the RADIUS servers. If this kind of VLANs does not exist, the VLAN delivering fails and the user fails to pass the authentication.
Page 599: Setting The Maximum Times Of Real-Time Accounting Request Failing To Be
By default, a VLAN ID cannot be a string. 40.3 Configuring RADIUS Protocol For the Switch 8800, the RADIUS protocol is configured on the per RADIUS scheme basis. In real networking environment, a RADIUS scheme can be an independent RADIUS server or a set of primary/secondary RADIUS servers with the same configuration but two different IP addresses.
Page 600: Creating/Deleting A Radius Scheme
3Com Switch 8800 Configuration Guide Among the above tasks, creating RADIUS scheme and setting IP address of RADIUS server are required, while other takes are optional and can be performed as your requirements. 40.3.1 Creating/Deleting a RADIUS scheme As mentioned above, RADIUS protocol configurations are performed on the per RADIUS scheme basis.
Page 601 3Com Switch 8800 Configuration Guide Table 40-11 Set IP Address and Port Number of RADIUS Server Set IP address and port number of primary RADIUS authentication/authorization server. Restore IP address and port number of primary RADIUS authentication/authorization or server to the default values.
Page 602: Setting The Radius Packet Encryption Key
Servers, authentication/authorization port number is often set to 1645 and accounting port number is 1646.) The RADIUS/TACACS+ service port settings on the Switch 8800 are supposed to be consistent with the port settings on the RADIUS server. Normally, RADIUS accounting service port is 1813 and the authentication/authorization service port is 1812.
Page 603: Setting The Response Timeout Timer Of A Radius Server
3Com Switch 8800 Configuration Guide Set RADIUS accounting packet encryption key Restore the default RADIUS accounting packet encryption key By default, the encryption keys of RADIUS authentication/authorization and accounting packets are all “3Com”. 40.3.4 Setting the Response Timeout Timer of a RADIUS Server...
Page 604: Enabling The Selection Of Radius Accounting Option
3Com Switch 8800 Configuration Guide By default, RADIUS request packet will be retransmitted up to three times. 40.3.6 Enabling the Selection Of Radius Accounting Option If no RADIUS server is available or if RADIUS accounting server fails when the accounting optional is configured, the user can still use the network resource, otherwise, the user will be disconnected.
Page 605 Accordingly, it is necessary to disconnect the user at NAS end and on RADIUS server synchronously when some unpredictable failure exists. The Switch 8800 supports setting maximum times of real-time accounting request failing to be responded. NAS will disconnect the user if it has not received real-time accounting response from RADIUS server for some specified times.
Page 606: Enabling/Disabling Stopping Accounting Request Buffer
RADIUS accounting server. Accordingly, if the request from the Switch 8800 to RADIUS accounting server has not been responded, switch shall save it in the local buffer and retransmit it until the server responds or discards the messages after transmitting for specified times.
Page 607: Setting The Supported Type Of Radius Server
3Com Switch 8800 Configuration Guide 40.3.11 Setting the Supported Type of RADIUS Server The Switch 8800 supports the standard RADIUS protocol and the extended RADIUS service platforms, such as IP Hotel, 201+ and Portal. You can use the following command to set the supported types of RADIUS servers.
Page 608: Setting The Username Format Transmitted To Radius Server
As mentioned above, the supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. The Switch 8800 will put the users into different ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name.
Page 609: Creating/Deleting A Local Radius Authentication Server
RADIUS authentication/authorization packet configured by the command key authentication in radius scheme view. The Switch 8800 serving as a local RADIUS authentication server currently only supports the CHAP and PAP authentication modes; they do not support the MD5-challenge mode.
Page 610: Creating A Hwtacas Scheme
3Com Switch 8800 Configuration Guide Configuring TACACS+ Authentication Servers Configuring TACACS+ Authorization Servers Configuring TACACS+ Accounting Servers and the Related Attributes Configuring the Source Address for TACACS+ Packets Sent by NAS Setting a Key for Securing the Communication with TACACS Server...
Page 611: Configuring Tacacs+ Authentication Servers
3Com Switch 8800 Configuration Guide 40.4.2 Configuring TACACS+ Authentication Servers Perform the following configuration in TACACS+ view. Table 40-27 Configure TACACS+ authentication servers Operation Configure authentication server Delete authentication server Configure the TACACS+ secondary authentication server Delete TACACS+ authentication server The primary and secondary authentication servers cannot use the same IP address.
Page 612: Configuring Tacacs+ Accounting Servers And The Related Attributes
3Com Switch 8800 Configuration Guide Note: If only authentication and accounting servers are configured and no authorization server is configured, both authentication and accounting can be performed normally for the ftp, telnet, and ssh users, but the priority of these users is 0 (that is, the lowest privilege level) by default, The primary and secondary authorization servers cannot use the same IP address.
Page 613: Configuring The Source Address For Tacacs+ Packets Sent By Nas
3Com Switch 8800 Configuration Guide Table 40-30 Configure stop-accounting packet retransmission Enable stop-accounting packet retransmission and set the allowed maximum number of transmission attempts Disable stop-accounting packet retransmission Clear the stop-accounting request packets that have no response By default, stop-accounting packet retransmission is enabled, and the maximum number of transmission attempts is 300.
Page 614: Setting The Username Format Acceptable To The Tacacs Server
3Com Switch 8800 Configuration Guide Table 40-32 Set a key for securing the communication with the TACACS+ server Operation Configure a key for securing the communication with the accounting, authorization or authentication server Delete the configuration No key is configured by default.
Page 615: Setting Timers Regarding Tacacs Server
In that case, the switch can send users' requests to the server only after it has waited a time no less than the time configured with this command for the communication to be resumed.
Page 616: Displaying And Debugging Aaa And Radius Protocol
3Com Switch 8800 Configuration Guide Table 40-37 Set a real-time accounting interval Operation Set a real-time accounting interval Restore the default real-time accounting interval The interval is in minutes and must be a multiple of 3. The setting of real-time accounting interval somewhat depends on the performance of the NAS and the TACACS server: a shorter interval requires higher device performance.
Page 617 3Com Switch 8800 Configuration Guide Operation Display related information of user’s connection Display related information of the local user Display the statistics of local RADIUS server group Display the configuration information of all the RADIUS server groups or a specified one...
Page 618: Aaa And Radius/Tacacs+ Protocol Configuration Examples
One RADIUS server (as authentication server) is connected to the switch and the server IP address is 10.110.91.146. The password for exchanging messages between the switch and the authentication server is "expert”. The switch cuts off domain name from username and sends the left part to the RADIUS server.
Page 619 3Com Switch 8800 Configuration Guide II. Network Topology telnet user Figure 40-4 Network diagram for the remote RADIUS authentication of Telnet users III. Configuration procedure Add a Telnet user. Omitted Note: For details about configuring FTP and Telnet users, refer to User Interface Configuration of Getting Started Operation in this manual.
Page 620: Configuring Authentication At Local Radius Authentication Server
40.6.1 . But you should modify the server IP address in Figure 40-4 of section 40.6.1 3Com, the UDP port number of the authentication server to 1645. Note: For details about local RADIUS authentication of Telnet/FTP users, refer to “40.3.15 Creating/Deleting a Local RADIUS authentication Server”.
Page 621: Troubleshooting Aaa And Radius/Tacacs
3Com Switch 8800 Configuration Guide III. Configuration procedure Configure the Telnet user. Here it is omitted. Note: The configuration of the FTP and Telnet users can refer to User Interface Configuration of Getting Started Operation section of this manual. Configure a TACACS+ scheme.
Page 622 3Com Switch 8800 Configuration Guide There might be some communication fault between NAS and RADIUS/TACACS+ server, which can be discovered through pinging RADIUS/TACACS+ server from NAS. So please ensure the normal communication between NAS and RADIUS/TACACS+ server. II. Symptom: RADIUS/TACACS+ packet cannot be transmitted to RADIUS/TACACS+ server.
Page 623: Chapter 41 Vrrp Configuration
Layer 3 Switch, implementing communication between the host and the external network. If Switch is down, all the hosts on this segment taking Switch as the next-hop on the default route will be disconnected from the external network.
Page 624: Configuring Vrrp
IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3 for the Backup switch). The host on the LAN only knows the IP address of this virtual router 10.100.10.1 (usually called as virtual IP address of virtual router), but not the specific IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the Backup switch.
Page 625: Enabling/Disabling The Check Of Ttl Value Of Vrrp Packet
If the user configure the IP address for the host same as the virtual IP address of the virtual router, then all messages in this segment will be forwarded to the host. So the Switch 8800 provides the ping function to ping the virtual IP address of the virtual router.
Page 626: Adding/Deleting A Virtual Ip Address
Due to the chips installed, some switches support matching one IP address to multiple MAC addresses. The Switch 8800 not only guarantees correct data forwarding in the sub-net, but also support such function: the user can choose to match the virtual IP address with the real MAC address or virtual MAC address of the routing interface.
Page 627: Configuring The Priority Of Switches In The Virtual Router
In this case, the switch will be called an IP Address Owner. When adding the first IP address to a virtual router, the system will create a new virtual router accordingly. When adding a new address to this virtual router thereafter, the system will directly add it into the virtual IP address list.
Page 628: Configuring Authentication Type And Authentication Key
Master switch punctually, it will become the Master switch. However, the failure of Backup to receive the packets may be due to network congestion, instead of the malfunction of the Master switch. In this case, the Backup will receive the packet after a while.
Page 629: Configuring Virtual Router Timer
The Master switch advertises its normal operation state to the switches within the VRRP virtual router by sending them VRRP packets regularly (at adver-interval). And the backup switch only receives VRRP packets. If the Backup has not received any VRRP packet from the Master after a period of time (specified by master-down-interval), it will consider the Master as down, and then take its place and become the Master.
Page 630: Configuring Switch To Track A Specified Interface
By implementing the following command you can track some interface. If the interface which is tracked is DOWN, the priority of the switch including the interface will reduce automatically by the value specified by value-reduced, thus resulting in comparatively higher priorities of other switches within the virtual router, one of which will turn to Master switch so as to track this interface.
Page 631: Displaying And Debugging Vrrp
41.4.1 VRRP Single Virtual Router Example I. Networking requirements Host A uses the VRRP virtual router which combines switch A and switch B as its default gateway to access host B on the Internet. VRRP virtual router information includes: virtual router ID1, virtual IP address 202.38.160.111, switch A as the Master and switch B as the Backup allowed...
Page 632 3Com Switch 8800 Configuration Guide II. Networking diagram V LAN-interface3: 10.100 .1 0.2 Switch_A VLAN-interf ace2: 202.38.160.1 Figure 41-3 Network diagram for VRRP configuration III. Configuration Procedure Configure switch A Configure VLAN 2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0...
Page 633: Vrrp Tracking Interface Example
41.4.2 VRRP Tracking Interface Example I. Networking requirements Even when switch A is still functioning, it may want switch B to function as gateway when the Internet interface connected with it does not function properly. This can be implemented by configuration of tracking interface.
Page 634: Multiple Virtual Routers Example
Under normal conditions, switch A functions as the gateway, but when the interface vlan-interface 3 of switch A is down, its priority will be reduced by 30, lower than that of switch B so that switch B will preempt the Master for gateway services instead.
Page 635 3Com Switch 8800 Configuration Guide switch for virtual router 2 and vice versa for switch B. Some hosts employ virtual router 1 as the gateway, while others employ virtual router 2 as the gateway. In this way, both load balancing and mutual backup are implemented.
Page 636: Troubleshooting Vrrp
This indicates that an incorrect VRRP packet has been received. It may be because of the inconsistent configuration of another switch within the virtual router, or the attempt of some devices to send out illegal VRRP packets. The first possible fault can be solved through modifying the configuration.
Page 637: Chapter 42 Ha Configuration
The Switch 8800 supports hot swap of Fabric and slave board. The hot swap of Fabricss will cause master-slave switchover.
Page 638: Restarting The Slave System Manually
42.2.3 Enabling/Disabling Automatic Synchronization The Switch 8800 supports automatic synchronization. The active system stores its configuration file and backup the configuration file to the slave system simultaneously when the master's configuration file is modified, ensuring the consistency of the configurations of the active system and slave system.
Page 639: Synchronizing The Configuration File Manually
42.2.5 Configuring the Load Mode of the Fabric and Slave Board The Switch 8800 supports two kinds of load modes (balance and single) between the Fabric and slave board. You can use the xbar command to configure XBar (cross bar) load mode.
Page 640: Displaying And Debugging Ha Configuration
3Com Switch 8800 Configuration Guide Caution: When a single Fabric is in position, the load-balance mode is not effective and the Fabric changes to the load-single mode automatically. 42.3 Displaying and Debugging HA Configuration After the above configuration, execute display command in relevant view to display the running of the ACL configuration, and to verify the configuration.
Page 641: File System Configuration
Setting the Prompt Mode of the File System Note: The Switch 8800 supports master board and slave board. The two boards both have file system. User can operate the file on the two boards. In the case user operate the file on slave board, the file directory or URL should be started with “slot[No.]#flash:/”,...
Page 642 3Com Switch 8800 Configuration Guide 43.1.2 Directory Operation The file system can be used to create or delete a directory, display the current working directory, and display the information about the files or directories under a specified directory. You can use the following commands to perform directory operations.
Page 643: Storage Device Operation
Ethernet switch; in this case, you should find out the unused files kept in the recycle bin and permanently delete them with the reset recycle-bin command to reclaim the storage space.
Page 644: Displaying The Current-Configuration And Saved-Configuration Of Ethernet
43.2.1 Configuration File Management Overview The management module of configuration file provides a user-friendly operation interface. It saves the configuration of the Ethernet switch in the text format of command line to record the whole configuration process. Thus you can view the configuration information conveniently.
Page 645: Modifying And Saving The Current-Configuration
The configuration files are displayed in their corresponding saving formats. 43.2.3 Modifying and Saving the Current-Configuration You can modify the current configuration of Ethernet switch through the CLI. Use the save command to save the current-configuration in the Flash Memory, and the configurations will become the saved-configuration when the system is powered on for the next time.
Page 646: Erasing Configuration Files From Flash Memory
The reset saved-configuration command can be used to erase configuration files from Flash Memory. The system will use the default configuration parameters for initialization when the Ethernet switch is powered on for the next time. Perform the following configuration in user view.
Page 647: Ftp Overview
FTP client: You can run the ftp X.X.X.X command (where, X.X.X.X represents the IP address of the remote FTP server) to set up a connection between the Ethernet switch and a remote FTP server to access the files on the remote server. Switch...
Page 648: Enabling/Disabling Ftp Server
Log into the switch from FTP client. Caution: The prerequisite for normal FTP function is that the switch and PC are reachable. 43.3.2 Enabling/Disabling FTP Server You can use the following commands to enable/disable the FTP server on the switch.
Page 649: Configuring The Running Parameters Of Ftp Server
3Com Switch 8800 Configuration Guide authorized users. You can use the following commands to configure FTP server authentication and authorization. The authorization information of FTP server includes the top working directory provided for FTP clients. Perform the following configuration in corresponding view.
Page 650: Displaying And Debugging Ftp Server
FTP server: Configure an FTP user named as switch, with password hello and with read & write authority over the Switch root directory on the PC. The IP address of a VLAN interface on the switch is 1.1.1.1, and that of the PC is 2.2.2.2. The switch and PC are reachable.
Page 651 230 Logged in successfully [ftp] Caution: If the Flash Memory of the switch is not enough, you need to first delete the existing programs in the Flash Memory and then upload the new ones. Enter the authorized directory of the FTP server.
Page 652: Ftp Server Configuration Example
FTP server: Configure an FTP user named as switch, with password hello and with read & write authority over the flash root directory on the PC. The IP address of a VLAN interface on the switch is 1.1.1.1, and that of the PC is 2.2.2.2. The switch and PC are reachable.
Page 653: Tftp Configuration
FTP client is not shipped with the switch, so you need to buy it separately. Caution: If the Flash Memory of the switch is not enough, you need to first delete the existing programs in the Flash Memory and then upload the new ones.
Page 654: Downloading Files By Means Of Tftp
3Com Switch 8800 Configuration Guide Switch Switch Switch Figure 43-4 TFTP configuration Table 43-17 lists the configuration of the switch as TFTP client. Table 43-17 Configuration of the switch as TFTP client Device Configuration Configure IP address for the VLAN interface of...
Page 655: Uploading Files By Means Of Tftp
The switch serves as TFTP client and the remote PC as TFTP server. Authorized TFTP directory is set on the TFTP server. The IP address of a VLAN interface on the switch is 1.1.1.1, and that of the PC is 1.1.1.2.
Page 656 [SW8800] Caution: If the Flash Memory of the switch is not enough, you need to first delete the existing programs in the Flash Memory and then upload the new ones. Configure IP address 1.1.1.1 for the VLAN interface, ensure the port connecting the PC is also in this VALN (VLAN 1 in this example).
Page 657: Chapter 44 Mac Address Table Management
An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it. The dynamic entries (not configured manually) are learned by the Ethernet switch.
Page 658: Mac Address Table Management Configuration
Ethernet switch broadcasts a great mount of data packets without MAC addresses, which will affect the switch operation performance. If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.
Page 659: Configuration
3Com Switch 8800 Configuration Guide If aging time is set too short, the Ethernet switch may delete valid MAC address table. You can use the following commands to set the MAC address aging time for the system. Perform the following configuration in system view.
Page 660: Configuration Tasks
3Com Switch 8800 Configuration Guide 44.3.1 Maximum MAC Address Number Learned by a Port and Forwarding Option Configuration Tasks Maximum MAC address number learned by a port and forwarding option configuration tasks are described in the following table: Table 44-3 Configure the maximum number of MAC addresses learned by a port and...
Page 661: Forwarding Option Example
Set the maximum number of MAC addresses learned by Ethernet port Ethernet3/1/3 to 600 Set the switch to drop the packets whose source MAC addresses are not learned by the port when the number of MAC addresses learned exceeds 600 II.
Page 662: Resetting Mac Addresses
Example I. Network requirements The user logs into the switch through the Console port to configure the address table management. It is required to set the address aging time to 500s and add a static address 00e0-fc35-dc71 to Ethernet2/1/2 in vlan1.
Page 663 3Com Switch 8800 Configuration Guide II. Network diagram Console Port Switch Figure 44-2 Network diagram for address table management configuration III. Configuration procedure Enter the system view of the switch. <SW8800> system-view Add a MAC address (specify the native VLAN, port and state).
Page 664: Chapter 45 Device Management
Operation Root Ethernet switch 45.2.2 Enabling the Timing Reboot Function After you enable the timing reboot function on the switch, the switch will be rebooted on the specified time. Perform the following configuration in user view, and display schedule reboot command can be performed in any view.
Page 665: Designating The App Adopted On Next Booting
Ethernet switch next time Note: The Switch 8800 supports master board and slave board. The two boards both have file system. User can operate the file on the two boards. In the case user designate the APP adopted on slave board next time, the file directory or URL should be started with “slot[No.]#flash:”, the [No.] is the slave board number.
Page 666: Upgrading Bootrom
45.2.6 Updating Service Processing Boards The size of the flash for a main control board in a Switch 8800 is 16 MB, while the size of current host software including the host application of service processing board reaches over 15MB. If a compact flash (CF) card is not configured, the current flash cannot provide enough room to save loading files.
Page 667: Displaying And Debugging Device Management
3Com Switch 8800 Configuration Guide main control board of a 16 MB flash, the service processing board cannot be updated according to the original procedure. To update it, you need to execute the following command to download host software containing the app file of service processing board host application to the system’s synchronous dynamic random access memory...
Page 668: Device Management Configuration Example
& write authority over the Switch root directory on the PC. The IP address of a VLAN interface on the switch is 1.1.1.1, and the IP address of the PC is 2.2.2.2. The switch and PC are reachable with each other.
Page 669 Chapter 45 Device management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then download the new ones to the memory. Enter the corresponding command in user view to establish FTP connection. Then enter correct username and password to log into the FTP server.
Page 670: Use The Switch As An Ftp Server To Implement The Remote Upgrade
& write authority over the root directory of the switch. The IP address of a VLAN interface on the switch is 1.1.1.1, and the IP address of the PC is 2.2.2.2. The switch and PC are reachable with each other.
Page 671 Chapter 45 Device management Caution: If the flash memory on the switch is not sufficient, delete the original application program in the flash before uploading the new one into the flash of the switch. After uploading, performs upgrading on the switch. <SW8800>...
Page 672: Chapter 46 System Maintenance And Debugging
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging 46.1 Basic System Configuration The basic system configuration and management include: Switch name setting System clock setting Time zone setting Summer time setting 46.1.1 Setting a Name for a Switch Perform the operation of sysname command in the system view.
Page 673: Setting The Summer Time
By default, the summer time is not set. 46.2 Displaying the State and Information of the System The switch provides the display command for displaying the the system state and statistics information. For the display commands related to each protocols and different ports, refer to the relevant chapters.
Page 674: System Debugging
46.3 System Debugging 46.3.1 Enabling/Disabling the Terminal Debugging The Ethernet switch provides various ways for debugging most of the supported protocols and functions, which can help you diagnose and address the errors. The following switches can control the outputs of the debugging information: Protocol debugging switch controls the debugging output of a protocol.
Page 675: Displaying Diagnostic Information
When the debugging is over, disable all the debugging. 46.3.2 Displaying Diagnostic Information When the Ethernet switch does not run well, you can collect all sorts of information about the switch to locate the source of fault. However, each module has its corresponding display command, you can use display diagnostic-information command.
Page 676: Testing Tools For Network Connection
TTL, and the round-trip time of the response packet will be displayed. The final statistics, including the number of the packets the switch sent out and received, the packet loss ratio, the round-trip time in its minimum value, mean value and maximum value.
Page 677: Tracert
46.5 Logging Function 46.5.1 Introduction to Info-center The Info-center is an indispensable part of the Ethernet switch. It serves as an information center of the system software modules. The logging system is responsible for most of the information outputs, and it also makes detailed classification to filter the information efficiently.
Page 678 3Com Switch 8800 Configuration Guide The description of the components of log information is as follows: In practical output, some of the information is started with the % character, which means a logging is necessary. Priority The priority is computed according to following formula: facility*8+severity-1. The default value for the facility is 23.
Page 679 3Com Switch 8800 Configuration Guide Module name DHCP DIAGCLI DRVMPLS DRVL2 DRVL3 DRVL3MC MPLS DRVQACL DRVVPLS FTPS IFNET IGSP ISIS L2INF LACL LINKAGG LQOS LSPAGENT LSPM MODEM MPLSFW Chapter 46 System Maintenance and Debugging Description Device management module Dynamic host configuration protocol module...
Page 680 3Com Switch 8800 Configuration Guide Module name MSDP MSTP OSPF PSSINIT RMON RTPRO SHELL SNMP SOCKET SYSM SYSMIB TELNET USERLOG VLAN VRRP Notice: There is a slash ('/') between module name and severity. Severity Chapter 46 System Maintenance and Debugging...
Page 681: Info-Center Configuration
3Com Switch 8800 Configuration Guide Switch information falls into three categories: log information, debugging information and trap information. The info-center classifies every kind of information into 8 severity or urgent levels. The log filtering rule is that the system prohibits outputting the information whose severity level is greater than the set threshold.
Page 682 3Com Switch 8800 Configuration Guide Logging buffer snmp Log file Note: The settings in the 7 directions are independent from each other. The settings will take effect only after enabling the information center. The info-center of Ethernet Switch has the following features: Support to output log in 7 directions, i.e., Console, monitor to Telnet terminal,...
Page 683 3Com Switch 8800 Configuration Guide Table 46-15 Send the configuration information to the console terminal. Device Configuration Enable info-center Set the information output direction to the Console Switch Set information source Enable display function Sending the configuration information to the monitor terminal...
Page 684 3Com Switch 8800 Configuration Guide Table 46-17 Send the configuration information to the log buffer Device Configuration Enable info-center Set the information output direction to the logbuffer Switch Set information source Sending the configuration information to the trap buffer. Table 46-18 Send the configuration information to the trap buffer...
Page 685: Sending The Configuration Information To The Loghost
3Com Switch 8800 Configuration Guide Network management workstation 46.5.3 Sending the Configuration Information to the Loghost To send configuration information to the loghost, follow the steps below: Enabling info-center Perform the following configuration in system view. Table 46-20 Enable/disable info-center...
Page 686 3Com Switch 8800 Configuration Guide Table 46-21 Configure to output information to the loghost Operation Output information to the loghost Cancel outputting information to loghost Note that the IP address of log host must be correct. Note: Ensure to enter the correct IP address using the info-center loghost command to configure loghost IP address.
Page 687: Sending The Configuration Information To Console Terminal
Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 688 3Com Switch 8800 Configuration Guide Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. Configuring to output information to console terminal Perform the following configuration in system view.
Page 689 Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 690: Sending The Configuration Information To Telnet Terminal Or Dumb Terminal
3Com Switch 8800 Configuration Guide Enable terminal display function of trap information Disable terminal display function of trap information 46.5.5 Sending the Configuration Information to Telnet Terminal or Dumb Terminal To send configuration information to Telnet terminal or dumb terminal, follow the steps...
Page 691 Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 692: Sending The Configuration Information To The Log Buffer
Telnet terminal or dumb terminal.
Page 693 3Com Switch 8800 Configuration Guide Enabling info-center Perform the following configuration in system view. Table 46-34 Enable/disable info-center Operation Enable info-center Disable info-center Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.
Page 694: Sending The Configuration Information To The Trap Buffer
Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 695 3Com Switch 8800 Configuration Guide Disable info-center Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. Configuring to output information to the trap buffer Perform the following configuration in system view.
Page 696: Sending The Configuration Information To Snmp Network Management
Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 697 3Com Switch 8800 Configuration Guide Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. Configuring to output information to SNMP NM Perform the following configuration in system view.
Page 698: Displaying And Debugging Info-Center
Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 699: Configuration Examples Of Sending Log To The Unix Loghost
3Com Switch 8800 Configuration Guide Table 46-46 Display and debug info-center Operation Display the content of information channel Display configuration of system log and memory buffer Display the attribute of logbuffer and the information recorded in logbuffer Display the summary information...
Page 700 3Com Switch 8800 Configuration Guide III. Configuration steps Configuration on the switch Enable info-center [SW8800] info-center enable Set the host with the IP address of 202.38.1.10 as the loghost; set the severity level threshold value as informational, set the output language to English; set that the modules which are allowed to output information are ARP and IP.
Page 701: Configuration Examples Of Sending Log To Linux Loghost
3Com Switch 8800 Configuration Guide kill -HUP 147 After the above operation, the switch system can record information in related log files. Note: To configure facility, severity, filter and the file syslog.conf synthetically, you can get classification in great detail and filter the information.
Page 702 -9 147 syslogd -r & Note: For Linux loghost, you must ensure that syslogd daemon is started by -r option. After the above operation, the switch system can record information in related log files. Chapter 46 System Maintenance and Debugging 46-31...
Page 703: Configuration Examples Of Sending Log To The Console Terminal
3Com Switch 8800 Configuration Guide Note: To configure facility, severity, filter and the file syslog.conf synthetically, you can get classification in great detail and filter the information. 46.5.12 Configuration Examples of Sending Log to the Console Terminal I. Network requirements...
Page 704: Chapter 47 Snmp Configuration
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration 47.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two nodes.
Page 705 {1.2.1.1}. The number string is the Object Identifier of the managed object. The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following table.
Page 706: Configuring Snmp
3Com Switch 8800 Configuration Guide MIB attribute Private MIB 47.3 Configuring SNMP The following sections describe the SNMP configuration tasks. Setting Community Names Setting the System Information Enabling/Disabling SNMP Agent to Send Trap Setting the Destination Address of Trap Setting Lifetime of Trap Message...
Page 707: Setting The System Information
You can use the following command to set the contact information. The location information of the Ethernet switch is a management variable of the system group in MIB, which represents the location of the managed device.
Page 708: Setting The Destination Address Of Trap
3Com Switch 8800 Configuration Guide Table 47-4 Enable/disable SNMP Agent to send Trap Operation Enable the sending of trap(system view) Disable the sending of trap(system view) Enable the switch ports to send SNMP trap messages (Ethernet port view or VLAN interface view)
Page 709: Setting The Engine Id Of A Local Or Remote Device
3Com Switch 8800 Configuration Guide Table 47-6 Set the lifetime of Trap message Operation Set lifetime of Trap message Restore lifetime of Trap message By default, the lifetime of Trap message is 120 seconds. 47.3.6 Setting the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device.
Page 710: Setting The Source Address Of Trap
3Com Switch 8800 Configuration Guide 47.3.8 Setting the Source Address of Trap You can use the following commands to set or remove the source address of the trap. Perform the following configuration in system view. Table 47-9 Set the source address of trap...
Page 711: Creating/Updating View Information Or Deleting A View
3Com Switch 8800 Configuration Guide 47.3.10 Creating/Updating View Information or Deleting a View You can specify the view to control the access to the MIB by SNMP manager. You can use either the predefined views or the self-defined views. You can use the following commands to create, update the information of views or delete a view.
Page 712: Displaying And Debugging Snmp
Network Management Station and the Ethernet switch are connected through the Ethernet. The IP address of Network Management Station is 129.102.149.23 and that of the VLAN interface on the switch is 129.102.0.1. Perform the following configurations on the switch: setting the community name and access authority, administrator ID, contact and switch location, and enabling the switch to send trap packets.
Page 713 3Com Switch 8800 Configuration Guide II. Network diagram 129.102.149.23 Ethernet Figure 47-2 Network diagram for SNMP configuration III. Configuration procedure Enter the system view. <SW8800> system-view Set the community name, group and user. [SW8800] snmp-agent sys-info version all [SW8800] snmp-agent community write public [SW8800] snmp-agent mib include internet 1.3.6.1...
Page 714 3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Users can query and configure the Ethernet switch through the network management system. For details, see the manuals for the network management products. 47-11...
Page 715: Chapter 48 Rmon Configuration
The four groups include alarm information, event information, history information and statistics information. The Ethernet Switch implements RMON in the second method by far. With the RMON-supported SNMP Agent running on the network monitor, NMS can obtain such...
Page 716: Adding/Deleting An Entry To/From The Event Table
3Com Switch 8800 Configuration Guide Note: Before configuring RMON, you must ensure that the SNMP agent is properly configured. See Chapter 50 SSH Terminal Service for the SNMP agent configuration. The following sections describe the RMON configuration tasks. Adding/Deleting an Entry to/from the Event Table...
Page 717: Adding/Deleting An Entry To/From The Extended Rmon Alarm Table
3Com Switch 8800 Configuration Guide Perform the following configuration in system view. Table 48-2 Add/delete an entry to/from the alarm table Operation Add an entry to the alarm table Delete an entry from the alarm table After you defined the alarm entry, the system then processes the entry in the following...
Page 718: Adding/Deleting An Entry To/From The History Control Table
3Com Switch 8800 Configuration Guide Table 48-4 Add/delete an entry to/from the extended RMON alarm table Operation Add an entry to the extended RMON alarm table Delete an entry from the extended RMON alarm table After you define the extended alarm entry, the system processes the entry in the...
Page 719: Adding/Deleting An Entry To/From The Statistics Table
3Com Switch 8800 Configuration Guide Delete an entry from the history control table. History control entry calculates various data at the sampling time interval.You can use the display rmon history command to view the information of the history control entry.
Page 720: Rmon Configuration Example
III. Configuration procedure Configure RMON. [SW8800-Ethernet2/1/1] rmon statistics 1 owner 3Com-rmon View the configurations in user view. <SW8800> display rmon statistics Ethernet 2/1/1 Statistics entry 1 owned by 3Com-rmon is VALID. Gathers statistics of interface Ethernet2/1/1. Received: octets broadcast packets undersized packets...
Page 721 3Com Switch 8800 Configuration Guide Packets received according to length (in octets): :644 256-511:101 65-127 :518 128-255 512-1023:3 1024-1518:0 48-7 Chapter 48 RMON Configuration :688...
Page 722: Chapter 49 Ntp Configuration
LS_A Figure 49-1 Basic operating principle of NTP In the figure above, Ethernet Switch A and Ethernet Switch B are connected through the Ethernet port. They have independent system clocks. Before implement automatic clock synchronization on both switches, we assume that:...
Page 723: Ntp Configuration
Now Ethernet Switch A collects enough information to calculate the following two important parameters: The delay for a round trip of an NTP packet traveling between the Switch A and B: Delay= (T Offset of Ethernet Switch A clock relative to Ethernet Switch B clock: offset=...
Page 724 In this case the local Ethernet Switch works as an NTP client. If you set a remote server as a peer of the local Ethernet Switch, the local equipment operates in symmetric active mode. If you configure an interface on the local Ethernet Switch to transmit NTP broadcast packets, the local Ethernet Switch will operates in broadcast mode.
Page 725 IP address of the NTP packets sent from the local Ethernet Switch to the peer will be taken, the interface can be VLAN interface and Loopback interface; priority indicates the peer will be the first choice for time server.
Page 726 1 to 255; And the multicast IP address defaults to 224.0.1.1. Actually, for the Switch 8800, you can set 224.0.1.1 as the multicast IP address only. This command can only be configured on the interface where the NTP multicast packet will be transmitted.
Page 727: Configuring Ntp Id Authentication
Multicast IP address ip-address defaults to 224.0.1.1; this command can only be configured on the interface where the NTP multicast packets will be received. Actually, for the Switch 8800, you can set 224.0.1.1 as the multicast IP address only. 49.2.2 Configuring NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key.
Page 728: Setting Specified Key As Reliable
3Com Switch 8800 Configuration Guide Table 49-8 Configure NTP authentication key Operation Configure NTP authentication key Remove NTP authentication key Key number number ranges from 1 to 4294967295; the key value contains 1 to 32 ASCII characters. 49.2.4 Setting Specified Key as Reliable This configuration task is to set the specified key as reliable.
Page 729: Setting Ntp Master Clock
The IP address defaults 127.127.1.0, and the stratum defaults to 8. 49.2.7 Setting Authority to Access a Local Ethernet Switch Set authority to access the NTP services on a local Ethernet Switch. This is a basic and brief security measure, compared to authentication. An access request will be matched with peer, server, server only, and query only in an ascending order of the limitation.
Page 730: Setting Maximum Local Sessions
3Com Switch 8800 Configuration Guide server: Allow local NTP time service request and control query. However, the local clock will not be synchronized by a remote server. peer: Allow local NTP time service request and control query. And the local clock will also be synchronized by a remote server.
Page 731: Ntp Configuration Example
3Com Switch 8800 Configuration Guide 49.4 NTP Configuration Example 49.4.1 Configuring a NTP Server I. Network requirements On SW88001, set local clock as the NTP master clock at stratum 2. On SW88002, configure SW88001 as the time server in server mode and set the local equipment as in client mode.
Page 732: Ntp Peer Configuration Example
3Com Switch 8800 Configuration Guide clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Page 733 3Com Switch 8800 Configuration Guide II. Network diagram See Figure 7-2. III. Configuration procedure Configure Ethernet Switch SW88003: Enter system view. <SW88003> system-view Set the local clock as the NTP master clock at stratum 2. [SW88003] ntp-service refclock-master 2 Configure Ethernet Switch SW88004: Enter system view.
Page 734: Configure Ntp Broadcast Mode
3Com Switch 8800 Configuration Guide Reference time: 19:21:32.287 UTC Oct 24 2004(C5267F3C.49A61E0C) By this time, SW88004 has been synchronized by SW88005 and it is at stratum 2, or higher than SW88005 by 1. Display the sessions of SW88004 and you will see SW88004 has been connected with SW88005.
Page 735: Configure Ntp Multicast Mode
3Com Switch 8800 Configuration Guide Configure Ethernet Switch SW88001: Enter system view. <SW88001> system-view Enter Vlan-interface2 view. [SW88001] interface vlan-interface 2 [SW88001-Vlan-Interface2] ntp-service broadcast-client The above examples configured SW88004 and SW88001 to listen to the broadcast through Vlan-interface2, SW88003 to broadcast packets from Vlan-interface2. Since...
Page 736 3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration their respective Vlan-interface2. (Note: SW88003 supports to configure the local clock as the master clock) II. Network diagram See Figure 7-2. Configuration procedure Configure Ethernet Switch SW88003: Enter system view. <SW88003> system-view Set the local clock as a master NTP clock at stratum 2.
Page 737: Configure Authentication-Enabled Ntp Server Mode
3Com Switch 8800 Configuration Guide 49.4.5 Configure Authentication-Enabled NTP Server Mode I. Network requirements SW88001 sets the local clock as the NTP master clock at stratum 2. SW88002 sets SW88001 as its time server in server mode and itself in client mode and enables authentication.
Page 738 3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration [SW88001] ntp-service authentication-keyid authentication-mode aNiceKey Configure the key as reliable. [SW88001] ntp-service reliable authentication-keyid 42 49-17...
Page 739: Chapter 50 Ssh Terminal Service
IP address spoofing and clear text password interception attacks. The switch can act as either SSH server or SSH client. When used as an SSH server, the switch supports multiple connections with SSH clients; when used as an SSH client, the switch supports SSH connections with the SSH server-enabled switch, UNIX hosts, and so on.
Page 740 3Com Switch 8800 Configuration Guide W orkstation W orkstation Local Ethernet Local Ethernet Laptop Laptop Server Server SSH client Figure 50-2 Establish an SSH channel through a WAN To establish an SSH authentication secure connection, the server and the client must...
Page 741: Ssh Server Configuration
3Com Switch 8800 Configuration Guide The server initiates a procedure to authenticate the user. If the server is configured not to authenticate the user, the process proceeds to session request phase directly. The client employs an authentication mode to authenticate the server till the authentication succeeds or the server tears down the connection because of timeout.
Page 742 3Com Switch 8800 Configuration Guide Entering VTY type of user interface view Configure supported by current user interface Returning to system view Generating a local RSA key pair Destroying a local RSA key pair Configure the SSH user authentication mode...
Page 743 3Com Switch 8800 Configuration Guide Configure compatibility mode I. Configuring the protocol the current user interface supports Use this configuration task to specify the protocol the current user interface supports. Perform the following configuration in VTY user interface view. Table 50-2 Configure the protocol the current user interface supports...
Page 744 3Com Switch 8800 Configuration Guide The minimum and maximum lengths for the host key and the server key are 512 bits and 2048 bits respectively. Perform the following configuration in system view. Table 50-3 Generate an RSA key pair Operation...
Page 745 3Com Switch 8800 Configuration Guide Table 50-5 Configure the updating cycle of the server key Operation Configure the updating cycle of the server key Cancel the updating cycle configuration By default, the system does not update the server key. V. Configuring the authentication timeout Use this configuration task to set the authentication timeout of SSH connections.
Page 746 3Com Switch 8800 Configuration Guide Table 50-8 Public key configuration Operation Enter the public key view Exit the public view and return to the system view Note: The configuration commands are applicable to the environments where the server employs RSA authentication on SSH users. If the server adopts password authentication on SSH users, these configurations are not necessary.
Page 747 3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service While the Generator is running, move your mouse over the blank area of the window. Save the pair of keys as publickey and File names are aaa.pub and aaa.pri privatekey.
Page 748 3Com Switch 8800 Configuration Guide Convert the file aaa.pub into key configuration data in Hex. Convert the converted result into the CLI of the switch unit [SW8800-rsa-key-code] [SW8800-rsa-key-code]30818602 81806123 9F5A4D90 9049C7F4 3AC1CAC6 221BAC8B [SW8800-rsa-key-code]450CE4DD 4F0B3C96 84078BA5 CA1F5248 FF05D3C9 A087B664 [SW8800-rsa-key-code]97B82DFB 40B8F7C4 C1855842 AE5B4B8D 7DB5E34A 160BD1E7...
Page 749 3Com Switch 8800 Configuration Guide X. Exiting the public key edit view Use this configuration task to return from the public key edit view to the public key view and save the input public key. Before saving the input public key, the system will check the validity of the key: If the public key string contains any illegal character, the configured key is invalid;...
Page 750: Ssh Client Configuration
3Com Switch 8800 Configuration Guide 50.1.3 SSH Client Configuration The following sections describe the SSH client configuration tasks. Set to perform the first-time authentication on the SSH server to be accessed Specifying the public key of the server Configuring the first-time authentication of the server I.
Page 751: Displaying And Debugging Ssh
50.1.5 SSH Server Configuration Example I. Network requirements As shown in Figure 50-3, a PC (SSH client) running SSH 2.0-enabled client software establishes a local connection with the switch (SSH server) to better guarantee the security of exchanged information. Operation...
Page 752 3Com Switch 8800 Configuration Guide II. Network diagram SSH client Figure 50-3 Network diagram for SSH server III. Configuration procedure Generate the RSA key. [SW8800] rsa local-key-pair create Note: If the configuration for generating the local key has already been completed, skip this step.
Page 753 You can use the default values for SSH authentication timeout and retries. After completing the above configurations, you can run the SSH 2.0-enabled client software on any other terminal connected with the switch and access the switch with the username client001 and password 3Com.
Page 754: Ssh Client Configuration Example
50.1.6 SSH Client Configuration Example I. Network requirements As shown in Figure 50-4: Switch A is used as an SSH client. Switch B is used as the SSH server, and the IP address is 10.165.87.136. II. Network diagram Switch B Switch B...
Page 755: Sftp Service
At the same time, since the switch can be used as a client, users can log in to remote devices to transfer files securely.
Page 756: Sftp Client Configuration
3Com Switch 8800 Configuration Guide Table 50-18 Configure the service type to be used Operation Configure the service type to be used Restore the default service type By default, the service type is telnet. II. Starting the SFTP server Perform the following configuration in system view.
Page 757 3Com Switch 8800 Configuration Guide Shut down the SFTP client SFTP directory operation SFTP file operation Command help on the client I. Starting the SFTP client Use this configuration task to start the SFTP client program, establish a connection with the remote SFTP server, and enter the SFTP client view.
Page 758 3Com Switch 8800 Configuration Guide Perform the following configuration in system view. Table 50-21 Start the SFTP client Operation Start the SFTP client II. Shutting down the SFTP client Use this configuration task to shut down the SFTP client program.
Page 759 3Com Switch 8800 Configuration Guide Operation directory Create a new directory on the server Delete a directory from the server Note: The dir command and the ls command have the same functionality. IV. SFTP file operations As shown in Table 50-24, available SFTP file operations include: change the name of a file, download a file, upload a file, display the list of files, and delete a file.
Page 760: Sftp Configuration Example
I. Network requirements As shown in Figure 50-5: Switch B is used as the SFTP server, and its IP address is 10.111.27.91; Switch B is used as the SFTP client; An SFTP user is configured with the username 8040 and password SW8800.
Page 761 3Com Switch 8800 Configuration Guide [SW8800-rsa-public-key] public-key-code begin [SW8800-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463 [SW8800-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913 [SW8800-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4 [SW8800-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC [SW8800-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16 [SW8800-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125 [SW8800-rsa-key-code] public-key-code end [SW8800-rsa-public-key] peer-public-key end [SW8800] ssh client 10.111.27.91 assign rsa-key 10.111.27.91 Establish the SSH connection between the client and the server.
Page 762 3Com Switch 8800 Configuration Guide -rwxrwxrwx 1 noone -rwxrwxrwx 1 noone drwxrwxrwx 1 noone -rwxrwxrwx 1 noone Create a new directory new1, and check if the new directory has been created successfully. sftp-client> mkdir new1 New path created sftp-client> dir...
Page 763 3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service sftp-client> Exit SFTP. sftp-client> quit <SW8800> 50-25...
Page 764: Chapter 51 Poe Configuration
The Switch 8800 supports IEEE802.3af standard. While they can also supply power to PDs noncompliant with the standard. The power supply of the Switch 8800 is administered by the Fabric; each PoE card on the switch can be viewed as a power sourcing equipment (PSE), which administers the power supplying of all the ports on it independently.
Page 765: External Pse4500-A Power System
1500 W. 51.2 PoE Configuration The Switch 8800 can automatically detect any connected device that needs a remote power supply and feeds power to this device. Depending on your actual network requirement, you can set the maximum PoE power totally supplied by the switch through the command line.
Page 766: Poe Configuration Tasks
3Com Switch 8800 Configuration Guide Table 51-1 PoE configuration tasks on the Switch 8800 Item Enter view Enter Ethernet port view Enable PoE on the port Set the maximum supplied by the port mode on the port priority port Display the PoE...
Page 767: Comprehensive Configuration Example
51.3 Comprehensive Configuration Example I. Network requirements Two PoE-capable cards are installed in slots 3 and 5 on a Switch 8800. GigabitEthernet3/1/1 through GigabitEthernet3/1/48 are connected with IP phones and GigabitEthernet5/1/1 through GigabitEthernet5/1/48 are connected with access point (AP) devices.
Page 768 3Com Switch 8800 Configuration Guide II. Network diagram Figure 51-1 PoE remote power supplying III. Configuration procedure Set the maximum power to 400 W on the card in slot 3. By default, the power of each card is full, so the power on the card in slot 5 need not be configured.
Page 769: Chapter 52 Poe Psu Supervision Configuration
Query PSU information such as voltage and power. 52.2 AC Input Alarm Thresholds Configuration You can set the AC input alarm thresholds for the PoE PSUs to enable the Switch 8800 to monitor the AC input voltages of the PSUs in real time through the PoE supervision module.
Page 770: Ac Input Alarm Thresholds Configuration Example
52.3 DC Output Alarm Thresholds Configuration You can set the DC output alarm thresholds for the PoE PSUs to enable the Switch 8800 to monitor the DC output voltages of the PSUs in real time through the PoE supervision module.
Page 771: Dc Output Alarm Thresholds Configuration Tasks
3Com Switch 8800 Configuration Guide 52.3.1 DC Output Alarm Thresholds Configuration Tasks Table 52-2 DC output alarm thresholds configuration tasks Enter system view Set the overvoltage alarm threshold of DC output (upper threshold) for the PoE PSUs Set the undervoltage alarm...
Page 772: Displaying Poe Supervision Information
52.4 Displaying PoE Supervision Information After completing the above configurations, you can execute the display command in any view to query the PoE state of the switch. Then you can view the display output to check the effect of these configurations.
Page 773 3Com Switch 8800 Configuration Guide II. Network diagram Figure 52-1 Network diagram for PoE supervision configuration III. Configuration procedure Enter system view. <SW8800> system-view Set the overvoltage alarm threshold of AC input for PoE PSUs to 264.0 V. [SW8800] poe-power input-thresh upper 264.0 Set the undervoltage alarm threshold of AC input for PoE PSUs to 181.0 V.

3Com 8800 Configuration Manual

Chapter 1 Product Overview

Chapter 2 Logging into Switch

Chapter 3 Command Line Interface

Chapter 4 User Interface Configuration

Chapter 5 Management Interface Configuration

Chapter 6 Ethernet Port Configuration

Chapter 7 Link Aggregation Configuration

Chapter 8 VLAN Configuration

Chapter 9 GARP/GVRP Configuration

Chapter 10 Super VLAN Configuration

Chapter 11 IP Address Configuration

Chapter 12 ARP Configuration

Chapter 13 DHCP Configuration

Chapter 14 DNS Configuration

Chapter 15 IP Performance Configuration

Chapter 16 IP Routing Protocol Overview

Chapter 17 Static Route Configuration

Chapter 18 RIP Configuration

Chapter 19 OSPF Configuration

Chapter 20 Integrated IS-IS Configuration

Chapter 21 BGP Configuration

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for 3Com 8800

Summary of Contents for 3Com 8800