3Com S7906E Configuration Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Switch
  5. S7906E - Switch
  6. Configuration manual
3Com S7906E Configuration Manual

3Com S7906E Configuration Manual

S7900e family release 6600 series
Hide thumbs Also See for S7906E:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

3Com S7900E Family

Configuration Guide

Release 6600 Series
S7910E
S7906E
S7906E-V
S7903E
S7903E-S
S7902E
Manual Version:
20091015-C-1.00
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertisement

Chapters

Table of Contents
loading

Related Manuals for 3Com S7906E

Summary of Contents for 3Com S7906E

  • Page 1: Configuration Guide

    3Com S7900E Family Configuration Guide Release 6600 Series S7910E S7906E S7906E-V S7903E S7903E-S S7902E Manual Version: 20091015-C-1.00 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
  • Page 2 Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.

  • Page 3: About This Manual

    About This Manual Organization 3Com S7900E Family Configuration Guide - Release 6600 Series is organized as follows: Volume Features 00-Product Includes Obtaining the Documentation, Product Features and Acronyms. Overview Service Loopback Ethernet Port Link Aggregation Port Isolation Group Loopback 01-Access...
  • Page 4 Optional alternative items are grouped in square brackets and [ x | y | ... ] * separated by vertical bars. Many or none can be selected. The argument(s) before the ampersand (&) sign can be entered 1 to n &<1-n> times.

  • Page 5: Related Documentation

    This guide provides all the information you need 3Com S7900E Family Getting Started Guide to install and use the 3Com S7900E Family. Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.

  • Page 6: Table Of Contents

    Table of Contents 1 Product Features ·······································································································································1-1 Introduction to Product ····························································································································1-1 Feature Lists ···········································································································································1-1 2 Features······················································································································································2-1 Access Volume ·······································································································································2-1 IP Services Volume·································································································································2-3 IP Routing Volume ··································································································································2-4 Multicast Volume·····································································································································2-6 MPLS Volume ·········································································································································2-8 QoS Volume··········································································································································2-10 Security Volume ····································································································································2-10 High Availability Volume························································································································2-12 System Volume ·····································································································································2-13...

  • Page 7: Product Features

    Product Features Introduction to Product The S7900E switch is a cost-effective Layer 3 switch with high capacity. It is designed to operate at the core layer of small and medium-sized networks, convergence layer of large enterprise networks, and convergence layer and access layer of the metropolitan area networks (MANs).
  • Page 8 Volume Features 06-QoS Volume User Profile 802.1X Portal Authentication 07-Security Port Security IP Source Guard SSH2.0 Public Key Volume ARP Attack URPF Protection Dual-SRPU VRRP Smart Link Monitor Link System 08-High Availability Connectivity Fault RRPP DLDP Ethernet OAM Volume Detection...

  • Page 9: Features

    Features The following sections provide an overview of the main features of each module supported by the S7900E series. Access Volume Table 2-1 Features in Access volume Features Description This document describes: Combo Port Configuration Management Ethernet Interface Configuration Basic Ethernet Port Configuration...
  • Page 10 Configuring a Loopback Interface Null Interface Introduction to Null Interface Configuring a Null 0 Interface MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP. This document describes: MSTP Introduction to STP/RSTP/MSTP Configuring MSTP...

  • Page 11: Ip Services Volume

    This document describes: Port Mirroring Introduction and configuration of Port Mirroring Introduction and configuration of Traffic Mirroring An S7900E switch installed with an OLT card can work as an EPON OLT. This document describes: Introduction to EPON System OLT Configuration...

  • Page 12: Ip Routing Volume

    Features Description Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4). This document describes: IPv6 overview IPv6 Basics Basic IPv6 functions configuration...
  • Page 13 IPv6 Static Routing simple IPv6 network environments. This document describes: IPv6 static route configuration RIP next generation (RIPng) is an extension of RIP-2 for IPv4. RIPng for IPv6 is IPv6 RIPng. This document describes: IPv6 RIPng Configuring RIPng Basic Functions...

  • Page 14: Multicast Volume

    Features Description OSPFv3 is OSPF version 3 for short, supporting IPv6 and compliant with RFC2740 (OSPF for IPv6). This document describes: Enabling OSPFv3 Configuring OSPFv3 Area Parameters IPv6 OSPFv3 Configuring OSPFv3 Network Types Configuring OSPFv3 Routing Information Control Tuning and Optimizing OSPFv3 Networks The IS-IS routing protocol supports multiple network protocols, including IPv6.
  • Page 15 Configuring MD VPN Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control. This document describes: Configuring Basic Functions of IGMP Snooping...

  • Page 16: Mpls Volume

    Features Description MLD is used by an IPv6 router or a Ethernet Switch to discover the presence of multicast listeners on directly-attached subnets. This document describes: Configuring Basic Functions of MLD Adjusting MLD Performance Configuring MLD SSM Mapping Configuring MLD Proxying IPv6 PIM discovers multicast source and delivers information to the receivers.
  • Page 17 Features Description MPLS integrates both Layer 2 fast switching and Layer 3 routing and forwarding, satisfying the networking requirements of various new applications. This document describes: MPLS Overview MPLS Basics MPLS Configuration Basics LDP Overview Configuring MPLS Basic Capability Configuring Static LSP Configuring MPLS LDP MPLS L2VPN provides Layer 2 VPN services on the MPLS network.

  • Page 18: Qos Volume

    Introduction to AAA, RADIUS and HWTACACS AAA configuration RADIUS configuration HWTACACS configuration IEEE 802.1X (hereinafter simplified as 802.1X) is a port-based network access control protocol that is used as the standard for LAN user access authentication. This document describes: 802.1X 802.1X overview 802.1X configuration 802.1X Guest-VLAN configuration...
  • Page 19 Configuring an SFTP Server Configuring an SFTP Client Public Key This document describes Public Key Configuration. An ACL is used for identifying traffic based on a series of preset matching criteria. This document describes: ACL overview and ACL types ACL configuration Currently, ARP attacks and viruses are threatening LAN security.

  • Page 20: High Availability Volume

    Configuring a Smart Link Device Configuring an Associated Device Monitor link is a port collaboration function used to enable a device to be aware of the up/down state change of the ports on an indirectly connected link. This document describes:...

  • Page 21: System Volume

    Features Description Ethernet OAM is a tool monitoring Layer-2 link status. It helps network administrators manage their networks effectively. This document describes: Ethernet OAM overview Ethernet OAM Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Introduction and configuration of Extended OAM...
  • Page 22 Enabling Expansion Memory Data Recovery Function on a board Identifying and diagnosing pluggable transceivers A major function of the file system is to manage storage devices, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file. This document...
  • Page 23 Configuring the Local Clock as a Reference Source Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication Hotfix is a fast, cost-effective method to fix software defects of the device without interrupting the running services. This document describes: Hotfix Overview Hotfix...

  • Page 24: Oaa Volume

    Intelligent Resilient Framework (IRF) allows you to build an IRF, namely a united device, by interconnecting multiple devices through IRF ports. You can manage all the devices in the IRF by managing the united device. This document describes: IRF Overview...
  • Page 25 Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing...
  • Page 26 Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative CCITT Committee Customer Edge Connectivity Fault Detection Configuration File Management CHAP Challenge Handshake Authentication Protocol CIDR...
  • Page 27 Designated Router DSCP Differentiated Services Codepoint Priority Digital Signal Processor Data Terminal Equipment Downstream Unsolicited Distance Vector Routing Algorithm DVMRP Distance Vector Multicast Routing Protocol DWDM Dense Wavelength Division Multiplexing Return EACL Enhanced ACL Endpoint Admission Defense Extensible Authentication Protocol...
  • Page 28 HQoS Hierarchical Quality of Service Hot Standby HTTP Hyper Text Transport Protocol H-VPLS Hiberarchy of VPLS HVRP Hierarchy VLAN Register Protocol HUAWEI Terminal Access Controller Access Control HWTACACS System Return Incoming Access IANA Internet Assigned Number Authority IBGP Internal BGP...
  • Page 29 Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping...
  • Page 30 Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base...
  • Page 31 Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP Multicast Source Discovery Protocol...
  • Page 32 Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance...
  • Page 33 802.1Q in 802.1Q Quality of Service QQIC Querier's Query Interval Code Querier's Robustness Variable Return Registration Authority RADIUS Remote Authentication Dial in User Service random-access memory Routing Domain Router Distinguisher Random Early Detection Request For comments Routing Information Protocol RIPng...
  • Page 34 Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol...
  • Page 35 SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree Return Terminal Adapter TACACS Terminal Access Controller Access Control System Time Division Multiplexing Transmission Control Protocol Traffic Engineering TEDB TE DataBase TFTP Trivial File Transfer Protocol...
  • Page 36 Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network...

  • Page 37: Manual Version

    Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups The port isolation feature allows you to isolate different ports within the same VLAN. This document describes: Port Isolation Introduction to Port Isolation...
  • Page 38 Configuring a Loopback Interface Null Interface Introduction to Null Interface Configuring a Null 0 Interface MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP. This document describes: MSTP Introduction to STP/RSTP/MSTP Configuring MSTP...
  • Page 39 This document describes: Port Mirroring Introduction and configuration of Port Mirroring Introduction and configuration of Traffic Mirroring An S7900E switch installed with an OLT card can work as an EPON OLT. This document describes: Introduction to EPON System OLT Configuration...
  • Page 40 Management Ethernet Interface Configuration ···············································································1-2 Basic Ethernet Port Configuration ···································································································1-2 Configuring Flow Control on Port ····································································································1-4 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Port················1-4 Configuring Loopback Testing on an Ethernet Port ········································································1-5 Configuring a Port Group·················································································································1-6 Configuring an Auto-negotiation Transmission Rate·······································································1-6 Configuring Storm Suppression ······································································································1-7...

  • Page 41: Ethernet Port Configuration

    A Combo port comprises an optical (fiber) port or an electrical (copper) port. The two ports share one forwarding port and thus they cannot work at the same time. If the electrical port is enabled, the optical port is disabled automatically and vice versa.

  • Page 42: Management Ethernet Interface Configuration

    For a Combo port, only one port (either the optical port or the electrical port) is active at a time. That is, once the optical port is active, the electrical port will be inactive automatically, and vice versa. You can use the display port combo command to display the Combo ports on the current device and the mappings between the optical and electrical ports.
  • Page 43 Similarly, if you configure the transmission rate for an Ethernet port by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a 100 Mbps or Gigabit Layer 2 Ethernet port, you can specify the transmission rate by its auto-negotiation capacity.

  • Page 44: Configuring Flow Control On Port

    Ethernet ports on the virtual LPUs correspond to the Ethernet ports on the SRPUs and the numbering rules for the ports are the same as those described earlier. If you want to configure the Ethernet ports on the SRPUs, you need to configure on the virtual LPUs For more information about SFP and XFP ports involved in this chapter, see 3Com S7900E Family Getting Started Guide.

  • Page 45: Configuring Loopback Testing On An Ethernet Port

    The link-delay mode up command and the link-delay command are mutually exclusive with each other on a port. When both commands are configured on a port, the one that is configured earlier is disabled. The link-delay command cannot take effect on ports that are manually disabled using the shutdown command.

  • Page 46: Configuring A Port Group

    A port group is created manually and the settings you made on it apply to all group member ports. Note that even though the settings are made on the port group, they are saved on a port basis rather than on a port group basis.

  • Page 47: Configuring Storm Suppression

    Ethernet port view or port group view. In port or port group view, you set the maximum broadcast, multicast or unknown unicast traffic allowed to pass through a port or each port in a port group. When the broadcast, multicast, or unknown unicast...

  • Page 48: Setting The Interval For Collecting Ethernet Port Statistics

    As for an Ethernet port belongs to a port group, if you set a storm suppression ratio for the port in both Ethernet port view and port group view, the one configured the last takes effect.

  • Page 49: Enabling Forwarding Of Jumbo Frames

    [ value ] bytes. If you set the value argument for ports of a port group in Ethernet port view or port-group view for multiple times, the latest configuration takes effect. Enabling Loopback Detection on an Ethernet Port If a port receives a packet that it sent out, a loop occurs.
  • Page 50 MAC address forwarding entry. When a loop is detected on a trunk port or a hybrid port, the device sends trap messages and log information to the terminal. If loopback detection control is also enabled on the port, the device operates on the port according to the pre-configured loopback detection actions, sends trap messages and log information to the terminals, and deletes the corresponding MAC address forwarding entry.

  • Page 51: Configuring The Mdi Mode For An Ethernet Port

    An Ethernet port is composed of eight pins. By default, each pin has its particular role. For example, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. You can change the pin roles through setting the MDI mode.

  • Page 52: Testing The Cable On An Ethernet Port

    Testing the Cable on an Ethernet Port The optical port of an SFP or XFP port does not support this feature. The support of other Ethernet ports for this feature depends on the device model. A link in the up state goes down and then up automatically if you perform the operation described in this section on one of the Ethernet ports forming the link.
  • Page 53 Thus, it is normal that a period longer than one statistic period is waited for a control action to happen if you enable the function while the packet storm is present. However, the action will be taken within two periods.

  • Page 54: Configuring The Connection Mode Of An Ethernet Port

    This feature is supported on the internal 10GE ports. When configuring an OAA application, to ensure the normal communication between the device and the OAP card, you need to set the connection mode of the 10 GE ports connecting the device and the card to extended.
  • Page 55 To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about display loopback-detection Available in any view...
  • Page 56 Enabling LinkUp/LinkDown Trap Generation for an Aggregate Interface ·····································1-10 Shutting Down an Aggregate Interface ·························································································1-10 Configuring Load Sharing for Link Aggregation Groups ·······································································1-11 Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups····························1-11 Configuring the Local-First Load Sharing Mechanism for Link Aggregation·································1-13 Displaying and Maintaining Link Aggregation·······················································································1-13 Link Aggregation Configuration Examples····························································································1-14...

  • Page 57: Link Aggregation Configuration

    Framework (IRF). Two S7900E series can be stacked together to form a distributed stacking device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed stacking device. For introduction of IRF, refer to IRF in the System Volume.
  • Page 58 Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.
  • Page 59 The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service. To prevent unconsidered change, a message warning of the hazard will be displayed when you attempt to change a class-two setting, upon which you can decide whether to continue your change operation.

  • Page 60: Link Aggregation Modes

    A port that joins the aggregation group after the limit on the number of selected ports has been reached will not be placed in the selected state even if it should be in normal cases. This can prevent the ongoing traffic on the current selected ports from being interrupted.

  • Page 61: Load Sharing Mode Of An Aggregation Group

    IDs on the end with the preferred system ID. The following is the detailed negotiation procedure: Compare the system ID (comprising the system LACP priority and the system MAC address) of the actor with that of the partner. The system with the lower LACP priority wins out. If they are the same, compare the system MAC addresses.

  • Page 62: Link Aggregation Configuration Task List

    To achieve better load sharing results for data traffic among the member ports of a link aggregation group, you are recommended to assign ports of the same type (such as all 100 Mbps ports or all GE ports and so on) to the link aggregation group.

  • Page 63: Configuring A Static Aggregation Group

    To guarantee a successful static aggregation, ensure that the ports at the two ends of each link to be aggregated are consistent in the selected/unselected state.

  • Page 64: Enabling Mac Address Table Synchronization For Cross-Card Aggregation

    One problem with cross-card link aggregation is that the outgoing port for a packet and the incoming port for the reply to the packet may reside on different cards. If this occurs, the outgoing port will never learn the source MAC address in the reply packet, and all subsequent packets to the same destination will be flooded as unknown unicast packets.

  • Page 65: Configuring An Aggregate Interface

    For example, if link aggregation is configured across an SA card and an SC or an EA card in bridging mode, or SC card and EA card in routing mode, you need to enable the function manually.

  • Page 66: Configuring The Description Of An Aggregate Interface

    Shutting Down an Aggregate Interface Shutting down or bringing up an aggregate interface affects the selected state of the ports in the corresponding aggregation group. When an aggregate interface is shut down, all selected ports in its aggregation group become unselected; when the aggregate interface is brought up, the selected state of the ports in the corresponding aggregation group is re-calculated.

  • Page 67: Configuring Load Sharing For Link Aggregation Groups

    You are recommended not to perform the undo shutdown and then shutdown commands on a member port of the aggregation group corresponding to an aggregate interface that is already shut down. Otherwise, when the member port is brought up, the selected state of the remote port will be affected.
  • Page 68 Combine a source IP address and a destination IP address, a source IP address and a source port number, a destination IP address and a destination port number, or a source MAC address and destination MAC address to form a hash key.

  • Page 69: Configuring The Local-First Load Sharing Mechanism For Link Aggregation

    Configuring the Local-First Load Sharing Mechanism for Link Aggregation In an IRF, if the egress port for packets that enter a device is an aggregate interface, and the member ports of the corresponding link aggregation group are located on the current device as well as on other member devices of the IRF, the packets will be load-shared among the link aggregation member ports on the current member device only.

  • Page 70: Link Aggregation Configuration Examples

    Link Aggregation Configuration Examples In an aggregation group, the port to be a selected port must be the same as the reference port in port attributes, and class-two configurations. To keep these configurations consistent, you should configure the port manually.

  • Page 71: Layer 2 Dynamic Aggregation Configuration Example

    Figure 1-3 Network diagram for Layer 2 dynamic aggregation Configuration procedure Configure Device A # Configure the device to perform load sharing based on source and destination MAC addresses for link aggregation groups. <DeviceA> system-view [DeviceA] link-aggregation load-sharing mode source-mac destination-mac # Create a Layer 2 aggregate interface Bridge-Aggregation 1 and configure the interface to work in dynamic aggregation mode.

  • Page 72: Layer 2 Aggregation Load Sharing Mode Configuration Example

    2/0/1 through GigabitEthernet 2/0/4. Configure the global load sharing mode and aggregation group-specific load sharing mode to enable aggregation group 1 to use source MAC-based load sharing mode and aggregation group 2 to use destination MAC-based load sharing mode. Figure 1-4 Network diagram for Layer 2 aggregation load sharing mode configuration...
  • Page 73 [DeviceA] interface gigabitethernet 2/0/2 [DeviceA-GigabitEthernet2/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet2/0/2] quit # Create a Layer 2 aggregate interface Bridge-Aggregation 2 and configure the load sharing mode of aggregation group 2 as the destination MAC-based load sharing mode. [DeviceA] interface bridge-aggregation 2...
  • Page 74 Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group ··············································································································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...

  • Page 75: Port Isolation Configuration

    You can neither remove the isolation group nor create other isolation groups on such devices. Layer 2 traffic can be exchanged between a port inside an isolation group and a port outside the isolation group, but not between ports inside the isolation group.

  • Page 76: Displaying And Maintaining Isolation Groups

    Device is connected to the Internet through GigabitEthernet 2/0/4. GigabitEthernet 2/0/2, GigabitEthernet 2/0/3, and GigabitEthernet 2/0/4 belong to VLAN 2 and GigabitEthernet 2/0/1 carries VLAN 2. It is required that Host A, Host B, and Host C can access the Internet while being isolated from one another.

  • Page 77: Configuration Procedure

    Figure 1-1 Networking diagram for port isolation configuration Configuration procedure # Add ports GigabitEthernet 2/0/1, GigabitEthernet 2/0/2 and GigabitEthernet 2/0/3 to the isolation group. <Device> system-view [Device] interface gigabitethernet 2/0/1 [Device-Gigabitethernet2/0/1] port-isolate enable [Device-Gigabitethernet2/0/1] quit [Device] interface gigabitethernet 2/0/2 [Device-Gigabitethernet2/0/2] port-isolate enable...
  • Page 78 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...

  • Page 79: Service Loopback Group Configuration

    Thus, when a service board receives traffic not intended for it, the board can redirect the traffic to the intended destination. For example, when an IPv4 service board receives IPv6 traffic, the service loopback port can send the IPv6 traffic to the IPv6 service board of the device.

  • Page 80: States Of The Ports In A Service Loopback Group

    The system follows the preemption principle when setting port state in a service loopback group. If the port you are assigning to a service loopback group can be set to selected state, the system will do that, even if this can cause an existing selected port to transit to unselected.

  • Page 81: Displaying And Maintaining Service Loopback Groups

    Link Aggregation Configuration in the Access Volume. You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type;...
  • Page 82 [DeviceA] interface tunnel 1 [DeviceA-Tunnel1] service-loopback-group 1...
  • Page 83 Table of Contents 1 Loopback Interface and Null Interface Configuration············································································1-1 Loopback Interface··································································································································1-1 Introduction to Loopback Interface ··································································································1-1 Configuring a Loopback Interface ···································································································1-1 Null Interface ···········································································································································1-2 Introduction to Null Interface ···········································································································1-2 Configuring Null 0 Interface·············································································································1-2 Displaying and Maintaining Loopback and Null Interfaces ·····································································1-3...

  • Page 84: Loopback Interface

    Note that, when a loopback interface is used for source address binding (that is, assigning an IP address to this loopback interface), make sure that the route from the loopback interface to the peer is reachable;...

  • Page 85: Null Interface

    A null interface is a completely software-based logical interface. A null interface is always up. However, you can neither use it to forward data packets nor configure an IP address or link layer protocol on it. With a null interface specified as the next hop of a static route to a specific network segment, any packets routed to the network segment are dropped.

  • Page 86: Displaying And Maintaining Loopback And Null Interfaces

    Set a description for the null description text interface is the interface name interface followed by the “Interface” string. Displaying and Maintaining Loopback and Null Interfaces To do… Use the command… Remarks Display information about display interface loopback Available in any view...
  • Page 87 MSTP Configuration Task List ··············································································································1-15 Configuring MSTP·································································································································1-17 Configuring an MST Region ··········································································································1-17 Configuring the Root Bridge or a Secondary Root Bridge ····························································1-18 Configuring the Work Mode of an MSTP Device ··········································································1-19 Configuring the Priority of a Device·······························································································1-19 Configuring the Maximum Hops of an MST Region······································································1-20 Configuring the Network Diameter of a Switched Network ···························································1-20...

  • Page 88: Mstp Configuration

    Introduction to STP Why STP STP was developed based on the 802.1d standard of IEEE to eliminate loops at the data link layer in a local area network (LAN). Devices running this protocol detect loops in the network by exchanging information with one another and eliminate loops by selectively blocking certain ports to prune the loop structure into a loop-free tree structure.

  • Page 89: Basic Concepts In Stp

    A tree network must have a root; hence the concept of root bridge was introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology. Therefore, the root bridge is not fixed.

  • Page 90: How Stp Works

    BPDU include: Root bridge ID: consisting of the priority and MAC address of the root bridge. Root path cost: the cost of the path to the root bridge denoted by the root identifier from the transmitting bridge.
  • Page 91 Upon initialization of a device, each port generates a BPDU with itself as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the local port. Selection of the optimum configuration BPDU Each device sends out its configuration BPDU and receives configuration BPDUs from other devices.
  • Page 92 The following is an example of how the STP algorithm works. As shown in Figure 1-2, assume that the priority of Device A is 0, the priority of Device B is 1, the priority of Device C is 2, and the path costs of these links are 5, 10 and 4 respectively.
  • Page 93 Port AP2 receives the configuration BPDU of Device C {2, 0, AP1: {0, 0, 0, AP1} 2, CP1}. Device A finds that the BPDU of the local port {0, 0, 0, Device A AP2} is superior to the received configuration BPDU, and AP2: {0, 0, 0, AP2} therefore discards the received configuration BPDU.
  • Page 94 Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.
  • Page 95 Device B to Device C going down. After the comparison processes described in the table above, a spanning tree with Device A as the root bridge is established as shown in Figure 1-3.

  • Page 96: Introduction To Rstp

    A path failure can cause spanning tree re-calculation to adapt the spanning tree structure to the change. However, the resulting new configuration BPDU cannot propagate throughout the network immediately. If the newly elected root ports and designated ports start to forward data right away, a temporary loop is likely to occur.

  • Page 97: Introduction To Mstp

    STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.

  • Page 98: Basic Concepts In Mstp

    The same VLAN-to-instance mapping configuration (VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to the common and internal spanning tree (CIST, that is, MSTI 0), and The same MSTP revision level (not shown in the figure).
  • Page 99 1-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
  • Page 100 MST region to the common root bridge. If the region is seen as a node, the master port is the root port of the region on the CST. The master port is a root port on IST/CIST and still a master port on the other MSTIs.

  • Page 101: How Mstp Works

    A port state is not exclusively associated with a port role. Table 1-6 lists the port state(s) supported by each port role (“√” indicates that the port supports this state, while “—“ indicates that the port does not support this state). Table 1-6 Port states supported by different port roles...

  • Page 102: Implementation Of Mstp On Devices

    Before configuring MSTP, you need to know the role of each device in each MSTI: root bridge or leave node. In each MSTI, one, and only one device acts as the root bridge, while all others as leaf nodes. Complete these tasks to configure MSTP:...
  • Page 103 CIST. Therefore, if you wish to advertise a certain VLAN within the network through GVRP in this case, make sure that this VLAN is mapped to the CIST (MSTI 0) when you configure the VLAN-to-instance mapping table. For the detailed information of GVRP, refer to GVRP Configuration of the Access Volume.

  • Page 104: Configuring Mstp

    An S7900E switch installed with an OLT card can work as an EPON OLT. In this case, you can remote configure STP/RSTP/MSTP for ONUs in ONU port view to remove loops between attached ONUs, and you can also remotely configure RSTP for UNIs on an ONU to remove loops between UNIs and terminal users.

  • Page 105: Configuring The Root Bridge Or A Secondary Root Bridge

    There is only one root bridge in effect in a spanning tree instance. If two or more devices have been designated to be root bridges of the same spanning tree instance, MSTP will select the device with the lowest MAC address as the root bridge.

  • Page 106: Configuring The Work Mode Of An Mstp Device

    Configuring the Priority of a Device Device priorities participate in spanning tree calculation. The priority of a device determines whether it can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. By setting 1-19...

  • Page 107: Configuring The Maximum Hops Of An Mst Region

    An MSTP-enabled device can have different priorities in different MSTIs. Make this configuration on the root bridge only.

  • Page 108: Configuring Timers Of Mstp

    Forward delay is the delay time for port state transition. This is to ensure that the state transition of the local port and that of the peer occur in a synchronized manner.

  • Page 109: Configuring The Timeout Factor

    We recommend that you use the default setting.

  • Page 110: Configuring The Maximum Port Rate

    The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time. The maximum rate of a port is related to the physical status of the port and the network structure.

  • Page 111: Configuring Path Costs Of Ports

    Configuring Path Costs of Ports Path cost is a parameter related to the rate of a port. On an MSTP-enabled device, a port can have different path costs in different MSTIs. Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links, thus achieving VLAN-based load balancing.
  • Page 112 802.1t does. The calculation formula of 802.1t is: Path Cost = 200,000,000/link speed (in 100 kbps), where link speed is the sum of the link speed values of the non-blocked ports in the aggregation group.

  • Page 113: Configuring Port Priority

    The priority of a port is an important factor in determining whether the port can be elected as the root port of a device. If all other conditions are the same, the port with the highest priority will be elected as the root port.

  • Page 114: Configuring The Link Type Of Ports

    Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.

  • Page 115: Enabling The Output Of Port State Transition Information

    Make this configuration on the root bridge and on the leaf nodes separately. Follow these steps to configure the MSTP packet format to be supported on a port or a group of ports: To do...

  • Page 116: Enabling The Mstp Feature

    To control MSTP flexibly, you can use the undo stp enable command to disable the MSTP feature for certain ports so that they will not take part in spanning tree calculation and thus to save the CPU resources of the device.

  • Page 117: Configuring Digest Snooping

    By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...
  • Page 118 MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest. Follow these steps to configure Digest Snooping: To do...

  • Page 119: Configuring No Agreement Check

    Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.
  • Page 120 As a result, the designated port of the upstream device fails to transit rapidly and can only change to the forwarding state after a period twice the Forward Delay. In this case, you can enable the No Agreement Check feature on the downstream device’s port to enable the designated port of the upstream device to transit its state rapidly.

  • Page 121: Configuring Protection Functions

    Configuring Protection Functions An MSTP-enabled device supports the following protection functions: BPDU guard Root guard Loop guard TC-BPDU guard Among loop guard, root guard and edge port settings, only one function can take effect on a port at the same time. 1-34...
  • Page 122 To prevent this situation from happening, MSTP provides the root guard function. If the root guard function is enabled on a port of a root bridge, this port will keep playing the role of designated port on all MSTIs. Once this port receives a configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state in the MSTI, without forwarding the packet (this is equivalent to disconnecting the link connected with this port in the MSTI).
  • Page 123 The loop guard function can suppress the occurrence of such loops. With loop guard enabled on a port, all instances on it are in the discarding state initially. Upon receiving BPDUs, it can transition its role normally; if receiving no BPDU, it stays in the discarding state, thus avoiding loops.

  • Page 124: Remotely Configuring Mstp For An Onu

    Remotely Configuring MSTP for an ONU An S7900E switch installed with an OLT card can work as an EPON OLT. In this case, you can remotely configure MSTP for an ONU attached to the OLT in ONU port view, as shown in the table below.
  • Page 125 When STP is enabled globally on an OLT switch, you must enable STP on all ONUs. STP runs normally only when all attached ONUs are 3Com ONUs. STP configurations in the system view of the OLT switch take effect on all attached ONUs.

  • Page 126: Displaying And Maintaining Mstp

    VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN 40 is terminated on the access layer devices, so the root bridges of MSTI 1 and MSTI 3 are Device A and Device B respectively, while the root bridge of MSTI 4 is Device C.
  • Page 127 Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D; configure the ports on these devices as trunk ports and assign them to related VLANs. The detailed configuration procedure is omitted.
  • Page 128 # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
  • Page 129 # Enable MSTP globally. [DeviceD] stp enable Verifying the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A.
  • Page 130 GigabitEthernet2/0/2 ALTE DISCARDING NONE GigabitEthernet2/0/3 ROOT FORWARDING NONE Based on the above information, you can draw the MSTI corresponding to each VLAN, as shown in Figure 1-11. Figure 1-11 MSTIs corresponding to different VLANs 1-43...
  • Page 131 Setting LLDP Operating Mode ········································································································1-7 Setting the LLDP Re-Initialization Delay ·························································································1-8 Enabling LLDP Polling·····················································································································1-8 Configuring the TLVs to Be Advertised ···························································································1-8 Configuring the Management Address and Its Encoding Format ···················································1-9 Setting Other LLDP Parameters····································································································1-10 Setting an Encapsulation Format for LLDPDUs············································································1-10 Configuring CDP Compatibility ·············································································································1-11 Configuration Prerequisites ···········································································································1-11...

  • Page 132: Lldp Configuration

    With LLDP, a device sends local device information (including its major functions, management IP address, device ID, and port ID) as TLV (type, length, and value) triplets in LLDPDUs to the directly connected devices, and at the same time, stores the device information received in LLDPDUs sent from the LLDP neighbors in a standard management information base (MIB).
  • Page 133 The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port. If the port does not have a Source MAC address MAC address, the MAC address of the sending bridge is used.
  • Page 134 Figure 1-3 An LLDPDU An LLDPDU can carry up to 28 types of TLVs, of which the chassis ID TLV, port ID TLV, TTL TLV, and end of LLDPDU TLV (end TLV in the figure) are mandatory TLVs that must be carried and other TLVs are optional.
  • Page 135 VLAN Name A specific VLAN name on the port Protocol Identity Protocols supported on the port Currently, 3Com Switches S7900E support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 1-5 IEEE 802.3 organizationally specific TLVs Type...

  • Page 136: Operating Modes Of Lldp

    The Power Stateful Control TLV is defined in IEEE P802.3at D1.0. The later versions no longer support this TLV. H3C devices send this type of TLVs only after receiving them. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management.

  • Page 137: How Lldp Works

    If valid, the information is saved and an aging timer is set for it based on the time to live (TTL) TLV carried in the LLDPDU. If the TTL TLV is zero, the information is aged out immediately.

  • Page 138: Performing Basic Lldp Configuration

    Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do…...

  • Page 139: Setting The Lldp Re-Initialization Delay

    TxRx by default. Setting the LLDP Re-Initialization Delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port.

  • Page 140: Configuring The Management Address And Its Encoding Format

    Follow these steps to configure a management address to be advertised and its encoding format on one or a group of ports: To do…...

  • Page 141: Setting Other Lldp Parameters

    You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier. The TTL is expressed as follows: TTL = Min (65535, (TTL multiplier ×...

  • Page 142: Configuring Cdp Compatibility

    As your LLDP-enabled device cannot recognize CDP packets, it does not respond to the requests of Cisco IP phones for the voice VLAN ID configured on the device. This can cause a requesting Cisco IP phone to send voice traffic without any tag to your device, disabling your device to differentiate the voice traffic from other types of traffic.

  • Page 143: Configuring Cdp Compatibility

    As the maximum TTL allowed by CDP is 255 seconds, ensure that the product of the TTL multiplier and the LLDPDU transmit interval is less than 255 seconds for CDP-compatible LLDP to work properly with Cisco IP phones.

  • Page 144: Displaying And Maintaining Lldp

    Switch B are connected to GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 of Switch A. Enable LLDP on the ports of Switch A and Switch B to monitor the link between Switch A and Switch B and the link between Switch A and the MED device on the NMS.
  • Page 145 # Enable LLDP globally. <SwitchB> system-view [SwitchB] lldp enable # Enable LLDP on GigabitEthernet2/0/1 (you can skip this step because LLDP is enabled on ports by default), setting the LLDP operating mode to Tx. [SwitchB] interface gigabitethernet2/0/1 [SwitchB-GigabitEthernet2/0/1] lldp enable...
  • Page 146 GigabitEthernet 2/0/2 of Switch A connects a non-MED device. Both ports operate in Rx mode, that is, they only receive LLDP frames. # Tear down the link between Switch A and Switch B and then display the global LLDP status and port LLDP status on Switch A.

  • Page 147: Cdp-Compatible Lldp Configuration Example

    GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 of Switch A are each connected to a Cisco IP phone. Configure voice VLAN 2 on Switch A. Enable CDP compatibility of LLDP on Switch A to allow the Cisco IP phones to automatically configure the voice VLAN, thus confining their voice traffic within the voice VLAN to be isolated from other types of traffic.
  • Page 148 [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2.
  • Page 149 4 Voice VLAN Configuration························································································································4-1 Overview ·················································································································································4-1 Voice VLAN Assignment Modes ·····································································································4-2 Security Mode and Normal Mode of Voice VLANs ·········································································4-3 Configuring a Voice VLAN ······················································································································4-4 Configuration Prerequisites ·············································································································4-4 Setting a Port to Operate in Automatic Voice VLAN Assignment Mode ·········································4-4...
  • Page 150 Configuring the Priority Trust Setting for Voice VLAN Traffic on an Interface ································4-5 Setting a Port to Operate in Manual Voice VLAN Assignment Mode ·············································4-6 Displaying and Maintaining Voice VLAN·································································································4-7 Voice VLAN Configuration Examples ·····································································································4-7 Automatic Voice VLAN Mode Configuration Example ····································································4-7...

  • Page 151: Vlan Configuration

    The idea is to break a LAN down into separate VLANs, that is, Layer 2 broadcast domains whereby frames are switched between ports assigned to the same VLAN. VLANs are isolated from each other at Layer 2. A VLAN is a bridging domain, and all broadcast traffic is contained within it, as shown in Figure 1-1.

  • Page 152: Vlan Fundamentals

    The filed is 0 by default. The 12-bit VLAN ID field identifies the VLAN the frame belongs to. The VLAN ID range is 0 to 4095. As 0 and 4095 are reserved by the protocol, a VLAN ID actually ranges from 1 to 4094.

  • Page 153: Types Of Vlan

    This chapter covers port-based VLAN, MAC-based VLAN, protocol-based VLAN, and IP-based VLAN. You can configure the four types of VLANs on a port at the same time. When determining to which VLAN a packet passing through the port should be assigned, the device looks up the VLANs in the default order of MAC-based VLANs, IP-based VLANs, protocol-based VLANs, and port-based VLANs.

  • Page 154: Configuring Basic Settings Of A Vlan Interface

    For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from that of the VLAN.

  • Page 155: Port-Based Vlan Configuration

    Default VLAN By default, VLAN 1 is the default VLAN for all ports. You can configure the default VLAN for a port as required. Use the following guidelines when configuring the default VLAN on a port: Because an access port can join only one VLAN, its default VLAN is the VLAN to which it belongs and cannot be configured.

  • Page 156: Assigning An Access Port To A Vlan

    Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. For information about voice VLAN, refer to Voice VLAN Configuration. You are recommended to set the same default VLAN ID for the local and remote ports.
  • Page 157 In VLAN view, you only assign the access ports to the current VLAN. In interface or port group view Follow these steps to assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do…...

  • Page 158: Assigning A Trunk Port To A Vlan

    If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

  • Page 159: Assigning A Hybrid Port To A Vlan

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. After configuring the default VLAN for a trunk port, you must use the port trunk permit vlan command to configure the trunk port to allow packets from the default VLAN to pass through, so that the egress port can forward packets from the default VLAN.

  • Page 160: Mac-Based Vlan Configuration

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. After configuring the default VLAN for a hybrid port, you must use the port hybrid vlan command to configure the hybrid port to allow packets from the default VLAN to pass through, so that the egress port can forward packets from the default VLAN.

  • Page 161: Dynamically Assigning Ports To Vlans Based On Mac Addresses

    Dynamically Assigning Ports to VLANs Based on MAC Addresses After a port on a device receives a packet with an unknown source MAC address, the device checks the list of MAC address-to-VLAN mappings for a match. If a match is found, the device dynamically learns the MAC address and assigns the receiving port to the corresponding VLAN.

  • Page 162: Protocol-Based Vlan Configuration

    Introduction to Protocol-Based VLAN Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT).

  • Page 163: Configuring A Protocol-Based Vlan

    If the port permits the VLAN ID of the packet to pass through, the port forwards the packet. If the port does not permit the VLAN ID of the packet to pass through, the port drops the packet. This feature is mainly used to assign packets of the specific service type to a specific VLAN.

  • Page 164: Ip Subnet-Based Vlan Configuration

    If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

  • Page 165: Displaying And Maintaining Vlan

    If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port. Displaying and Maintaining VLAN To do...

  • Page 166: Vlan Configuration Example

    Clear statistics on a port Available in user view interface-number The reset counters interface command can be used to clear statistics on a VLAN interface. For more information, refer to Ethernet Interface Commands in the Access Volume. VLAN Configuration Example Network requirements Device A connects to Device B through a trunk port GigabitEthernet 2/0/1;...
  • Page 167 Configure Device B as you configure Device A. Verification Verifying the configuration on Device A is similar to that of Device B. So only Device A is taken for example here. # Display the information about GigabitEthernet 2/0/1 of Device A to verify the above configurations.
  • Page 168 The port (GigabitEthernet 2/0/1) is a trunk port. The default VLAN of the port is VLAN 100. The port permits packets of VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. Therefore, the configuration is successful.

  • Page 169: Super Vlan Configuration

    VLAN and assign an IP address for the VLAN interface. However, you cannot create a VLAN interface for a sub-VLAN. You cannot assign a physical port to a super VLAN, however, you can assign a physical port to a sub-VLAN. All ports of a sub-VLAN use the VLAN interface IP address of the associated super VLAN.

  • Page 170: Displaying And Maintaining Super Vlan

    Disabled by default The VLAN interface IP address in the above table is the IP address of the associated super VLAN. For more information about the local-proxy-arp enable command and the local proxy ARP function, refer to ARP Commands and ARP Configuration in the IP Services Volume.
  • Page 171 # Create VLAN 5, and assign GigabitEthernet 2/0/5 and GigabitEthernet 2/0/6 to it. [Sysname-vlan3] quit [Sysname] vlan 5 [Sysname-vlan5] port gigabitethernet 2/0/5 gigabitethernet 2/0/6 # Configure VLAN 10 as the super VLAN, and configure VLAN 2, VLAN 3, and VLAN 5 as its sub-VLANs. [Sysname-vlan5] quit [Sysname] vlan 10...
  • Page 172 SuperVLAN ID : SubVLAN ID : 2 3 5 VLAN ID: 10 VLAN Type: static It is a Super VLAN. Route Interface: not configured Description: VLAN 0010 Name: VLAN 0010 Tagged Ports: none Untagged Ports: none VLAN ID: 2 VLAN Type: static It is a Sub VLAN.

  • Page 173: Isolate-User-Vlan Configuration

    VLANs, network configuration is simplified and VLAN resources are saved. You can isolate the Layer 2 traffic of different users by assigning the ports connected to them to different secondary VLANs. To enable communication between secondary VLANs associated with the same isolate-user-VLAN, you can enable local proxy ARP on the upstream device to realize Layer 3 communication between the secondary VLANs.
  • Page 174 Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN;...

  • Page 175: Displaying And Maintaining Isolate-User-Vlan

    After associating an isolate-user-VLAN with the specified secondary VLANs, you cannot add/remove a access port to/from each involved VLAN or remove each involved VLAN. To do that, you must cancel the association first. Displaying and Maintaining Isolate-User-VLAN To do... Use the command...
  • Page 176 [DeviceB-vlan3] port gigabitethernet 2/0/1 [DeviceB-vlan3] quit [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 2/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6...
  • Page 177 GigabitEthernet2/0/1 GigabitEthernet2/0/2 GigabitEthernet2/0/5 VLAN ID: 2 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0002 Name: VLAN 0002 Tagged Ports: none Untagged Ports: GigabitEthernet2/0/2 GigabitEthernet2/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary...

  • Page 178: Voice Vlan Configuration

    A voice VLAN is configured specially for voice traffic. After assigning the ports connecting to voice devices to a voice VLAN, you can configure quality of service (QoS) parameters for the voice traffic, thus improving transmission priority and ensuring voice quality.

  • Page 179: Voice Vlan Assignment Modes

    In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.

  • Page 180: Security Mode And Normal Mode Of Voice Vlans

    VLAN of the connecting port as the voice VLAN. In this case 802.1X authentication function cannot be realized. The default VLANs for all ports are VLAN 1. You can configure the default VLAN of a port and configure a port to permit a certain VLAN to pass through with commands. For more information,...

  • Page 181: Configuring A Voice Vlan

    OUI addresses can pass through the voice VLAN-enabled inbound port, while all other packets are dropped. In a safe network, you can configure the voice VLANs to operate in normal mode, thus reducing the consumption of system resources due to source MAC addresses checking. It is recommended not to transmit both voice packets and non-voice packets in a voice VLAN.

  • Page 182: Configuring The Priority Trust Setting For Voice Vlan Traffic On An Interface

    A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN. For more information, refer to Protocol-Based VLAN Configuration.

  • Page 183: Setting A Port To Operate In Manual Voice Vlan Assignment Mode

    VLAN traffic Configure the QoS priority trust mode and priority settings for voice VLAN traffic on an interface before enabling voice VLAN on the interface. If the configuration order is reversed, your priority trust setting will fail.

  • Page 184: Displaying And Maintaining Voice Vlan

    Voice VLAN cannot be enabled on a port with Link Aggregation Control Protocol (LACP) enabled. To make voice VLAN take effect on a port that is enabled with voice VLAN and operates in manual voice VLAN assignment mode, you need to assign the port to the voice VLAN manually.
  • Page 185 Device A uses voice VLAN 2 to transmit voice packets for IP phone A and voice VLAN 3 to transmit voice packets for IP phone B. Configure GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 to work in automatic voice VLAN assignment mode. In addition, if one of them has not received any voice packet in 30 minutes, the port is removed from the corresponding voice VLAN automatically.

  • Page 186: Manual Voice Vlan Assignment Mode Configuration Example

    Manual Voice VLAN Assignment Mode Configuration Example Network requirements Create VLAN 2 and configure it as a voice VLAN permitting only voice traffic to pass through. The IP phones send untagged voice traffic. Configure GigabitEthernet 2/0/1 as a hybrid port.
  • Page 187 Figure 4-2 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 0011-2200-0000.
  • Page 188 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 128 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes...
  • Page 189 Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-4 Protocols and Standards ·················································································································1-4 Configuring GVRP···································································································································1-4 Configuring GVRP Functions ··········································································································1-4 Configuring GARP Timers ···············································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8...

  • Page 190: Gvrp Configuration

    GARP itself does not exist on a device as an entity. GARP-compliant participants are known as GARP applications. One example is GVRP. When a GARP participant is present on a port on your device, the port is regarded as a GARP participant.
  • Page 191 LeaveAll timer starts again. The settings of GARP timers apply to all GARP applications, such as GVRP, on a LAN. Unlike other three timers, which are set on a port basis, the LeaveAll timer is set in system view and takes effect globally.
  • Page 192 Figure 1-1 GARP message format Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message –– an attribute type and an attribute list...

  • Page 193: Gvrp

    VLAN registration information from other devices to its local database about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.

  • Page 194: Configuring Garp Timers

    GVRP is mutually exclusive with service loopback. In an MSTP network, GVRP can run on only the CIST. In addition, blocked ports on the CIST cannot receive/send GVRP packets. If both GVRP and remote port mirroring are used, GVRP may register the remote probe VLAN to unexpected ports, resulting in undesired duplicates to be received by the monitor port.

  • Page 195: Displaying And Maintaining Gvrp

    When configuring GARP timers, note that their values are dependent on each other and must be a multiple of five centiseconds. If the value range for a timer is not desired, you may change it by tuning the value of another related timer as shown in the following table:...

  • Page 196: Gvrp Configuration Examples

    Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 2/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceA] interface GigabitEthernet 2/0/1 [DeviceA-GigabitEthernet2/0/1] port link-type trunk [DeviceA-GigabitEthernet2/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 2/0/1, the trunk port.

  • Page 197: Gvrp Configuration Example Ii

    Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 2/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface GigabitEthernet 2/0/1 [DeviceB-GigabitEthernet2/0/1] port link-type trunk [DeviceB-GigabitEthernet2/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 2/0/1, the trunk port.

  • Page 198: Gvrp Configuration Example Iii

    # Configure port GigabitEthernet 2/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceA] interface GigabitEthernet 2/0/1 [DeviceA-GigabitEthernet2/0/1] port link-type trunk [DeviceA-GigabitEthernet2/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 2/0/1. [DeviceA-GigabitEthernet2/0/1] gvrp # Set the GVRP registration type to fixed on the port.
  • Page 199 Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 2/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceA] interface GigabitEthernet 2/0/1 [DeviceA-GigabitEthernet2/0/1] port link-type trunk [DeviceA-GigabitEthernet2/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 2/0/1.
  • Page 200 [DeviceB] display vlan dynamic No dynamic vlans exist! 1-11...
  • Page 201 Background and Benefits ················································································································1-1 How QinQ Works·····························································································································1-2 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modification of the TPID Value in VLAN Tags·················································································1-3 Configuring Outer VLAN Tag Priority ······························································································1-5 Protocols and Standards ·················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring VLAN Transparent Transmission·················································································1-6...

  • Page 202: Qinq Configuration

    Background and Benefits In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs. As a result, a device can support a maximum of 4094 VLANs. This is far from enough for isolating users in actual networks, especially in metropolitan area networks (MANs).

  • Page 203: How Qinq Works

    The devices in the public network forward a frame only according to its outer VLAN tag and learn its source MAC address into the MAC address table of the outer VLAN. The inner VLAN tag of the frame is transmitted as the payload.

  • Page 204: Implementations Of Qinq

    Modification of the TPID Value in VLAN Tags A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value of this field, as defined in IEEE 802.1Q, is 0x8100.
  • Page 205 The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To avoid problems in packet forwarding and handling in the network, you cannot set the TPID value to any of the values in the table below.

  • Page 206: Configuring Outer Vlan Tag Priority

    By default, when tagging a tagged frame, the S7900E series Ethernet switches copy the priority carried in the inner VLAN tag to the outer VLAN tag of the frame and uses the priority as the transmission priority of the frame in the service provider network. When there are a large number of users connected to the switch and many types of packets, the packet priority you configured may conflict with the data transmission policy in the service provider network.

  • Page 207: Configuring Vlan Transparent Transmission

    Configuration in the Access Volume. Configuring VLAN Transparent Transmission When basic QinQ is enabled on a port, all packets passing through the port will be tagged with the port’s default VLAN tag. However, by configuring the VLAN transparent transmission function on a port, you...

  • Page 208: Configuring Selective Qinq

    VLAN to pass through. For VLANs whose packets are to be transparently transmitted through a port, do not configure VLAN mapping for them on the port. For information about VLAN mapping, refer to VLAN Mapping in the Access Volume.

  • Page 209: Configuring The Tpid Of A Vlan Tag

    Before enabling selective QinQ on a port, enable basic QinQ on the port first. Selective QinQ enjoys higher priority than basic QinQ. Therefore, a received frame will be tagged with an outer VLAN ID based on basic QinQ only after it fails to match the match criteria defined in the traffic class.

  • Page 210: Configure Outer Vlan Tag Priority

    Configure the TPID in the Optional qinq ethernet-type service-tag service provider network hex-value 0x8100 by default VLAN tags Configure Outer VLAN Tag Priority Following these steps to configure outer VLAN tag priority: To do... Use the command... Remarks — Enter system view system-view Required...

  • Page 211: Qinq Configuration Example

    VLAN 20 of Customer A and Customer C can intercommunicate across VLAN 2000 on the public network. Frames of the VLANs other than VLAN 20 of Customer A can be forwarded to Customer D across VLAN 3000 on the public network.
  • Page 212 # Enter system view. <ProviderA> system-view Configuration on GigabitEthernet 2/0/1 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface gigabitethernet 2/0/1...
  • Page 213 # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-GigabitEthernet2/0/2] qinq enable [ProviderA-GigabitEthernet2/0/2] quit Configuration on GigabitEthernet 2/0/3. # Configure the port as a trunk port, and permit frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass. [ProviderA] interface gigabitethernet 2/0/3 [ProviderA-GigabitEthernet2/0/3] port link-type trunk...
  • Page 214 Configuration on GigabitEthernet 2/0/1 # Configure the port as a trunk port, and permit frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass. <ProviderB> system-view [ProviderB] interface gigabitethernet 2/0/1 [ProviderB-GigabitEthernet2/0/1] port link-type trunk [ProviderB-GigabitEthernet2/0/1] port trunk permit vlan 1000 2000 3000 # To enable interoperability with the third-party devices in the public network, set the TPID of the service provider network VLAN tags to 0x8200.
  • Page 215 Background ·····································································································································1-1 BPDU Tunneling Implementation ····································································································1-2 Configuring BPDU Tunneling··················································································································1-4 Configuration Prerequisites ·············································································································1-4 Enabling BPDU Tunneling···············································································································1-4 Configuring Destination Multicast MAC Address for BPDUs ··························································1-5 BPDU Tunneling Configuration Examples ······························································································1-5 BPDU Tunneling for STP Configuration Example···········································································1-5 BPDU Tunneling for PVST Configuration Example ········································································1-6...

  • Page 216: Bpdu Tunneling Configuration

    Customers usually use dedicated lines in a service provider network to build their own Layer 2 networks. As a result, very often, a customer network is broken down into parts located at different sides of the service provider network. As shown in...

  • Page 217: Bpdu Tunneling Implementation

    For details, refer to MSTP Configuration in the Access Volume. To avoid loops in your network, you can enable STP on your devices. When the topology changes at one side of the customer network, the devices at this side of the customer network send BPDUs to devices on the other side of the customer network to ensure consistent spanning tree calculation in the whole customer network.
  • Page 218 1-2, the upper part is the service provider network (ISP network), and the lower part represents two different parts of a customer network: User A network 1 and User A network 2. Enabling the BPDU tunneling function on the edge devices (PE 1 and PE 2) in the service provider network...

  • Page 219: Configuring Bpdu Tunneling

    Before configuring BPDU tunneling for a protocol, enable the protocol in the customer network first. Assign the port on which you want to enable BPDU tunneling on the PE device and the connected port on the CE device to the same VLAN.

  • Page 220: Configuring Destination Multicast Mac Address For Bpdus

    Figure 1-3: CE 1 and CE 2 are edges devices on the geographically dispersed network of User A; PE 1 and PE 2 are edge devices on the service provider network. All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2;...

  • Page 221: Bpdu Tunneling For Pvst Configuration Example

    BPDU Tunneling for PVST Configuration Example Network requirements As shown in Figure 1-4: CE 1 and CE 2 are edges devices on the geographically dispersed network of User A; PE 1 and PE 2 are edge devices on the service provider network.
  • Page 222 VLAN to pass through. PVST is enabled for VLANs 1 through 4094 on User A’s network. It is required that, after the configuration, CE 1 and CE 2 implement consistent PVST calculation across the service provider...
  • Page 223 Table of Contents 1 VLAN Mapping Configuration ··················································································································1-1 VLAN Mapping Overview ························································································································1-1 One-to-One VLAN Mapping and Many-to-One VLAN Mapping······················································1-1 One-to-Two VLAN Mapping and Two-to-Two VLAN Mapping························································1-2 Basic Concepts of VLAN Mapping ··································································································1-4 How VLAN Mapping Is Implemented ······························································································1-4 VLAN Mapping Configuration Task List ··································································································1-6 Configuring One-to-One VLAN Mapping ································································································1-7...

  • Page 224: Vlan Mapping Configuration

    One-to-one VLAN mapping that maps the CVLAN ID in the VLAN tag to the SVLAN ID. Many-to-one VLAN mapping that maps the CVLAN IDs in the VLAN tags of traffic of more than two VLANs to the same SVLAN ID.

  • Page 225: One-To-Two Vlan Mapping And Two-To-Two Vlan Mapping

    VLANs by user on the corridor switches. However, an access device on the distribution layer is likely unable to support the number of VLANs required for this type of VLAN mapping. To reduce the number of VLANs required on the edge device at the distribution layer, you can adopt many-to-one VLAN mapping.
  • Page 226 When the double-tagged packet enters the SP 2 network, PE 3 replaces the outer VLAN tag (VLAN 100) with VLAN 200, the VLAN ID assigned by SP 2 to the VPN A user. For the packet to reach the VPN A user in Site 2, which belongs to VLAN 30, PE 3 replaces the inner tag (VLAN 10) of the packet with VLAN 30.

  • Page 227: Basic Concepts Of Vlan Mapping

    Before you configure VLAN mappings, be aware of the following concepts, which will be used throughout this document. Uplink traffic: Traffic transmitted from a user network to a distribution network or an SP network. Downlink traffic: Traffic transmitted from a distribution network or an SP network to a user network.
  • Page 228 In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are...

  • Page 229: Vlan Mapping Configuration Task List

    Figure 1-2. For VLAN mapping to work, you are required to do the following in addition to configuring QoS policies: Enable ARP detection to send ARP packets to the CPU to allow modification of the VLAN attributes carried in the packets, which is impossible with the normal ARP packet processing procedure. For information about ARP detection, refer to ARP Attack Protection Configuration in the Security Volume.

  • Page 230: Configuring One-To-One Vlan Mapping

    Enable the dynamic address binding support of IP Source Guard to filter packets received on a port based on the source IP address and MAC address bindings created dynamically to prevent illegal packets from passing through the port. For information about this feature, refer to IP Source Guard Configuration in the Security Volume.
  • Page 231 — Enter the interface view of the uplink interface interface-type — port interface-number Set the link type of the uplink port to port link-type trunk Required trunk Required Configure the uplink port to permit the port trunk permit vlan...

  • Page 232: Configuring Many-To-One Vlan Mapping

    Configuring Many-to-One VLAN Mapping Configuration prerequisites All service terminals of home users are using DHCP for obtaining an IP address. For how to get an IP address through DHCP, refer to DHCP Configuration in the IP Services Volume. The CVLAN-to-SVLAN mappings have been planned.
  • Page 233 Configure the uplink port as an ARP arp detection trust By default, all ports are trusted port ARP untrusted ports. Set the link type of the uplink port to port link-type trunk Required trunk Required Configure the uplink port to permit the...

  • Page 234: Configuring One-To-Two Vlan Mapping

    To guard against attacks, you are recommended to enable ARP detection on each CVLAN. Before applying a QoS policy to the downlink port, enable customer-side QinQ on the port; before disabling customer-side QinQ on the downlink port, remove the QoS policy.

  • Page 235: Configuring Two-To-Two Vlan Mapping

    In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.
  • Page 236 Apply the uplink policy for the qos apply policy policy-name uplink port to the outbound Required outbound direction of the uplink port Table 1-5 Configure an uplink policy for the uplink port To do... Use the command... Remarks Enter system view system-view —...
  • Page 237 Required behavior-name traffic class with the traffic behavior Exit to system view quit — Table 1-6 Configure an uplink policy for the downlink port To do... Use the command... Remarks Enter system view system-view — Create a class and enter class...

  • Page 238: Vlan Mapping Configuration Examples

    1-2, to save VLAN resources, use one VLAN to carry a type of service traffic from Switch C at the campus network edge while isolating the traffic of a home user from the traffic of all other home users in the VLAN.

  • Page 239: Network Diagram

    Use VLAN 501 for PC traffic, VLAN 502 for VoD traffic, and VLAN 503 for VoIP traffic. Network diagram Figure 1-2 Scenario for one-to-one/multiple-to-one VLAN mapping DHCP client VLAN 1 VLAN 2 Home gateway VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3->...
  • Page 240 [SwitchA-policy-p2] classifier c1 behavior b4 [SwitchA-policy-p2] classifier c2 behavior b5 [SwitchA-policy-p2] classifier c3 behavior b6 [SwitchA-policy-p2] quit # Configure downlink policies to map the SVLANs to the original CVLANs. [SwitchA] traffic classifier c11 [SwitchA-classifier-c11] if-match service-vlan-id 101 [SwitchA-classifier-c11] traffic classifier c22...
  • Page 241 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Configure GigabitEthernet 2/0/1 to permit frames of the specified CVLANs and SVLANs to pass through. [SwitchA] interface gigabitethernet 2/0/1 [SwitchA-GigabitEthernet2/0/1] port link-type trunk [SwitchA-GigabitEthernet2/0/1] port trunk permit vlan 1 2 3 101 201 301 # Enable basic QinQ on GigabitEthernet 2/0/1.
  • Page 242 [SwitchB-policy-p2] classifier c1 behavior b4 [SwitchB-policy-p2] classifier c2 behavior b5 [SwitchB-policy-p2] classifier c3 behavior b6 [SwitchB-policy-p2] quit # Configure downlink policies to map the SVLANs to the original CVLANs. [SwitchB] traffic classifier c11 [SwitchB-classifier-c11] if-match service-vlan-id 111 [SwitchB-classifier-c11] traffic classifier c22...
  • Page 243 [SwitchB-policy-p22] classifier c44 behavior b11 [SwitchB-policy-p22] classifier c55 behavior b22 [SwitchB-policy-p22] classifier c66 behavior b33 [SwitchB-policy-p22] quit # Configure GigabitEthernet 2/0/1 to permit frames of the specified CVLANs and SVLANs to pass through. [SwitchB] interface gigabitethernet 2/0/1 [SwitchB-GigabitEthernet2/0/1] port link-type trunk [SwitchB-GigabitEthernet2/0/1] port trunk permit vlan 1 2 3 111 211 311 # Enable basic QinQ on GigabitEthernet 2/0/1.

  • Page 244: Enable Dhcp Snooping

    # Apply the downlink policy p22 to the outbound direction of GigabitEthernet 2/0/2. [SwitchB-GigabitEthernet2/0/2] qos apply policy p22 outbound [SwitchB-GigabitEthernet2/0/2] quit # Configure GigabitEthernet 2/0/3 to permit frames of the specified SVLANs to pass through. [SwitchB] interface gigabitethernet 2/0/3 [SwitchB-GigabitEthernet2/0/3] port link-type trunk...
  • Page 245 [SwitchC-vlan503] arp detection enable [SwitchC-vlan503] quit # Configure uplink policies to map the CVLANs for the same service of different users to the same SVLAN. [SwitchC] traffic classifier c1 [SwitchC-classifier-c1] if-match customer-vlan-id 101 to 200 [SwitchC-classifier-c1] traffic classifier c2 [SwitchC-classifier-c2] if-match customer-vlan-id 201 to 300...

  • Page 246: One-To-Two/Two-To-Two Vlan Mapping Configuration Example

    Two users of the same VPN are in VLAN 10 and VLAN 30 respectively. SP 1 assigns VLAN 100 to VPN 1 users, and SP 2 assigns VLAN 200 to VPN 1 users. Configure one-to-two and two-to-two VLAN mappings to allow the users that belong to the same VPN...
  • Page 247 VPN 1 VPN 1 Configuration procedure Configuration on Device A # Configure an uplink policy nest to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] traffic classifier nest [DeviceA-classifier-nest] if-match customer-vlan-id 10 [DeviceA-classifier-nest] quit...
  • Page 248 [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 2/0/1. [DeviceC] qos policy downlink_out...
  • Page 249 [DeviceC-qospolicy-downlink_out] classifier downlink_out behavior downlink_out [DeviceC-qospolicy-downlink_out] quit # Specify the original CVLAN and the new SVLAN in the VLAN mapping for outgoing VPN 1 traffic on GigabitEthernet 2/0/2. [DeviceC] traffic classifier uplink_out [DeviceC-classifier-uplink_out] if-match customer-vlan-id 10 [DeviceC-classifier-uplink_out] if-match service-vlan-id 200...
  • Page 250 [DeviceD] interface gigabitethernet 2/0/1 [DeviceD-GigabitEthernet2/0/1] port link-type trunk [DeviceD-GigabitEthernet2/0/1] port trunk permit vlan 200 # Configure GigabitEthernet 2/0/2 to forward the traffic of VLAN 200 with the outer VLAN tag removed. [DeviceD] interface gigabitethernet 2/0/2 [DeviceD-GigabitEthernet2/0/2] port link-type hybrid [DeviceD-GigabitEthernet2/0/2] port hybrid vlan 200 untagged # Enable basic QinQ on GigabitEthernet 2/0/2.
  • Page 251 Configuration Prerequisites ·············································································································1-7 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-8 Configuring a Remote Destination Mirroring Group (on the Destination Device) ·························1-10 Configuring Layer 3 Remote Port Mirroring ··························································································1-12 Layer 3 Remote Port Mirroring Configuration Task List ································································1-12 Configuration Prerequisites ···········································································································1-13...

  • Page 252: Port Mirroring Configuration

    Suppose that Port 1 is monitoring bidirectional traffic on Port 2 and Port 3 on the same device. If a packet travels from Port 2 to Port 3, two duplicates of the packet will be received on Port 1.
  • Page 253 1-1, packets of the mirroring port are mirrored to the monitor port for the data monitoring device to analyze. The mirroring ports and the monitor port in a local mirroring group can be located on different LPUs of a same device.
  • Page 254 For a mirrored packet to successfully arrive at the remote destination device, you need to ensure that the VLAN ID carried in the packet is correct (that is, the same as the probe VLAN ID). If the VLAN is removed or the VLAN ID is changed, the Layer 2 remote port mirroring configuration becomes invalid.

  • Page 255: Configuring Local Port Mirroring

    Configuring the Monitor Port for the Local Mirroring Group Required Generally, a port can belong to only one mirroring group. On an SD or EB series LPU, however, a port can be assigned to two mirroring groups as a mirroring port.

  • Page 256: Creating A Local Mirroring Group

    Configuring Mirroring Ports for the Local Mirroring Group You can configure a list of mirroring ports for a mirroring group at a time in system view, or assign only the current port to it as a mirroring port in interface view. To assign multiple ports to the mirroring group as mirroring ports in interface view, repeat the step.

  • Page 257: Configuring The Monitor Port For The Local Mirroring Group

    Configuring the Monitor Port for the Local Mirroring Group You can configure the monitor port for a mirroring group in system view, or assign the current port to a mirroring group as the monitor port in interface view. The two modes lead to the same result.

  • Page 258: Configuring Layer 2 Remote Port Mirroring

    Generally, a port can belong to only one mirroring group. On an SD or EB series LPU, however, a port can be assigned to two mirroring groups as a mirroring port.

  • Page 259: Configuring A Remote Source Mirroring Group (On The Source Device)

    Configuring mirroring ports for the remote source mirroring group You can configure a list of mirroring ports for a mirroring group at a time in system view, or assign only the current port to it as a mirroring port in interface view. To assign multiple ports to the mirroring group as mirroring ports in interface view, repeat the step.
  • Page 260 Configuring the egress port for the remote source mirroring group You can configure the egress port for a mirroring group in system view, or assign the current port to it as the egress port in interface view. The two configuration modes lead to the same result.

  • Page 261: Configuring A Remote Destination Mirroring Group (On The Destination Device)

    Configuring the monitor port for the remote destination mirroring group You can configure the monitor port for a mirroring group in system view, or assign the current port to a mirroring group as the monitor port in interface view. The two modes lead to the same result.
  • Page 262 To ensure that the port mirroring function works properly, do not enable STP, MSTP, or RSTP on the monitor port. You are recommended to use a monitor port only for port mirroring. This is to ensure that the data monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.

  • Page 263: Configuring Layer 3 Remote Port Mirroring

    The source and destination devices are connected by a tunnel. On the source device, you need to configure the port you want to monitor as the mirroring port, and configure the tunnel interface as the monitor port.

  • Page 264: Configuration Prerequisites

    You can configure a list of mirroring ports for a mirroring group at a time in system view, or assign only the current port to it as a mirroring port in interface view. To assign multiple ports to the mirroring group as mirroring ports in interface view, repeat the step.

  • Page 265: Configuring The Monitor Port For A Local Mirroring Group

    You can configure the monitor port for a mirroring group in system view, or assign the current port to a mirroring group as the monitor port in interface view. The two modes lead to the same result.

  • Page 266: Configuring Local Port Mirroring For An Onu

    In an EPON system, an OLT can remotely manage and maintain ONUs. An S7900E switch can configure local port mirroring for ONUs to mirror the incoming or outgoing traffic of an UNI of an ONU to another UNI of the ONU.

  • Page 267: Displaying And Maintaining Port Mirroring

    GigabitEthernet 2/0/2, and connects to the server through GigabitEthernet 2/0/3. Configure local port mirroring in mirroring port mode to enable the server to monitor the bidirectional traffic of the marketing department and the technical department. Figure 1-4 Network diagram for local port mirroring configuration Configuration procedure Create a local mirroring group.

  • Page 268: Layer 2 Remote Port Mirroring Configuration Example

    GigabitEthernet2/0/2 both monitor port: GigabitEthernet2/0/3 After the above configurations are completed, you can monitor all the packets received and sent by the marketing department and the technical department on the server. Layer 2 Remote Port Mirroring Configuration Example Network requirements...
  • Page 269 [DeviceA] mirroring-group 1 monitor-egress gigabitethernet 2/0/2 # Configure GigabitEthernet 2/0/2 as a trunk port that permits the packets of VLAN 2 to pass through. [DeviceA] interface gigabitethernet 2/0/2 [DeviceA-GigabitEthernet2/0/2] port link-type trunk [DeviceA-GigabitEthernet2/0/2] port trunk permit vlan 2 [DeviceA-GigabitEthernet2/0/2] quit Configure Device B (the intermediate device) # Configure GigabitEthernet 2/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.

  • Page 270: Layer 3 Remote Port Mirroring Configuration Example

    # Create tunnel interface Tunnel 0, and configure an IP address and subnet mask for it. <DeviceA> system-view [DeviceA] interface tunnel 0 [DeviceA-Tunnel0] ip address 50.1.1.1 24 # Configure Tunnel 0 to operate in GRE mode, and configure source and destination IP addresses for [DeviceA-Tunnel0] tunnel-protocol gre [DeviceA-Tunnel0] source 20.1.1.1 [DeviceA-Tunnel0] destination 30.1.1.2 [DeviceA-Tunnel0] quit # Create and configure service loopback group 1 and specify its service type as tunnel.
  • Page 271 [DeviceA-ospf-1] quit # Create local mirroring group 1. [DeviceA] mirroring-group 1 local # Configure GigabitEthernet 2/0/1 as a mirroring port and Tunnel 0 as the monitor port of local mirroring group 1. [DeviceA] mirroring-group 1 mirroring-port gigabitethernet 2/0/1 both [DeviceA] mirroring-group 1 monitor-port tunnel 0...

  • Page 272: Local Port Mirroring Configuration Example For Onus

    (a data monitoring device). Host A, Host B, and Server are connected to UNI 1, UNI 2, and UNI 3 of the ONU respectively. On Device, remotely configure local port mirroring for the ONU to mirror the traffic received on UNI 1 to UNI 3, so that Server can collect all traffic sent by Host A.
  • Page 273 <DeviceA> system-view # Enter ONU port view. [DeviceA] interface Onu 3/0/1:1 # Configure UNI 1 as the mirroring port for local port mirroring and specify to mirror traffic received on UNI 1. [DeviceA-Onu3/0/1:1] uni 1 mirroring-port inbound # Configure UNI 3 as the monitor port for local port mirroring.

  • Page 274: Traffic Mirroring Configuration

    Mirroring to port: The desired traffic on a source port is replicated and sent to a destination port. Mirroring to CPU: The desired traffic on a source port is replicated and sent to the CPU on the LPU of the port for further analysis.

  • Page 275: Configuring Remote Traffic Mirroring

    Mirroring. Remote source mirroring group configuration: configure a remote source mirroring group on the source device, and configure the destination port in traffic mirroring (that is, Port A) as the egress port. For the detailed configuration procedure, refer to Creating a remote source mirroring group.

  • Page 276: Displaying And Maintaining Traffic Mirroring

    Traffic Mirroring Configuration Example Network Requirements The user's network is as described below: Host A (with the IP address 192.168.0.1) and Host B are connected to GigabitEthernet 2/0/1 of the switch. The data monitoring device is connected to GigabitEthernet 2/0/2 of the switch.

  • Page 277: Remote Traffic Mirroring Configuration Example

    [Sysname] traffic classfier 1 [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit # Create traffic behavior 1 and configure the action of mirroring traffic to GigabitEthernet 2/0/2 for the traffic behavior. [Sysname] traffic behavior 1 [Sysname-behavior-1] mirror-to interface GigabitEthernet 2/0/2 [Sysname-behavior-1] quit # Create QoS policy 1 and associate traffic behavior 1 with class 1 in the QoS policy.
  • Page 278 # Create class 1 and use basic IPv4 ACL 2000 as the match criteria. [SwitchA] traffic classfier 1 [SwitchA-classifier-1] if-match acl 2000 [SwitchA-classifier-1] quit # Create behavior 1 and configure the action of mirroring traffic to GigabitEthernet 2/0/1 for the behavior. [SwitchA] traffic behavior 1 [SwitchA-behavior-1] mirror-to interface GigabitEthernet 2/0/1 [SwitchA-behavior-1] quit # Create QoS policy 1 and associate class 1 with behavior 1 in the QoS policy.
  • Page 279 [SwitchC] vlan 2 [SwitchC-vlan2] quit # Configure VLAN 2 as the remote probe VLAN and GigabitEthernet 2/0/2 as the monitor port for the remote destination mirroring group, and configure GigabitEthernet 2/0/2 as an access port and assign it to VLAN 2.
  • Page 280 Configuring Dynamic Bandwidth Allocation and Related Parameters ············································2-3 Configuring Grant filtering on the OLT port ·····················································································2-4 Configuring the Link Type of an OLT Port·······················································································2-5 Enabling Layer-2 Communication Between the ONUs Attached to an OLT Port ···························2-5 Configuring Fiber Backup ················································································································2-6 Displaying and Maintaining OLT Configuration ······················································································2-7 OLT Configuration Examples··················································································································2-8...
  • Page 281 Restarting an ONU ························································································································3-18 Displaying and Maintaining ONU Port Configuration············································································3-18 Configuration Examples for ONU Remote Management······································································3-18 Configuration Example for Binding an ONU Port to an ONU ························································3-18 ONU RSTP Configuration Example ······························································································3-19 Multicast Configuration Example (in IGMP Snooping Mode) ························································3-20 Multicast Configuration Example (in Multicast Control Mode)·······················································3-21...

  • Page 282: Epon Configuration

    EPON Configuration After an EPON card is installed in an S7900E switch, the switch can work as an OLT device in an EPON system. Note that: When the switch operates in independent mode (that is, IRF stacking is not enabled on the switch), the OLT function can operate normally;...

  • Page 283: Benefits Of The Epon Technology

    Compared with an Ethernet broadband access network, an EPON system provides a longer access transmission distance (up to 20 km, or 12.43 miles) and higher bandwidth (1 Gbps) that can adapt to the service status of the ONUs in real time. Each ONU enjoys dedicated line quality similar to Time Division...

  • Page 284: Epon Application Mode

    Usually, twisted-pair copper wires are used to connect the ONUs to each user, and coaxial cables are used to transmit broadband graphic services. One of the main benefits of the FTTC technology is that it allows the existing copper wire infrastructure to continue to be used between the ONUs and customer premises, thus postponing the investments on optical fibers to the home.

  • Page 285: Extended Oam Connection Establishment

    Discovery GATE messages, which discover ONUs in broadcast mode. An ONU registration process is as follows: An OLT broadcasts a discovery GATE message to notify the start time and length of the discovery timeslot to all the ONUs. An unregistered ONU responds to the discovery GATE message and modifies its local clock to be consistent with the time stamp contained in the GATE message.

  • Page 286: Bandwidth Allocation

    A GATE message is sent by an OLT to assign a transmission timeslot to an ONU. A REPORT message is sent by an ONU to feed back the local status information, such as buffer occupancy, to the OLT, helping the OLT assign timeslots intelligently.

  • Page 287: Epon System Security

    EPON System Reliability To ensure high reliability for the trunk fibers and OLTs in an EPON system, you can add two OLT ports on one EPON card or on two different EPON cards to a fiber backup group. When a system fault occurs,...

  • Page 288: S7900E Series Switches And Epon System

    S7900E Series Switches and EPON System Features of an S7900E Switch Working as an OLT Device With an EPON card installed, an S7900E switch can work as an OLT device in an EPON system. In such a case, the S7900E switch has the following features: Compliance with EPON interoperation standards: Interoperable with other vendors' ONUs that support China Telecom Technical Requirements for EPON Devices.

  • Page 289: S7900E Olt Configuration Task List

    UNI Port A UNI port is an ONU device port connected to a user. The UNI port number supported by an S7900E switch is in the range 1 to 80. The actual numbers vary with ONU devices. For example, when the ONU device corresponding to ONU 3/0/1:1 in an EPON system is S3100-16C-EPON-EI, the UNI port number is in the range 1 to 16.
  • Page 290 Remarks UNI port introduction UNI Port Configuration Configuration procedure of UNI remote management through OLT Configurations of all the alarms in an EPON Alarm Configuration system Switch features supported by OLTs and ONUs, Supported Switch Features and Restrictions related manuals, and cautions...

  • Page 291: Olt Configuration

    OLT Port Features and Restrictions. If the OLT configurations in this manual take effect only when the OLT is used together with ONUs manufactured by H3C (hereinafter referred to as H3C ONUs), related descriptions will be given in the configuration task list in each chapter; if no such description is given, the OLT configurations will take effect on all the ONUs compliant with China's EPON standards.

  • Page 292: Epon System Parameter Configuration

    If the OLT becomes idle at T and remains idle for a period of ∆T, the timeslot assigned to the ONU is { T3-RTT, ∆T }. That is, the ONU will start sending data at T3-RTT and send data for a period of ∆T.

  • Page 293: Configuring Dynamic Bandwidth Allocation And Related Parameters

    When the OUI and OAM version number list on an EPON service board changes due to addition or removal of user-defined list entry, all ONUs under the board will re-register. It is recommended that you configure the maximum ONU-OLT RTT only when necessary. The relationship between the RTT and the distance (in meters) from the OLT to the ONU can be roughly expressed by the formula: RTT = (Distance + 157)/1.6393.

  • Page 294: Configuring Grant Filtering On The Olt Port

    1 time quantum (TQ) is equal to 16 ns, which is the time it takes to transmit two bytes of data at 1 Gbps. You can manually load an external DBA algorithm file by using the dba-algorithm update command as needed.

  • Page 295: Configuring The Link Type Of An Olt Port

    Enabled by default Configuring the Link Type of an OLT Port You can configure an OLT port as a hybrid port, and assign it to the specified VLANs in tagged mode or untagged mode. Follow these steps to configure the link type of an OLT port: To do…...

  • Page 296: Configuring Fiber Backup

    With Layer-2 communication enabled between the ONUs attached to an OLT port, if you create an ONU port on the OLT, the ONU connected to the new ONU port can communicate with any ONU attached to the OLT port at Layer 2.

  • Page 297: Displaying And Maintaining Olt Configuration

    Up to two OLT ports can be added to one backup group. An OLT port can be added to only one backup group at a time. The port added to the backup group earlier will be the master port, while the other port will be the standby port.

  • Page 298: Olt Configuration Examples

    To display the information about an ONU, make sure the ONU is online. You can use the display onuinfo command to check whether an ONU is online. Port statistics data includes average error rate of data bits and data frames transmitted between an OLT and the ONUs.

  • Page 299: Fiber Backup Configuration Example

    [Sysname-ftth] fiber-backup group 1 Create group 1 successfully. # Add port OLT 3/0/1 and then OLT 3/0/2 to fiber backup group 1. Thus, OLT 3/0/1 works as the master port and OLT 3/0/2 the slave port. [Sysname-fiber-group1] group member olt3/0/1...
  • Page 300 Olt3/0/2 MASTER ACTIVE Olt3/0/1 SLAVE READY # Shut down OLT 3/0/2. You can see that OLT 3/0/1 becomes the new master port. [Sysname-fiber-group1] quit [Sysname] interface olt3/0/2 [Sysname-Olt3/0/2] shutdown [Sysname-Olt3/0/2] display fiber-backup group 1 fiber backup group 1 information: Member...

  • Page 301: Onu Remote Management Configuration

    ONU Remote Management Configuration When an S7900E switch is working as an OLT device, you can configure a variety of functions on its ONU ports so that you can manage the connected ONUs remotely. This chapter describes only the functions and commands developed specially for ONU ports on such an S7900E switch. Other function configurations of ONU ports are basically the same as those of the Ethernet ports on an S7900E switch.

  • Page 302: Creating An Onu Port

    Upon receiving the REGISTER_REQ message, the OLT checks whether the source MAC address contained in the message is bound with the ONU port of the local end. If yes, the ONU passes the authentication and the OLT replies with a REGISTER message; otherwise, the ONU cannot pass the authentication and therefore cannot be registered.

  • Page 303: Configuring Batch Onu Binding And Automatic Onu Binding

    An ONU port can only be bound with one ONU MAC address. Conversely, an ONU MAC address can only be bound to one ONU port under one OLT port. In fiber backup, an ONU can be bound with two ONU ports under two OLT ports acting as backups for each other.

  • Page 304: Configuring The Management Vlan Of The Onu

    VLAN can be assigned an IP address. You can designate the management VLAN through the command line. The management VLAN interface of an ONU can obtain an IP address in one of the following two ways: Through manual configuration of IP addresses...

  • Page 305: Configure The Onu Bandwidth Allocation And Related Parameters

    Configure the ONU Bandwidth Allocation and Related Parameters Complete this task to allocate different uplink/downlink bandwidths based on different terminal service requirements to realize efficient bandwidth utilization. Follow these steps to configure the ONU bandwidth allocation and related parameters: To do…...

  • Page 306: Enabling Related Protocols On An Onu

    DHCP Snooping After DHCP snooping is enabled on an ONU, a DHCP snooping table will be generated on the ONU to record the IP address and user MAC address information that the DHCP client obtains from the DHCP server, with each record being an entry in the DHCP snooping table.

  • Page 307: Configuring The Multicast Mode Of The Onu

    Configuring the Multicast Mode of the ONU Prerequisites for multicast mode configuration Through extended OAM, an OLT can be used to remotely configure the multicast mode of an ONU as either IGMP snooping mode or multicast control mode. The configuration of a multicast IP address-to-multicast VLAN correspondence is used to add multicast address(es) to a multicast VLAN.
  • Page 308 VLAN configuration on UNI ports of the ONU. More complex service access control is realized through the IPTV service platform. You can use the OLT to remotely configure the aging timer of the ONU router port, the aging timer of multicast group member ports, and the query response timer.
  • Page 309 The max-response-time keyword in the onu-protocol igmp-snooping command sets the maximum response time of the group-specific queries. If the device receives no response at the first timeout of the maximum response time, it re-sends group-specific queries. If the device still receives no response within the maximum response time, the multicast group on the corresponding ONU is deleted.
  • Page 310 ONU. The ONU adds VLAN tags (A UNI port number is used as the VLAN tag. For example, the packets received on UNI 1 are tagged with VLAN 1.) to the IGMP report messages without VLAN tags to identify users, and transparently sends the messages to the OLT.

  • Page 311: Configuring The Link Type Of An Onu Port

    VLAN 1. The link type of the ONU ports under the same OLT port must be the same (access or trunk). Thus, when an ONU port under an OLT port is configured as an access port in a VLAN other than VLAN 1, you can only configure the other ONU ports under the same OLT port as access ports or leave them in the default state (that is, access ports in VLAN 1);...
  • Page 312 VLAN 2. When the link type of an ONU port under an OLT port is configured as access, the OLT port must be configured as a hybrid port, and be assigned to the specified VLANs with the port hybrid vlan vlan-id-list tagged command, where the VLANs specified by vlan-id-list can only be the VLANs of the ONU ports under the OLT port.

  • Page 313: Enabling Fec

    ONU to report the specified types of information to the OLT. Note that: Because a large number of ONUs are attached to an OLT, enabling ONUs to report information to the OLT may generate a large amount of traffic and thus cause congestion. Therefore, you are recommended to select the reported information type as required.

  • Page 314: Testing The Link Between An Onu And The Olt

    The link connectivity between an ONU and the OLT can be tested only when the ONU is online. Testing the Cable Connected to an UNI Port Perform this operation to test the cable connected to the specified UNI port of the ONU once and to display the testing result.

  • Page 315: Deregistering An Onu

    ONU, the S7900E switches support batch updating of ONUs by type and OLT port, besides updating of a single ONU. Updating ONUs by type is recommended because it is efficient and easy-to-use. For the descriptions on the three ONU...
  • Page 316 The ONU update commands mentioned in this chapter are all configuration commands, that is, after such a command is executed, it will be saved in the configuration file of the device. If the ONU port corresponding to an ONU that goes online is created before the update command is used, the ONU will be updated directly (if it matches the update files).
  • Page 317 An OLT can update up to 64 types of ONUs at the same time, that is, you can specify update files for up to 64 types of ONUs with the update onu onu-type onu-type filename file-url command multiple times.

  • Page 318: Restarting An Onu

    After you configure the updating of the ONUs corresponding to all the created ONU ports under an OLT port, if the ONU port corresponding to an ONU that goes online is created before the update command is used, the ONU will be updated directly (if it matches the update files); otherwise, the ONU will not be updated.

  • Page 319: Onu Rstp Configuration Example

    Network requirements A user PC is attached to UNI 1. If UNI 2 and UNI 3 are interconnected by mistake while RSTP is disabled on the ONU, broadcast storm will occur between UNI 2 and UNI 3 when the user pings an IP address for which no ARP entry exists on the PC.

  • Page 320: Multicast Configuration Example (In Igmp Snooping Mode)

    OLT with an ONU, which is bound to ONU 3/0/1:1, through an optical splitter. Attach two hosts, User 1 and User 2, to ports UNI 1 and UNI 2 respectively. It is required that User 1 has access to channels from 225.1.2.1 to 225.1.2.255, and User 2 has access to channels from 225.1.3.1 to 225.1.3.255.

  • Page 321: Multicast Configuration Example (In Multicast Control Mode)

    # Configure the multicast mode of the ONU as IGMP snooping. [Sysname-Onu3/0/1:1] multicast-mode igmp-snooping # Assign UNI 1 to multicast VLAN 1002 and UNI 2 to multicast VLAN 1003, and configure the ONU as a Trunk port (to allow the packets of all the VLANs to pass through the port).
  • Page 322 [Sysname-Onu3/0/1:1] multicast-mode multicast-control # Configure UNI 1 to allow the user attached to it to access Channel 1 and to preview Channel 2 for only 60 seconds, and configure the port to remove the multicast VLAN tags from downlink multicast packets.

  • Page 323: Onu Update Configuration Example

    # Configure UNI 2 to allow the user attached to it to access Channel 2 only, and configure the port to remove the multicast VLAN tags from downlink multicast packets. [Sysname-Onu3/0/1:1] uni 2 multicast-control multicast-address 225.1.1.1 rule deny [Sysname-Onu3/0/1:1] uni 2 multicast-control multicast-address 225.1.2.1 rule permit...
  • Page 324 For a simplified network diagram, the figure above shows only three of the OLT ports. Configuration procedure # Upload update files a110.app and a109.app to the master SRPU and slave SRPU of the switch. For the detailed procedure, see the parts discussing software maintenance in 3Com S7900E Family Getting Started Guide.
  • Page 325 Update flash:/ a110.app?[Y/N]:y Info: Download file to onu may take a long time, please wait... Please wait while the firmware is being burnt, and check the software version after re-registration! [Sysname-Onu3/0/1:1] quit # Update all the type-A ONUs attached to the S7900E switch to version 110.

  • Page 326: Uni Port Configuration

    UNI Port Configuration Task List If an H3C EC1001 inserted with a subcard serves as an ONU, a UNI port here refers to the internal port connecting the subcard to the EC1001, but not the Ethernet port of the EC1001.

  • Page 327: Configuring The Vlan Operation Mode For A Uni

    The transparent mode is suitable for situations where the user-end family gateway or switch is provided and managed by the operator and the VLAN tags generated by the family gateway or switch are trusted. In transparent mode, an ONU transparently forwards the received uplink Ethernet packets (regardless...
  • Page 328 In translation mode, an ONU translates the VLAN tag added by the user (The user's VID may not be for the user only, as some other users in the same EPON system may also use the same VID) into a unique network-side VLAN tag.
  • Page 329 [ priority priority ] { oldvid to newvid } &<1-15> If all ONU ports under an OLT port are access ports, you must set the VLAN operation mode of their UNI ports to transparent to ensure that the packets received on the ONU ports and the end-user PCs...

  • Page 330: Configuring Fast-Leave Processing For A Uni

    The fast-leave processing feature is effective for IGMPv2 or IGMPv3 clients only. If fast leave processing is enabled for a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and listening to the same multicast group will fail to receive multicast data.

  • Page 331: Displaying And Maintaining Uni Port Configuration

    Only one isolation group can be created on an ONU device, and there is no limit on the number of ports in an isolation group. Displaying and Maintaining UNI Port Configuration To do... Use the command... Remarks Display the information about...

  • Page 332: Alarm Configuration

    Sampling means the system retrieves statistics data at the sampling interval At the alarm monitor interval, the system samples the alarm variables and will trigger an alarm if the value of a variable exceeds its alarm threshold. Alarm information can be output to the network management system or alarm buffer by configuring the information center.

  • Page 333: Configuring Global Alarms

    By default, this function is enabled. Optional When the total number of error bits or bit error rate of the data transferred between the OLT Enable the bit error rate alarm and ONUs exceeds the alarm alarm bit-error-rate enable...
  • Page 334 | up-down-link} | threshold rate alarms threshold of frame error rate threshold } * alarms is 1 (the unit is 10 Optional The system generates an LLID mismatch frame alarm when the time slots are used in...
  • Page 335 By default, this function is enabled. Optional When the alarm threshold is set to 0, a lot of alarms are generated immediately. Since alarm events are carried in the alarm oam Configure the window size and error-frame-period { window...
  • Page 336 Configure the window size and error-frame-seconds-summa By default, the window size is threshold for error frame ry { window window | 600 (in unit of 100 ms), and the seconds summary alarms threshold threshold } * alarm threshold is 1 second. Optional...

  • Page 337: Configuring Alarms On An Olt Port

    OLT enable exceeds the limit. By default, this function is enabled. Configuring Alarms on an OLT Port Follow these steps to configure alarms on an OLT port: To do... Use the command... Remarks Enter system view —...
  • Page 338 | up-down-link} | threshold alarms threshold of bit error rate threshold }* alarms is 10 (the unit is 10 Optional When both the total number of error bits and bit error rate of the data transferred between...
  • Page 339 The system generates a local stable alarm when an ONU misuse occurs in the system, for example, when an OAM 2.0 ONU and an OAM 3.3 ONU are Enable the local stable alarm mixed in the same system. (All alarm local-stable enable...
  • Page 340 Configure the window size and error-frame-seconds-summa By default, the window size is threshold for error frame ry { window window | 600 (in unit of 100 ms), and the seconds summary alarms threshold threshold } * alarm threshold is 1 second. Optional...
  • Page 341 Use the command... Remarks Optional When both the upper limit and the lower limit of the alarm threshold are set to 0, a lot of alarms are generated immediately. Since alarm events are carried in the OAM alarm oam packets, a lot of OAM packets error-symbol-period are generated.

  • Page 342: Configuring Alarms On An Onu Port

    OLT enable exceeds the limit. By default, this function is enabled. Configuring Alarms on an ONU Port Follow these steps to configure alarms on an ONU port: To do... Use the command... Remarks Enter system view —...
  • Page 343 Configure the window size and error-frame-seconds-summa By default, the window size is threshold for error frame ry { window window | 600 (in unit of 100 ms), and the seconds summary alarms threshold threshold } * alarm threshold is 1 second. Optional...

  • Page 344: Displaying And Maintaining Alarm Configurations

    [ size buffersize ] Use the display this command to display the configuration in the current view. To display the alarm configurations in FTTH view, OLT port view, or ONU port view, you need to enter the corresponding view. Table 5-1 shows the relations between the views in which alarms are configured and the views in which alarm configurations are displayed.
  • Page 345 Alarm command Alarm configuration display Remarks configuration view view For an alarm configuration command available in FTTH view only, you can use the FTTH view FTTH view display this command in FTTH view to display the alarm configuration. 5-14...

  • Page 346: Supported Switch Features And Restrictions

    Port-related configuration port Configuring unknown unicast suppression ratio on an OLT port Setting the link type of an OLT port to Hybrid Allowing the packets of the specified VLAN(s) to pass Port link type VLAN configuration through the current Hybrid...
  • Page 347 Displaying MAC authentication MAC authentication authentication information configuration on the specified OLT port or globally Clearing the statistics about MAC authentication Configuring IP Source Guard IP Source Guard IP Source Guard configuration on an OLT port Enabling receiving Flush...

  • Page 348: Onu Port Features And Restrictions

    QinQ is enabled on the OLT port. After MAC authentication is enabled on an OLT port, the port directly discards the unicast packets that fail to pass the authentication, while the corresponding multicast table entries can be created on the device for multicast packets regardless of whether the multicast packets pass the authentication.
  • Page 349 Remote sub-options Enabling fast-leaving processing Configuring the maximum number of IPv4 multicast groups that can be joined on a port Configuring IPv4 multicast group filtering IGMP Snooping Multicast Protocols Configuring a port as a simulated host to join a...
  • Page 350 In an ONU remote loopback test, all packets forwarded downlink are untagged. If the VLAN Loopback test operation mode is set to tag or translation for the corresponding UNI port, the test packets will be dropped and the loopback test will fail.
  • Page 351 32 ACL rules when configured for both uplink and downlink directions. As ONU ports are used for accessing, when the S7900E switch is configured as a DHCP Snooping device, do not connect a DHCP server to the ONU port.
  • Page 352 The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses...
  • Page 353 Features Description Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4). This document describes: IPv6 overview Basic IPv6 functions configuration...
  • Page 354 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...

  • Page 355: Ip Addressing Configuration

    01010000100000001000000010000000 in binary. To make IP addresses in 32-bit form easier to read, they are written in dotted decimal notation, each being four octets in length, for example, 10.1.1.1 for the address just mentioned. Each IP address breaks down into two parts: Net ID: The first several bits of the IP address defining a network, also known as class bits.

  • Page 356: Special Ip Addresses

    Internet. The idea is to break a network down into smaller networks called subnets by using some bits of the host ID to create a subnet ID. To identify the boundary between the host ID and the combination of net ID and subnet ID, masking is used.

  • Page 357: Configuring Ip Addresses

    In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.

  • Page 358: Ip Addressing Configuration Example

    The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has DHCP, configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.

  • Page 359: Displaying And Maintaining Ip Addressing

    The output information shows that the switch can communicate with the hosts on subnet 172.16.2.0/24. # Ping a host on subnet 172.16.1.0/24 from a host on subnet 172.16.2.0/24 to check the connectivity. Host B can be successfully pinged from Host A.
  • Page 360 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Optimization Overview ··································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2...

  • Page 361: Ip Performance Optimization Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 362: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network

    1.1.1.2/24) of Switch A. Configure a static route on Switch B to enable the reachability between host and Switch B. It is required that directed broadcasts from the host to IP address 2.2.2.255 be received by Switch B. Figure 1-1 Network diagram for receiving and forwarding directed broadcasts...

  • Page 363: Configuring Tcp Attributes

    [SwitchB-Vlan-interface2] ip address 2.2.2.1 24 After the above configurations, if you ping the subnet broadcast address (2.2.2.255) of VLAN-interface 2 of Switch A on the host, the ping packets can be received by VLAN-interface 2 of Switch B. Configuring TCP Attributes...

  • Page 364: Configuring Icmp To Send Error Packets

    The device will send an ICMP timeout packet under the following conditions: If the device finds the destination of a packet is not itself and the TTL field of the packet is 1, it will send a “TTL timeout” ICMP error message.

  • Page 365: Displaying And Maintaining Ip Performance Optimization

    If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure” ICMP error packet.
  • Page 366 Available in any view distributed IRF devices) chassis-number slot slot-number ] display ip socket [ socktype Display socket information (for sock-type ] [ task-id socket-id ] [ slot Available in any view distributed devices) slot-number ] display ip socket [ socktype...
  • Page 367 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of ARP Entries for an Interface ···············································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-5 Enabling the ARP Entry Check ·······································································································1-5 Enabling the Support for ARP Requests from a Natural Network···················································1-5 ARP Configuration Example············································································································1-6...

  • Page 368: Arp Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 369: Arp Operation

    1-2. The resolution process is as follows: Host A looks into its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame and sends the frame to Host B.

  • Page 370: Arp Table

    Figure 1-2 ARP address resolution process If Host A is not on the same subnet with Host B, Host A first sends an ARP request to the gateway. The target IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A sends the packet to the gateway.

  • Page 371: Configuring Arp

    ] configured by default. The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries. In addition, the Ethernet interface following the argument must belong to that VLAN. A VLAN interface must be created for the VLAN.

  • Page 372: Setting The Aging Time For Dynamic Arp Entries

    ARP table has a limited lifetime rather than is always valid. Dynamic ARP entries that are not refreshed before expiration are deleted from the ARP table. The lifetime is called the aging time. The aging time is reset each time the dynamic ARP entry is refreshed within the lifetime. You can adjust the aging time for dynamic ARP entries according to the actual network condition.

  • Page 373: Arp Configuration Example

    8, these two IP addresses are on the same natural network. In this way, VLAN-interface 10 can learn the MAC address corresponding to the source IP address 10.11.11.1. Follow these steps to enable the support for ARP requests from a natural network: To do…...

  • Page 374: Configuring Gratuitous Arp

    Introduction to Gratuitous ARP In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of the device issuing the packet, the sender MAC address is the MAC address of the device, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

  • Page 375: Displaying And Maintaining Arp

    { all | dynamic | static | chassis Available in ARP table (for distributed chassis-number slot slot-number | interface user view IRF devices) interface-type interface-number } Clearing ARP entries from the ARP table will cancel IP-to-MAC mappings. This may cause communication failures.

  • Page 376: Proxy Arp Configuration

    (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts. This is achieved by proxy ARP.

  • Page 377: Local Proxy Arp

    Host B. In this case, Switch seems like a proxy of Host B. A main advantage of proxy ARP is that it is added on a single Switch without disturbing routing tables of other Switchs in the network. Proxy ARP acts as the gateway for IP hosts that are not configured with a default gateway or do not have routing capability.

  • Page 378: Displaying And Maintaining Proxy Arp

    (Host A belongs to VLAN 1 while Host D belongs to VLAN 2). As no default gateway is configured for Host A and Host D, you need to configure proxy ARP on the switch to enable the communication between the two hosts.

  • Page 379: Local Proxy Arp Configuration Example In Case Of Port Isolation

    Network requirements As shown in Figure 2-4, Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet2/0/1 and GigabitEthernet2/0/3 respectively. Switch B connects to Switch A via GigabitEthernet2/0/2. Configure Layer 2 and Layer 3 port isolation on GigabitEthernet2/0/1 and GigabitEthernet2/0/3 of Switch B.

  • Page 380: Local Proxy Arp Configuration Example In Super Vlan

    ARP on VLAN-interface 2 of Switch A to enable communication between Host A and Host B. If the two ports on Switch B are isolated only at Layer 2, you can enable communication between the two hosts by configuring local proxy ARP on VLAN-interface 2 of Switch B.

  • Page 381: Local Proxy Arp Configuration Example In Isolate-User-Vlan

    [Switch-Vlan-interface10] ip address 192.168.10.100 255.255.0.0 [Switch-Vlan-interface10] quit The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2 and Layer 3. # Configure the local proxy ARP to implement Layer 3 communication between sub-VLANs.
  • Page 382 [SwtichA-vlan5] interface vlan-interface 5 [SwtichA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2 and Layer 3. # Configure local proxy ARP to implement communication between VLAN 2 and VLAN 3.
  • Page 383 [SwtichA-Vlan-interface5] local-proxy-arp enable The ping operation from Host A to Host B is successful after the configuration.
  • Page 384 Configuring the BIMS Server Information for the Client ··································································2-9 Configuring Gateways for the Client································································································2-9 Configuring Option 184 Parameters for the Client with Voice Service··········································2-10 Configuring the TFTP Server and Bootfile Name for the Client ····················································2-10 Configuring Self-Defined DHCP Options·······················································································2-11 Enabling DHCP ·····································································································································2-12 Enabling the DHCP Server on an Interface ··························································································2-12...
  • Page 385 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4 Configuring the DHCP Relay Agent Security Functions ·································································3-5 Configuring the DHCP Relay Agent to Send a DHCP-Release Request ·······································3-6 Configuring the DHCP Relay Agent to Support Option 82······························································3-7 Displaying and Maintaining DHCP Relay Agent Configuration·······························································3-8 DHCP Relay Agent Configuration Examples··························································································3-9...

  • Page 386: Dhcp Overview

    Dynamic Host Configuration Protocol (DHCP) was introduced to solve these problems. DHCP is built on a client-server model, in which a client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client.

  • Page 387: Dhcp Address Allocation

    Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease. Most DHCP clients obtain their addresses in this way.

  • Page 388: Ip Address Lease Extension

    The IP address dynamically allocated by a DHCP server to a client has a lease. When the lease expires, the IP address is reclaimed by the DHCP server. If the client wants to use the IP address longer, it has to extend the lease duration.

  • Page 389: Dhcp Options

    The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast; if this flag is set to 1, the DHCP server sent a reply back by broadcast.

  • Page 390: Self-Defined Options

    Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table. If Option 121 exists, Option 33 is ignored.
  • Page 391 PXE server address sub-option. Currently, the value of the PXE server type can only be 0. The server number field indicates the number of PXE servers contained in the sub-option. The server IP addresses filed contains the IP addresses of the PXE servers.
  • Page 392 DHCP snooping device that received the client’s request. The following figure gives its format. The value of the sub-option type is 2, and that of the remote ID type is 0. Figure 1-9 Sub-option 2 in normal padding format...

  • Page 393: Protocols And Standards

    Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable. Sub-option 3: Voice VLAN ID and the result whether DHCP clients take this ID as the voice VLAN or not.

  • Page 394: Dhcp Server Configuration

    It is hard to implement manual configuration and centralized management. The hosts are more than the assignable IP addresses and it is impossible to assign a fixed IP address to each host. For example, an ISP limits the number of hosts accessing the Internet at a time, so lots of hosts need to acquire IP addresses dynamically.

  • Page 395: Dhcp Address Pool

    Configuring Dynamic Address Allocation for an Extended Address Pool. If there is an address pool where an IP address is statically bound to the MAC address or ID of the client, the DHCP server will select this address pool and assign the statically bound IP address to the client.

  • Page 396: Ip Address Allocation Sequence

    IP addresses for clients from address pool 1.1.1.0/25. If no IP address is available in the address pool, the DHCP server will fail to assign addresses to clients. If the IP address of the interface receiving DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool.

  • Page 397: Configuring An Address Pool For The Dhcp Server

    Configuring the TFTP Server and Bootfile Name for the Client Configuring Self-Defined DHCP Options Creating a DHCP Address Pool When creating a DHCP address pool, specify it as a common address pool or an extended address pool. Follow these steps to create a DHCP address pool: To do…...

  • Page 398: Configuring An Address Allocation Mode For A Common Address Pool

    MAC or ID to IP address in the DHCP address pool. When the client with the MAC address or ID requests an IP address, the DHCP server will find the IP address from the binding for the client.
  • Page 399 Otherwise, the client cannot obtain an IP address. You need to configure the static binding of a DHCP client’s ID to IP address, or the static binding of a BOOTP client's MAC to IP address on the DHCP server; otherwise, the DHCP or BOOTP client cannot obtain a static IP address.

  • Page 400: Configuring Dynamic Address Allocation For An Extended Address Pool

    When configuring address allocation for an extended address pool, you need to specify: Assignable IP address range Mask After the assignable IP address range and the mask are specified, the address pool becomes valid. Follow these steps to configure dynamic address allocation for an extended address pool: To do…...

  • Page 401: Configuring A Domain Name Suffix For The Client

    Configuring DNS Servers for the Client When a DHCP client wants to access a host on the Internet via the host name, it contacts a Domain Name System (DNS) server holding host name-to-IP address mappings to get the host IP address. You can specify up to eight DNS servers in the DHCP address pool.

  • Page 402: Configuring The Bims Server Information For The Client

    DHCP clients that want to access hosts outside the local subnet request gateways to forward data. You can specify gateways in each address pool for clients and the DHCP server will assign gateway addresses while assigning an IP address to the client. Up to eight gateways can be specified in a DHCP address pool.

  • Page 403: Configuring Option 184 Parameters For The Client With Voice Service

    Configuring the TFTP Server and Bootfile Name for the Client This task is to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool. The DHCP clients use these parameters to contact the TFTP server, requesting the configuration file used for system initialization, which is called auto-configuration.

  • Page 404: Configuring Self-Defined Dhcp Options

    To implement auto-configuration, you need to specify the IP address or name of a TFTP server and the bootfile name in the DHCP address pool on the DHCP server, but you do not need to perform any configuration on the DHCP client.

  • Page 405: Enabling Dhcp

    Disabled by default. Enabling the DHCP Server on an Interface With the DHCP server enabled on an interface, upon receiving a client’s request, the DHCP server will assign an IP address from its address pool to the DHCP client. Follow these steps to enable the DHCP server on an interface: To do…...

  • Page 406: Applying An Extended Address Pool On An Interface

    After you create an extended address pool and apply it on an interface, the DHCP server, upon receiving a client's request on the interface, will assign an IP address from this address pool to the client. If no IP address is available in this address pool, address allocation fails, and the DHCP server will not assign an IP address from other address pools.

  • Page 407: Configuration Prerequisites

    The administrator needs to find unauthorized DHCP servers from the log information. Configuring IP Address Conflict Detection To avoid IP address conflicts, the DHCP server checks whether the address to be assigned is in use by sending ping packets.

  • Page 408: Configuring The Handling Mode For Option 82

    82, it will return a response message carrying Option 82 to assign an IP address to the requesting client. If the server is configured to ignore Option 82, it will assign an IP address to the client without adding Option 82 in the response message.

  • Page 409: Dhcp Server Configuration Examples

    In this case, the server will deny the request for lease extension from a client and the client needs to request an IP address again.
  • Page 410 After the preceding configuration is complete, Switch B can obtain IP address 10.1.1.5 and other network parameters, and Switch C can obtain IP address 10.1.1.6 and other network parameters from Switch A. You can use the display dhcp server ip-in-use command on the DHCP server to view the IP addresses assigned to the clients.

  • Page 411: Dynamic Ip Address Assignment Configuration Example

    10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 should be less than 124.

  • Page 412: Self-Defined Option Configuration Example

    1-7, respectively. The value of Option 43 configured on the DHCP server in this example is 80 0B 00 00 02 01 02 03 04 02 02 02 02. The number 80 is the value of the sub-option type. The number 0B is the value of the sub-option length.

  • Page 413: Troubleshooting Dhcp Server Configuration

    [SwitchA] dhcp server ip-pool 0 [SwitchA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [SwitchA-dhcp-pool-0] option 43 hex 80 0B 00 00 02 01 02 03 04 02 02 02 02 Verification After the preceding configuration is complete, Switch B can obtain its IP address on 10.1.1.0/24 and PXE server addresses from the Switch A.

  • Page 414: Dhcp Relay Agent Configuration

    DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process). The following describes the...

  • Page 415: Dhcp Relay Agent Support For Option 82

    Option 82, if any. The handling strategies are described in the table below. If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client.

  • Page 416: Dhcp Relay Agent Configuration Task List

    Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation. Follow these steps to enable the DHCP relay agent on an interface: To do…...

  • Page 417: Correlating A Dhcp Server Group With A Relay Agent Interface

    DHCP server mode. If the DHCP client obtains an IP address via the DHCP relay agent, the address pool of the subnet to which the IP address of the DHCP relay agent belongs must be configured on the DHCP server.

  • Page 418: Configuring The Dhcp Relay Agent Security Functions

    With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.

  • Page 419: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request

    IP address is assignable now, the DHCP relay agent will age out the client entry with this IP address. If the server returns a DHCP-NAK message, which means the IP address is still in use, the relay agent will not age it out.

  • Page 420: Configuring The Dhcp Relay Agent To Support Option 82

    DHCP-RELEASE request Configuring the DHCP Relay Agent to Support Option 82 Prerequisites You need to complete the following tasks before configuring the DHCP relay agent to support Option 82. Enabling DHCP Enabling the DHCP relay agent on the specified interface...

  • Page 421: Displaying And Maintaining Dhcp Relay Agent Configuration

    DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.

  • Page 422: Dhcp Relay Agent Configuration Examples

    3-3, DHCP clients reside on network 10.10.1.0/24. The IP address of the DHCP server is 10.1.1.1/24. Because the DHCP clients reside on a different network with the DHCP server, a DHCP relay agent is deployed to forward messages between DHCP clients and the DHCP server.

  • Page 423: Dhcp Relay Agent Option 82 Support Configuration Example

    DHCP server configuration information. Because the DHCP relay agent and server are on different subnets, you need to configure a static route or dynamic routing protocol to make them reachable to each other. DHCP Relay Agent Option 82 Support Configuration Example...

  • Page 424: Troubleshooting Dhcp Relay Agent Configuration

    The DHCP is enabled on the DHCP server and relay agent. The address pool on the same subnet where DHCP clients reside is available on the DHCP server. The routes between the DHCP server and DHCP relay agent are reachable.

  • Page 425: Dhcp Client Configuration

    Displaying and Maintaining the DHCP Client DHCP Client Configuration Example When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 426: Displaying And Maintaining The Dhcp Client

    In this example, the value of the destination descriptor field takes 18 14 01 01, a hexadecimal number indicating that the subnet mask length is 24 and destination network address is 20.1.1.0, and the value of the next hop address field takes 0A 01 01 02, a hexadecimal number indicating that the next hop is 10.1.1.2.
  • Page 427 2f30 T1 will timeout in 4 days 23 hours 59 minutes 50 seconds. # Use the display ip routing-table command to view the route information on Switch B. A static route to network 20.1.1.0/24 is added to the routing table.
  • Page 428 [SwitchB-Vlan-interface2] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.3 Vlan2 10.1.1.3/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 Static 70 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1...

  • Page 429: Dhcp Snooping Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 430: Application Environment Of Trusted Ports

    5-1, a DHCP snooping device’s port that is connected to an authorized DHCP server should be configured as a trusted port to forward reply messages from the DHCP server, so that the DHCP client can obtain an IP address from the authorized DHCP server.

  • Page 431: Dhcp Snooping Support For Option 82

    Option 82, if any. The handling strategies are described in the table below. If a reply returned by the DHCP server contains Option 82, the DHCP snooping device will remove the Option 82 before forwarding the reply to the client. If the reply contains no Option 82, the DHCP...

  • Page 432: Configuring Dhcp Snooping Basic Functions

    — user-defined user-defined Option 82. The handling strategy and padding format for Option 82 on the DHCP snooping device are the same as those on the relay agent. Configuring DHCP Snooping Basic Functions Follow these steps to configure DHCP snooping basic functions: To do…...

  • Page 433: Configuring Dhcp Snooping To Support Option 82

    You need to specify the ports connected to the authorized DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
  • Page 434 Configure the Option 82. Each Configure code type for the dhcp-snooping information field has its own non-user-defined circuit ID circuit-id format-type { ascii | hex } code type. Option 82 sub-option This code type configuration applies to non-user-defined Option 82 only.

  • Page 435: Displaying And Maintaining Dhcp Snooping

    DHCP server configuration of this kind. If the handling strategy of the DHCP-snooping-enabled device is configured as replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.

  • Page 436: Dhcp Snooping Configuration Examples

    On GigabitEthernet2/0/3, configure the padding format as verbose, access node identifier as sysname, and code type as ascii for Option 82. Switch B forwards DHCP requests to the DHCP server (Switch A) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses.
  • Page 437 [SwitchB] dhcp-snooping # Specify GigabitEthernet2/0/1 as trusted. [SwitchB] interface GigabitEthernet2/0/1 [SwitchB-GigabitEthernet2/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet2/0/1] quit # Configure GigabitEthernet2/0/2 to support Option 82. [SwitchB] interface GigabitEthernet2/0/2 [SwitchB-GigabitEthernet2/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet2/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet2/0/2] dhcp-snooping information circuit-id string company001...
  • Page 438 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the IPv4 DNS Client·············································································································1-3 Configuring Static Domain Name Resolution ··················································································1-3 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-4 Displaying and Maintaining IPv4 DNS ····································································································1-5 IPv4 DNS Configuration Examples ·········································································································1-5 Static Domain Name Resolution Configuration Example································································1-5...

  • Page 439: Ipv4 Dns Configuration

    A user program sends a name query to the resolver of the DNS client. The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back. If not, it sends a query to the DNS server.
  • Page 440 DNS suffixes The DNS client normally holds a list of suffixes which can be defined by users. It is used when the name to be resolved is incomplete. The resolver can supply the missing part. For example, a user can configure com as the suffix for aabbcc.com.

  • Page 441: Dns Proxy

    Operation of a DNS proxy A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy, that is, the destination address of the request is the IP address of the DNS proxy.

  • Page 442: Configuring Dynamic Domain Name Resolution

    The IPv4 address you last assign to the host name will overwrite the previous one if there is any. You may create up to 50 static mappings between domain names and IPv4 addresses. Configuring Dynamic Domain Name Resolution To send DNS queries to a correct server for resolution, dynamic domain name resolution needs to be enabled and a DNS server needs to be configured.

  • Page 443: Displaying And Maintaining Ipv4 Dns

    # Configure a mapping between host name host.com and IP address 10.1.1.2. <Sysname> system-view [Sysname] ip host host.com 10.1.1.2 # Use the ping host.com command to verify that the Switch can use static domain name resolution to resolve domain name host.com into IP address 10.1.1.2. [Sysname] ping host.com PING host.com (10.1.1.2):...

  • Page 444: Dynamic Domain Name Resolution Configuration Example

    Dynamic domain name resolution and the domain name suffix are configured on the Switch that serves as a DNS client, and thus the Switch can use domain name host to access the host with the domain name host.com and the IP address 3.1.1.1/16.
  • Page 445 # Create a mapping between host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 1-7. Enter host name host and IP address 3.1.1.1.
  • Page 446 [Sysname] dns domain com Configuration verification # Use the ping host command on the Switch to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [Sysname] ping host Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)

  • Page 447: Dns Proxy Configuration Example

    As shown in Figure 1-8, specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A.

  • Page 448: Troubleshooting Ipv4 Dns Configuration

    DNS client can communicate with the DNS server. If the specified domain name is in the cache, but the IP address is incorrect, check that the DNS client has the correct IP address of the DNS server.

  • Page 449: Ipv6 Dns Configuration

    IPv6 address default. A host name can be mapped to one IPv6 address only. If you map a host name to different IPv6 addresses, the last configuration takes effect. You can configure up to 50 mappings between domain name and IPv6 address.

  • Page 450: Displaying And Maintaining Ipv6 Dns

    In addition, you can configure a DNS suffix that the system will automatically add to the provided domain name for resolution. Follow these steps to configure dynamic domain name resolution: To do… Use the command… Remarks Enter system view system-view —...

  • Page 451: Ipv6 Dns Configuration Examples

    [Switch] ipv6 host host.com 1::2 # Enable IPv6 packet forwarding. [Switch] ipv6 # Use the ping ipv6 host.com command to verify that the Switch can use static domain name resolution to resolve domain name host.com into IPv6 address 1::2. [Switch] ping ipv6 host.com PING host.com (1::2):...
  • Page 452 Dynamic domain name resolution and the domain name suffix are configured on the Switch that serves as a DNS client, and thus the Switch can use domain name host to access the host with the domain name host.com and the IPv6 address 1::1/64.
  • Page 453 As shown in Figure 2-4, right click zone com. Figure 2-4 Create a record Figure 2-4, select Other New Records to bring up a dialog box as shown in Figure 2-5. Select IPv6 Host (AAA) as the resource record type.
  • Page 454 Figure 2-5 Select the resource record type As shown in Figure 2-6, type host name host and IPv6 address 1::1, and then click OK. Figure 2-6 Add a mapping between domain name and IPv6 address...
  • Page 455 [Switch] dns domain com Configuration verification # Use the ping ipv6 host command on the Switch to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 1::1. [Switch] ping ipv6 host...
  • Page 456 Configuring the Maximum Number of Neighbors Dynamically Learned ·······································1-14 Configuring Parameters Related to RA Messages ·······································································1-14 Configuring the Maximum Number of Attempts to Send an NS Message for DAD ······················1-16 Configuring PMTU Discovery················································································································1-17 Configuring a Static PMTU for a Specified IPv6 Address ·····························································1-17 Configuring the Aging Time for Dynamic PMTUs ·········································································1-17...

  • Page 457: Ipv6 Basics Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 458: Ipv6 Features

    IPv6 header. IPv6 uses the basic header with a fixed length, thus making IPv6 packet handling simple and improving the forwarding efficiency. Although the IPv6 address size is four times the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field).

  • Page 459: Introduction To Ipv6 Address

    IPv6 applications. QoS support The Flow Label field in the IPv6 header allows the device to label packets of a flow and provide special handling for these packets. Enhanced neighbor discovery mechanism...
  • Page 460 Multicast address: An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address.
  • Page 461 Besides, there is another type of multicast address: solicited-node address. A solicited-node multicast address is used to acquire the link-layer address of a neighbor node on the same link, and is also used for duplicate address detection (DAD). Each IPv6 unicast or anycast address has a corresponding solicited-node address.

  • Page 462: Introduction To Ipv6 Neighbor Discovery Protocol

    Figure 1-2 Convert a MAC address into an EUI-64 interface identifier Tunnel interfaces: The lower 32 bits of the interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the interface identifier of an ISATAP tunnel interface are 0000:5EFE, while those of other tunnel interfaces are all zeros.
  • Page 463 Node A acquires the link-layer address of node B from the NA message. Neighbor reachability detection After node A acquires the link-layer address of its neighbor node B, node A can verify whether node B is reachable according to NS and NA messages.
  • Page 464 IPv6 address of node B. Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, the IPv6 address is not in use and node A can use it.

  • Page 465: Ipv6 Pmtu Discovery

    The path MTU (PMTU) discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination.

  • Page 466: Protocols And Standards

    Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets. For an upper layer application supporting both IPv4 and IPv6, either TCP or UDP can be selected at the transport layer, while IPv6 stack is preferred at the network layer.

  • Page 467: Configuring Basic Ipv6 Functions

    IPv6 site-local addresses and aggregatable global unicast addresses can be configured in the following ways: EUI-64 format: When the EUI-64 format is adopted, the IPv6 address prefix of an interface is the configured prefix, and the interface identifier is generated automatically by the interface.
  • Page 468 The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface, this manual link-local address takes effect.

  • Page 469: Configuring Ipv6 Ndp

    You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.

  • Page 470: Configuring The Maximum Number Of Neighbors Dynamically Learned

    The device can dynamically acquire the link-layer address of a neighbor node through NS and NA messages and add it into the neighbor table. Too large a neighbor table may reduce the forwarding performance of the device. You can restrict the size of the neighbor table by setting the maximum number of neighbors that an interface can dynamically learn.
  • Page 471 The values of the Retrans Timer and the Reachable Time configured for an interface are sent to hosts via RA messages. Furthermore, this interface sends NS messages at the interval of Retrans Timer and considers a neighbor reachable within the Reachable Time.

  • Page 472: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad

    IPv6 address. If the interface does not receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it continues to send an NS message. If it still does not receive a response after the number of sent attempts reaches a configurable threshold, the acquired address is considered usable.

  • Page 473: Configuring Pmtu Discovery

    Configuring a Static PMTU for a Specified IPv6 Address You can configure a static PMTU for a specified destination IPv6 address. When a source host sends a packet through an interface, it compares the interface MTU with the static PMTU of the specified destination IPv6 address.

  • Page 474: Configuring Icmpv6 Packet Sending

    If hosts are configured to answer multicast echo requests, an attacker may use this mechanism to attack a host. For example, if Host A sends an echo request with the source being Host B to a multicast address, then all the hosts in the multicast group will send echo replies to Host B. Therefore, to prevent such an attack, a device is disabled from replying multicast echo requests by default.

  • Page 475: Enabling Sending Of Icmpv6 Time Exceeded Packets

    A device sends out an ICMPv6 time exceeded packet in the following cases: If a received IPv6 packet’s destination IP address is not the local address and its hop count is 1, the device sends an ICMPv6 time-to-live count exceeded packet to the source.
  • Page 476 { begin | exclude | include } regular-expression ] Display the total number of display ipv6 neighbors { { all | neighbor entries satisfying the dynamic | static } [ slot slot-number ] | Available in any view specified conditions (for interface interface-type distributed devices)

  • Page 477: Ipv6 Configuration Example

    The aggregatable global unicast address of VLAN-interface 2 on Switch B is 3001::2/64, and a route to Host is available. IPv6 is enabled for Host to automatically get an IPv6 address through IPv6 NDP, and a route to Switch B is available.
  • Page 478 The above information shows that the IPv6 aggregatable global unicast address that Host obtained is 2001::15B:E0EA:3524:E791. Verification # Display the IPv6 interface settings on Switch A. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchA] display ipv6 interface vlan-interface 2 verbose...
  • Page 479 FF02::1:FF00:1C0 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds...
  • Page 480 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. All the IPv6 global unicast addresses configured on the interface are displayed. [SwitchB] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP...
  • Page 481 InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.

  • Page 482: Troubleshooting Ipv6 Basics Configuration

    Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
  • Page 483 1 DHCPv6 Configuration ······························································································································1-1 DHCPv6 Configuration Overview············································································································1-1 Basic Concepts································································································································1-1 Typical DHCPv6 Network Application ·····························································································1-2 Stateless DHCPv6 Configuration ····································································································1-2 Operation of DHCPv6 Relay Agent ·································································································1-3 Protocols and Standards ·················································································································1-4 Configuring the DHCPv6 Client ··············································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuration Procedure··················································································································1-4 Configuring the DHCPv6 Relay Agent ····································································································1-5 Configuration Prerequisites ·············································································································1-5...

  • Page 484: Dhcpv6 Configuration Overview

    A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, relay agent, or server), and is used for authentication between DHCPv6 devices. Currently, a DUID based on link-layer address (DUID-LL) defined in RFC 3315 is used to identify a DHCPv6 device. The DUID-LL format is shown in...

  • Page 485: Typical Dhcpv6 Network Application

    Thus, you do not need to deploy a DHCPv6 server on each subnet. Currently, the device can only serve as the DHCPv6 client and relay agent. Serving as a DHCPv6 client, the device only supports stateless DHCPv6 configuration instead of stateful DHCPv6 configuration, that is, the device can only obtain other network configuration parameters instead of an IPv6 address from the DHCPv6 server.

  • Page 486: Operation Of Dhcpv6 Relay Agent

    DHCPv6 function after it receives an RA message with the managed address configuration flag (“M” flag) set to 0 and with the other stateful configuration flag (“O” flag) set to 1. Two types of messages are exchanged in the operation of stateless DHCPv6: the information request message sent by the client and the reply message sent by the server.

  • Page 487: Protocols And Standards

    Figure 1-4, the DHCPv6 relay agent works as follows: The DHCPv6 client sends a request to the multicast address FF02::1:2 of all the DHCPv6 servers and relay agents. After receiving the request, the DHCPv6 relay agent encapsulates the request into the Relay Message Option of a Relay-forward message, and sends the message to the DHCPv6 server.

  • Page 488: Configuring The Dhcpv6 Relay Agent

    DHCPv6 function to obtain other configuration parameters upon receiving an RA message with the “M” flag set to 0 and with the “O” flag set to 1. An interface cannot serve as a stateless DHCPv6 client and DHCPv6 relay agent at the same time.

  • Page 489: Displaying And Maintaining Dhcpv6

    If the DHCPv6 server address is a link-local address or link-scoped multicast address on the local link, you need to specify an outgoing interface using the interface keyword in the ipv6 dhcp relay server-address command; otherwise, DHCPv6 packets may fail to be forwarded to the DHCPv6 server.
  • Page 490 B) to reply with an RA message immediately. Verification After receiving an RA message with the “M” flag set to 0 and with the “O” flag set to 1, Switch A automatically enables the stateless DHCPv6 function. # You can use the display ipv6 dhcp client command to view the current client configuration information.

  • Page 491: Dhcpv6 Relay Agent Configuration Example

    DHCPv6 server is 2::2/64. The DHCPv6 client and server need to communicate via a DHCPv6 relay agent (Switch A). Switch A acts as the gateway of network 1::/64. It sends RA messages to notify the hosts to obtain IPv6 addresses and other configuration parameters through DHCPv6.
  • Page 492 # Enable DHCP relay agent and specify the DHCPv6 server address on VLAN-interface 1. [SwitchA-Vlan-interface1] ipv6 dhcp relay server-address 2::2 Configure Switch A as a gateway # Enable Switch A to send RA messages and set the “M” and “O” flags. [SwitchA-Vlan-interface1] undo ipv6 nd ra halt [SwitchA-Vlan-interface1] ipv6 nd autoconfig managed-address-flag...
  • Page 493 6to4 Tunnel Configuration Example ······························································································1-16 Configuring an ISATAP Tunnel·············································································································1-19 Configuration Prerequisites ···········································································································1-19 Configuration Procedure················································································································1-19 Configuration Example ··················································································································1-20 Configuring an IPv4 over IPv4 Tunnel ··································································································1-23 Configuration Prerequisites ···········································································································1-23 Configuration Procedure················································································································1-23 Configuration Example ··················································································································1-24 Configuring an IPv4 over IPv6 Tunnel ··································································································1-27 Configuration Prerequisites ···········································································································1-28 Configuration Procedure················································································································1-28...
  • Page 494 Displaying and Maintaining Tunneling Configuration············································································1-45 Troubleshooting Tunneling Configuration ·····························································································1-45...

  • Page 495: Tunneling Configuration

    Traffic engineering, such as multiprotocol label switching traffic engineering (MPLS TE), thus preventing network congestion. The preceding tunneling technologies require that you create virtual Layer 3 interfaces (tunnel interfaces) at both ends of a tunnel, so that devices at both ends can send, identify, and process packets transferred through the tunnel.

  • Page 496: Introduction To Ipv4/Ipv6 Transition Tunnels

    IPv6 becomes one of the core standards for the next generation Internet protocol. IPv6 is compatible with all protocols except IPv4 in the TCP/IP suite. Therefore, IPv6 can completely take the place of IPv4. Before IPv6 becomes the dominant protocol, networks using the IPv6 protocol stack are expected to communicate with the Internet using IPv4.
  • Page 497 The IPv6 over IPv4 tunnel processes packets in the following way: A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel. After determining according to the routing table that the packet needs to be forwarded through the tunnel, the device at the source end of the tunnel encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel.
  • Page 498 Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be forwarded by the tunnel.

  • Page 499: Ipv4 Over Ipv4 Tunnel

    Encapsulation The encapsulation process is as follows: The interface of Router A connecting to an IPv4 host receives an IP packet and submits it to the IP protocol stack for processing. The IP protocol stack determines how to route the packet according to the destination address in the IP header.

  • Page 500: Ipv4/Ipv6 Over Ipv6 Tunnel

    The data module then determines how to route the packet. If the packet needs to be routed to Host B connected to Router B, the packet is sent to Router A’s tunnel interface that is connected to Router B.
  • Page 501 The X protocol checks the destination address field in the packet header to determine how to route the packet. If the packet must be tunneled to reach its destination, Router A sends it to the tunnel interface. Upon receipt of the packet, the tunnel interface encapsulates it in a GRE packet. Then, the system encapsulates the packet in an IP packet and forwards the IP packet based on its destination address and the routing table.

  • Page 502: Protocols And Standards

    Decapsulation is the reverse process of encapsulation: Upon receiving an IP packet from the tunnel interface, Router B checks the destination address. If the destination is itself, Router B strips off the IP header of the packet and submits the resulting packet to the GRE protocol.

  • Page 503: Configuring A Tunnel Interface

    By default, the interface is down. When active/standby switchover occurs or the standby card is removed from a distributed device, tunnels configured on the active or standby card still exist. To delete tunnels, use the undo interface tunnel command. Configuring an IPv6 Manual Tunnel...

  • Page 504: Configuration Procedure

    Configuration Procedure Follow these steps to configure an IPv6 manual tunnel: To do… Use the command… Remarks Enter system view system-view — Required Enable IPv6 ipv6 By default, the IPv6 packet forwarding function is disabled. Enter tunnel interface view interface tunnel number —...

  • Page 505: Configuration Example

    After a tunnel interface is deleted, all the above features configured on the tunnel interface will be deleted. If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
  • Page 506 # Reference service loopback group 1 on the tunnel. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] service-loopback-group 1 [SwitchA-Tunnel0] quit # Configure a static route to IPv6 Group 2 through tunnel 0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 0 Configuration on Switch B # Enable IPv6.
  • Page 507 # Configure a static route to IPv6 Group 1 through tunnel 0 on Switch B. [SwitchB] ipv6 route-static 3002:: 64 tunnel 0 Configuration verification After the above configurations, display the status of the tunnel interfaces on Switch A and Switch B, respectively. [SwitchA] display ipv6 interface tunnel 0 verbose...
  • Page 508 ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: # Ping the IPv6 address of VLAN-interface 101 at the peer end from Switch A. [SwitchA] ping ipv6 3003::1 PING 3003::1 : 56 data bytes, press CTRL_C to break...
  • Page 509 Configuration Procedure Follow these steps to configure a 6to4 tunnel: To do… Use the command… Remarks Enter system view system-view — Required Enable IPv6 ipv6 By default, the IPv6 packet forwarding function is disabled. Enter tunnel interface view interface tunnel number —...

  • Page 510: To4 Tunnel Configuration Example

    IPv4 address embedded in the 6to4 IPv6 address. If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a route to the peer must be configured so that the encapsulated packet can be forwarded normally.
  • Page 511 Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
  • Page 512 # Reference service loopback group 1 on the tunnel. [SwitchB] interface tunnel 0 [SwitchB-Tunnel0] service-loopback-group 1 [SwitchB-Tunnel0] quit # Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel 0 Configuration verification After the above configuration, ping Host B from Host A or ping Host A from Host B.

  • Page 513: Configuring An Isatap Tunnel

    Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring an ISATAP Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication. Specify one of the above interfaces as the source interface of the tunnel.

  • Page 514: Configuration Example

    If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a route to the peer must be configured at both ends so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routing. Automatic tunnels do not support dynamic routing.
  • Page 515 [Switch-Tunnel0] ipv6 address 2001::5efe:0101:0101 64 [Switch-Tunnel0] source vlan-interface 101 [Switch-Tunnel0] tunnel-protocol ipv6-ipv4 isatap # Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel0] undo ipv6 nd ra halt [Switch-Tunnel0] quit # Create service loopback group 1 to support the tunnel service.
  • Page 516 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch. If the address is successfully pinged, an ISATAP tunnel is established.

  • Page 517: Configuring An Ipv4 Over Ipv4 Tunnel

    Configuration verification After the above configurations, the ISATAP host can access the host in the IPV6 network. Configuring an IPv4 over IPv4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication.

  • Page 518: Configuration Example

    If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You need to configure a static or dynamic route at both ends of the tunnel.
  • Page 519 # Configure a source address for the interface tunnel 1 (IP address of VLAN-interface 101). [SwitchA-Tunnel1] source 2.1.1.1 # Configure a destination address for the interface tunnel 1 (IP address of VLAN-interface 101 of Switch [SwitchA-Tunnel1] destination 3.1.1.1 [SwitchA-Tunnel1] quit # Create service loopback group 1 to support the tunnel service.
  • Page 520 # Configure a static route from Switch B through the interface tunnel 2 to Group 1. [SwitchB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2 Configuration verification After the above configuration, display the status of the tunnel interfaces on Switch A and Switch B: <SwitchA> display interface tunnel 1 Tunnel1 current state: UP...

  • Page 521: Configuring An Ipv4 Over Ipv6 Tunnel

    0 input error 9 packets output, 576 bytes 0 output error # Ping the IPv4 address of the peer interface VLAN-interface 100 from Switch A. [SwitchA] ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=15 ms Reply from 10.1.3.1: bytes=56 Sequence=2 ttl=255 time=15 ms...

  • Page 522: Configuration Prerequisites

    Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication. Specify one of the above interfaces as the source interface of the tunnel. Ensure reachability between the tunnel source and destination addresses.

  • Page 523: Configuration Example

    If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You need to configure a static or dynamic route at both ends of the tunnel.
  • Page 524 [SwitchA-Tunnel1] tunnel-protocol ipv4-ipv6 # Configure the source address for the interface tunnel 1 (IP address of VLAN-interface 101). [SwitchA-Tunnel1] source 2002::1:1 # Configure the destination address of the interface tunnel 1 (IP address of VLAN-interface 101 of Switch B). [SwitchA-Tunnel1] destination 2002::2:1 [SwitchA-Tunnel1] quit # Create service loopback group 1 to support the tunnel service.
  • Page 525 [SwitchB-Tunnel2] tunnel-protocol ipv4-ipv6 # Configure the source address for the interface tunnel 2 (IP address of VLAN-interface 101). [SwitchB-Tunnel2] source 2002::2:1 # Configure the destination address for the interface tunnel 2 (IP address of VLAN-interface 101 of Switch A). [SwitchB-Tunnel2] destination 2002::1:1 [SwitchB-Tunnel2] quit # Create service loopback group 1 to support the tunnel service.

  • Page 526: Configuring An Ipv6 Over Ipv6 Tunnel

    0 input error 170 packets output, 10880 bytes 0 output error # Ping the IPv4 address of the peer interface VLAN-interface 100 from Switch A. [SwitchA] ping 30.1.3.1 PING 30.1.3.1: 56 data bytes, press CTRL_C to break Reply from 30.1.3.1: bytes=56 Sequence=1 ttl=255 time=46 ms Reply from 30.1.3.1: bytes=56 Sequence=2 ttl=255 time=15 ms...

  • Page 527: Configuration Prerequisites

    Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface, and loopback interface) on the device to ensure normal communication. Specify one of the above interfaces as the source interface of the tunnel. Ensure reachability between the tunnel source and destination addresses.

  • Page 528: Configuration Example

    If the addresses of the tunnel interfaces at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routes. For the detailed configuration, refer to Static Routing Configuration or other routing protocol configuration in the IP Routing Volume.
  • Page 529 [SwitchA-Tunnel1] tunnel-protocol ipv6-ipv6 # Configure the source address for the interface tunnel 1 (IP address of VLAN-interface 101). [SwitchA-Tunnel1] source 2002:11::1 # Configure the destination address for the interface tunnel 1 (IP address of VLAN-interface 101 of Switch B). [SwitchA-Tunnel1] destination 2002::22:1 [SwitchA-Tunnel1] quit # Create service loopback group 1 to support the tunnel service.
  • Page 530 # Configure a static route from Switch B through the interface tunnel 2 to Group 1. [SwitchB] ipv6 route-static 2002:1:: 64 tunnel 2 Configuration verification After the above configuration, display the status of the tunnel interfaces on Switch A and Switch B, respectively. <SwitchA> display ipv6 interface tunnel 1 verbose...
  • Page 531 ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: # Ping the IPv6 address of the peer interface VLAN-interface 100 from Switch A. [SwitchA] ping ipv6 2002:3::1 PING 2002:3::1 : 56 data bytes, press CTRL_C to break...

  • Page 532: Configuring A Gre Over Ipv4 Tunnel

    Interfaces on a device, such as VLAN interfaces, and loopback interfaces, are configured with IPv4 addresses and can communicate. These interfaces can be used as the source of a virtual tunnel interface to ensure the reachability of the tunnel destination address.

  • Page 533: Configuration Example

    The source address and destination address of a tunnel uniquely identify a path. They must be configured at both ends of the tunnel and the source address at one end must be the destination address at the other end and vice versa.
  • Page 534 # Configure the tunnel encapsulation mode. [SwitchA-Tunnel1] tunnel-protocol gre # Configure the source address of interface Tunnel 1 to be the IP address of the VLAN interface. [SwitchA-Tunnel1] source vlan-interface 101 # Configure the destination address for interface Tunnel 1.

  • Page 535: Configuring A Gre Over Ipv6 Tunnel

    Configuration Prerequisites Interfaces on a device, such as VLAN interfaces, and loopback interfaces, are configured with IPv6 addresses and can communicate. These interfaces can serve as the source of a virtual tunnel interface to ensure the reachability of the destination address.
  • Page 536 It is not allowed to set up a static route whose destination address is in the subnet of the tunnel interface.

  • Page 537: Configuration Example

    Configuration Example Network requirements Two IPv4 subnets Group 1 and Group 2 are interconnected through a GRE tunnel over the IPv6 network between Switch A and Switch B. Figure 1-15 Network diagram for a GRE over IPv6 tunnel Configuration procedure Before the configuration, make sure that Switch A and Switch B are reachable to each other.
  • Page 538 [SwitchB-Tunnel0] ip address 10.1.2.2 255.255.255.0 # Configure the tunnel encapsulation mode. [SwitchB-Tunnel0] tunnel-protocol gre ipv6 # Configure the source address of interface Tunnel 0 to be the IP address of interface VLAN-interface 101. [SwitchB-Tunnel0] source 2002::2:1 # Configure the destination address of interface Tunnel 0 to be the IP address of interface VLAN-interface 101 on Switch A.

  • Page 539: Displaying And Maintaining Tunneling Configuration

    Solution: Follow the steps below: The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up.
  • Page 540 Table of Contents 1 UDP Helper Configuration ························································································································1-1 Introduction to UDP Helper ·····················································································································1-1 Configuring UDP Helper ·························································································································1-1 Displaying and Maintaining UDP Helper·································································································1-2 UDP Helper Configuration Examples······································································································1-2 UDP Helper Configuration Example································································································1-2...

  • Page 541: Udp Helper Configuration

    Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network. However, if the server or the device to be requested is located in another broadcast domain, the host cannot obtain such information through broadcast.

  • Page 542: Displaying And Maintaining Udp Helper

    UDP port number. The configuration of all UDP ports is removed if you disable UDP Helper. You can configure up to 256 UDP port numbers to enable the forwarding of packets with these UDP port numbers.
  • Page 543 Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55.
  • Page 544 Establishing an FTP Connection ·····································································································1-3 Operating the Directories on an FTP Server ···················································································1-4 Operating the Files on an FTP Server·····························································································1-5 Using Another Username to Log In to an FTP Server ····································································1-6 Maintaining and Debugging an FTP Connection ············································································1-6 Terminating an FTP Connection ·····································································································1-6 FTP Client Configuration Example (Distributed Device) ·································································1-7...

  • Page 545: Ftp Configuration

    The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and client over a TCP/IP network. FTP uses TCP ports 20 and 21 for file transfer. Port 20 is used to transmit data, and port 21 to transmit control commands. Refer to RFC 959 for details of FTP basic operation.

  • Page 546: Configuring The Ftp Client

    The FTP function is available when a reachable route exists between the FTP server and the FTP client. When you use IE to log in to the device serving as the FTP server, part of the FTP functions is not available. This is because multiple connections are established during the login process but the device supports only one connection at a time.

  • Page 547: Establishing An Ftp Connection

    Only users with the manage level can use the ftp command to log in to an FTP server, enter FTP client view, and execute directory and file related commands. However, whether the commands can be executed successfully depends on the authorizations of the FTP server.

  • Page 548: Operating The Directories On An Ftp Server

    [ service-port ] [ -i interface-type interface-number ] Operating the Directories on an FTP Server After the device serving as the FTP client has established a connection with an FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can create or delete...

  • Page 549: Operating The Files On An Ftp Server

    FTP server under the authorized directory of the FTP server by following these steps: Use the dir or ls command to display the directory and the location of the file on the FTP server. Delete useless files for effective use of the storage space.

  • Page 550: Using Another Username To Log In To An Ftp Server

    Optional server Using Another Username to Log In to an FTP Server After the device serving as the FTP client has established a connection with the FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can use another username...

  • Page 551: Ftp Client Configuration Example (Distributed Device)

    Device downloads a startup file from PC for device upgrade, and uploads the configuration file to PC for backup. On PC, an FTP user account has been created for the FTP client, with the username being abc and the password being pwd.
  • Page 552 The specified file will be used as the main boot file at the next reboot on slot 0! Specify newest.app as the main startup file to be used at the next startup for the SMB (in slot 1). <Sysname> boot-loader file slot1#flash:/newest.app slot 1 main This command will set the boot file of the specified board.

  • Page 553: Ftp Client Configuration Example (Distributed Irf Device)

    1-3, Device is a IRF system, which is composed of a master and a slave. The member ID of the master is 1, and the slot numbers of the AMB and the SMB on the master are 0 and 1 respectively. The member ID of the slave is 2, and the slot numbers of the AMB and SMB on the slave are 0 and 1 respectively.
  • Page 554 FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec. [ftp] bye # Specify newest.app as the main startup file to be used at the next startup for the AMB of the IRF. <Sysname> boot-loader file newest.app chassis 1 slot 0 main This command will set the boot file of the specified board.

  • Page 555: Configuring The Ftp Server

    Configuring the FTP Server Configuring FTP Server Operating Parameters The FTP server uses one of the two modes to update a file when you upload the file (use the put command) to the FTP server: In fast mode, the FTP server starts writing data to the storage medium after a file is transferred to the memory.

  • Page 556: Configuring Authentication And Authorization On The Ftp Server

    3 users; if the client is to perform other operations, for example, read operation, the device has no restriction on the user level of the FTP login users, that is, any level from 0 to 3 is allowed. 1-12...

  • Page 557: Ftp Server Configuration Example (Distributed Device)

    PC keeps the updated startup file of the device. Use FTP to upgrade the device and back up the configuration file. Set the username to ftp and the password to pwd for the FTP client to log in to the FTP server. Figure 1-4 Upgrading using the FTP server...
  • Page 558 Boot ROM. Upgrade Device # Copy the startup file newest.app to the root directory of the storage medium on the SMB (in slot 1). <Sysname> copy newest.app slot1#flash:/ # Specify newest.app as the main startup file to be used at the next startup.

  • Page 559: Ftp Server Configuration Example (Distributed Irf Device)

    1-5, Device is a IRF system, which is composed of a master and a slave. The member ID of the master is 1, and the slot numbers of the AMB and the SMB on the master are 0 and 1 respectively. The member ID of the slave is 2, and the slot numbers of the AMB and SMB on the slave are 0 and 1 respectively.
  • Page 560 Upgrade Device # Copy the startup file newest.app from PC to the root directory of the storage media of the SMBs of the IRF (the member ID and slot number of the member device where one SMB resides are both 1; the member ID and slot number of the member device where another SMB resides are 2 and 0 respectively;...

  • Page 561: Displaying And Maintaining Ftp

    <Sysname> copy newest.app chassis2#slot0#flash:/ <Sysname> copy newest.app chassis2#slot1#flash:/ # Specify newest.app as the main startup file to be used at the next startup for all the main boards of the IRF. <Sysname> boot-loader file newest.app chassis 1 slot 0 main This command will set the boot file of the specified board.

  • Page 562: Tftp Configuration

    In a normal file uploading process, the client sends a write request to the TFTP server, sends data to the server, and receives the acknowledgement from the server.

  • Page 563: Configuring The Tftp Client

    Configuring the TFTP Client When a device acts as a TFTP client, you can upload a file on the device to a TFTP server and download a file from the TFTP server to the local device. You can use either of the following ways to download a file: Normal download: The device writes the obtained file to the storage medium directly.

  • Page 564: Displaying And Maintaining The Tftp Client

    If you use the ftp client source command to first configure the source interface and then the source IP address of the packets of the TFTP client, the new source IP address will overwrite the current one, and vice versa.

  • Page 565: Tftp Client Configuration Example (Distributed Device)

    The specified file will be used as the main boot file at the next reboot on slot 0! Specify newest.app as the main startup file to be used at the next startup for the SMB (in slot 1). <Sysname> boot-loader file slot1#flash:/newest.app slot 1 main...

  • Page 566: Tftp Client Configuration Example (Distributed Irf Device)

    2-3, Device is a IRF system, which is composed of a master and a slave. The member ID of the master is 1, and the slot numbers of the AMB and the SMB on the master are 0 and 1 respectively. The member ID of the slave is 2, and the slot numbers of the AMB and SMB on the slave are 0 and 1 respectively.
  • Page 567 # Upload a configuration file config.cfg to the TFTP server. <Sysname> tftp 1.2.1.1 put config.cfg configback.cfg # Specify newest.app as the main startup file to be used at the next startup for all the main boards of the IRF. <Sysname> boot-loader file newest.app chassis 1 slot 0 main This command will set the boot file of the specified board.
  • Page 568 The startup file used for the next startup must be saved under the root directory of the storage medium. You can copy or move a file to the root directory of the storage medium. For the details of the boot-loader command, refer to Device Management Commands in the System Volume.
  • Page 569 Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-2 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-3 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...

  • Page 570: Sflow Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 571: Operation Of Sflow

    When the sFlow packet buffer overflows or the one-second timer expires, the sFlow agent sends sFlow packets to the specified sFlow collector. Configuring sFlow The sFlow feature enables the remote sFlow collector to monitor the network and analyze sFlow packet statistics. Follow these steps to configure sFlow: To do…...

  • Page 572: Displaying And Maintaining Sflow

    Host A and Server are connected to Switch through GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 2/0/3. GigabitEthernet 2/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.

  • Page 573: Troubleshooting Sflow Configuration

    The IP address of the sFlow collector specified on the sFlow agent is different from that of the remote sFlow collector. No IP address is configured for the Layer 3 interface on the device, or the IP address is configured, but the UDP packets with the IP address being the source cannot reach the sFlow collector.
  • Page 574 IP Routing Basics Introduction to IP routing and routing table Routing protocol overview A static route is manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.
  • Page 575 IPv6 Static Routing simple IPv6 network environments. This document describes: IPv6 static route configuration RIP next generation (RIPng) is an extension of RIP-2 for IPv4. RIPng for IPv6 is IPv6 RIPng. This document describes: IPv6 RIPng Configuring RIPng Basic Functions...
  • Page 576 Configuring IPv6 BGP Route Attributes Tuning and Optimizing IPv6 BGP Networks Configuring a Large Scale IPv6 BGP Network Routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed. This document describes:...
  • Page 577 Table of Contents 1 IP Routing Basics Configuration ·············································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-5 Route Recursion······························································································································1-6...

  • Page 578: Ip Routing Basics Configuration

    Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. EA boards (such as LSQ1GP12EA and LSQ1TGX1EA) do not support IPv6 features.
  • Page 579 For example, if the destination address is 129.102.8.10 and the mask 255.255.0.0, the address of the destination network is 129.102.0.0. A network mask is made of a certain number of consecutive 1s. It can be expressed in dotted decimal format or by the number of the 1s.

  • Page 580: Routing Protocol Overview

    Therefore, dynamic routing is suitable for large networks. Its disadvantages are that it is difficult to configure, and that it not only imposes higher requirements on the system, but also consumes a certain amount of network resources.

  • Page 581: Routing Protocols And Routing Priority

    Exterior gateway protocols (EGPs): Work between autonomous systems. The most popular one is BGP. An autonomous system refers to a group of routers that share the same routing policy and work under the same administration. Routing algorithm Distance-vector protocols: RIP and BGP. BGP is also considered a path-vector protocol.

  • Page 582: Load Balancing And Route Backup

    Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes. Under normal circumstances, packets are forwarded through the main route. When the main route goes down, the route with the highest priority among the backup routes is selected to forward packets.

  • Page 583: Route Recursion

    Configuring a Router ID Some routing protocols use a router ID to identify a device. You can configure a global router ID for a device. If no router ID is configured for a protocol, the global router ID is used.
  • Page 584 Clear statistics for the routing protocol [ vpn-instance Available in user view table or a VPN routing table vpn-instance-name ] { all | protocol } Display brief IPv6 routing table display ipv6 routing-table Available in any view information...
  • Page 585 BFD Control Packet Mode···············································································································1-4 BFD Echo Packet Mode ··················································································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-5 Basic Static Route Configuration Example······················································································1-5 Configuring BFD Echo Packet Mode for Static Routing··································································1-8 Configuring BFD Control Packet Mode for Static Routing ····························································1-10...

  • Page 586: Static Routing Configuration

    Default Route If the destination address of a packet fails to match any entry in the routing table, the packet will be discarded. After a default route is configured on a router, any packet whose destination IP address matches no entry in the routing table can be forwarded to a designated upstream router.

  • Page 587: Application Environment Of Static Routing

    Destination address and mask In the ip route-static command, an IPv4 address is in dotted decimal format and a mask can be either in dotted decimal format or in the form of mask length (the digits of consecutive 1s in the mask).

  • Page 588: Configuration Procedure

    60 by default routes When configuring a static route, the static route does not take effect if you specify the next hop address first and then configure it as the IP address of a local interface, such as VLAN interface.

  • Page 589: Bfd Control Packet Mode

    ] BFD Echo Packet Mode With BFD echo packet mode enabled for a static route, the local device sends BFD echo packets to the peer, which loops it back to test the link in between. Follow these steps to configure BFD echo packet mode for static routes: To do…...

  • Page 590: Displaying And Maintaining Static Routes

    The source address of echo packets must be configured if the BFD session operates in the echo mode. If you configure BFD for a static route, you need to specify the outbound interface and next hop IP address for the route.
  • Page 591 <SwitchC> system-view [SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5 Configure the hosts. The default gateways for the three hosts A, B and C are 1.1.2.3, 1.1.6.1 and 1.1.3.1 respectively. The configuration procedure is omitted. Display the configuration. # Display the IP routing table of Switch A.
  • Page 592 1.1.6.1/32 Direct 0 127.0.0.1 InLoop0 # Use the ping command on Host B to check reachability to Host A, assuming Windows XP runs on the two hosts. C:\Documents and Settings\Administrator>ping 1.1.2.2 Pinging 1.1.2.2 with 32 bytes of data: Reply from 1.1.2.2: bytes=32 time=1ms TTL=255 Reply from 1.1.2.2: bytes=32 time=1ms TTL=255...

  • Page 593: Configuring Bfd Echo Packet Mode For Static Routing

    Network requirements As shown in the following figure, configure a static route on Switch A to Switch C and enable BFD. When the link between Switch A and Switch B fails, Switch A selects Switch D to reach Switch C.
  • Page 594 <SwitchA> debugging bfd event <SwitchA> debugging bfd scm <SwitchA> terminal debugging # When the link between Switch B and the Layer 2 switch goes down, Switch A can quickly detect the changes on Switch B. %Nov 12 19:28:28:592 2005 SwitchA BFD/5/LOG:Sess[123.1.1.1/10.1.1.100, Vlan10], Sta: UP->DOWN, Diag: 1...

  • Page 595: Configuring Bfd Control Packet Mode For Static Routing

    Configuring BFD Control Packet Mode for Static Routing Network requirements As shown in the following figure, configure a static route to subnet 14.1.1.0/24 on Switch A and configure a static route to subnet 13.1.1.0/24 on Switch B. Both routes have BFD control packet mode enabled.
  • Page 596 <SwitchA> debugging bfd event <SwitchA> debugging bfd scm <SwitchA> terminal debugging # When the link between Switch A and Layer 2 switch fails, Switch A can detect the failure. %Jul 27 10:18:18:672 2007 SwitchA BFD/4/LOG:Sess[12.1.1.1/12.1.1.2, Vlan12,Ctrl], Sta: UP->DOWN, Diag: 1 *Jul 27 10:18:18:672 2007 SwitchA BFD/7/EVENT:Send sess-down Msg, [Src:12.1.1.1,...
  • Page 597 Configuring an Additional Metric for a RIP Interface ·····································································1-22 Configuring RIP to Advertise a Summary Route···········································································1-24 Configuring BFD for RIP (Single-Hop Detection in BFD Echo Packet Mode)·······························1-27 Configuring BFD for RIP (Bidirectional Detection in BFD Control Packet Mode) ·························1-29 Troubleshooting RIP ·····························································································································1-33 No RIP Updates Received ············································································································1-33...

  • Page 599: Rip Configuration

    520. RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0. The hop count from a router to a directly connected router is 1. To limit convergence time, the range of RIP metric value is from 0 to 15.

  • Page 600: Operation Of Rip

    Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.

  • Page 601: Rip Version

    RIPv1 messages. RIP Message Format A RIP message consists of a header and up to 25 route entries. (A RIPv2 authentication message uses the first route entry as the authentication entry, so it has up to 24 route entries.)
  • Page 602 Subnet Mask: Mask of the destination address. Next Hop: If set to 0.0.0.0, it indicates that the originator of the route is the best next hop; otherwise it indicates a next hop better than the originator of the route.

  • Page 603: Protocols And Standards

    RIPv1 and RIPv2 RIP multi-instance. RIP can serve as the IGP running between CE and PE on a BGP/MPLS VPN network. For related information, refer to MPLS L3VPN Configuration in the MPLS Volume. RIP periodically sends route update requests to neighbors. If no route update response for a route is received within the specified interval, RIP considers the route unreachable.
  • Page 604 If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface.

  • Page 605: Configuring Rip Route Control

    RIPv1 broadcast and unicast packets, and RIPv2 broadcast, multicast, and unicast packets. If an interface has no RIP version configured, it uses the global RIP version; otherwise it uses the RIP version configured on it. With RIPv1 configured, an interface sends RIPv1 broadcasts, and can receive RIPv1 broadcasts and RIPv1 unicasts.
  • Page 606 An additional routing metric (hop count) can be added to the metric of an inbound or outbound RIP route. The outbound additional metric is added to the metric of a sent route, and the route’s metric in the routing table is not changed.

  • Page 607: Disabling Host Route Reception

    Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.

  • Page 608: Advertising A Default Route

    You can configure RIP to advertise a default route with a specified metric to RIP neighbors. In RIP view, you can configure all the interfaces of the RIP process to advertise a default route; in interface view, you can configure a RIP interface of the RIP process to advertise a default route.

  • Page 609: Configuring A Priority For Rip

    Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.

  • Page 610: Configuring Rip Network Optimization

    | tag tag ] * Only active routes can be redistributed. You can use the display ip routing-table protocol command to display route state information. Configuring RIP Network Optimization Complete the following tasks before configuring RIP network optimization: Configure network addresses for interfaces, and make neighboring nodes reachable to each other;...

  • Page 611: Configuring Split Horizon And Poison Reverse

    Based on network performance, you need to make RIP timers of RIP routers identical to each other to avoid unnecessary traffic or route oscillation. Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect.

  • Page 612: Configuring The Maximum Number Of Load Balanced Routes

    RIPv1 messages. If such a field contains a non-zero value, the RIPv1 message will not be processed. If you are sure that all messages are trusty, you can disable zero field check to save CPU resources.

  • Page 613: Configuring Ripv2 Message Authentication

    Enabled by default messages The source IP address check feature should be disabled if the RIP neighbor is not directly connected. Configuring RIPv2 Message Authentication In a network requiring high security, you can configure this task to implement RIPv2 message validity check and authentication.

  • Page 614: Configuring Rip-To-Mib Binding

    You need not use the peer ip-address command when the neighbor is directly connected; otherwise the neighbor may receive both the unicast and multicast (or broadcast) of the same routing information. If a specified neighbor is not directly connected, you need to disable source address check on incoming updates. Configuring RIP-to-MIB Binding This task allows you to enable a specific RIP process to receive SNMP requests.

  • Page 615: Configuring Bfd For Rip

    BFD session is established only when the neighbor has route information to send. Bidirectional detection in BFD control packet mode for an indirectly connected neighbor. In this mode, a BFD session is established only when both ends have routes to send and BFD is enabled on the receiving interface.

  • Page 616: Displaying And Maintaining Rip

    Disabled by default Unidirectional detection in BFD echo packet mode only works for RIP neighbors that are directly connected, namely, one hop away from each other. Using the undo peer command does not remove the neighbor relationship at once and therefore cannot bring down the BFD session at once.
  • Page 617 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 192.168.1.2 From the routing table, you can find that RIPv1 uses a natural mask. Configure RIP version # Configure RIPv2 on Switch A. [SwitchA] rip [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary # Configure RIPv2 on Switch B.

  • Page 618: Configuring Rip Route Redistribution

    10.1.1.0/24 192.168.1.2 From the routing table, you can see RIPv2 uses classless subnet mask. Since RIPv1 routing information has a long aging time, it will still exist until it ages out after RIPv2 is configured. Configuring RIP Route Redistribution Network requirements...
  • Page 619 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure route redistribution # On Switch B, configure RIP 200 to redistribute direct routes and routes from RIP 100. [SwitchB] rip 200 [SwitchB-rip-200] import-route rip 100 [SwitchB-rip-200] import-route direct [SwitchB-rip-200] quit # Display the routing table of Switch C.

  • Page 620: Configuring An Additional Metric For A Rip Interface

    RIPv2. Switch A has two links to Switch D. The link from Switch B to Switch D is more stable than that from Switch C to Switch D. Configure an additional metric for RIP routes received through VLAN-interface 200 on Switch A so that Switch A prefers the 1.1.5.0/24 network learned from...
  • Page 621 Figure 1-6 Network diagram for RIP interface additional metric configuration Configuration procedure Configure IP addresses for the interfaces (omitted). Configure RIP basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B.

  • Page 622: Configuring Rip To Advertise A Summary Route

    The display shows that there are two RIP routes to network 1.1.5.0/24. Their next hops are Switch B (1.1.1.2) and Switch C (1.1.2.2) respectively, with the same cost of 2. Switch C is the next hop router to reach network 1.1.4.0/24, with a cost of 1.
  • Page 623 Figure 1-7 Network diagram for RIP summary route advertisement Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit...
  • Page 624 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 # Display the routing table information of Switch D.

  • Page 625: Configuring Bfd For Rip (Single-Hop Detection In Bfd Echo Packet Mode)

    Layer 2 switch. When the link between Switch C and the Layer 2 switch fails, BFD can quickly detect the link failure and notify it to RIP, and the BFD session goes down. In response, RIP deletes the neighbor relationship with Switch C and the route information received from Switch C.
  • Page 626 Holdtime Interface 192.168.1.1 192.168.1.2 2000ms Vlan100 # Display the RIP route learned from Switch B on Switch A. <SwitchA> display ip routing-table 100.1.1.0 24 verbose Routing Table : Public Summary Count : 2 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1...

  • Page 627: Configuring Bfd For Rip (Bidirectional Detection In Bfd Control Packet Mode)

    # Enable RIP event debugging on Switch A. <SwitchA> debugging rip 1 event <SwitchA> terminal debugging # When the link between Switch C and the Layer 2 switch fails, you can see that Switch A can quickly detect the change. %Jan 19 10:41:51:203 2008 SwitchA BFD/4/LOG:Sess[192.168.1.1/192.168.1.2, Vlan-interface 100,Ctrl], Sta: UP->DOWN, Diag: 1...
  • Page 628 VLAN-interface 200 on Switch C, and VLAN-interface 200 and VLAN-interface 100 on Switch B run RIP process 1. Configure a static route to Switch C on Switch A, and configure a static route to Switch A on Switch C. Enable BFD on VLAN-interface 100 of Switch A and VLAN-interface 200 of Switch C.
  • Page 629 [SwitchC-Vlan-interface200] bfd detect-multiplier 7 [SwitchC-Vlan-interface200] quit Configure static routes. # Configure a static route to Switch C on Switch A. [SwitchA] ip route-static 192.168.2.0 24 vlan-interface 100 192.168.1.2 [SwitchA] quit # Configure a static route to Switch A on Switch C.
  • Page 630 # Enable RIP event debugging on Switch A. <SwitchA> debugging rip 1 event <SwitchA> terminal debugging # When the link between Switch B and Switch C fails, you can see that Switch A quickly detects the link state change. %Jan 19 10:41:51:203 2008 SwitchA BFD/4/LOG:Sess[192.168.1.1/192.168.2.2, Vlan-interface 100, Ctrl], Sta: UP->DOWN, Diag: 1...

  • Page 631: Troubleshooting Rip

    After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end. Solution:...
  • Page 632 Configuring a Virtual Link ··············································································································1-26 Configuring OSPF Network Types········································································································1-26 Prerequisites··································································································································1-27 Configuring the OSPF Network Type for an Interface as Broadcast ············································1-27 Configuring the OSPF Network Type for an Interface as NBMA ··················································1-27 Configuring the OSPF Network Type for an Interface as P2MP···················································1-28 Configuring the OSPF Network Type for an Interface as P2P ······················································1-29...
  • Page 633 Configuring OSPF Network Management ·····················································································1-43 Enabling Message Logging ···········································································································1-43 Enabling the Advertisement and Reception of Opaque LSAs ······················································1-44 Configuring OSPF to Give Priority to Receiving and Processing Hello Packets···························1-44 Configuring the LSU Transmit Rate ······························································································1-44 Configuring OSPF Graceful Restart······································································································1-45 Configuring the OSPF GR Restarter ·····························································································1-45 Configuring the OSPF GR Helper ·································································································1-46...

  • Page 634: Introduction To Ospf

    Displaying and Maintaining OSPF OSPF Configuration Examples Troubleshooting OSPF Configuration The term “router” in this document refers to a router in a generic sense or an Ethernet switch running routing protocols. Introduction to OSPF Unless otherwise noted, OSPF refers to OSPFv2 throughout this document.

  • Page 635: Basic Concepts

    The router itself is the root of the tree. Router ID An OSPF process running on a router must have its own router ID, which is a 32-bit unsigned integer, the unique identifier of the router in the AS.

  • Page 636: Ospf Area Partition

    OSPF routing domain. The opaque LSA includes three types, Type 9, Type 10 and Type 11, which are used to flood into different areas. The Type 9 opaque LSA is flooded into the local subnet, the Type 10 is flooded into the local area, and the Type 11 is flooded throughout the whole AS.
  • Page 637 A network segment (or a link) can only reside in one area, in other words, an OSPF interface must be specified to belong to its attached area, as shown in the figure below.
  • Page 638 OSPF packets as normal IP packets. Stub area The ABR in a stub area does not distribute Type-5 LSAs into the area, so the routing table size and amount of routing information in this area are reduced significantly.
  • Page 639 NSSA ABR, Type-7 LSAs are translated into Type-5 LSAs by the ABR for advertisement to other areas. In the following figure, the OSPF AS contains three areas: Area 1, Area 2 and Area 0. The other two ASs employ the RIP protocol. Area 1 is an NSSA area, and the ASBR in it translates RIP routes into Type-7 LSAs and advertises them throughout Area 1.

  • Page 640: Router Types

    All interfaces on an internal router belong to one OSPF area. Area Border Router (ABR) An area border router belongs to more than two areas, one of which must be the backbone area. It connects the backbone area to a non-backbone area. The connection between an area border router and the backbone area can be physical or logical.

  • Page 641: Classification Of Ospf Networks

    A Type-2 external route is an EGP route, which has low credibility, so OSPF considers the cost from the ASBR to the destination of the Type-2 external route is much greater than the cost from the ASBR to an OSPF internal router. Therefore, the cost from the internal router to the destination of the Type-2 external route= the cost from the ASBR to the destination of the Type-2 external route.

  • Page 642: Dr And Bdr

    The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers. When the DR fails, the BDR will become the new DR in a very short period by avoiding adjacency establishment and DR reelection. Meanwhile, other routers elect another BDR, which requires a relatively long period but has no influence on routing calculation.

  • Page 643: Ospf Packet Formats

    After DR/BDR election and then a new router joins, it cannot become the DR immediately even if it has the highest priority on the network. The DR may not be the router with the highest priority in a network, and the BDR may not be the router with the second highest priority.
  • Page 644 Authentication: Information determined by authentication type. It is not defined for authentication type 0. It is defined as password information for authentication type 1, and defined as Key ID, MD5 authentication data length and sequence number for authentication type 2.
  • Page 645 I (Initial) The Init bit, which is set to 1 if the packet is the first packet of database description packets, and set to 0 if not. M (More): The More bit, which is set to 0 if the packet is the last packet of DD packets, and set to 1 if more DD Packets are to follow.
  • Page 646 Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA.
  • Page 647 Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission. LS type: Type of the LSA.
  • Page 648 Type: Link type. A value of 1 indicates a point-to-point link to a remote router; a value of 2 indicates a link to a transit network; a value of 3 indicates a link to a stub network; a value of 4 indicates a virtual link.
  • Page 649 Figure 1-18 Summary LSA format Major fields: Link State ID: For a Type-3 LSA, it is an IP address outside the area; for a type 4 LSA, it is the router ID of an ASBR outside the area. Network mask: The network mask for the type 3 LSA; set to 0.0.0.0 for the Type-4 LSA...
  • Page 650 It may be used to manage external routes. NSSA external LSA An NSSA external LSA originates from the ASBR in a NSSA and is flooded in the NSSA area only. It has the same format as the AS external LSA.

  • Page 651: Supported Ospf Features

    Hot Standby Distributed routers support OSPF Hot Standby (HSB). OSPF backups necessary information of the Active Main Board (AMB) into the Standby Main Board (SMB). Once the AMB fails, the SMB begins to work to ensure the normal operation of OSPF.
  • Page 652 OSPF Graceful Restart For GR information, refer to GR Overview in the High Availability Volume. After an OSPF GR Restarter restarts, it needs to perform the following two tasks in order to re-synchronize its LSDB with its neighbors. To obtain once again effective OSPF neighbor information (assume the adjacencies are not changed).
  • Page 653 In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs. An OSPF route learned by a site will be forwarded to another site as an external route, which leads to heavy OSPF routing traffic and management issues.

  • Page 654: Protocols And Standards

    If a router connects to a PE router in the same area and establishes an internal route (backdoor route) to a destination, in this case, since an OSPF intraarea route has a higher priority than a backbone route, VPN traffic will always travel on the backdoor route rather than the backbone route. To avoid this, an unnumbered sham link can be configured between PE routers, connecting the router to another PE router via an intraarea route with a lower cost.
  • Page 655 Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring the OSPF Network Type for an Interface as Optional NBMA Configuring OSPF...

  • Page 656: Enabling Ospf

    OSPF advertises the direct route of the interface. To run OSPF, a router must have a Router ID, which is the unique identifier of the router in the AS. You can specify a Router ID when creating the OSPF process. Any two routers in an AS must have different Router IDs.

  • Page 657: Configuring Ospf Areas

    To further reduce the routing table size and routing information exchanged in the stub area, you can configure it as a totally stub area by using the stub [ no-summary ] command on the ABR. In this way, 1-24...

  • Page 658: Configuring An Nssa Area

    Virtual links cannot transit (totally) stub areas. Configuring an NSSA Area A stub area cannot redistribute routes. You can configure the area as an NSSA area to allow for route redistribution while keeping other characteristics of a stub area. Follow these steps to configure an NSSA area: To do…...

  • Page 659: Configuring A Virtual Link

    Defaults to 1. area It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area.

  • Page 660: Prerequisites

    You can change the network type of an interface as needed. For example: When an NBMA network becomes fully meshed through address mapping, namely, when any two routers in the network have a direct virtual link in between, you can change the network type to broadcast, without manually configuring the neighbors.

  • Page 661: Configuring The Ospf Network Type For An Interface As P2Mp

    The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.

  • Page 662: Configuring The Ospf Network Type For An Interface As P2P

    P2MP unicast dr-priority dr-priority ] P2MP unicast network Configuring the OSPF Network Type for an Interface as P2P Follow these steps to configure the OSPF network type for an interface as P2P: To do… Use the command… Remarks —...

  • Page 663: Configuring Ospf Route Summarization

    An ABR generates Type-3 LSAs on a per network segment basis for an attached non-backbone area. In this way, the ABR in the area distributes only the summary LSA to reduce the scale of LSDBs on routers in other areas and the influence of topological changes.

  • Page 664: Configuring Ospf Inbound Route Filtering

    ] | route-policy route-policy-name } import Configuring ABR Type-3 LSA Filtering This task is configured on an ABR to filter Type-3 LSAs to be advertised in the attached non-backbone area and the Type-3 LSAs to be advertised to other areas. 1-31...

  • Page 665: Configuring An Ospf Cost For An Interface

    Configuring an OSPF Cost for an Interface You can configure an OSPF cost for an interface with one of the following two methods: Configure the cost value in interface view. Configure a bandwidth reference value for the interface, and OSPF computes the cost automatically based on the bandwidth reference value: Interface OSPF cost= Bandwidth reference value/Interface bandwidth.

  • Page 666: Configuring The Maximum Number Of Ospf Routes

    Configuring a Priority for OSPF A router may run multiple routing protocols, and it sets a priority for each protocol. When a route found by several routing protocols, the route found by the protocol with the highest priority will be selected.

  • Page 667: Configuring Ospf Route Redistribution

    Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs.

  • Page 668: Advertising A Host Route

    The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes.

  • Page 669: Configuring Ospf Network Optimization

    Poll timer: Interval for sending hello packets to the neighbor that is down on the NBMA network. Dead timer: Interval within which if the interface receives no hello packet from the neighbor, it declares the neighbor is down.

  • Page 670: Specifying An Lsa Transmission Delay

    Specifying an LSA Transmission Delay Since OSPF packets need time for traveling on links, extending LSA age time with a delay is necessary, especially for low speed links. Follow these steps to specify an LSA transmission delay on an interface: To do…...

  • Page 671: Specifying Spf Calculation Interval

    Specifying the LSA Minimum Repeat Arrival Interval After receiving the same LSA as the previously received LSA within the LSA minimum repeat arrival interval, an interface discards the LSA. Follow these steps to configure the LSA minimum repeat arrival interval: To do…...

  • Page 672: Specifying The Lsa Generation Interval

    Specifying the LSA Generation Interval With this feature configured, you can protect network resources and routers from being over consumed due to frequent network changes. Follow these steps to configure the LSA generation interval: To do… Use the command… Remarks —...

  • Page 673: Configuring Stub Routers

    Configuring Stub Routers A stub router is used for traffic control. It tells other OSPF routers not to use it to forward data, but they can have a route to it. The Router LSAs from the stub router may contain different link type values. A value of 3 means a link to the stub network, so the cost of the link remains unchanged.

  • Page 674: Adding The Interface Mtu Into Dd Packets

    ] password Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...

  • Page 675: Making External Route Selection Rules Defined In Rfc 1583 Compatible

    The selection of an external route from multiple LSAs defined in RFC 2328 is different from the one defined in RFC 1583. If RFC 1583 is made compatible with RFC 2328, the routes in the backbone area are preferred; if not, the routes in the non-backbone area are preferred to reduce the burden of the backbone area.

  • Page 676: Configuring Ospf Network Management

    Level-5, for normal but important traps Level-6, for notification traps The generated traps are sent to the Information Center of the device. The output rules of the traps, namely, whether to output the traps and the output direction, are determined according to the Information Center configuration.

  • Page 677: Enabling The Advertisement And Reception Of Opaque Lsas

    Enabling the Advertisement and Reception of Opaque LSAs With this feature enabled, the OSPF router can receive and advertise Type 9, Type 10 and Type 11 opaque LSAs. Follow these steps to enable the advertisement and reception of opaque LSAs: To do…...

  • Page 678: Configuring Ospf Graceful Restart

    Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. OSPF GR can be implemented through: IETF standard GR capable routers. The GR restarter communicates with GR helpers by exchanging Type-9 Opaque LSAs called Grace LSAs.

  • Page 679: Configuring The Ospf Gr Helper

    120 seconds by default Configuring the OSPF GR Helper You can configure the IETF standard or non IETF standard OSPF GR Helper. Configuring the IETF standard OSPF GR Helper Follow these steps to configure the IETF standard OSPF GR Helper: To do…...

  • Page 680: Triggering Ospf Graceful Restart

    BFD uses theses addresses to establish sessions. Before a BFD session is established, it is in the Down state. In this state, BFD control packets are sent at an interval of not less than one second to reduce BFD control packet traffic. After the BFD session is established, BFD control packets are sent at the negotiated interval, thereby implementing fast fault detection.

  • Page 681: Displaying And Maintaining Ospf

    Not enabled by default One network segment can only belong to one area and you need to specify each OSPF interface to belong to the specific area. Both ends of a BFD session must be on the same network segment and in the same area.

  • Page 682: Ospf Configuration Examples

    Configuring OSPF Basic Functions Network requirements As shown in the following figure, all switches run OSPF. The AS is split into three areas, in which, Switch A and Switch B act as ABRs to forward routing information between areas. After configuration, all switches can learn routes to every network segment in the AS.
  • Page 683 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit [SwitchD-ospf-1] quit Verify the configuration # Display information about neighbors on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 10.2.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.1...
  • Page 684 0.0.0.0 Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0 # Display the Link State Database on Switch A. [SwitchA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type...

  • Page 685: Configuring Ospf Route Redistribution

    = 1/1/2 ms Configuring OSPF Route Redistribution Network requirements As shown in the following figure: All the switches run OSPF, and the AS is divided into three areas. Switch A and Switch B act as ABRs to forward routes between areas. 1-52...
  • Page 686 Switch C is configured as an ASBR to redistribute external routes (static routes). Routing information is propagated properly in the AS. Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted).

  • Page 687: Configuring Ospf To Advertise A Summary Route

    Switch A and Switch B are in AS 200, which runs OSPF. Switch C, Switch D, and Switch E are in AS 100, which runs OSPF. An eBGP connection is established between Switch B and Switch C. Switch C is configured to redistribute OSPF routes into BGP.
  • Page 688 [SwitchE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit Configure BGP # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 200 [SwitchB-bgp] peer 11.1.1.2 as 100 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 100 [SwitchC-bgp] peer 11.1.1.1 as 200 1-55...

  • Page 689: Configuring An Ospf Stub Area

    Configuring an OSPF Stub Area Network requirements The following figure shows an AS is split into three areas, where all switches run OSPF. Switch A and Switch B act as ABRs to forward routing information between areas. Switch D acts as the ASBR to redistribute routes (static routes).
  • Page 690 Figure 1-24 Network diagram for OSPF Stub area configuration Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Switch D to redistribute static routes. [SwitchD] ip route-static 3.1.2.1 24 10.5.1.2...
  • Page 691 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route. Configure Area 1 as a Stub area. # Configure Switch A.

  • Page 692: Configuring An Ospf Nssa Area

    The following figure shows an AS is split into three areas, where all switches run OSPF. Switch A and Switch B act as ABRs to forward routing information between areas. It is required to configure Area 1 as an NSSA area, and configure Router C as the ASBR to redistribute static routes into the AS.
  • Page 693 [SwitchC-ospf-1] quit It is recommended to configure the nssa command with the keyword default-route-advertise no-summary on Switch A (an ABR) to reduce the routing table size on NSSA routers. On other NSSA routers, use the nssa command. # Display OSPF routing information on Switch C.

  • Page 694: Configuring Ospf Dr Election

    Configuring OSPF DR Election Network requirements In the following figure, OSPF Switches A, B, C and D reside on the same network segment. It is required to configure Switch A as the DR, and configure Switch C as the BDR.
  • Page 695 Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit...
  • Page 696 MTU: 0 Dead timer due in 31 Neighbor is up for 00:01:28 Authentication Sequence: [ 0 ] Switch D becomes the DR, and Switch C is the BDR. Configure router priorities on interfaces # Configure Switch A. [SwitchA] interface vlan-interface 1...
  • Page 697 Neighbor is up for 00:11:15 Authentication Sequence: [ 0 ] The DR and BDR have no change. In the above output, you can find the priority configuration does not take effect immediately. Restart OSPF process (omitted) # Restart the OSPF process of Switch D.
  • Page 698 If the neighbor state is full, it means Switch D has established the adjacency with the neighbor. If the neighbor state is 2-way, it means the two switches are neither the DR nor the BDR, and they do not exchange LSAs.

  • Page 699: Configuring Ospf Virtual Links

    Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.
  • Page 700 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Since Area 0 has no direct connection to Area 2, the routing table of Switch B has no route to Area 2. Configure a virtual link # Configure Switch B. [SwitchB] ospf [SwitchB-ospf-1] area 1 [SwitchB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3...
  • Page 701 Switch A, Switch B and Switch C that belong to the same autonomous system and the same OSPF routing domain are GR capable. Switch A acts as the non IETF standard GR Restarter whereas Switch B and Switch C are the GR Helpers and re-synchronize their LSDB with Switch A through OOB communication of GR.
  • Page 702 [SwitchC-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Verify the configuration # After the configurations on Switch A, Switch B and Switch C are completed and the switches are running steadily, enable OSPF Graceful Restart event debugging and then perform OSPF Graceful Restart on Switch A.

  • Page 703: Configuring Route Filtering

    All the switches in the network run OSPF. The AS is divided into three areas. Switch A and Switch B work as ABRs. Configure Switch C as an ASBR to redistribute external routes (static routes), and configure a filter policy on Switch C to filter out redistributed route 3.1.3.0/24.
  • Page 704 # On Switch C, configure a static route destined for network 3.1.3.0/24. [SwitchC] ip route-static 3.1.3.0 24 10.4.1.2 # On Switch C, configure OSPF to redistribute static routes. [SwitchC] ospf 1 [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit # Display the OSPF routing table of Switch A.

  • Page 705: Configuring Bfd For Ospf

    OSPF is enabled on the switches that are reachable to each other at the network layer. When the link between Switch B and the Layer 2 switch fails, BFD can quickly detect the failure and notify OSPF of the failure.
  • Page 706 Figure 1-30 Network diagram for BFD configuration on an OSPF link Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...
  • Page 707 <SwitchA> debugging ospf event <SwitchA> terminal debugging # When the link between Switch B and the Layer 2 switch fails, you can see that Switch A can quickly detect the changes on Switch B. %Nov 12 18:34:48:823 2005 SwitchA BFD/5/LOG: Sess[10.1.0.102/10.1.0.100, vlan10], Sta : UP->DOWN, Diag: 1...

  • Page 708: Troubleshooting Ospf Configuration

    *0.50673835 SwitchA BFD/8/SCM:Bfd-if[vlan10], Oper: Delete *0.50673840 SwitchA BFD/8/SCM:No bfd session exists, stop receiving any bfd packets # Display the BFD information of Switch A. You can see that Switch A has removed its neighbor relationship with Switch B and therefore no information is output.
  • Page 709 In a Stub area, all routers attached are configured with the stub command. In an NSSA area, all interface connected to which are configured with the nssa command. If a virtual link is configured, use the display ospf vlink command to check the state of the virtual link.
  • Page 710 Configuring IS-IS Basic Functions ········································································································1-17 Configuration Prerequisites ···········································································································1-17 Enabling IS-IS································································································································1-17 Configuring the IS Level and Circuit Level ····················································································1-17 Configuring the Network Type of an Interface as P2P ··································································1-18 Configuring IS-IS Routing Information Control ·····················································································1-19 Configuration Prerequisites ···········································································································1-19 Configuring IS-IS Link Cost ···········································································································1-19 Specifying a Priority for IS-IS ········································································································1-20...
  • Page 711 Enabling the Logging of Neighbor State Changes················································································1-34 Enabling IS-IS SNMP Trap ···················································································································1-34 Binding an IS-IS Process with MIBs ·····································································································1-35 Configuring BFD for IS-IS ·····················································································································1-35 Displaying and Maintaining IS-IS ··········································································································1-35 IS-IS Configuration Example·················································································································1-36 IS-IS Basic Configuration ··············································································································1-36 DIS Election Configuration ············································································································1-41 Configuring IS-IS Route Redistribution ·························································································1-45...

  • Page 712: Is-Is Configuration

    Configuring BFD for IS-IS Displaying and Maintaining IS-IS IS-IS Configuration Example The term “router” in this document refers to a router in a generic sense or an Ethernet switch running routing protocols. IS-IS Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP).
  • Page 713 1-1, an NSAP address consists of the Initial Domain Part (IDP) and the Domain Specific Part (DSP). The IDP is equal to the network ID of an IP address, and the DSP is equal to the subnet and host ID.

  • Page 714: Is-Is Area

    The system ID of a device can be generated from the Router ID. For example, a router uses the IP address 168.10.1.1 of Loopback 0 as the Router ID, and the system ID in IS-IS can be obtained in the...
  • Page 715 Level-2 and Level-1-2 routers in different areas. A Level-1 router must be connected to other areas through a Level-1-2 router. The Level-1-2 router maintains two LSDBs, where the Level-1 LSDB is for routing within the area, and the Level-2 LSDB is for routing between areas.

  • Page 716: Is-Is Network Type

    Route leaking An IS-IS routing domain is comprised of only one Level-2 area and multiple Level-1 areas. A Level-1 area consists of a group of Level-1 routers and is connected with a Level-2 area rather than other Level-1 areas. The routing information of a Level-1 area is sent to the Level-2 area through the Level-1-2 router.
  • Page 717 The DIS creates and updates pseudonodes as well as generates their LSPs to describe all routers on the network. A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a one-byte Circuit ID (a non zero value).

  • Page 718: Is-Is Pdu Format

    PDU common header and the PDU specific header. All PDUs have the same PDU common header, while the specific headers vary by PDU type. The following figure shows the PDU format.
  • Page 719 Figure 1-7 L1/L2 LAN IIH format Reserved/Circuit Type: The first 6 bits are reserved with a value of 0. The last 2 bits indicate the router type. 00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2.
  • Page 720 Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.
  • Page 721 Router C through Router B. Once other routers know the OL field of LSPs from Router B is set to 1, Router A will send packets to Router C via Router D and Router E, but still send to Router B packets destined to the network directly connected to Router B.
  • Page 722 Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors.
  • Page 723 Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 1-13 shows the CLV format. Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs.

  • Page 724: Supported Is-Is Features

    PDU Type IP Interface Address IIH, LSP Code 1 to 10 of CLV are defined in ISO 10589 (code 3 and 5 are not shown in the table), and others are defined in RFC 1195. Supported IS-IS Features Multiple instances and processes IS-IS supports multiple instances and processes.
  • Page 725 A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system.
  • Page 726 TLV of a pseudonode LSP. A host name is easier to remember than a system ID. After enabling this feature on the router, you can see the host names instead of system IDs using the display command.

  • Page 727: Protocols And Standards

    ISO 9542 ES-IS Routing Protocol ISO 8348/Ad2 Network Services Access Points RFC 1195: Use of OSI IS-IS for Routing in TCP/IP and Dual Environments RFC 2763: Dynamic Hostname Exchange Mechanism for IS-IS RFC 2966: Domain-wide Prefix Distribution with Two-Level IS-IS...

  • Page 728: Configuring Is-Is Basic Functions

    Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer. Enabling IS-IS Follow these steps to enable IS-IS: To do…...

  • Page 729: Configuring The Network Type Of An Interface As P2P

    Configure the IS level as Level-2 on all routers in an IP network for scalability. For an interface of a Level-1 (or Level-2) router, the circuit level can only be Level-1 (or Level-2). For an interface of a Level-1-2 router, the default circuit level is Level-1-2; if the router only needs to form Level-1 (or Level-2) neighbor relationships, you can configure the circuit level for its interfaces as Level-1 (or Level-2) to limit neighbor relationship establishment.

  • Page 730: Configuring Is-Is Routing Information Control

    The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.

  • Page 731: Specifying A Priority For Is-Is

    Specifying a Priority for IS-IS A router may run multiple routing protocols. When routes to the same destination are found by multiple routing protocols, the route learned by the protocol with the highest priority wins. You can reference a routing policy to specify a priority for specific routes.

  • Page 732: Configuring The Maximum Number Of Equal Cost Routes

    Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.

  • Page 733: Advertising A Default Route

    ] ] * default. The default route is only advertised to routers at the same level. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy. Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network.

  • Page 734: Configuring Is-Is Route Filtering

    Management Configuration in the System Volume. Configuring IS-IS Route Filtering You can reference a configured ACL, IP prefix list or routing policy to filter routes calculated from the received LSPs and the routes redistributed from other routing protocols. Filtering routes calculated from received LSPs IS-IS saves the LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root and installs the routes into the IS-IS routing table.

  • Page 735: Configuring Is-Is Route Leaking

    } | tag tag ] * default If a filter policy is specified, only routes passing it can be advertised into Level-1 area. You can specify a routing policy in the import-route isis level-2 into level-1 command to filter routes from Level-2 to Level-1.

  • Page 736: Specifying The Is-Is Hello Multiplier

    The interval between hello packets sent by the DIS is 1/3 the hello interval set with the isis timer hello command. Specifying the IS-IS Hello Multiplier If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes.

  • Page 737: Disabling An Interface From Sending/Receiving Is-Is Packets

    Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB. You can adjust the age value based on the scale of a network.
  • Page 738 Specify the LSP refresh interval and generation interval Each router needs to refresh LSPs generated by itself at a configurable interval and send them to other routers to prevent valid routes from being aged out. A smaller refresh interval speeds up network convergence but consumes more bandwidth.
  • Page 739 Specifying LSP lengths IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated in frames. Therefore, IS-IS routers in an area need to send LSPs smaller than the smallest interface MTU in this area. If the IS-IS routers have different interface MTUs, it is recommended to configure the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area.
  • Page 740 LSP out Ethernet 1/1, Ethernet 1/2 and Ethernet 1/3. After receiving the LSP from Ethernet 1/3, Router D floods it out Ethernet 1/1 and Ethernet 1/2 to Router B and Router C, which however has received the LSP from Router A. In this case, LSP flooding consumes extra bandwidth.

  • Page 741: Configuring Spf Parameters

    Setting the LSDB Overload Bit By setting the overload bit in sent LSPs, a router informs other routers of a failure that makes it incapable of routing and forwarding packets. When an IS-IS router cannot record the complete LSDP due to running out of memory or some other reasons, it will calculate wrong routes.

  • Page 742: Configuring Is-Is Authentication

    With neighbor relationship authentication configured, an interface adds the password in the specified mode into hello packets to the peer and checks the password in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.

  • Page 743: Configuring Routing Domain Authentication

    Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely. A system ID has a fixed length of 6 bytes. When an administrator needs to view IS-IS neighbor information, routing table or LSDB information, using the system IDs in dotted decimal notation is not convenient.

  • Page 744: Configuring Dynamic System Id To Host Name Mapping

    Configuring Dynamic System ID to Host Name Mapping You need to configure a static system ID to host name mapping for any other router in a network. When a new router is added into the network or a mapping needs to be modified, you need to perform configuration on all routers.

  • Page 745: Enabling The Logging Of Neighbor State Changes

    You can enable the GR Restarter to suppress the Suppress-Advertisement (SA) bit in the hello PDUs. In this way, its neighbors will still advertise the adjacencies within the specified period. Follow these steps to configure GR on the GR Restarter and GR Helper respectively: To do…...

  • Page 746: Binding An Is-Is Process With Mibs

    Required Enable BFD on the IS-IS isis bfd enable interface Not enabled by default For details about IS-IS, refer to IS-IS Configuration in the IP Routing Volume. Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration...

  • Page 747: Is-Is Configuration Example

    1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.
  • Page 748 Figure 1-15 Network diagram for IS-IS basic configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
  • Page 749 [SwitchD-Vlan-interface100] quit [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] isis enable 1 [SwitchD-Vlan-interface300] quit Verify the configuration # Display the IS-IS LSDB of each switch to check the LSP integrity. [SwitchA] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database...
  • Page 750 0xd2b3 1188 0/0/0 0000.0000.0003.00-00 0x00000014 0x194a 1190 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00...
  • Page 751 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches should have a default route with the next hop being the Level-1-2 switch. The Level-2 switch should have both routing information of Level-1 and Level-2.

  • Page 752: Dis Election Configuration

    Figure 1-16, Switch A, B, C and Switch D reside in IS-IS area 10 on a broadcast network (Ethernet). Switch A and Switch B are Level-1-2 switches, Switch C is a Level-1 switch, and Switch D is a Level-2 switch.
  • Page 753 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01...
  • Page 754 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. Configure the DIS priority of Switch A.
  • Page 755 Type Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002...
  • Page 756 1-17, Switch A, Switch B, Switch C and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
  • Page 757 Figure 1-17 IS-IS route redistribution Configuration procedure Configure IP addresses for interfaces (omitted) Configure IS-IS basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
  • Page 758 NULL VLAN100 10.1.1.1 R/-/- 0.0.0.0/0 NULL VLAN100 10.1.1.1 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface...
  • Page 759 192.168.0.1 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Configure RIPv2 on Switch D and Switch E, and configure route redistribution from RIP to IS-IS on Switch D. # Configure RIPv2 on Switch D. [SwitchD] rip 1 [SwitchD-rip-1] network 10.0.0.0...

  • Page 760: Is-Is Graceful Restart Configuration Example

    Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set IS-IS Graceful Restart Configuration Example Network requirements Switch A, Switch B, and Switch C belong to the same IS-IS routing domain, as illustrated in Figure 1-18. Figure 1-18 Network diagram for IS-IS GR configuration...
  • Page 761 IP address and subnet mask of each interface. The configuration procedure is omitted. Configure IS-IS on the switches, ensuring that Switch A, Switch B and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS. The configuration procedure is omitted here.

  • Page 762: Is-Is Authentication Configuration Example

    1-19, Switch A, Switch B, Switch C and Switch D reside in the same IS-IS routing domain. Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20. Configure neighbor relationship authentication between neighbors. Configure area authentication in Area 10 to prevent untrusted routes from entering into the area.
  • Page 763 [SwitchD-Vlan-interface300] isis enable 1 [SwitchD-Vlan-interface300] quit Configure neighbor relationship authentication between neighbors. # Specify the MD5 authentication mode and password eRq on VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis authentication-mode md5 eRg...
  • Page 764 Figure 1-20, Switch A and Switch B are interconnected through a Layer-2 switch. BFD is enabled on the switch interfaces. IS-IS is enabled on the switches that are reachable to each other at the network layer. When the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IS-IS of the failure.
  • Page 765 # Configure Switch B. [SwitchB] bfd session init-mode active [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] bfd min-receive-interval 500 [SwitchB-Vlan-interface10] bfd min-transmit-interval 500 [SwitchB-Vlan-interface10] bfd detect-multiplier 8 Verify the configuration. # Display the BFD information of Switch A. <SwitchA> display bfd session 1-54...
  • Page 766 <SwitchA> debugging bfd event <SwitchA> debugging isis event bfd <SwitchA> terminal debugging # When the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure. #Aug 8 14:54:05:362 2008 SwitchA IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983041 is Down, ifAdminStatus is...
  • Page 767 <SwitchA> display bfd session # Display the IS-IS neighbor information of Switch A. You can see that Switch A has removed its neighbor relationship with Switch B and therefore no information is output. <SwitchA> display isis peer 1 1-56...
  • Page 768 Configuring BGP Basic Functions·········································································································1-18 Prerequisites··································································································································1-18 Creating a BGP Connection ··········································································································1-18 Specifying the Source Interface for TCP Connections··································································1-19 Allowing Establishment of eBGP Connection to a Non Directly Connected Peer/Peer Group·····1-19 Controlling Route Generation ···············································································································1-20 Prerequisites··································································································································1-20 Injecting a Local Network ··············································································································1-20 Configuring BGP Route Redistribution··························································································1-20 Enabling Default Route Redistribution into BGP···········································································1-21...
  • Page 769 Enabling Quick eBGP Session Reestablishment··········································································1-35 Enabling MD5 Authentication for TCP Connections ·····································································1-36 Configuring BGP Load Balancing··································································································1-36 Forbiding Session Establishment with a Peer or Peer Group ·······················································1-36 Configuring a Large Scale BGP Network······························································································1-37 Configuration Prerequisites ···········································································································1-37 Configuring BGP Peer Groups ······································································································1-37 Configuring BGP Community ········································································································1-39...

  • Page 770: Bgp Configuration

    BGP Configuration Examples Troubleshooting BGP The term “router” refers to a router or a Layer 3 switch, and BGP refers to BGP-4 in this document. BGP Overview There are three early BGP versions, BGP-1 (RFC1105), BGP-2 (RFC1163) and BGP-3 (RFC1267).

  • Page 771: Formats Of Bgp Messages

    BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route better than the current one from another AS, it will advertise the route to all the other BGP peers in the local AS.
  • Page 772 Withdrawn routes: This is a variable length field that contains a list of withdrawn IP prefixes. Total path attribute length: Total length of the Path Attributes field in bytes. A value of 0 indicates that no Network Layer Reachability Information field is present in this Update message.

  • Page 773: Bgp Path Attributes

    Error subcode: Specific information about the nature of the reported error. Data: Used to diagnose the reason for the Notification. The contents of the Data field depend upon the Error Code and Error Subcode. Erroneous part of data is recorded. The Data field length is variable.
  • Page 774 Update message has passed. When a route is advertised from the local AS to another AS, each passed AS number is added into the AS_PATH attribute, thus the receiver can determine ASs to route the massage back. The number of the AS...
  • Page 775 AS 30 AS 50 In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
  • Page 776 AS. Similar with metrics used by IGP, MED is used to determine the best route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value the best route if other conditions are the same.

  • Page 777: Bgp Route Selection

    AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
  • Page 778 Route selection with BGP load balancing The next hop of a BGP route may not be directly connected. One of the reasons is next hops in routing information exchanged between iBGPs are not modified. In this case, the BGP router needs to find the directly connected next hop via IGP.
  • Page 779 Figure 1-10 Network diagram for BGP load balancing In the above figure, Router D and Router E are iBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C installs both the two routes to its route table for load balancing.

  • Page 780: Ibgp And Igp Synchronization

    1-11, Router E has learned a route of 8.0.0.0/8 from Router D via BGP. Then Router E sends a packet to 8.0.0.0/8 through Router D, which finds from its routing table that Router B is the next hop (configured using the peer next-hop-local command). Because Router D has learned the route to Router B via IGP, it forwards the packet to Router C through route recursion.
  • Page 781 BGP route dampening uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route. Each time a route flap occurs, BGP adds a penalty value (1000, which is a fixed number and cannot be changed) to the route. When the penalty value of the route exceeds the suppress value, the route is suppressed from being added into the routing table or being advertised to other BGP peers.
  • Page 782 (n-1)/2, and therefore large amounts of network and CPU resources will be consumed. Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards routing information between clients, and thus BGP sessions between clients need not be established.

  • Page 783: Bgp Gr

    Figure 1-15 Confederation network diagram From the perspective of a non-confederation BGP speaker, it needs not know sub-ASs in the confederation. The ID of the confederation is the number of the AS. In the above figure, AS 200 is the confederation ID.
  • Page 784 When an active/standby switchover occurs on a distributed device that acts as the GR Restarter, sessions on it will go down Then, GR capable peers will mark all routes associated with the GR Restarter as stale. However, during the configured GR Time, they still use these routes for packet forwarding.

  • Page 785: Protocols And Standards

    For information about the VPN extension application, refer to MPLS L3VPN Configuration in the MPLS Volume. For information about the IPv6 extension application, refer to IPv6 BGP Configuration in the IP Routing Volume. This chapter gives no detailed commands related to any specific extension application in MP-BGP address family view.
  • Page 786 Task Remarks Configuring BGP Route Summarization Advertising a Default Route to a Peer or Peer Group Configuring BGP Route Distribution/Reception Filtering Policies Controlling Route Distribution and Enabling BGP and IGP Route Optional Reception Synchronization Limiting Prefixes Received from a Peer/Peer...

  • Page 787: Configuring Bgp Basic Functions

    ID, refer to IP Routing Basics in the IP Routing Volume. If the global router ID is used and then it is removed, the system will select a new router ID. If the router ID is specified in BGP view, using the undo router-id command can make the system select a new router ID.

  • Page 788: Specifying The Source Interface For Tcp Connections

    BGP uses TCP as the transport layer protocol. By default, BGP uses the output interface of the optimal router to a peer as the source interface for establishing TCP connections to the peer. If a BGP router has multiple links to a peer, when the source interface fails, BGP has to reestablish TCP connections, causing network oscillation.

  • Page 789: Controlling Route Generation

    Injecting a Local Network In BGP view, you can inject a local network to allow BGP to advertise it to BGP peers. The origin attribute of routes advertised in this way is IGP. You can also reference a route policy to flexibly control route advertisement.

  • Page 790: Enabling Default Route Redistribution Into Bgp

    BGP connections have been created. Configuring BGP Route Summarization To reduce the routing table size on medium and large BGP networks, you need to configure route summarization on BGP routers. BGP supports two summarization modes: automatic and manual. Manual summary routes enjoy a higher priority than automatic ones.

  • Page 791: Advertising A Default Route To A Peer Or Peer Group

    Advertising a Default Route to a Peer or Peer Group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer/peer group, regardless of whether the default route is available in the routing table.
  • Page 792 For how to configure an ACL, refer to ACL Configuration in the Security Volume. For how to configure an IP prefix list, route policy and AS-path ACL, refer to Route Policy Configuration in the Routing Volume. Configure BGP route distribution filtering policies Follow these steps to configure BGP route distribution filtering policies: To do…...

  • Page 793: Enabling Bgp And Igp Route Synchronization

    Enabling BGP and IGP Route Synchronization By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table.

  • Page 794: Configuring Bgp Route Dampening

    Configuring a Shortcut Route An eBGP route received has a priority of 255, lower than a local route. This task allows you configure an eBGP route as a shortcut route that has the same priority as a local route and thus has greater likehood to become the optimal route.

  • Page 795: Configuring Bgp Route Attributes

    Specifying a Preferred Value for Routes Received By default, routes received from a peer have a preferred value of 0. Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the route to the destination.

  • Page 796: Configure The Default Local Preference

    Configuring the MED Attribute MED is used to determine the best route for traffic going into an AS. When a BGP router obtains from eBGP peers multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value as the best route if other conditions are the same.
  • Page 797 In this case, you can configure the bestroute compare-med command on Router D. After that, Router D will put routes received from the same AS into a group. For the same group, the route with the lowest MED is selected. Then, it compares routes from different groups. This mechanism avoids the above-mentioned problem.

  • Page 798: Configuring The Next Hop Attribute

    Figure 1-17 Next hop attribute configuration If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown below, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.

  • Page 799: Configuring The As-Path Attribute

    Figure 1-18 Next hop attribute configuration Note that: if you have configured BGP load balancing on a BGP router, the router will set it as the next hop for routes sent to an iBGP peer/peer group regardless of whether the peer next-hop-local command is configured.
  • Page 800 Specify a fake AS number for a peer/peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to eBGP peers/peer groups. In this way, these eBGP peers still think Router A is in AS 2 and thus need not change their configurations.

  • Page 801: Tuning And Optimizing Bgp Networks

    As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, when PE 2 receives a BGP update sent from CE 1, it replaces AS number 800 as its own AS number 100.

  • Page 802: Configuring The Interval For Sending The Same Update

    BGP connections. If a BGP peer does not support route-refresh, you need to save updates from the peer on the local router. After that, when a route selection policy is modified, the router can refresh its BGP routing table by using such updates without tearing down BGP connections.

  • Page 803: Enabling The Bgp Orf Capability

    Enabling the BGP ORF Capability The BGP Outbound Route Filter (ORF) feature allows a BGP speaker to send to its BGP peer a set of ORFs through Route-refresh messages. The peer then applies the ORFs, in addition to its local routing...

  • Page 804: Enabling Quick Ebgp Session Reestablishment

    (if any), to filter updates to the BGP speaker, thus reducing the number of exchanged Update messages and saving network resources. After you enable the BGP ORF capability, the local BGP router negotiates the ORF capability with the BGP peer through Open messages (that is, determine whether to carry ORF information in messages;...

  • Page 805: Enabling Md5 Authentication For Tcp Connections

    { cipher | simple } password Configuring BGP Load Balancing If multiple paths to a destination exist, you can configure load balancing over such paths to improve link utilization. Follow these steps to configure BGP load balancing: To do…...

  • Page 806: Configuring A Large Scale Bgp Network

    When the policy of the group is modified, the modification also applies to peers in it, thus simplifying configuration. A peer group is an iBGP peer group if peers in it belong to the same AS, and is an eBGP peer group if peers in it belong to different ASs.
  • Page 807 Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group; if not, it is a mixed eBGP peer group. There are three approaches for configuring an eBGP peer group: Create the eBGP peer group, specify its AS number, and add peers into it.

  • Page 808: Configuring Bgp Community

    A BGP community is a group of destinations with the same characteristics. It has no geographical boundaries and is independent of ASs. You can configure a route policy to define which destinations belong to a BGP community and then advertise the community attribute to a peer/peer group.

  • Page 809: Configuring A Bgp Route Reflector

    Configuring a BGP Route Reflector If an AS has many BGP routers, you can configure them as a cluster and configure one of them as a route reflector and others as clients to reduce iBGP connections. To enhance network reliability and prevent single point failures, you can specify multiple route reflectors for a cluster.

  • Page 810: Configuring Bgp Gr

    Configure a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS in the following way: Enable BGP and specify the AS number of the router.

  • Page 811: Enabling Logging Of Peer State Changes

    After Trap is enabled for BGP, BGP generates Level-4 traps to report important events of it. The generated traps are sent to the Information Center of the device. The output rules of the traps, namely, whether to output the traps and the output direction, are determined according to the Information Center configuration.

  • Page 812: Configuring Bfd For Bgp

    Configuring BFD for BGP By default, the BGP keepalive interval is 60 seconds and the holdtime interval is 180 seconds. If neither the holdtime interval nor the keepalive interval is configured as 0, the holdtime interval must be at least three times the keepalive interval.
  • Page 813 Display BGP routing flap [ regular-expression as-regular-expression | statistics as-path-acl as-path-acl-number | ip-address [ { mask | mask-length } [ longer-match ] ] ] Display labeled BGP routing display bgp routing-table label information display bgp routing-table peer ip-address...

  • Page 814: Bgp Configuration Examples

    BGP Basic Configuration Network requirements In the following network, run eBGP between Switch A and Switch B and iBGP between Switch B and Switch C so that Switch C can access the network 8.1.1.0/24 connected to Router A. Figure 1-20 Network diagram for BGP basic configuration (on switches)
  • Page 815 2.2.2.2 65009 0 00:00:13 Established The output information shows that Switch C has established an iBGP peer relationship with Switch B. Configure eBGP The eBGP peers, Switch A and Switch B (usually belong to different carriers), are located in different ASs. Gennerally, their loopback interfaces are not reachable to each other, so directly connected interfaces are used for establishing BGP sessions.
  • Page 816 PrefVal Path/Ogn i 8.1.1.0/24 3.1.1.2 65008i From the above outputs, you can find Switch A has learned no route to AS65009, and Switch C has learned network 8.1.1.0 but the next hop 3.1.1.2 is unreachable, so the route is invalid. 1-47...
  • Page 817 Redistribute direct routes Configure BGP to redistribute direct routes on Switch B, so that Switch A can obtain the route to 9.1.1.0/24 and Switch C can obtain the route to 3.1.1.0/24. # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display the BGP routing table on Switch A.

  • Page 818: Bgp And Igp Synchronization Configuration

    Network requirements As shown below, all devices of company A belong to AS 65008 while all devices of company B belong to AS 65009. AS 65008 and AS 65009 are connected through Switch A and Switch B. It isi required that Switch A can access network 9.1.2.0/24 in AS 65009, and Switch C can access network 8.1.1.0/24 in...
  • Page 819 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 Configure BGP and IGP synchronization Configure BGP to redistribute routes from OSPF on Switch B, so that Switch A can obtain the route to 9.1.2.0/24. Configure OSPF to redistribute routes from BGP on Switch B, so that Switch C can obtain the route to 8.1.1.0/24.

  • Page 820: Load Balancing

    Network requirements As shown in the following figure, all the switches run BGP. Switch A resides in AS 65008, Switch B and Switch C in AS 65009. Between Switch A and Switch B, Switch A and Switch C are eBGP connections, and between Switch B and Switch C is an iBGP connection.
  • Page 821 On Switch A, establish eBGP connections with Switch B and Switch C respectively; configure BGP to advertise network 8.1.1.0/24 to Switch B and Switch C, so that Switch B and Switch C can access the internal network connected to Switch A.
  • Page 822 3.1.1.1 is marked with a greater-than sign (>), indicating it is the best route (because the ID of Switch B is smaller); the route with next hop 3.1.2.1 is marked with only an asterisk (*), indicating it is a valid route, but not the best.

  • Page 823: Bgp Community Configuration

    The route 9.1.1.0/24 has two next hops 3.1.1.1 and 3.1.2.1, both of which are marked with a greater-than sign (>), indicating they are the best routes. Using the display ip routing-table command, you can find two routes to 9.1.1.0/24: one with next hop 3.1.1.1 and outbound interface VLAN-interface 200, the other with next hop 3.1.2.1 and...
  • Page 824 [SwitchC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...

  • Page 825: Bgp Route Reflector Configuration

    Network requirements In the following figure, all switches run BGP. Between Switch A and Switch B is an eBGP connection, between Switch C and Switch B, and between Switch C and Switch D are iBGP connections. Switch C is a route reflector with clients Switch B and D.
  • Page 826 [SwitchB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...

  • Page 827: Bgp Confederation Configuration

    BGP Confederation Configuration Network requirements As shown in the following figure, to reduce iBGP connections in AS 200, split it into three sub-ASs, AS65001, AS65002 and AS65003. Switches in AS65001 are fully meshed. Figure 1-25 Network diagram for BGP confederation configuration...
  • Page 828 # Configure Switch E. <SwitchE> system-view [SwitchE] bgp 65001 [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit Configure the eBGP connection between AS100 and AS200. # Configure Switch A. 1-59...
  • Page 829 [SwitchB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...

  • Page 830: Bgp Path Selection Configuration

    Switch A. Switch B and Switch D are in the same confederation, but belong to different sub ASs. They obtain external route information from Switch A and generate the same BGP route entries; it seems like that they reside in the same AS although they have no direct connection in between.
  • Page 831 <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100...
  • Page 832 Configure attributes for route 1.0.0.0/8, making Switch D give priority to the route learned from Switch C. Configure a higher MED value for the route 1.0.0.0/8 advertised from Switch A to peer 192.1.1.2. # Define an ACL numbered 2000 to permit route 1.0.0.0/8.
  • Page 833 BGP is enabled on the switches that are reachable to each other at the network layer. When the link between Switch A and Switch B fails, BFD can quickly detect the failure and notify BGP of the failure.
  • Page 834 Figure 1-27 Network diagram for BFD configuration on a BGP link AS 100 Switch A Switch B Vlan-int10 Vlan-int10 10.1.0.102/24 10.1.0.100/24 L2 switch Configuration procedure Configure VLAN interfaces. # Configure Switch A. <SwitchA> system-view [SwitchA-vlan10] interface vlan-interface 10 [SwitchA-Vlan-interface10] ip address 10.1.0.102 24 [SwitchA-Vlan-interface10] quit # Configure Switch B.
  • Page 835 Protocol: BGP Diag Info: No Diagnostic # After the link between Switch A and Switch B fails, display the detailed BGP neighbor information of Switch A. Switch A has removed its neighbor relationship with Switch B. <SwitchA> display bgp peer 10.1.0.100 verbose Peer: 10.1.0.100...

  • Page 836: Bgp Gr Configuration

    BGP GR Configuration Network requirements In the following figure are all BGP switches. Between Switch A and Switch B is an eBGP connection. Switch B and Switch C are connected over an iBGP connection. Enable GR Capability for BGP so that the communication between Switch A and Switch C is not affected when an active/standby main board switchover occurs on Switch B.

  • Page 837: Troubleshooting Bgp

    Display BGP peer information using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers need to establish a TCP session using port 179 and exchange Open messages successfully. Solution Use the display current-configuration command to verify the peer’s AS number.
  • Page 838 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-2 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...

  • Page 839: Ipv6 Static Routing Configuration

    The IPv6 static route that has the destination address configured as ::/0 (indicating a prefix length of 0) is the default IPv6 route. If the destination address of an IPv6 packet does not match any entry in the routing table, this default route will be used to forward the packet.

  • Page 840: Configuring An Ipv6 Static Route

    Available in system view Using the undo ipv6 route-static command can delete a single IPv6 static route, while using the delete ipv6 static-routes all command deletes all IPv6 static routes including the default route. IPv6 Static Routing Configuration Example Network requirements With IPv6 static routes configured, all hosts and switches can interact with each other.
  • Page 841 Configure the IPv6 addresses of hosts and gateways. Configure the IPv6 addresses of all the hosts based upon the network diagram, configure the default gateway of Host A as 1::1, that of Host B as 2::1, and that of Host C as 3::1. Display configuration information # Display the IPv6 routing table of SwitchA.
  • Page 842 NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command. [SwitchA] ping ipv6 3::1 PING 3::1 : 56 data bytes, press CTRL_C to break Reply from 3::1 bytes=56 Sequence=1 hop limit=254 time = 63 ms...
  • Page 843 Configuring RIPng Timers ···············································································································1-7 Configuring Split Horizon and Poison Reverse ···············································································1-8 Configuring Zero Field Check on RIPng Packets············································································1-8 Configuring the Maximum Number of Equal Cost Routes for Load Balancing ·······························1-9 Displaying and Maintaining RIPng ··········································································································1-9 RIPng Configuration Example···············································································································1-10 Configure RIPng Basic Functions ·································································································1-10...

  • Page 844: Ripng Configuration

    521. RIPng uses a hop count to measure the distance to a destination. The hop count is referred to as metric or cost. The hop count from a router to a directly connected network is 0. The hop count between two directly connected routers is 1.

  • Page 845: Ripng Packet Format

    Egress interface: Outbound interface that forwards IPv6 packets. Metric: Cost from the local router to the destination. Route time: Time that elapsed since a route entry is last changed. Each time a route entry is modified, the routing time is set to 0.

  • Page 846: Ripng Packet Processing Procedure

    The receiving RIPng router processes RTEs in the request. If there is only one RTE with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages. If there are multiple RTEs in the request message, the RIPng router will examine each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.

  • Page 847: Configuring Ripng Route Control

    An additional routing metric can be added to the metric of an inbound or outbound RIP route, namely, the inbound and outbound additional metric. The outbound additional metric is added to the metric of a sent route. The route’s metric in the routing table is not changed.

  • Page 848: Configuring Ripng Route Summarization

    The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do…...

  • Page 849: Configuring A Ripng Route Filtering Policy

    Configuring a Priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority for RIPng manually. The smaller the value is, the higher the priority is. Follow these steps to configure a RIPng priority: To do…...

  • Page 850: Tuning And Optimizing The Ripng Network

    Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface...

  • Page 851: Configuring Split Horizon And Poison Reverse

    The poison reverse function enables a route learned from an interface to be advertised through the interface. However, the metric of the route is set to 16. That is to say, the route is unreachable. Follow these steps to configure poison reverse: To do…...

  • Page 852: Configuring The Maximum Number Of Equal Cost Routes For Load Balancing

    If you are sure that all packets are trusty, you can disable the zero field check to reduce the CPU processing time. Follow these steps to configure RIPng zero field check: To do… Use the command… Remarks Enter system view system-view ––...

  • Page 853: Ripng Configuration Example

    1-4, all switches run RIPng. Configure Switch B to filter the route (3::/64) learnt from Switch C, which means the route will not be added to the routing table of Switch B, and Switch B will not forward it to Switch A.
  • Page 854 [SwitchC] interface vlan-interface 600 [SwitchC-Vlan-interface600] ripng 1 enable [SwitchC-Vlan-interface600] quit # Display the routing table of Switch B. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64,...
  • Page 855 Configuring RIPng Route Redistribution Network requirements Two RIPng processes are running on Switch B, which communicates with Switch A through RIPng 100 and with Switch C through RIPng 200. Configure route redistribution on Switch B, letting the two RIPng processes redistribute routes from each other.

  • Page 856: Configure Ripng Basic Functions

    [SwitchA-Vlan-interface100] ripng 100 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ripng 100 enable [SwitchA-Vlan-interface200] quit # Enable RIP 100 and RIP 200 on Switch B. <SwitchB> system-view [SwitchB] ripng 100 [SwitchB-ripng-100] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 100 enable...
  • Page 857 : :: Preference: 0 Interface : NULL0 Cost Configure RIPng route redistribution # Configure route redistribution between the two RIPng processes on Switch B. [SwitchB] ripng 100 [SwitchB-ripng-100] default cost 3 [SwitchB-ripng-100] import-route ripng 200 [SwitchB-ripng-100] quit [SwitchB] ripng 200...
  • Page 858 Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 4::/64 Protocol : RIPng NextHop : FE80::200:BFF:FE01:1C02 Preference: 100 Interface : Vlan100 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0...
  • Page 859 Configuring OSPFv3 Route Summarization····················································································1-8 Configuring OSPFv3 Inbound Route Filtering ·················································································1-9 Configuring an OSPFv3 Cost for an Interface·················································································1-9 Configuring the Maximum Number of OSPFv3 Load-balanced Routes ·······································1-10 Configuring a Priority for OSPFv3 ·································································································1-10 Configuring OSPFv3 Route Redistribution····················································································1-11 Tuning and Optimizing OSPFv3 Networks ···························································································1-12 Prerequisites··································································································································1-12...
  • Page 860 Configuring OSPFv3 Route Redistribution····················································································1-23 Configuring OSPFv3 GR ···············································································································1-26 Troubleshooting OSPFv3 Configuration ·······························································································1-28 No OSPFv3 Neighbor Relationship Established ···········································································1-28 Incorrect Routing Information ········································································································1-28...

  • Page 861: Ospfv3 Configuration

    OSPFv3 Configuration Examples Troubleshooting OSPFv3 Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. EA boards (such as LSQ1GP12EA and LSQ1TGX1EA) do not support IPv6 features. Introduction to OSPFv3...

  • Page 862: Ospfv3 Packets

    OSPFv3 has also five types of packets: hello, DD, LSR, LSU, and LSAck. The five packets have the same packet header, which different from the OSPFv2 packet header is only 16 bytes in length, has no authentication field, but is added with an Instance ID field to support multi-instance per link.

  • Page 863: Timers Of Ospfv3

    The smaller the hello interval, the faster the network convergence speed and the bigger the network load. If a router receives no hello packet from a neighbor within a period, it will declare the peer is down. The period is called the dead interval.

  • Page 864: Protocols And Standards

    OSPFv3 stub area OSPFv3 multi-process, which enable a router to run multiple OSPFv3 processes OSPFv3 GR Protocols and Standards RFC 2740: OSPF for IPv6 RFC 2328: OSPF Version 2 RFC 5187: OSPFv3 Graceful Restart IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3:...

  • Page 865: Enabling Ospfv3

    OSPFv3 process a router ID, and enable the OSPFv3 process on related interfaces. A router ID uniquely identifies a router within an AS. Therefore, you need to specify a unique router ID for each OSPFv3 router within the AS to ensure normal operation. Note that if a router runs multiple OSPFv3 processes, you need to specify a unique router ID for each process.

  • Page 866: Configuring An Ospfv3 Virtual Link

    All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.

  • Page 867: Configuring Ospfv3 Network Types

    You can change the network type of an OSPFv3 interface as needed. For example: An NBMA network must be fully connected. That is, any two routers in the network must be directly reachable to each other through a virtual circuit. In the event no such direct link is available, you need to change the network type through a command.

  • Page 868: Configuring An Nbma Or P2Mp Neighbor

    Configuring an NBMA or P2MP Neighbor For NBMA and P2MP interfaces (only when in unicast mode), you need to specify the link-local IP addresses of their neighbors because such interfaces cannot find neighbors via broadcasting Hello packets. You can also specify DR priorities for neighbors.

  • Page 869: Configuring Ospfv3 Inbound Route Filtering

    The abr-summary command takes effect on ABRs only. Configuring OSPFv3 Inbound Route Filtering You can configure OSPFv3 to filter routes that are computed from received LSAs according to some rules. Follow these steps to configure OSPFv3 inbound route filtering: To do…...

  • Page 870: Configuring The Maximum Number Of Ospfv3 Load-Balanced Routes

    The value defaults to 8. Configuring a Priority for OSPFv3 A router may run multiple routing protocols. The system assigns a priority for each protocol. When these routing protocols find the same route, the route found by the protocol with the highest priority is selected.

  • Page 871: Configuring Ospfv3 Route Redistribution

    Since OSPFv3 is a link state routing protocol, it cannot directly filter LSAs to be advertised. Therefore, you need to filter redistributed routes first, and thus only routes that are not filtered out can be advertised in LSAs into the routing domain.

  • Page 872: Tuning And Optimizing Ospfv3 Networks

    SPF timer: Specified to protect networks from being over-loaded due to frequent network changes. For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election. By disabling an interface from sending OSPFv3 packets, you can make other routers on the network obtain no information from the interface.

  • Page 873: Configuring A Dr Priority For An Interface

    0 cannot become a DR or BDR. Ignoring MTU Check for DD Packets When LSAs are few in DD packets, it is unnecessary to check the MTU in DD packets in order to improve efficiency. Follow these steps to ignore MTU check for DD packets: To do…...

  • Page 874: Disable Interfaces From Sending Ospfv3 Packets

    After an OSPF interface is set to silent, direct routes of the interface can still be advertised in Intra-Area-Prefix-LSAs via other interfaces, but other OSPFv3 packets cannot be advertised.

  • Page 875: Configuring Gr Restarter

    Establish all adjacencieis and obtain complete topology information after reboot. After the master/backup switchover, the GR Restarter sends a Grace-LSA to tell its neighbors that it performs a GR. Upon receiving the Grace-LSA, the neighbors with the GR Helper capability enter the helper mode (and are thus called GR Helpers).

  • Page 876: Displaying And Maintaining Ospfv3

    Display OSPFv3 interface display ospfv3 interface [ interface-type information interface-number | statistic ] display ospfv3 [ process-id ] lsdb [ [ external | Display OSPFv3 LSDB inter-prefix | inter-router | intra-prefix | link | information network | router | grace ] [ link-state-id ]...

  • Page 877: Ospfv3 Configuration Examples

    Configuring OSPFv3 Areas Network requirements In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. It is required to configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.
  • Page 878 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface Vlan-interface 400 [SwitchD-Vlan-interface400] ospfv3 1 area 2 [SwitchD-Vlan-interface400] quit # Display OSPFv3 neighbor information on Switch B. [SwitchB] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State...
  • Page 879 # Configure Switch D [SwitchD] ospfv3 [SwitchD-ospfv3-1] area 2 [SwitchD-ospfv3-1-area-0.0.0.2] stub # Configure Switch C, and specify the cost of the default route sent to the stub area as 10. [SwitchC] ospfv3 [SwitchC-ospfv3-1] area 2 [SwitchC-ospfv3-1-area-0.0.0.2] stub [SwitchC-ospfv3-1-area-0.0.0.2] default-cost 10...
  • Page 880 # Display OSPFv3 routing table information on Switch D. You can find a default route is added, and its cost is the cost of a direct route plus the configured cost. [SwitchD] display ospfv3 routing E1 - Type 1 external route,...

  • Page 881: Configuring Ospfv3 Dr Election

    The priority of Switch A is 100, the highest priority on the network, so it will be the DR. The priority of Switch C is 2, the second highest priority on the network, so it will be the BDR. The priority of Switch B is 0, so it cannot become the DR.
  • Page 882 # Display neighbor information on Switch A. You can find the switches have the same default DR priority 1. In this case, the switch with the highest Router ID is elected as the DR. Therefore, Switch D is the DR, and Switch C is the BDR.

  • Page 883: Configuring Ospfv3 Route Redistribution

    [SwitchC] interface Vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 dr-priority 2 [SwitchC-Vlan-interface100] quit # Display neighbor information on Switch A. You can find DR priorities have been updated, but the DR and BDR are not changed. [SwitchA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1)
  • Page 884 Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Switch B and set the default metric for redistributed routes to 3. Thus, Switch C can learn the routes destined for 1::0/64 and 2::0/64, while Switch A cannot learn the routes destined for 3::0/64 or 4::0/64.
  • Page 885 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Configure OSPFv3 route redistribution # Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Switch B. [SwitchB] ospfv3 2 1-25...
  • Page 886 : :: Preference: 0 Interface : NULL0 Cost Configuring OSPFv3 GR Network requirements As shown in Figure 1-5, Switch A, Switch B and Switch C that belong to the same AS and the same OSPFv3 routing domain are GR capable. 1-26...
  • Page 887 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 1 [SwitchA-Vlan-interface100] quit # Enable OSPFv3 on Switch B and set the router ID to 2.2.2.2. (By default, GR helpler is enabled on Switch B). <SwitchB> system-view [SwitchB] ipv6 [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] router-id 2.2.2.2...

  • Page 888: Troubleshooting Ospfv3 Configuration

    If the physical link and lower protocol work well, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type. If the network type is broadcast, at least one interface must have a DR priority higher than 0.
  • Page 889 If more than two areas are configured, at least one area is connected to the backbone. In a Stub area, all routers are configured with the stub command. If a virtual link is configured, use the display ospf vlink command to check the neighbor state. 1-29...
  • Page 890 1 IPv6 IS-IS Configuration····························································································································1-1 Introduction to IPv6 IS-IS ························································································································1-1 Configuring IPv6 IS-IS Basic Functions ··································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Configuring IPv6 IS-IS Routing Information Control ···············································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Displaying and Maintaining IPv6 IS-IS····································································································1-4 IPv6 IS-IS Configuration Example ··········································································································1-4...

  • Page 891: Ipv6 Is-Is Configuration

    IPv6 IS-IS Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. EA boards (such as LSQ1GP12EA and LSQ1TGX1EA) do not support IPv6 features. IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead.

  • Page 892: Configuring Ipv6 Is-Is Basic Functions

    Disabled by default Configuring IPv6 IS-IS Routing Information Control Configuration Prerequisites You need to complete the IPv6 IS-IS basic function configuration before configuring this task. Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do…...
  • Page 893 For information about ACL, refer to ACL Configuration in the Security Volume. For information about routing policy and IPv6 prefix list, refer to Routing Policy Configuration in the IP Routing Volume.

  • Page 894: Displaying And Maintaining Ipv6 Is

    IPv6. Switch A and Switch B are Level-1 switches, Switch D is a Level-2 switch, and Switch C is a Level-1-2 switch. Switch A, Switch B, and Switch C are in area 10, while Switch D is in area 20.
  • Page 895 Figure 1-1 Network diagram for IPv6 IS-IS basic configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure IPv6 IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] ipv6 enable [SwitchA-isis-1] quit...
  • Page 896 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis ipv6 enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00 [SwitchD-isis-1] ipv6 enable...
  • Page 897 Specifying an IPv6 BGP Peer ·········································································································1-3 Injecting a Local IPv6 Route············································································································1-3 Configuring a Preferred Value for Routes from a Peer/Peer Group ···············································1-3 Specifying the Source Interface for Establishing TCP Connections ···············································1-4 Allowing the Establishment of a Non-Direct eBGP connection ·······················································1-5 Configuring a Description for an IPv6 Peer/Peer Group ·································································1-5...
  • Page 898 IPv6 BGP Basic Configuration ······································································································1-21 IPv6 BGP Route Reflector Configuration ······················································································1-23 Troubleshooting IPv6 BGP Configuration ·····························································································1-24 No IPv6 BGP Peer Relationship Established ················································································1-24...

  • Page 899: Ipv6 Bgp Configuration

    IPv6 BGP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. EA boards (such as LSQ1GP12EA and LSQ1TGX1EA) do not support IPv6 features. This chapter describes only configuration for IPv6 BGP. For BGP related information, refer to BGP Configuration in the IP Routing Volume.

  • Page 900: Configuration Task List

    Configuration Task List Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP Peer Required Injecting a Local IPv6 Route Optional Configuring a Preferred Value for Routes from Optional a Peer/Peer Group Specifying the Source Interface for...

  • Page 901: Configuring Ipv6 Bgp Basic Functions

    Before configuring this task, you need to: Specify IP addresses for interfaces. Enable IPv6. You need create a peer group before configuring basic functions for it. For related information, refer to Configuring IPv6 BGP Peer Group. Specifying an IPv6 BGP Peer Follow these steps to configure an IPv6 BGP peer: To do…...

  • Page 902: Specifying The Source Interface For Establishing Tcp Connections

    Other routes not matching the routing policy uses the value set with the command. If the preferred value in the routing policy is zero, the routes matching it will also use the value set with the command. For information about using a routing policy to set a preferred...

  • Page 903: Allowing The Establishment Of A Non-Direct Ebgp Connection

    TCP connection establishment. To establish a BGP connection, you need to specify on the local router the source interface for establishing the TCP connection to the peer on the peering BGP router; otherwise, the local BGP router may fail to establish TCP connection to the peer when using the outbound interface of the best route as the source interface.

  • Page 904: Disabling Session Establishment To An Ipv6 Peer/Peer Group

    IPv6 peer/peer group ipv6-address } ignore Not disabled by default Logging IPv6 Peer/Peer Group State Changes Follow these steps to configure to log on the session and event information of an IPv6 peer/peer group: To do… Use the command… Remarks —...

  • Page 905: Configuring Ipv6 Bgp Route Redistribution

    IGP default route. Configuring IPv6 BGP Route Summarization To reduce the routing table size on medium and large BGP networks, you need to configure route summarization on BGP routers. BGP supports only manual summarization of IPv6 routes. Follow these steps to configure IPv6 BGP route summarization: To do…...

  • Page 906: Configuring Outbound Route Filtering

    With the peer default-route-advertise command executed, the local router advertises a default route with itself as the next hop to the specified IPv6 peer/peer group, regardless of whether the default route is available in the routing table. Configuring Outbound Route Filtering Follow these steps to configure outbound route filtering: To do…...

  • Page 907: Configuring Inbound Route Filtering

    IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command.

  • Page 908: Configuring Route Dampening

    By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the iBGP route is advertised by IGP can the route be advertised to eBGP peers.

  • Page 909: Configuring The Med Attribute

    To make sure an iBGP peer can find the correct next hop, you can configure routes advertised to the IPv6 iBGP peer/peer group to use the local router as the next hop. If BGP load balancing is configured, the local router specifies itself as the next hop of routes sent to an IPv6 iBGP peer/peer group regardless of whether the peer next-hop-local command is configured.

  • Page 910: Configuring The As_Path Attribute

    IPv6 BGP timers After establishing an IPv6 BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive message from the peer after the holdtime elapses, it tears down the connection.

  • Page 911: Prerequisites

    IPv6 BGP routing table refresh without needing to disconnect IPv6 BGP links. With this feature enabled on all IPv6 BGP routers in a network, when a routing policy modified on a router, the router advertises a route-refresh message to its peers, which then send their routing information back to the router.

  • Page 912: Configuring Ipv6 Bgp Soft Reset

    Enabling the IPv6 BGP ORF Capability The BGP Outbound Route Filter (ORF) feature allows a BGP speaker to send to its BGP peer a set of ORFs through Route-refresh messages. The peer then applies the ORFs, in addition to its local routing policies (if any), to filter updates to the BGP speaker, thus reducing the number of exchanged Update messages and saving network resources.

  • Page 913: Configuring The Maximum Number Of Load-Balanced Routes

    After you enable the BGP ORF capability, the local BGP router negotiates the ORF capability with the BGP peer through Open messages (that is, determine whether to carry ORF information in messages; if yes, whether to carry non-standard ORF information in the packets). After completing the negotiation process and establishing the neighboring relationship, the BGP router and its BGP peer can exchange ORF information through specific Route-refresh messages.

  • Page 914: Configuring A Large Scale Ipv6 Bgp Network

    ASs. If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group, and if not, a mixed eBGP peer group. In a peer group, all members enjoy a common policy. Using the community attribute can make a set of IPv6 BGP routers in multiple ASs enjoy the same policy, because sending of community between IPv6 BGP peers is not limited by AS.
  • Page 915 Not added by default To create a pure eBGP peer group, you need to specify an AS number for the peer group. If a peer was added into an eBGP peer group, you cannot specify any AS number for the peer group.

  • Page 916: Configuring Ipv6 Bgp Community

    When creating a mixed eBGP peer group, you need to create a peer and specify its AS number that can be different from AS numbers of other peers, but you cannot specify AS number for the eBGP peer group. Configuring IPv6 BGP Community...

  • Page 917: Configuring An Ipv6 Bgp Route Reflector

    In general, since the route reflector forwards routing information between clients, it is not required to make clients of a route reflector fully meshed. If clients are fully meshed, it is recommended to disable route reflection between clients to reduce routing costs.

  • Page 918: Resetting Ipv6 Bgp Connections

    Resetting IPv6 BGP Connections To do… Use the command… Remarks Perform soft reset on refresh bgp ipv6 { ipv4-address | ipv6-address | all | IPv6 BGP external | group ipv6-group-name | internal } { export | Available in connections import }...

  • Page 919: Clearing Ipv6 Bgp Information

    IPv6 BGP Basic Configuration Network requirements In the following figure are all IPv6 BGP switches. Between Switch A and Switch B is an eBGP connection. Switch B, Switch C and Switch D are fully meshed through iBGP connections. Figure 1-1 IPv6 BGP basic configuration network diagram...
  • Page 920 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 10::2 as-number 65008 # Display IPv6 peer information on Switch B. [SwitchB] display bgp ipv6 peer BGP local router ID : 2.2.2.2 Local AS number : 65009 1-22...

  • Page 921: Ipv6 Bgp Route Reflector Configuration

    IPv6 BGP Route Reflector Configuration Network requirements As shown in the following figure, Switch B receives an eBGP update and sends it to Switch C, which is configured as a route reflector with two clients: Switch B and Switch D.

  • Page 922: Troubleshooting Ipv6 Bgp Configuration

    # Configure Switch C as a route reflector, Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64. Troubleshooting IPv6 BGP Configuration...
  • Page 923 Analysis To become IPv6 BGP peers, any two routers need to establish a TCP session using port 179 and exchange open messages successfully. Processing steps Use the display current-configuration command to verify the peer’s AS number. Use the display bgp ipv6 peer command to verify the peer’s IPv6 address.
  • Page 924 Route Policy Configuration Example ····································································································1-10 Applying a Route Policy to IPv4 Route Redistribution ··································································1-10 Applying a Route Policy to IPv6 Route Redistribution ··································································1-13 Applying a Route Policy to Filter Received BGP Routes ······························································1-15 Troubleshooting Route Policy Configuration ························································································1-17 IPv4 Routing Information Filtering Failure ·····················································································1-17...

  • Page 925: Route Policy Configuration

    Route Policy Configuration Example Troubleshooting Route Policy Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. EA boards (such as LSQ1GP12EA and LSQ1TGX1EA) do not support IPv6 features. Route policy in this chapter involves both IPv4 route policy and IPv6 route policy.
  • Page 926 A route policy can comprise multiple nodes, which are in logic OR relationship. Each route policy node is a match unit, and a node with a smaller number is matched first. Once a node is matched, the route policy is passed and the packet will not go to the next node.

  • Page 927: Route Policy Application

    An item with a smaller index number is matched first. If one item is matched, the IP prefix list is passed, and the routing information will not go to the next item.
  • Page 928 If all the items are set to the deny mode, no routes can pass the IPv4 prefix list. Therefore, you need to define the permit 0.0.0.0 0 less-equal 32 item following multiple deny items to allow other IPv4 routing information to pass.

  • Page 929: Defining An As Path List

    Defining an AS Path List You can define multiple items for an AS path list that is identified by number. The relation between items is logical OR, that is, if a route matches one of these items, it passes the AS path list.

  • Page 930: Configuring A Route Policy

    Configuring a Route Policy A route policy is used to filter routing information, and modify attributes of matching routing information. The match criteria of a route policy can be configured by referencing filters above mentioned. A route policy can comprise multiple nodes, and each route policy node contains: if-match clauses: Define the match criteria that routing information must satisfy.

  • Page 931: Defining If-Match Clauses

    If routing information does not match the node, it will go to the next node for a match.

  • Page 932: Defining Apply Clauses

    You can specify no or multiple if-match clauses for a route policy node. If no if-match clause is specified, and the route policy node is in permit mode, all routing information can pass the node. If it is in deny mode, no routing information can pass it.
  • Page 933 | no-advertise } * [ additive ] } Optional Set a cost for routing information apply cost [ + | - ] value Not set by default. Optional Set a cost type for routing apply cost-type [ external |...

  • Page 934: Displaying And Maintaining The Route Policy

    As shown in the following figure, Switch B exchanges routing information with Switch A using OSPF, and with Switch C using IS-IS. On Switch B, enable route redistribution from IS-IS to OSPF and apply a route policy to set the cost of route 172.17.1.0/24 to 100, and the tag of route 172.17.2.0/24 to 20.
  • Page 935 Figure 1-1 Network diagram for route policy application to route redistribution Configuration procedure Specify IP addresses for interfaces (omitted). Configure IS-IS. # Configure Switch C. <SwitchC> system-view [SwitchC] isis [SwitchC-isis-1] is-level level-2 [SwitchC-isis-1] network-entity 10.0000.0000.0001.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200...
  • Page 936 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] import-route isis 1 [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A to view redistributed routes. [SwitchA] display ospf routing OSPF Process 1 with Router ID 192.168.1.1 Routing Tables Routing for Network...

  • Page 937: Applying A Route Policy To Ipv6 Route Redistribution

    [SwitchB] ospf [SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A. The cost of route 172.17.1.0/24 is 100, the tag of route 172.17.1.0/24 is 20. [SwitchA] display ospf routing OSPF Process 1 with Router ID 192.168.1.1...
  • Page 938 [SwitchA-route-policy] if-match ipv6 address prefix-list a [SwitchA-route-policy] quit [SwitchA] route-policy static2ripng permit node 10 [SwitchA-route-policy] quit # Enable RIPng and apply the route policy to static route redistribution. [SwitchA] ripng [SwitchA-ripng-1] import-route static route-policy static2ripng Configure Switch B. # Configure the IPv6 address for VLAN-interface 100.

  • Page 939: Applying A Route Policy To Filter Received Bgp Routes

    Network requirements As shown in the following figure: All the switches run BGP. Switch C establishes eBGP connections with other switches. Configure a route policy on Switch D to reject routes from AS 200. Figure 1-3 Route policy configuration to filter received BGP routes...
  • Page 940 [SwitchD] bgp 400 [SwitchD-bgp] router-id 4.4.4.4 [SwitchD-bgp] peer 1.1.3.1 as-number 300 [SwitchD-bgp] quit # On Switch A, inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 to BGP. [SwitchA-bgp] network 4.4.4.4 24 [SwitchA-bgp] network 5.5.5.5 24 [SwitchA-bgp] network 6.6.6.6 24 # On Switch B, inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 to BGP.

  • Page 941: Troubleshooting Route Policy Configuration

    9.9.9.0/24 1.1.3.1 300 200i The display above shows that Switch D has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200. Configure Switch D to reject routes from AS 200. # Configure AS_PATH list 1 on Switch D.

  • Page 942: Ipv6 Routing Information Filtering Failure

    Analysis At least one item of the IP prefix list should be configured as permit mode, and at least one node in the Route policy should be configured as permit mode. Solution Use the display ip ip-prefix command to display IP prefix list information.
  • Page 943 1 Policy Routing Configuration···················································································································1-1 Policy Routing Overview ·························································································································1-1 Configuring Traffic Redirecting ···············································································································1-1 Configuring a QoS Policy ················································································································1-2 Applying the QoS Policy ··················································································································1-2 Displaying and Maintaining QoS Policies ·······························································································1-3 Policy Routing Configuration Examples··································································································1-4 IPv4 Policy Routing Configuration Example····················································································1-4 IPv6 Policy Routing Configuration Example····················································································1-5...

  • Page 944: Policy Routing Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 945: Configuring A Qos Policy

    To implement policy routing successfully, ensure that the next hop address specified in the redirect action exist and the outgoing interface is not a tunnel interface. If you fail to do that, the matching traffic will be dropped. Applying the QoS Policy When configuring policy routing, you can apply a QoS policy to different occasions: Applied globally, the policy takes effect on the traffic sent or received on all ports.

  • Page 946: Displaying And Maintaining Qos Policies

    — qos vlan-policy policy-name Apply the QoS policy to VLANs Required vlan vlan-id-list inbound QoS policies cannot be applied to dynamic VLANs, for example, VLANs created by GVRP. Displaying and Maintaining QoS Policies To do… Use the command… Remarks display qos policy...

  • Page 947: Policy Routing Configuration Examples

    # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior a. [SwitchA] traffic behavior a...

  • Page 948: Ipv6 Policy Routing Configuration Example

    # Define a match criterion for class a to match IPv6 ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202::2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202::2...
  • Page 949 # Apply QoS policy a to the incoming traffic of GigabitEthernet 2/0/1. [SwitchA] interface gigabitethernet 2/0/1 [SwitchA-GigabitEthernet2/0/1] qos apply policy a inbound Verification After completing the configuration, verify that when Switch A receives packets with destination IP address 201::2, it forwards the packets to Switch C instead of Switch B.
  • Page 950 Multicast Models Multicast Overview Multicast Architecture Multicast Packets Forwarding Mechanism Multi-Instance Multicast Multicast routing and forwarding refer to some policies that filter RPF routing information for IP multicast support. This document describes: Multicast Routing and Forwarding Multicast routing and forwarding overview...
  • Page 951 Forwarding IPv6 Multicast routing and forwarding overview IPv6 Multicast routing and forwarding configuration MLD is used by an IPv6 router or a Ethernet Switch to discover the presence of multicast listeners on directly-attached subnets. This document describes: Configuring Basic Functions of MLD...
  • Page 952 Features Description As an IPv6 multicast extension of MP-BGP, IPv6 MBGP enables BGP to provide routing information for IPv6 multicast applications. This document describes: IPv6 MBGP Configuring IPv6 MBGP Basic Functions Configuring IPv6 MBGP Route Attributes Configuring a Large Scale IPv6 MBGP Network...
  • Page 953 Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques··································································· 1-1 Features of Multicast ······················································································································ 1-4 Common Notations in Multicast······································································································ 1-5 Advantages and Applications of Multicast······················································································ 1-5 Multicast Models ·····································································································································1-6 Multicast Architecture······························································································································1-6 Multicast Addresses ······················································································································· 1-7 Multicast Protocols ·······················································································································...

  • Page 954: Multicast Overview

    Comparison of Information Transmission Techniques Unicast In unicast, the information source (Source in the figure) needs to send a separate copy of information to each host (Receiver in the figure) that wants the information, as shown in Figure...
  • Page 955 If a large number of users need the information, the information source needs to send a copy of the same information to each of these users. This means a tremendous pressure on the information source and the network bandwidth.
  • Page 956 Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.

  • Page 957: Features Of Multicast

    The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.

  • Page 958: Common Notations In Multicast

    G. Here “*” represents any multicast source, while “G” represents a specific multicast group. (S, G): Indicates a shortest path tree (SPT), or a multicast packet that multicast source S sends to multicast group G. Here “S” represents a specific multicast source, while “G” represents a specific multicast group.

  • Page 959: Multicast Models

    However, they can join or leave the multicast group at any time. SFM model The SFM model is derived from the ASM. From the view of a sender, the two models have the same multicast membership architecture.

  • Page 960: Multicast Addresses

    For details, refer to RFC 2365. The membership of a group is dynamic. Hosts can join or leave multicast groups at any time. “Glop” is a mechanism for assigning multicast addresses between different autonomous systems (ASs).
  • Page 961 Referring to Figure 1-4, the meanings of the fields of an IPv6 multicast address are as follows: 0xFF: The most significant 8 bits are 11111111, indicating that this address is an IPv6 multicast address. Figure 1-5 Format of the Flags field...
  • Page 962 IPv4 multicast MAC addresses As defined by IANA, the high-order 24 bits of an IPv4 multicast MAC address are 0x01005E, bit 25 is 0, and the low-order 23 bits are the low-order 23 bits of a multicast IPv4 address. The IPv4-to-MAC Figure 1-6.
  • Page 963 The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost. As a result, 32 multicast IPv4 addresses map to the same MAC address.

  • Page 964: Multicast Protocols

    Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.
  • Page 965 An intra-domain multicast routing protocol is used to discover multicast sources and build multicast distribution trees within an AS so as to deliver multicast data to receivers. Among a variety of mature intra-domain multicast routing protocols, protocol independent multicast (PIM) is a popular one.

  • Page 966: Multicast Packet Forwarding Mechanism

    VLAN of the Layer 2 device. With the multicast VLAN or IPv6 multicast VLAN feature enabled on the Layer 2 device, the Layer 3 multicast device needs to send only one copy of multicast to the multicast VLAN or IPv6 multicast VLAN on the Layer 2 device. This avoids waste of network bandwidth and extra burden on the Layer 3 device.

  • Page 967: Multi-Instance Application In Multicast

    On a PE device, a set of software and hardware that serves the same network forms an instance. Multiple instances exist on a PE device at the same time, and an instance resides on different PE devices.
  • Page 968 Only one set of unified multicast service runs on a non-PE device. It is called public instance. The configuration made in VPN instance view only takes effect on the VPN instance interface only. An interface that does not belong to any VPN instance is called public instance interface.
  • Page 969 Configuring a Multicast Forwarding Range ···················································································1-10 Configuring the Multicast Forwarding Table Size··········································································1-10 Configuring Static Multicast MAC Address Entries ·······································································1-11 Tracing a Multicast Path ················································································································1-12 Displaying and Maintaining Multicast Routing and Forwarding ····························································1-12 Configuration Examples ························································································································1-14 Changing an RPF Route ···············································································································1-14 Creating an RPF Route ·················································································································1-16 Multicast Forwarding over GRE Tunnels·······················································································1-18...

  • Page 970: Multicast Routing And Forwarding Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.
  • Page 971 RPF check process The basis for an RPF check is a unicast route, an MBGP route, or a multicast static route. A unicast routing table contains the shortest path to each destination subnet, An MBGP routing table contains multicast routing information, and A multicast static routing table contains the RPF routing information defined by the user through static configuration.
  • Page 972 RPF check. If the RPF interface is the incoming interface of the (S, G) entry, this means the (S, G) entry is correct but the packet arrived from a wrong path. The packet is to be discarded.

  • Page 973: Multicast Static Routes

    Router A to Router C, which is the unicast route between the two routers; with a static route configured on Router C and with Router B as Router C’s RPF neighbor on the path back to Source, the multicast information from Source travels from Router A to Router B and then to Router C.

  • Page 974: Application Of Gre Tunnel In Multicast Forwarding

    (Source) in the RIP domain. After you configure a multicast static route on Router C and Router D, specifying Router B as the RPF neighbor of Router C and specifying Router C as the RPF neighbor of Router D, the receivers can receive multicast data sent by the multicast source.

  • Page 975: Multicast Traceroute

    A multicast traceroute packet is a special IGMP packet, which differs from common IGMP packets in that its IGMP Type field is set to 0x1F or 0x1E and that its destination IP address is a unicast address. There are three types of multicast traceroute packets:...

  • Page 976: Configuration Task List

    From the last-hop router to the multicast source, each hop adds a response data block to the end of the request packet and unicasts it to the previous hop.

  • Page 977: Configuring Multicast Routing And Forwarding

    The maximum number of entries in the multicast forwarding table Configuring Multicast Static Routes By configuring a multicast static route for a given multicast source, you can specify an RPF interface or an RPF neighbor for multicast traffic from that source.

  • Page 978: Configuring A Multicast Routing Policy

    RPF neighbor only by its address (rpf-nbr-address). Configuring a Multicast Routing Policy You can configure the router to determine the RPF route based on the longest match principle. For details about RPF route selection, refer to RPF check process.

  • Page 979: Configuring A Multicast Forwarding Range

    Excessive multicast routing entries, however, can exhaust the router’s memory and thus result in lower router performance. You can set a limit on the number of entries in the multicast forwarding table based on the actual networking situation and the performance requirements. If the configured maximum number of multicast forwarding table entries is smaller than the current value, the forwarding entries in excess will not be immediately deleted;...

  • Page 980: Configuring Static Multicast Mac Address Entries

    Configuring Static Multicast MAC Address Entries In Layer-2 multicast, a Layer 2 multicast protocol (such as IGMP snooping) can dynamically add multicast MAC address entries. Or, you can manually configure multicast MAC address entries. Configuring a static multicast MAC address entry in system view Table 1-1 Configure a static multicast MAC address entry in system view To do...

  • Page 981: Tracing A Multicast Path

    0 to F) can be manually added to the multicast MAC address table. Tracing a Multicast Path You can run the mtracert command to trace the path down which the multicast traffic flows from a given first-hop router to the last-hop router.
  • Page 982 [ all-instance | vpn-instance vpn-instance-name ] forwarding-table Clear forwarding entries from { { source-address [ mask { mask | mask-length } ] | Available in the multicast forwarding group-address [ mask { mask | mask-length } ] |...

  • Page 983: Configuration Examples

    B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast data from Source through the path Switch A – Switch C – Switch B, which is different from the unicast route. Network diagram...
  • Page 984 Referenced route/mask: 50.1.1.0/24 Referenced route type: igp Route selection rule: preference-preferred Load splitting rule: disable As shown above, the current RPF route on Switch B is contributed by a unicast routing protocol and the RPF neighbor is Switch A. 1-15...

  • Page 985: Creating An Rpf Route

    Configure a multicast static route # Configure a multicast static route on Switch B, specifying Switch C as its RPF neighbor on the route to Source. [SwitchB] ip rpf-route-static 50.1.1.100 24 20.1.1.2 Verify the configuration # Use the display multicast rpf-info command to view the information about the RPF route to Source on Switch B.
  • Page 986 [SwitchB] display multicast rpf-info 50.1.1.100 [SwitchC] display multicast rpf-info 50.1.1.100 No information is displayed. This means that no RPF route to Source 2 exists on Switch B and Switch C. Configure a multicast static route # Configure a multicast static route on Switch B, specifying Switch A as its RPF neighbor on the route to Source 2.

  • Page 987: Multicast Forwarding Over Gre Tunnels

    Referenced route type: multicast static Route selection rule: preference-preferred Load splitting rule: disable As shown above, the RPF routes to Source 2 exist on Switch B and Switch C. The source is the configured static route. Multicast Forwarding over GRE Tunnels Network requirements Multicast routing and PIM-DM are enabled on Switch A and Switch C.
  • Page 988 [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ip address 50.1.1.1 24 # Configure Tunnel 0 to work in the GRE tunnel mode and specify the source and destination addresses of the interface. [SwitchA-Tunnel0] tunnel-protocol gre [SwitchA-Tunnel0] source 20.1.1.1 [SwitchA-Tunnel0] destination 30.1.1.2 [SwitchA-Tunnel0] quit # Create Tunnel 0 on Switch C and configure the IP address and mask for the interface.
  • Page 989 [SwitchC-Tunnel0] pim dm [SwitchC-Tunnel0] quit Configure a static multicast route # On Switch C, configure a static multicast route and specify its RPF neighbor leading toward Source is Tunnel 0 on Switch A. [SwitchC] ip rpf-route-static 10.1.1.0 24 50.1.1.1 Verify the configuration Source sends multicast data to the multicast group 225.1.1.1 and Receiver can receive the multicast...

  • Page 990: Troubleshooting Multicast Routing And Forwarding

    1: Vlan-interface200 Protocol: pim-dm, UpTime: 00:04:25, Expires: never As shown above, Switch A is the RPF neighbor of Switch C and the multicast data from Switch A is delivered over a GRE tunnel to Switch C. Troubleshooting Multicast Routing and Forwarding...

  • Page 991: Multicast Data Fails To Reach Receivers

    Solution Use the display pim routing-table command to check whether the corresponding (S, G) entries exist on the router. If so, the router has received the multicast data; otherwise, the router has not received the data. Use the display multicast boundary command to view the multicast boundary information on the interfaces.
  • Page 992 Enabling IGMP ································································································································1-9 Configuring IGMP Versions···········································································································1-10 Configuring Static Joining··············································································································1-10 Configuring a Multicast Group Filter······························································································1-11 Configuring the Maximum Number of Multicast Groups on an Interface ······································1-11 Adjusting IGMP Performance ···············································································································1-12 Configuration Prerequisites ···········································································································1-12 Configuring IGMP Message Options·····························································································1-12 Configuring IGMP Query and Response Parameters ···································································1-13 Configuring IGMP Fast Leave Processing ····················································································1-16...

  • Page 993: Igmp Configuration

    Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in the System Volume.

  • Page 994: Introduction To Igmpv1

    (G1) (G1) Query Report Assume that Host B and Host C are expected to receive multicast data addressed to multicast group G1, while Host A is expected to receive multicast data addressed to G2, as shown in Figure 1-1. The...

  • Page 995: Enhancements In Igmpv2

    IGMP report to the multicast group address of G1, to announce its membership for G1. Assume it is Host B that sends the report message. Upon hearing the report from Host B, Host C, which is on the same subnet with Host B, suppresses its own report for G1, because the IGMP routers (Router A and Router B) already know that at least one host on the local subnet is interested in G1.

  • Page 996: Enhancements In Igmpv3

    If it expects multicast data from specific sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Include Sources (S1, S2, …). If it does not expect multicast data from specific sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Exclude Sources (S1, S2, …).

  • Page 997: Igmp Ssm Mapping

    In the case of IGMPv1 or IGMPv2, Host B cannot select multicast sources when it joins multicast group G. Therefore, multicast streams from both Source 1 and Source 2 will flow to Host B whether it needs them or not.

  • Page 998: Igmp Proxying

    G carried in the message: If G is not in the SSM group range, Router A cannot provide the SSM service but the ASM service. If G is in the SSM group range but no IGMP SSM mappings corresponding to the multicast group G have been configured on Router A, Router A cannot provide SSM service and drops the message.

  • Page 999: Multi-Instance Igmp

    A device with IGMP proxying configured maintains a group membership database, which storesthe group memberships on all the downstream interfaces. Each entry comprises the multicast address, filter mode, and source list. Such an entry is a collection of members in the same multicast group on each downstream interface.

  • Page 1000: Igmp Configuration Task List

    If a feature is not configured for an interface in interface view, the global configuration performed in IGMP view will apply to that interface. If a feature is configured in both IGMP view and interface view, the configuration performed in interface view will be given priority.

  • Page 1001: Enabling Igmp

    The maximum number of multicast groups that can be joined on an interface Enabling IGMP First, IGMP must be enabled on the interface on which the multicast group memberships are to be established and maintained. Enabling IGMP in the public instance Follow these steps to enable IGMP in the public instance: To do...

This manual is also suitable for:

S7910eS7906e-vS7903eS7903e-sS7902e

Table of Contents