Page 1 DGS-3610 Series Configuration Guide Version 10.2...
Page 2 DGS-3610 Series Configuration Guide Revision No.: Version 10.2 Date: Copyright Statement D-Link Corporation. ©2008 All rights reserved. Without our written permission, this document may not be excerpted, reproduced, transmitted, or otherwise in all or in part by any party in any means.
Page 3 Preface Version Description This manual matches the firmware version v10.2. Target Readers This manual is intended for the following readers: Network engineers  Technical salespersons  Network administrators  Conventions in this Document 1. Universal Format Convention Arial: Arial with the point size 10 is used for the body. A line is added respectively above and below the prompts such as caution and note to separate them from the body.
Page 4 3. Signs Various striking identifiers are adopted in this manual to indicate the matters that special attention should be paid in the operation, as detailed below: Warning, danger or alert in the operation. Caution Description, prompt, tip or any other necessary supplement or explanation for the operation.
Page 5: Table Of Contents
Contents Command Line Interface Configuration ....................2-1 Command Mode ........................2-1 Obtaining Help ........................... 2-3 Abbreviating Commands ......................2-4 Using no and default Options ....................2-4 Understanding CLI Prompt Messages ..................2-4 Using History Commands ......................2-5 Using Editing Features....................... 2-5 1.7.1 Edit Shortcut Keys ..................
Page 6 2.5.3 Specifying the System to Restart after a Period of Time ....... 2-9 2.5.4 Immediate Restart ..................2-9 2.5.5 Deleting the Configured Reload Scheme ............2-9 System Name and Command Prompt ..................2-9 2.6.1 Overview ......................2-9 2.6.2 Configuring a System Name ................2-10 2.6.3 Configuring a Command Prompt ..............2-10 Banner Configuration .......................2-10...
Page 7 4.2.1 Transferring Files by Using the TFTP Protocol ..........4-1 4.2.2 Transferring Files by Using the XMODEM Protocol ........4-2 4.2.3 Upgrade the System ..................4-4 Network Communication Detection Tools ................... 5-1 Ping Connectivity Test ........................ 5-1 Traceroute Connectivity Test ..................... 5-2 Configuring Interfaces .........................
Page 8 8.1.2 Supported VLAN .................... 8-2 8.1.3 VLAN Member Type ..................8-2 Configuring VLAN ........................8-2 8.2.1 Saving the VLAN Configuration Information ..........8-2 8.2.2 Default VLAN Configuration ................8-3 8.2.3 Creating/Modifying a VLAN ................8-3 8.2.4 Deleting a VLAN .................... 8-3 8.2.5 Assigning Access Ports to the VLAN .............
Page 9 11.2.4 Mapping Layer 3 Interfaces of Secondary VLAN and Primary VLAN..11-4 11.2.5 Configuring Layer 2 Interface as Host Port of Private VLAN ....... 11-4 11.2.6 Configuring Layer 2 Interface as Promiscuous Port of Private VLAN ..11-5 11.3 Private VLAN Showing......................11-6 11.3.1 Showing private VLAN .................
Page 10 14.1.6 Relationship between DHCP Snooping and ARP Detectation.....14-4 14.1.7 Other Precautions on DHCP Snooping Configuration .........14-4 14.2 DHCP Snooping Configuration ....................14-5 14.2.1 Configuration of Enabling and Disabling DHCP Snooping ......14-5 14.2.2 Configuring DHCP Source MAC Check Function ........14-5 14.2.3 Configuring Static DHCP Snooping User .............14-5 14.2.4 Configuring Static DHCP Snooping Information Option .......14-6 14.2.5...
Page 11 15.2.13 Configuring Fast-Leave ................15-16 15.2.14 Configuring IGMP Snooping Suppression ..........15-17 15.2.15 Configuring Static Members of IGMP Snooping ........15-17 15.2.16 Configuration IGMP Filtering ..............15-18 15.3 Viewing IGMP Snooping Information ..................15-18 15.3.1 Viewing Current Mode ................15-19 15.3.2 Viewing and Clearing IGMP snooping Statistics ........15-19 15.3.3 View Router Interface Information .............15-19 15.3.4...
Page 12 17.3.5 Configuring Port Priority ................17-21 17.3.6 Configuring Path Cost of the Port ..............17-22 17.3.7 Configuring Default Calculation Method of Path Cost (path cost method) 17-23 17.3.8 Configuring Hello Time ................17-24 17.3.9 Configuring Forward-Delay Time ...............17-24 17.3.10 Configuring Max-Age Time ................17-25 17.3.11 Configuring Tx-Hold-Count ................17-25 17.3.12...
Page 13 19 IP Address and Service Configuration ....................19-1 19.1 IP Addressing Configuration ....................19-1 19.1.1 IP Address Overview ..................19-1 19.1.2 IP Address Configuration Task List ..............19-3 19.1.3 Monitoring and Maintaining IP Address ............19-8 19.1.4 IP Addressing Configuration Examples............19-9 19.2 IP Service Configuration ......................19-11 19.2.1 IP Services Configuration Task List ............
Page 14 20.7.1 Address Pool Configuration Example ............20-12 20.7.2 Manual Binding Configuration ..............20-13 20.7.3 DHCP Client Configuration ................20-13 21 DHCP Relay Configuration ....................... 21-1 21.1 Overview ..........................21-1 21.1.1 Understanding DHCP ..................21-1 21.1.2 Understanding DHCP Relay Agent ..............21-1 21.1.3 Understanding DHCP Relay Agent Information(option 82) ......21-2 21.1.4 Understanding DHCP relay Check Server-id Function ........21-3 21.2 Configuring DHCP ........................21-3...
Page 15 23.2.3 Configuring Global Trusted Key ID for the NTP ...........23-3 23.2.4 Configuring NTP Server ................23-3 23.2.5 Disabling receiving NTP Packets on the Interface ........23-4 23.2.6 Enabling/Disabling NTP Function ..............23-5 23.2.7 Configuring Real Time Synchronization for NTP .........23-5 23.3 Display of NTP Information ......................23-6 23.3.1 Debugging the NTP ..................23-6 23.3.2...
Page 16 25.3.2 Checking MIB Objects Supported by Current SNMP Agent ...... 25-11 25.3.3 Viewing SNMP User ...................25-13 25.3.4 Viewing SNMP View and Group ..............25-13 25.4 SNMP Configuration Example ....................25-13 25.4.2 Example of SNMP Access List Association Control ........25-16 25.4.3 SNMPv3 Related Configuration Examples ..........25-16 26 Configuration of RMON ........................
Page 17 28 OSPF Routing Protocol Configuration ....................28-1 28.1 OSPF Overview ........................28-1 28.2 OSPF Configuration Task List ....................28-3 28.2.1 Creating the OSPF Routing Process ............28-5 28.2.2 Configuring the OSPF Interface Parameters ..........28-6 28.2.3 Configuring the OSPF to Accommodate Different Physical Networks ..28-7 28.2.4 Configuring the OSPF Area Parameters ............
Page 18 29.7 Configuring Interaction between BGP and IGP ..............29-11 29.8 Configuration Timer of BGP ....................29-11 29.9 Configuring Path Attribute for BGP ..................29-12 29.9.1 AS_PATH Attribute Related Configuration ..........29-12 29.9.2 NEXT_HOP Attribute Related Configuration ..........29-13 29.9.3 MULTI_EXIT_DISC Attribute Related Configuration ........29-14 29.9.4 LOCAL_PREF Attribute Related Configuration .........29-15 29.9.5...
Page 19 30.3.1 Selecting Hash Keyword ................30-11 30.3.2 Selecting the Hash Algorithm ..............30-12 30.3.3 Configuration Commands ................30-12 30.3.4 Configuration Examples ................30-12 31 Policy-Based Routing Configuration ....................31-1 32 IPv6 Configuration ..........................32-1 32.1 IPv6 Related Information ......................32-1 32.1.1 IPv6 Address Format ...................32-3 32.1.2 Type of IPv6 Address ...................32-4 32.1.3...
Page 20 34.1.2 Interface Configuration .................34-3 34.1.3 Router ID Configuration ................34-3 34.1.4 Authentication Mechanism Setting ..............34-4 34.2 OSPFv3 Basic Configuration ....................34-4 34.3 Configuring OSPFv3 Interface Parameters ................34-6 34.4 Configuring OSPFv3 Area Parameters ..................34-8 34.4.1 Configuring OSPFv3 Virtual Connection .............34-9 34.5 Configuring OSPFv3 Route Information Convergence ............34-10 34.5.1 Configuring Inter-Area Convergence ............34-10 34.6 Configuring Bandwidth Reference Value of OSPFv3 Interface Measurement ......34-10...
Page 21 35.6.12 Enabling IGMP SSM-MAP .................35-19 35.6.13 Configuring IGMP SSM-MAP STATIC ............35-19 35.6.14 ClearingUp Dynamic Group Membership in IGMP Cache from Response Message 35-20 35.6.15 Clearing Up All Information on Specified Interface in IGMP Cache ...35-20 35.6.16 Displaying the Status of IGMP Group Member in Directly-connected Subnet35-20 35.6.17 Showing the configuration information of the IGMP interface ....35-21 35.6.18...
Page 22 37.2.2 Precautions for Configuring 802.1X .............37-9 37.2.3 Configuring the Communication Between the Device and Radius Server 37-10 37.2.4 Setting the 802.1X Authentication Switch ..........37-11 37.2.5 Enabling/Disabling the Authentication of a Port .........37-12 37.2.6 Enabling Timing Re-authentication ............37-13 37.2.7 Changing the QUIET Time .................37-14 37.2.8 Setting the Packet Retransmission Interval ..........37-15 37.2.9...
Page 23 37.5.3 Disabling AAA ....................37-4 37.5.4 Subsequent Configuration Steps ..............37-4 37.6 Configuring Authentication .......................37-4 37.6.1 Defining AAA Authentication Method List .............37-5 37.6.2 Example of Method List ................37-5 37.6.3 General Steps in Configuring AAA Authentication ........37-6 37.6.4 Configuring the AAA Line Authentication .............37-6 37.6.5 Example of Authentication Configuration ...........37-10 37.7 Configuring Authorization .......................
Page 24 39.4.4 Disabling SSH SERVER ................39-2 39.4.5 Configuring SSH Server Support Version ............39-3 39.4.6 Configuring SSH User Authentication Timeout Duration ......39-3 39.4.7 Configuring SSH Re-authentication Times ..........39-3 39.5 Device Management Through SSH ..................39-4 40 CPU Protection Configuration ......................40-1 40.1 Overview ..........................40-1 40.1.1 Function of CPU Protect ................40-1 40.1.2...
Page 25 42.7.3 Configuring the Minimum Interval for Tranmission of Security Events ..42-3 42.7.4 Configuring the Address Binding Switch Supported by the Port....42-3 42.8 GSN Configuration Display ......................42-4 42.8.1 Showing smp server ..................42-4 42.8.2 Showing security event interval ..............42-4 42.9 Precuations for GSN Configuration ..................42-4 42.9.1 Number of GSN-Supporting Entries ............42-4 42.9.2...
Page 26 44.3.2 Configuring MAC Extended Access List ............44-10 44.3.3 Configuration of Showing MAC Extended Access Lists......44-11 44.3.4 MAC Extended Access List Example ............44-11 44.4 Configuring Expert Extended Access List ................44-12 44.4.1 Expert Extended Access List Configuration Guide ........44-12 44.4.2 Configuring Expert Extended Access Lists ..........44-12 44.4.3 Configuration of Showing Expert Extended Access Lists ......44-14...
Page 27 45.3.2 Showing policy-map ...................45-15 45.3.3 Showing mls qos interface .................45-15 45.3.4 Showing mls qos queueing ................45-15 45.3.5 Showing mls qos scheduler ...............45-16 45.3.6 Showing mls qos maps ................45-16 45.3.7 Showing mls qos rate-limit .................45-17 45.3.8 Showing policy-map interface ..............45-18 46 VRRP Configuration .......................... 46-1 46.1 Overview ..........................46-1 46.2 VRRP Applications ........................46-2 46.2.1...
Page 28 47.2.3 Configuring Port RLDP ................47-5 47.2.4 Configuring Detection vlan ................47-6 47.2.5 Configuring RLDP Detection Interval ............47-6 47.2.6 Configure the RLDP Maximum Detection Times .........47-7 47.2.7 Restoring the RLDP Status of the Port ............47-7 47.3 Viewing RLDP Information .......................47-8 47.3.1 Viewing the RLDP Status of All Ports ............47-8 47.3.2 Viewing the RLDP Status of a Specified Port ..........47-9 48 TPP Configuration ..........................
Page 29 50.2.4 Enabling Switches in Log System ..............50-4 50.2.5 Enabling Log Statistics .................50-4 50.2.6 Enabling the Sequential Number Switch of Log Information .......50-4 50.2.7 Configuring the Log Information Displaying Level ........50-4 50.2.8 Configuring the Log Information Device Value ..........50-6 50.2.9 Configuring the Source Address of Log Packets .........50-7 50.2.10 Setting the Function of Sending User Logs ..........50-7 50.3 Log Monitoring .........................50-8...
Page 31: Command Line Interface Configuration
DGS-3610 Series Configuration Guide Chapter 1 Command Line Interface Configuration Command Line Interface Configuration This chapter describes how to use the command line interface. You can also manage the equipment using the command line interface. This chapter covers the following: Command Mode ...
Page 32 Chapter 1 Command Line Interface Configuration DGS-3610 Series Configuration Guide To enter any of the configuration modes, first enter global configuration mode. From global configuration mode, you can access any of the configuration sub-modes like interface configuration mode. The following table lists the command modes, how to access each mode, prompts of the mode, and how to exit the modes.
Page 33: Obtaining Help
DGS-3610 Series Configuration Guide Chapter 1 Command Line Interface Configuration Command Access About this Prompt Exit or access next mode mode method mode Input the To return to Privileged EXEC interface mode, input end command or Configure Interface command to various Ctrl+C.
Page 34: Abbreviating Commands
Chapter 1 Command Line Interface Configuration DGS-3610 Series Configuration Guide Command Description Lists the next variable associated with the keyword. Example: DGS-3610(config)# snmp-server command keyword ? community ? WORD SNMP community string Abbreviating Commands To abbreviate a command, simply enter part of the command keyword, but this part should uniquely identify the command keyword.
Page 35: Using History Commands
DGS-3610 Series Configuration Guide Chapter 1 Command Line Interface Configuration Error message Meaning How to obtain help If you input insufficient Re-input the command and a question % Ambiguous characters, the network mark immediately after the ambiguous equipment can not identify the word.
Page 36: Edit Shortcut Keys
Chapter 1 Command Line Interface Configuration DGS-3610 Series Configuration Guide 1.7.1 Edit Shortcut Keys The following table lists the edit shortcut keys. Function Shortcut Key Description Left direction key or Move the cursor left by one character. Ctrl-B Right direction key or Move the cursor right by one character.
Page 37: Filtration And Lookup Of Cli Output Information
DGS-3610 Series Configuration Guide Chapter 1 Command Line Interface Configuration left by 20 characters, and the hidden beginning part is replaced by "$" on the screen. The line moves left by 20 characters every time the cursor reaches the right border. mac-address-table static 00d0.f800.0c0c vlan 1 interface $tatic 00d0.f800.0c0c vlan 1 interface fastEthernet $tatic 00d0.f800.0c0c vlan 1 interface fastEthernet 0/1...
Page 38: Using Command Alias
Chapter 1 Command Line Interface Configuration DGS-3610 Series Configuration Guide To look up and filter the output content from the show command, it is necessary to input the pipeline sign (vertical line, ―|‖). After the pipeline character, you can select the lookup and filtration rules and content (character or string). The content Caution for the lookup and filtration should be case sensitive.
Page 39: Accessing Cli
DGS-3610 Series Configuration Guide Chapter 1 Command Line Interface Configuration The alias must begin with the first character from the command line entered, and there should not be blank before it. As above example, it will not indicate the legal alias if the blank is entered before the command.
Page 41: Configuration Of Switch Basic Management
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management Configuration of Switch Basic Management Overview This chapter describes how to manage our switches: Access Control by Command Authorization  Logon Authentication Control  System Time Configuration  Scheduled Restart ...
Page 42: Default Password And Privilege Level Configuration
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide password is encrypted before stored into the configuration file, and the clear text password is changed to the encrypted text password. The enable secret command uses a private encryption algorithm. 2.2.2 Default Password and Privilege Level Configuration...
Page 43: Configuration Of Command Authorization
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management each mode. By configuring passwords for different levels, you can allow different authorized levels to use different commands aggregate. When no password is set for the privileged user level, no password is verified to enter into the privileged level.
Page 44: Configuring Line Password Protection
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide DGS-3610(config)# enable secret level 1 0 test DGS-3610(config)# end Enter the level 1, you can see the command and its subcommand: DGS-3610# disable 1 DGS-3610> reload ? reload at a specific time/date cancel cancel pending reload scheme reload after a time interval...
Page 45: Logon Authentication Control
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management Command Purpose DGS-3610(config-line)# lockable Enable the function for locking the line terminal DGS-3610# lock Lock the current line terminal Logon Authentication Control 2.3.1 Overview In the previous section, we have described how to control the access to the network devices by configuring the password stored in local files.
Page 46: Configuring Line Logon Authentication
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide 2.3.3 Configuring Line Logon Authentication To establish the line logon identity authentication, run the following specific commands in the line configuration mode: Command Function Set local authentication for line logon not in AAA DGS-3610(config-line)# login local mode.
Page 47: Setting The System Time And Date
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management Command Function DGS-3610# clock set hh:mm:ss month Setting the time and date of the system day year For example to change the system time to 2003-6-20, 10:10:12- DGS-3610# clock set 10:10:12 6 20 2003 //Set the system time and date DGS-3610# show clock //Confirm the Modification of the system time is...
Page 48: Specifying The System To Restart At A Specific Time
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide will fail because the default date will be in the January in this year when the year is not specified. The usage of string is just like above. For example, if the current system time is 14:31 on January 10, 2005, and you want the system to reload tomorrow, you can input reload at 08:30 11 1 newday.
Page 49: Specifying The System To Restart After A Period Of Time
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management 2.5.3 Specifying the System to Restart after a Period of Time In the privileged mode, you can configure the system reload in the specified time with the following commands: Command Function DGS-3610# reload in...
Page 50: Configuring A System Name
The following example shows how to changes the device name to DGS-3610 series: DGS-3610# configure terminal //Enter to the global configuration mode. DGS-3610(config)# hostname DGS-3610 //Set the network device name to D-Link D-Link(config)# //The name has been modified successfully. 2.6.3 Configuring a Command Prompt...
Page 51: Configuring A Message-Of-The-Day
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management banner: a message-of-the-day (MOTD) and a login banner. The MOTD is used for all users who connect to the network devices. When users log in the network devices, the notification message will be displayed in the terminal firstly.
Page 52: Displaying A Banner
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide Command Function Set the text of login banner. c denotes for the delimiter, it can be any characters of your choice (for example, a pound sign ‗&‘ etc.). After inputting the delimiting character, press the Enter key.
Page 53: Viewing System Information And Version
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management 2.8.2 Viewing System Information and Version System information consists of system description, system power-on time, hardware version of the system , software version of the system , the software version of CTRL layer, and the software version of BOOT layer.
Page 54: Using Telnet On The Network Devices
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide Command Function Set the console transmission rate, in bps. For the serial interface, you can only set the transmission rate as one of DGS-3610(config-line)# speed speed 9600, 19200, 38400, 57600 and 115200. 9600 is the default rate.
Page 55: Using Telnet Client
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management Figure 2-1 2.10.2 Using Telnet Client You can log in to a remote devices by using the telnet command on the network device: Command Function By using this command telnet to log in the remote DGS-3610# telnet host-ip-address devices , It may be the host name or IP address.
Page 56: Session Timeout
Chapter 2 Configuration of Switch Basic Management DGS-3610 Series Configuration Guide The timeout setting in the LINE can be cancelled by using the no exec-timeout command in the LINE configuration mode. DGS-3610# configure terminal //Enter the global configuration mode. DGS-3610# line vty 0 //Enter the LINE configuration mode DGS-3610(config-line)#exec-timeout 20 //Set the timeout to 20min...
Page 57: Setting Of Service Switch
DGS-3610 Series Configuration Guide Chapter 2 Configuration of Switch Basic Management Running Result: DGS-3610# execute flash:line_rcms_script.text executing script file line_rcms_script.text ..executing done DGS-3610# configure terminal Enter configuration commands, one per line. End with CNTL/Z. DGS-3610(config)# line vty 1 16 DGS-3610(config-line)# transport input all DGS-3610(config-line)# no exec DGS-3610(config-line)# end...
Page 59: Line Mode Configuration
DGS-3610 Series Configuration Guide Chapter 3 LINE Mode Configuration LINE Mode Configuration Overview This chapter describes some operations on LINE: Enter the LINE mode  Increase/decrease LINE VTY quantity  Configure the allowed communication protocol in LINE  LINE Mode Configuration 3.2.1 Enter the LINE mode After entering the specific LINE mode, it is possible to configure the specific LINE in the LINE...
Page 60: Configure The Allowed Communication Protocol In Line
Chapter 3 LINE Mode Configuration DGS-3610 Series Configuration Guide 3.2.3 Configure the allowed communication protocol in LINE To limit the allowed communication protocol type in the LINE, this command can be used for the configuration. By default, the VTY type allows the communication of all protocols, while the other types of TTY do not allow the communication of any protocol.
Page 61: Configuration Of System Upgrade And Maintenance
DGS-3610 Series Configuration Guide Chapter 4 Configuration of System Upgrade and Maintenance Configuration of System Upgrade and Maintenance Overview The upgrade and maintenance of the system are the process to upgrade or upload/download files via the main program or CTRL program on the command line interface in two ways:the one is upgraded by using the TFTP protocol through the network port, the other is upgraded by using the Xmodem protocol through the serial port.
Page 62: Transferring Files By Using The Xmodem Protocol
Chapter 4 Configuration of System Upgrade and Maintenance DGS-3610 Series Configuration Guide Before uploading, firstly start the TFTP server software at the local host. Then, select the destination directory for the file to upload at the host. Finally, upload the files by using the following commands in the privilege mode.
Page 63 DGS-3610 Series Configuration Guide Chapter 4 Configuration of System Upgrade and Maintenance Figure 4-2 Command Function Download a file from the host to the device and name DGS-3610# copy xmodem flash:filename it filename. In the CLI command mode, upload the files by performing the following steps: Prior to upload, firstly log in to the out-band management interface of the device through the Windows Super Terminal.
Page 64: Upgrade The System
Chapter 4 Configuration of System Upgrade and Maintenance DGS-3610 Series Configuration Guide Figure 4-4 Command Function Upload the file filename from the device to the host. DGS-3610# copy flash:filename xmodem 4.2.3 Upgrade the System Whatever the box device or chassis device, you can use above tftp or xmodem to transmit the upgraded files to the device.
Page 65 DGS-3610 Series Configuration Guide Chapter 4 Configuration of System Upgrade and Maintenance Whenever you upgrade the master management board, the slave one (if any) is upgraded at the same time to keep the version consistent. The upgrade of a line card will upgrade all the line cards inserted into the device.Do not power off the device before the upgrade is completed.
Page 66 Chapter 4 Configuration of System Upgrade and Maintenance DGS-3610 Series Configuration Guide System restarting, for reason 'Upgrade product !'. The whole system of the management boards will finish the upgrade after the system restarted. Then the upgrade file of single board for loading the management board will be operated.
Page 67 DGS-3610 Series Configuration Guide Chapter 4 Configuration of System Upgrade and Maintenance During the process of upgrading or automatically upgrading, the prompt will be displayed for not allowing the system to reset. Once the same prompt appears, please do not power off or reset the system or Caution plug/unplug other modules casually.
Page 69: Network Communication Detection Tools
DGS-3610 Series Configuration Guide Chapter 5 Network Communication Detection Tools Network Communication Detection Tools Ping Connectivity Test For the connectivity test of networks, many network devices support the Echo protocol. The protocol involves sending a special packet to a specified network address and waiting for the packet returned from the address.
Page 70: Traceroute Connectivity Test
Chapter 5 Network Communication Detection Tools DGS-3610 Series Configuration Guide !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 2/2/3 ms DGS-3610# Traceroute Connectivity Test The Traceroute command can be used to show all the gateways that the packet passes through from the source to the destination.
Page 71 DGS-3610 Series Configuration Guide Chapter 5 Network Communication Detection Tools source address. At the same time, we know the time it takes the network packet to reach the gateway. This is very useful for network analysis. Traceroute example where some gateways in a network are not connected: DGS-3610# traceroute 202.108.37.42 <...
Page 73: Configuring Interfaces
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces Configuring Interfaces Overview of Interface Types This chapter provides the classification of interfaces used in DGS-3610 series as well as a precise definition of each type. Interfaces on DGS-3610 series are classified into two types: L2 Interfaces ...
Page 74 Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide Tagged frame with VID 0  Untagged frame Access Port receives frames without tags, and adds a default VLAN as the tag to the frames without tags. The added tag will be removed before the frames are sent. Tagged frame The Access port handles the data frames with tags in the following ways: When VID (VLAN ID) in the TAG is the same as the default VLAN ID, the data frame is...
Page 75: L3 Interfaces
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces When the Trunk Port receives a frame with a tag where the VID is different from the  Native vlan of this Trunk port, but VID is the VLAN ID that the port allows, the frame is accepted.
Page 76 Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide 6.1.2.1 SVI (Switch virtual interface) SVI, short for Switch Virtual Interface, is used to implement the logical interface for layer 3 switching. SVI can work as the management interface of the local computer. This interface allows administrator to manage devices.
Page 77: Configuring Interfaces
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces However, when a port is a member port of an L2 Aggregate Port, the switchport/ no switchport commands will not be used for swiching between the layers.. Caution 6.1.2.3 L3 Aggregate Ports Just like L2 Aggregate Port, the L3 Aggregate port is a logically aggregated port group that consists of multiple physical member ports.
Page 78: Using Interface Configuration Commands
Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide 6.2.2 Using Interface Configuration Commands You may use the interface command to enter interface configuration mode in global configuration mode. Command Function Input interface to enter interface configuration mode. You may also set the certain range of interfaces by using the DGS-3610(config)# interface interface range or interface range macro command.
Page 79 DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces Gigabitethernet slot/{the first port} - { the last port}; TenGigabitethernet slot/{the first port} - { the last port}; Aggregate Port Aggregate port number, - Aggregate port number in the range of 1~MAX;. Interfaces contained in an interface range must be of the same type, or all of them are fastethernet, gigabitethernet, or are Aggregate port, or SVI.
Page 80: Selecting Interface Medium Type
Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide – vlan vlan-ID - vlan-ID, with VLAN ID in the range of 1~4094; – fastethernet slot/{the first port} - { the last port}; – gigabitethernet slot/{the first port} - { the last port}; –...
Page 81: Setting Description And Management Status Of The Interface
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces The ports configured as the member of Aggregate Port must have the same media type. Otherwise, they cannot be added to the AP. The port type of Aggregate Port member ports cannot be changed. Command Function DGS-3610(config-if)# medium-type { fiber |...
Page 82: Setting Speed, Duplexing, And Flow Control For Interfaces
Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide DGS-3610# configure terminal DGS-3610(config)# interface gigabitethernet 1/2 DGS-3610(config-if)# shutdown DGS-3610(config-if)# end 6.2.6 Setting Speed, Duplexing, and Flow Control for Interfaces The section describes how to set the speed rate, duplex , and flow control for interfaces. The following command is only valid for Switch Port and Routed Port.
Page 83: Configuring L2 Interfaces
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces MTU refers to the length of a valid data segment in a frame, excluding the overhead of Ethernet encapsulation. The MTU of a port is checked during input but not output. The MTU will not be checked at output.
Page 84 Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide Attribute Default Configuration Aggregate port None Storm Control Port protection Port Security 6.2.8.1 Configuring Switch Port 6.2.8.1.1 Configuring Access/Trunk Port This section is described to the operation modes(access/trunk port) of setting the Switchport of and the related configuration in each mode.
Page 85 DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces The following example shows how to set the native vlan of the trunk port Gigabitethernet 2/1 to 10. DGS-3610# configure terminal Enter configuration commands, one per line. End with CNTL/Z. DGS-3610(config)# interface gigabitethernet 2/1 DGS-3610(config-if)# switchport trunk native vlan 10 DGS-3610(config-if)# end Set the port-security.
Page 86: Configuring L3 Interfaces
Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide Command Description switchport hybrid allowed vlan Set the output rule for the port [[add] [tagged | untaged]] |remove ] vlist DGS-3610# configure terminal DGS-3610(config)# interface g 0/1 DGS-3610(config-if)# switchport mode hybrid DGS-3610(config-if)# switchport hybrid native vlan 3 DGS-3610(config-if)# switchport hybrid allowed vlan untagged 20-30 DGS-3610(config-if)# end DGS-3610# show running interface g 0/1...
Page 87 DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces Command Function DGS-3610(config-if)# ip address ip_address subnet_mask {[secondary | tertiary | Configure the IP address and subnet mask. quartus][broadcast]} To delete the IP address of an L3 interface, use the no ip address command in interface configuration mode.
Page 88 Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide You may create a Routed port by using no switchport after you have entered an interface in interface mode. Create one Routed port and assign an IP address to the ROuted port: Command Function Shut down the interface and then change it to L3...
Page 89: Showing Interface Configuration And Status
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces DGS-3610(config-if)# no shutdown DGS-3610(config-if)# end Showing Interface Configuration and Status This section covers the showing content and the showing instances of the interface. You may view the interface status by using show command in privileged EXEC mode. To show interface status, use the following commands.
Page 90 Chapter 6 Configuring Interfaces DGS-3610 Series Configuration Guide VLAN : V5 Description : SVI 5 AdminStatus : up OperStatus : down Primary Internet address : 192.168.65.230/24 Broadcast address : 192.168.65.255 PhysAddress : 00d0.f800.0001 LastChange : 0:0h:0m:5s The following is an example of showing the status of aggregate port 3. DGS-3610# show interfaces aggregateport 3: Interface : AggreatePort 3...
Page 91: Linktrap Policy Configuration
DGS-3610 Series Configuration Guide Chapter 6 Configuring Interfaces OutUcastPkts : 17284 OutMulticastPkts : 249 OutBroadcastPkts : 336 Undersize packets Oversize packets collisions Fragments Jabbers CRC alignment errors AlignmentErrors FCSErrors dropped packet events (due to lack of resources): 0 packets received of length (in octets): 64:46264, 65-127: 47427, 128-255: 3478, 256-511: 658, 512-1023: 18016, 1024-1518: 125 LinkTrap Policy Configuration...
Page 93: Aggregate Port Configuration
AP will not be forwarded to other member links. Figure 7-1 Typical AP configurations DGS-3610 Series DGS-3610 Series D-Link Switch D-Link Switch 7.1.2 Understanding Traffic Balancing The AP can evenly distribute the traffic to the member links of the AP according to the...
Page 94 Chapter 7 Aggregate Port Configuration DGS-3610 Series Configuration Guide MAC address + destination MAC address, source IP address, destination IP address and source IP address + destination IP address packets. The aggregateport load-balance command can be used to set the traffic distribution style. The source MAC address traffic balance balancing means that the messages are distributed onto each member link of AP according to the source MAC addresses of the packets.
Page 95: Configuring Aggregate Port
DGS-3610 Series Configuration Guide Chapter 7 Aggregate Port Configuration Figure 7-2 AP traffic balancing Source MAC based traffic distribution Aggregate Link Destination MAC based traffic distribution Configuring Aggregate Port 7.2.1 Default Configurations of Aggregate Port The default configurations of AP are shown in the table below. Attribute Default value Layer-2 AP interface...
Page 96: Configuring Layer-3 Aggregate Port
Chapter 7 Aggregate Port Configuration DGS-3610 Series Configuration Guide Once a port is added to an AP, the attributes of the port will be replaced by those of the AP. Once a port is removed from an AP, the attributes of the port will be restored as those before it is added to the AP.
Page 97: Configuring Traffic Balancing Of Aggregate Port
DGS-3610 Series Configuration Guide Chapter 7 Aggregate Port Configuration 7.2.5 Configuring Traffic Balancing of Aggregate Port In the configuration mode, configure the traffic balancing for the AP by performing the following steps: Command Function Set the AP traffic balancing and select the algorithm to be used: dst-mac: Traffic is distributed according to the destination MAC addresses of the input packets.
Page 98: Showing Aggregate Port
Chapter 7 Aggregate Port Configuration DGS-3610 Series Configuration Guide Showing Aggregate Port In the privileged mode, show the AP configuration by performing the following steps. Command Function DGS-3610# show aggregateport Show the AP settings. [port-number]{load-balance | summary} DGS-3610# show aggregateport load-balance Load-balance : Source MAC address DGS-3610# show aggregateport 1 summary AggregatePort MaxPorts SwitchPort Mode...
Page 99: Vlan Configuration
DGS-3610 Series Configuration Guide Chapter 8 VLAN Configuration VLAN Configuration This chapter describes how to configure IEEE802.1q VLAN. Overview Virtual Local Area Network (VLAN) is a logical network divided on a physical network. VLAN corresponds to the L2 network in the ISO model. The division of VLAN is not restricted by the physical locations of network ports.
Page 100: Supported Vlan
Chapter 8 VLAN Configuration DGS-3610 Series Configuration Guide device must be used for communication between VLANs. DGS-3610 series can perform IP routing between VLANs through the SVI (Switch Virtual Interfaces). For the configuration about the SVI, please see Interface Management Configuration and Configuring IP Unicast Routing Configuration.
Page 101: Default Vlan Configuration
DGS-3610 Series Configuration Guide Chapter 8 VLAN Configuration 8.2.2 Default VLAN Configuration Parameter Default value Range VLAN ID 1-4094 VLAN Name VLAN xxxx, where xxxx is the VLAN ID No range VLAN State Active Active, Inactive 8.2.3 Creating/Modifying a VLAN In the privileged mode, you can create or modify a VLAN.
Page 102: Configuring Vlan Trunks
Chapter 8 VLAN Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-if)# switchport Define the VLAN member type of the interface (L2 ACCESS port) mode access DGS-3610(config-if)# switchport Assign the port to one VLAN. access vlan vlan-id The following example add Ethernet 1/10 to VLAN20 as an access interface: DGS-3610# configure terminal DGS-3610(config)# interface fastethernet 1/10 DGS-3610(config-if)# switchport mode access...
Page 103 DGS-3610 Series Configuration Guide Chapter 8 VLAN Configuration Figure 8-2 DGS-3610 Switch Switch Switch Switch You can set one common Ethernet port or one Aggregate Port to a Trunk port (For the details of Aggregate Port, see Configuring Aggregate Port). To switch an interface between the ACCESS mode and TRUNK mode, use the switchport mode command: Command...
Page 104: Configuring A Trunk Port
Chapter 8 VLAN Configuration DGS-3610 Series Configuration Guide 8.3.2 Configuring a Trunk Port 8.3.2.1 Trunk Port Basic Configuration In the privileged mode, an interface can be configured to a Trunk port. Command Function DGS-3610(config-if)# switchport Define the interface type as a L2 trunk port. mode trunk DGS-3610(config-if)# switchport Specify one Native VLAN for the interface.
Page 105: Configure Native Vlan
DGS-3610 Series Configuration Guide Chapter 8 VLAN Configuration DGS-3610# show interfaces fastethernet 1/15 switchport Switchport is enabled Mode is trunk port Acsess vlan is 1,Native vlan is 1 Protected is disabled Vlan lists is 1,3-4094 8.3.4 Configure Native VLAN. One trunk port can receive/send TAG or UNTAG 802.1Q frames. The UNTAG frames are used to transmit the traffic of the Native VLAN.
Page 106 Chapter 8 VLAN Configuration DGS-3610 Series Configuration Guide GigabitEthernet 3/7 GigabitEthernet 3/8 GigabitEthernet 3/9 GigabitEthernet 3/10 GigabitEthernet 3/11 GigabitEthernet 3/12 VLAN[6] "VLAN0006" GigabitEthernet 3/1 DGS-3610#show vlan id 1 VLAN[1] "VLAN0001" GigabitEthernet 3/1 GigabitEthernet 3/2 GigabitEthernet 3/3 GigabitEthernet 3/4 GigabitEthernet 3/5 GigabitEthernet 3/6 GigabitEthernet 3/7 GigabitEthernet 3/8...
Page 107: Super Vlan Configuration
DGS-3610 Series Configuration Guide Chapter 9 Super VLAN Configuration Super VLAN Configuration This chapter describes the Super VLAN configuration of DGS-3610 series. Overview Super VLAN is a method for VLAN division. Super VLAN, also called VLAN aggregate, is a management technology for optimizing the IP addresses. Its principle is to assign the IP address of a network segment to different sub VLANs that belong to the same Super VLAN.
Page 108: Configuring Super Vlan
Chapter 9 Super VLAN Configuration DGS-3610 Series Configuration Guide The process of communication between two aggregated sub VLANs when the VLAN is aggregated is described below. See the above diagram: Sub VLAN2 and Sub VLAN4 are aggregated to Super VLAN3. An IP sub-net is assigned to Super VLAN3, and both Sub VLAN2 and Sub VLAN4 are located in this subnet.
Page 109: Configuring Sub Vlan Of Super Vlan
DGS-3610 Series Configuration Guide Chapter 9 Super VLAN Configuration Configuring Sub VLAN of Super VLAN SuperVLAN is meaningful only when SubVLAN is configured for it. To make VLAN belong to the sub VLAN of Super VLAN, use the following comands. Note: Sub VLAN configuration may fail due to lack of resources.
Page 110: Setting Virtual Interface For Super Vlan
Chapter 9 Super VLAN Configuration DGS-3610 Series Configuration Guide Users can delete the previous configurations by executing no subvlan-address-range. Caution Setting Virtual Interface for Super VLAN When a user in Sub VLAN needs to perform layer 3 communication, a virtual layer 3 interface that corresponds to the Super VLAN should be created first.
Page 111: Showing Super Vlan Setting
DGS-3610 Series Configuration Guide Chapter 9 Super VLAN Configuration Showing Super VLAN Setting Show the Super VLAN setting using the following command. Command Function DGS-3610# show supervlan Show Supervlan setting Configuration Example Figure 9-2 SuperVLAN 3 SVI 3: 192.168.1.1/24 SubVLAN 2 SubVLAN 4 SuperVLAN is used in the above diagram, .To allow the host of Sub VLAN2 and that of SubVLAN4 to communicate with each other, the device can be configured as follows: (only...
Page 112 Chapter 9 Super VLAN Configuration DGS-3610 Series Configuration Guide # Add a member port for SubVLAN2 switchport access vlan 2 interface GigabitEthernet 0/25 # Add a member port for SubVLAN4 switchport access vlan 4 # Create a virtual layer 3 interface that corresponds to Super VLAN interface Vlan 3 ip address 192.168.1.1 255.255.255.0...
Page 113: Protocol Vlan Configuration
DGS-3610 Series Configuration Guide Chapter 10 Protocol VLAN Configuration Protocol VLAN Configuration 10.1 Protocol VLAN Technology Every packet that the device port receives should be classified based on VLAN, so that the packet belongs to a unique VLAN. There are three possibilities: If the packet is an empty VLAN ID packet (UNTAG or Priority packet), and the device only supports port-based VLAN classification, the VLAN ID in the tag added to the packet is the PVID of the input port.
Page 114: Configuring Protocol Vlan
Chapter 10 Protocol VLAN Configuration DGS-3610 Series Configuration Guide address-based and packet type and Ethernet type-based VLAN classifications, and the input packet matches them both, the IP address-based VLAN classification takes effect. It‘s better to configure the Protocol VLAN after finishing the configuration of VLAN, and the Trunk, Access and AP attributes of the port.
Page 115: Configuring The Profile Of Packet Type And Ethernet Type
DGS-3610 Series Configuration Guide Chapter 10 Protocol VLAN Configuration 10.2.3 Configuring the Profile of Packet Type and Ethernet Type Configure the packet type and Ethernet type using the following commands: Command Description Enter configuration mode configure terminal protocol-vlan profile id frame-type Configuring profile of packet type and Ethernet type [type] ether-type [type] Delete certain profile configuration...
Page 116: Showing Protocol Vlan
Chapter 10 Protocol VLAN Configuration DGS-3610 Series Configuration Guide Command Description Clear certain profile on this port no protocol-vlan profile id Exit the interface mode The following example applies profile 1 and profile 2 to the GE port 1 of Slot 3. The VLAN is classfied to VLAN 101 and 102: DGS-3610# configure terminal DGS-3610(config)# interface gi 3/1...
Page 117: Private Vlan Configuration
DGS-3610 Series Configuration Guide Chapter 11 Private VLAN Configuration Private VLAN Configuration 11.1 Private VLAN Technology If the service provider offers a VLAN to each subscriber, the service provider supports a limited number of subscribers because one device supports 4096 VLANs at most. On the layer 3 devices, each VLAN is assigned with a subnet address or a series of addresses, which results in IP address waste.
Page 118: Private Vlan Configuration
Chapter 11 Private VLAN Configuration DGS-3610 Series Configuration Guide 11.2 Private VLAN Configuration 11.2.1 Default Private VLAN Setting No Private VLAN is configured by default. 11.2.2 Configuring VLAN as a Private VLAN Configure through using the following commands: Command Description Enter configuration mode configure terminal Enter VLAN configuration mode...
Page 119: Associating Secondary Vlan With Primary Vlan
DGS-3610 Series Configuration Guide Chapter 11 Private VLAN Configuration VLAN Type Status Routed Interface Associated VLANs --- ---- -------- ------ --------- ------------------ 303 comm inactive Disabled no association 404 isol inactive Disabled no association 11.2.3 Associating Secondary VLAN with Primary VLAN The secondary VLAN can be associated with the primary VLAN using the following commands: Command...
Page 120: Mapping Layer 3 Interfaces Of Secondary Vlan And Primary Vlan
Chapter 11 Private VLAN Configuration DGS-3610 Series Configuration Guide 11.2.4 Mapping Layer 3 Interfaces of Secondary VLAN and Primary VLAN You can perform the following configuration to complete the command: Command Description Enter configuration mode configure terminal Enter interface mode of Primary VLAN interface vlan p_vid Map Secondary VLAN to the SVI layer 3 switching of private-vlan mapping...
Page 121: Configuring Layer 2 Interface As Promiscuous Port Of Private Vlan
DGS-3610 Series Configuration Guide Chapter 11 Private VLAN Configuration For example: DGS-3610# configure terminal DGS-3610(config)# interface gigabitEthernet 0/2 DGS-3610(config-if)# switchport mode private-vlan host DGS-3610(config-if)# switchport private-vlan host-association 202 203 DGS-3610(config-if)# end DGS-3610# Primary VLAN and Secondary VLAN in this process are associated. Note 11.2.6 Configuring Layer 2 Interface as...
Page 122: Private Vlan Showing
Chapter 11 Private VLAN Configuration DGS-3610 Series Configuration Guide 11.3 Private VLAN Showing 11.3.1 Showing private VLAN You can show the contents of Private VLAN using the following commands: Command Description show vlan private-vlan [type] Show the contents of private VLAN DGS-3610# show vlan private-vlan VLAN Type Status Routed...
Page 123: Understanding 802.1Q Tunneling
DGS-3610 Series Configuration Guide Chapter 12 802.1Q Tunneling 802.1Q Tunneling 12.1 Understanding 802.1Q Tunneling The commercial users of the network service providers usually have special requirements for the supported VLAN and VLAN IDs. There may be superposition in the range of the VLANs needed by the users of the same vendor, and the switching channels of different users through the core network of the vendors may be mixed together.
Page 124 Chapter 12 802.1Q Tunneling DGS-3610 Series Configuration Guide The frames from the user end Trunk port to the tunnel port of the network edge device of the vendor are usually carrying IEEE 802.1Q Tag with one VLAN ID. After the frames enter the tunnel port, they will be added with another 802.1Q Tag (called the vendor Tag) to include another VLAN ID that varies with every individual user.
Page 125: Configuring 802.1Q Tunneling
DGS-3610 Series Configuration Guide Chapter 12 802.1Q Tunneling 12.2 Configuring 802.1Q tunneling This chapter includes: Default Configurations of the 802.1Q Tunneling  802.1Q Tunneling Configuration Guide  Restriction of 802.1Q Tunneling Configuration  Configuring an 802.1Q Tunneling Port  Configuring an Uplink Port ...
Page 126: Restriction Of 802.1Q Tunneling Configuration
Chapter 12 802.1Q Tunneling DGS-3610 Series Configuration Guide 12.2.3 Restriction of 802.1Q Tunneling Configuration The following restrictions apply to configuration of 802.1Q tunneling: The routing ports cannot be configured as tunnel ports.  The AP port can be configured as a tunnel port. ...
Page 127: Configuring An Uplink Port
DGS-3610 Series Configuration Guide Chapter 12 802.1Q Tunneling 12.2.5 Configuring an Uplink Port In the global configuration mode, using the interface command to enter the interface configuration mode. Follow these steps to configure the tunnel port: Command Description Enter the global configuration mode. configure terminal Enter the interface configuration mode.
Page 128: Configuring Priority Duplication Of User Tag
Chapter 12 802.1Q Tunneling DGS-3610 Series Configuration Guide 12.2.7 Configuring Priority Duplication of User Tag In the global configuration mode, using interface command to enter the interface configuration mode. Follow these steps to perform configuration: Command Description Enter configuration mode configure terminal Enter the interface configuration mode.
Page 129: Mac Address Configuration
DGS-3610 Series Configuration Guide Chapter 13 MAC Address Configuration MAC Address Configuration 13.1 Managing the MAC Address Table 13.1.1 Overview The MAC address table contains address information used for forwarding packets between ports. The MAC address table includes three types of addresses: Dynamic address, Static address, Filtering address.
Page 130: Configuring Mac Address
Chapter 13 MAC Address Configuration DGS-3610 Series Configuration Guide 13.1.1.2 Static Address A static address is a MAC address manually configured. Static address is the same as the dynamic address in function, but oppositely, static address canl only be added and deleted manually (instead of learning and aging).
Page 131 DGS-3610 Series Configuration Guide Chapter 13 MAC Address Configuration 13.1.2.2 Setting the Address Aging Time The following table shows how to set the aging time of address: Command Function Set the interval for keeping an addresse learnt in the dynamic address table , in seconds, the range is DGS-3610(config)# mac-address-table within 10-1000000 seconds.
Page 132 Chapter 13 MAC Address Configuration DGS-3610 Series Configuration Guide Command Function mac-addr: Specify the destination MAC address that the entry corresponds to. vlan-id: Specify the VLAN to which this address belongs. DGS-3610(config)# mac-address-table interface-id, specify the interface (it can be physical port or aggregate port) to which the received packet static mac-add vlan vlan-id interface is forwarded.
Page 133: Viewing Mac Addresses Information
DGS-3610 Series Configuration Guide Chapter 13 MAC Address Configuration 13.1.3 Viewing MAC Addresses Information View information of the MAC address table in the device: Command Function Show all types of MAC addresses information (including dynamic address, static address and DGS-3610# show mac-address-table filtering address) DGS-3610# show mac-address-table Show the current aging time of the address...
Page 134: The Changing Notification Of The Mac Address
Chapter 13 MAC Address Configuration DGS-3610 Series Configuration Guide The total address space of the MAC address table available on the DGS-3610 series devices is 16384. Caution Show the setting of address aging time: DGS-3610# show mac-address-table aging-time Aging time : 300 13.2 The Changing Notification of the MAC Address...
Page 135: Configuring Mac Address Changing Notification Function
DGS-3610 Series Configuration Guide Chapter 13 MAC Address Configuration MAC address notifications are generated only for dynamic addresses, and notifications are not generated for static addresses. Caution 13.2.2 Configuring MAC Address Changing Notification Function By default, the global switch of MAC address is disabled, so all the functions of MAC address notification are disabled on all interfaces.
Page 136: Viewing The Informationmac Address Change Notification
Chapter 13 MAC Address Configuration DGS-3610 Series Configuration Guide This example shows how to enable the MAC address notification function and send the Trap of MAC address change notification to the NMS with the IP address 192.168.12.54 with the authentication name public. The interval of generating the MAC address change notification is 40 seconds.
Page 137: Ip And Mac Address Binding
DGS-3610 Series Configuration Guide Chapter 13 MAC Address Configuration DGS-3610# show mac-address-table notification history History Index:1 Entry Timestamp: 15091 MAC Changed Message : Operation VLAN MAC Address Interface ---------- ---- -------------- -------------------- Added 00d0.f808.3cc9 Gi1/1 Removed 00d0.f808.0c0c Gi1/1 History Index:2 Entry Timestamp: 21891 MAC Changed Message : Operation...
Page 138: Configuring The Exceptional Ports For Address Binding
Chapter 13 MAC Address Configuration DGS-3610 Series Configuration Guide DGS-3610# show address-bind IP Address Binding MAC Addr ---------- ----------------------- 3.3.3.3 00d0.f811.1112 3.3.3.4 00d0.f811.1117 13.3.4 Configuring the Exceptional Ports for Address Binding If you wish the address binding policy not to take effect on special ports, you can set these ports as the exceptional ports.
Page 139: Dhcp Snooping Configuration
DGS-3610 Series Configuration Guide Chapter 14 DHCP Snooping Configuration DHCP Snooping Configuration 14.1 DHCP Snooping Overview 14.1.1 Understanding DHCP The DHCP is widely used to dynamically allocate the reusable network resources, for example, IP address. A typical IP acquisition process using DHCP is shown below: Figure 14-1 The DHCP Client sends a DHCP DISCOVER broadcast packet to the DHCP Server.
Page 140: Understanding Dhcp Snooping
Chapter 14 DHCP Snooping Configuration DGS-3610 Series Configuration Guide 14.1.2 Understanding DHCP Snooping DHCP Snooping monitors users by snooping the packets between the client and the server. DHCP Snooping can also be used to filter DHCP packets. It can be configured properly to filter illegal servers.
Page 141: Related Security Functions Of Dhcp Snooping
DGS-3610 Series Configuration Guide Chapter 14 DHCP Snooping Configuration option82 can obtain more user information, so as to assign the IP to users more accurately. The format of option82 that uploaded by DHCP snooping is shown as follows: Figure 14-2 Agent Circuit ID Figure 14-3 Agent Remote ID 14.1.4 Related Security Functions of DHCP...
Page 142: Understanding Address Binding Function Of Dhcp Snooping
Chapter 14 DHCP Snooping Configuration DGS-3610 Series Configuration Guide When the address binding is used, the switch can only support the limited DHCP users for the limit of the hardware list item, if the users are too much on the switch, it may cause that the legal user can not add the hardware list item and use the network normally.
Page 143: Dhcp Snooping Configuration
DGS-3610 Series Configuration Guide Chapter 14 DHCP Snooping Configuration 14.2 DHCP Snooping Configuration 14.2.1 Configuration of Enabling and Disabling DHCP Snooping The DHCP Snooping function of the device is disabled by default. It can be enabled by using the ip dhcp snooping command to start monitoring DHCP packets. Command Description Enter configuration mode...
Page 144: Configuring Static Dhcp Snooping Information Option
Chapter 14 DHCP Snooping Configuration DGS-3610 Series Configuration Guide Command Description DGS-3610# configure terminal Enter configuration mode DGS-3610(config)# [no] ip dhcp snooping Set a DHCP static user to the DHCP bindingbinding mac-addrees vlan vlan_id ip snooping binding database ip-addressaddress interface interface-id The following example shows how to add a static user to Port 9 of the device: DGS-3610# configure terminal DGS-3610(config)# ip dhcp snooping binding 00d0.f801.0101 vlan 1 ip 192.168.4.243...
Page 145: Schedule Writing Of Dhcp Snooping Database Information To Flash
DGS-3610 Series Configuration Guide Chapter 14 DHCP Snooping Configuration Command Function DGS-3610# configure terminal Enter the configuration mode. DGS-3610(config)# interface interface Enter the interface configuration mode. Enable/disable the address binding function of DGS-3610(config-if)# [no] ip dhcp snooping DHCP snooping on the port address-bind The following configuration is to enable the address binding functions of snooping: DGS-3610# configure terminal...
Page 146: Writing Dhcp Snooping Database Information To Flash Manually
Chapter 14 DHCP Snooping Configuration DGS-3610 Series Configuration Guide 14.2.7 Writing DHCP Snooping Database Information to Flash Manually In order to prevent loss of DHCP user information in the device due to restart of device following electricity failure, you can write information in the current DHCP Snooping binding database to the flash manually if required in addition to schedule writing to the flash.
Page 147: Showing Dhcp Snooping Configuration
DGS-3610 Series Configuration Guide Chapter 14 DHCP Snooping Configuration Command Description DGS-3610# clear ip dhcp snooping binding Clear information from the current database The following example shows how to clear information from the current database manually: DGS-3610# clear ip dhcp snooping binding 14.3 Showing DHCP Snooping Configuration 14.3.1...
Page 149: Igmp Snooping Configuration
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration IGMP Snooping Configuration 15.1 Overview 15.1.1 Understanding IGMP Before understanding the IGMP, let us first describe the concept and function of IP multicast. On the Internet, the multimedia services such as video conference and video on demand (VOD) with the sending mode of single point to multiple-point are becoming an important part of information transmission.
Page 150 Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Figure 15-1 Point to multiple-point propagation mode Unicast: Multiple copies are needed. Host 1~3 Host 4 Server Broadcast: Host not wanting it also receives it Host 1~3 Host 4 Server Multicast provides a good Multicast provides a good solution to this problem solution to this problem...
Page 151 DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration group connected. Currently, there are three versions of IGMP: IGMPv1 is described in rfc 1112, IGMPv2 is described in rfc 2236, and IGMPv3 is described in RFC 3376. We describe respectively, as below, how the host joins or leaves a multicast in IGMPv1, IGMPv2 (suppose joining in 224.1.1.1).
Page 152: Understanding Igmp Snooping
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Group-Specific Query: Used to query the members of the specified group under the  interface: Group-and-Source-Specific Query: This type is the new one in the IGMPv3, used to  query whether any member under the interface needs to receive the multicast traffic of the particular group from the sources in the specified source list.
Page 153 DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration Figure 15-2 Router interface Other equipment or direct connection Host interface The messages sent from the host, such as IGMP Report, and IGMP Leave will be forwarded from this port to the router. Only the IGMP Query messages received from this port will be deemed as legal messages, and forwarded to the host port.
Page 154 Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Figure 15-4 Multicast router IGMP snooping Multicast server Multicast receiver The switch that supports IGMP snooping not only has to forward the multicast data the multicast flow receiver, but also has to forward the multicast data to the router interface, so that the multicast router can forward the multicast data flow to other networks.
Page 155: Understanding Operation Modes Of Igmp Snooping
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration 15.1.4 Understanding Operation Modes of IGMP Snooping DISABLE mode: In this mode, IGMP Snooping is not effective, that is, the switch does not ―snoop‖ the IGMP message between the host and the router or multicast frame when the broadcast is forwarded within the VLAN.
Page 156: Understanding Source Port Check
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide The IVGL mode and SVGL mode of IGMP Snooping provided by DGS-3610 strengthens the network application flexibility, enabling it to adapt to different network environment. 15.1.5 Understanding Source Port Check DGS-3610 series support IGMP SNOOPING source port check function and improve the security of the network.
Page 157: Configuring Igmp Snooping
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration Figure 15-6 Router interface Equipment requirement: The switch supports IGMP Snooping. Required setup: 1. Enable IGMP Snooping function. 2. Set upper link as router interface. Characteristics: 1. Simple configuration; 2. Effectively reducing broadcast storm, improving network bandwidth utilization rate. 15.2 Configuring IGMP Snooping We will describe how to configure IGMP snooping in the following chapters IGMP Snooping Default...
Page 158: Igmp Snooping Default
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide 15.2.1 IGMP Snooping Default IGMP snooping status DISABLE status All interfaces are not router interface, and do not Router interface conduct dynamic learning. Source port check IGMP Profile Entry is null, and the default action is deny. Multicast Vlan of SVGL VLAN 1 IGMP filtering...
Page 159: Configuring Router Interface
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration Command Function (Optional) Permit or deny this batch of multicast addresses ranges, and the default is deny. This DGS-3610(config-profile)# permit | action indicates: permit/deny these multicast deny addresses within the following ranges, and deny/permit other multicast addresses.
Page 160: Configuring The Range Of Multicast Frame Forwarded By Router Interface15-12
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Command Function Set the interface as router interface. Use the no form of this command to delete a router interface. You DGS-3610(config)# ip igmp can also configure the router interface for the switch Snooping vlan vlan-id to dynamically learn it..
Page 161: Configuring The Aging Time Of The Route Interface In Dynamic Learning
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration You can delete the association with the profile by using no ip igmp snooping vlan vlan-id mrouter interface interface-id profile. This example configures the range of multicast frame forwarded by the router interface: DGS-3610# configure terminal DGS-3610(config)# ip igmp Snooping vlan 1 mrouter interface gigabitEthernet 0/7 profile DGS-3610(config)# end...
Page 162: Configuring Svgl Mode
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config)# ip igmp Snooping ivgl Enable IGMP Snooping and set it to the IVGL mode. DGS-3610(config)# end Return to the privileged mode. Following example shows to enables IGMP Snooping and sets it to the IVGL mode: DGS-3610# configure Terminal DGS-3610(config)# IP igmp Snooping ivgl DGS-3610(config)# end...
Page 163: Configuring Disable Mode
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration 15.2.9 Configuring DISABLE Mode In the configuration mode, set IGMP Snooping to the DISABLE mode by performing the following steps: Command Function Disable IGMP Snooping DGS-3610(config)# no ip igmp snooping DGS-3610(config)# end Return to the privileged EXEC mode.
Page 164: Configuring Source Ip Check
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide 15.2.12 Configuring Source IP Check In the configuration mode, you can set igmp snooping source IP check by performing the following steps: Command Function DGS-3610(config)# ip igmp snooping Enable source IP check and add the multicast-source IP entry.
Page 165: Configuring Igmp Snooping Suppression
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration 15.2.14 Configuring IGMP Snooping Suppression In the configuration mode, set igmp snooping suppression by performing the following steps: Command Function DGS-3610(config)# ip igmp snooping Enable the suppression function on the switch. suppression enable DGS-3610(config)# end Return to the privileged mode.
Page 166: Configuration Igmp Filtering
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide DGS-3610(config)# show ip igmp snooping gda Abbr: M - mrouter D - dynamic S - static VLAN Address Member ports ---- -------------- ----------------------------- 224.1.1.1 GigabitEthernet 0/7(S) 15.2.16 Configuration IGMP Filtering In some cases, you may need to make a certain port receive only a special batch of multicast data flows, and control the maximum number of groups permitted to be dynamically added under this port.
Page 167: Viewing Current Mode
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration 15.3.1 Viewing Current Mode In the privileged mode, use the following command to view the current working mode and global configuration of IGMP Snooping: Command Function View the current operation mode of IGMP Snooping DGS-3610# show ip igmp snooping and global configuration.
Page 168: Viewing Dynamic Forwarding Table
Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610# show ip igmp snooping View the route connection port information of IGMP Snooping mrouter The following example shows to use the show ip igmp snooping command to view the IGMP Snooping router interface information: DGS-3610# show ip igmp snooping mrouter Vlan...
Page 169: Viewing Igmp Profile
DGS-3610 Series Configuration Guide Chapter 15 IGMP Snooping Configuration 15.3.6 Viewing IGMP Profile In the privileged mode, view the IGMP Profile information by using the following command: Command Function DGS-3610# show ip igmp profile View the IGMP Profile information. profile-number 15.3.7 Viewing IGMP Filtering In the privileged mode, view the IGMP Filtering configuring information by using the following...
Page 170 Chapter 15 IGMP Snooping Configuration DGS-3610 Series Configuration Guide function (deleting all address bindings) or delete the ACE of ACL occupying multiple masks, and the source port check can be enabled normally. When the IGMP Snooping or setting router interface is enabled, if the source port check is enabled, then the source port check function fails due to inadequate mask resource.
Page 171: Pim Snooping Configuration
DGS-3610 Series Configuration Guide Chapter 16 PIM Snooping Configuration PIM Snooping Configuration This chapter will describe how to configure the protocol independent multicast snooping on the DGS-3610 series. It will cover the content below: Understand the PIM snooping principle.  Configure the PIM snooping by default.
Page 172: Configuration Of Pim Snooping By Default
Chapter 16 PIM Snooping Configuration DGS-3610 Series Configuration Guide In the Figure 16-2, the multicast data only flows into the ports that connect to the multicast router B and C, but not flows into the router D. Figure 16-2 Multicast flow after PIM Snooping is Enabled Receiver Router A Router B...
Page 173: Enable Pim Snooping Globally
DGS-3610 Series Configuration Guide Chapter 16 PIM Snooping Configuration 16.4.1 Enable PIM Snooping Globally To enable the PIM snooping globally, execute the following tasks: Command Function DGS-3610(config)# ip pim snooping Enable the PIM snooping. DGS-3610(config)# no ip pim snooping Disable the PIM snooping. Exit the configuration mode.
Page 175: Mstp Configuration
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration MSTP Configuration 17.1 MSTP Overview 17.1.1 STP and RSTP 17.1.1.1 STP and RSTP Overview This device can support both the STP protocol and the RSTP protocol and comply with the IEEE 802.1D and IEEE 802.1w standards. The STP protocol is applied to avoid the broadcast storm generated in the link loop and provide the link redundant backup protocol.
Page 176 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.1.1.2 Bridge Protocol Data Units (BPDU): To span a stable tree-type topology, it should depend on the elements below: The unique bridge ID of each bridge consists of the bridge priority and the MAC ...
Page 177 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration 17.1.1.3 Bridge ID In accordance with the prescription of the IEEE 802.1W standard, each bridge should present unique Bridge ID, which will be taken as the standard to select the Root Bridge in the algorithm of the spanning tree.
Page 178 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide R = Root port D = Designated port A = Alternate port B = Backup port Unless otherwise stated, the priority of the port will be lowered from left to right. Figure 17-1 Figure 17-2 S h a r e d M e d i u m Figure 17-3...
Page 179 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration For the stable network topology, only the Root port and Designated port enter the Forwarding status, while other ports are only in the Discarding status. 17.1.1.6 Spanning of Network Topology Tree (Typical Application Solution) We now describe how the STP and RSTP protocol spans the mixed network topology to a tree-type structure.
Page 180 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Figure 17-5 If the failure of the active path between Switch A and Switch B occurs, the backup link will take action immediately to generate corresponding Figure 17-6. Figure 17-6 If the failure of the path between Switch B and Switch C occurs, the Switch C will switch the Alternate port to the Root port to generate the Figure 17-7.
Page 181 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Figure 17-7 17.1.1.7 Quick Convergence of RSTP We now introduce the special function of RSTP, which enables the ―quick‖ forwarding of the port. The STP protocol will carry out the forwarding after 30s since the port role is selected. Furthermore, the Root port and Designated port of each bridge will carry out the forwarding again after 30s, so it will take about 50s to stabilize the tree-type structure of the whole network topology.
Page 182 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Figure 17-8 Certain conditions must be met before the above "handshaking" process can take place, namely ―Point-to-point Connect‖ must be used between ports. In order to maximize the power of you device, do not use Caution non-point-to-point connection between devices.
Page 183 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Figure 17-9 Root bridge Shared Medium Figure 17-10 Root bridge Shared Medium In addition, the following figure is a ―point-to-point‖ connection and should be differentiated by users carefully. Figure 17-11 Root bridge Shared Medium 17-9...
Page 184: Mstp Overview
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.1.1.8 Compatibility of RSTP and STP The RSTP protocol is completely compatible with the STP protocol, and will automatically judge whether the bridge connected with supports the STP protocol or the RSTP protocol by the version number of received BPDU, It can only take the forwarding method of the STP to carry out the forwarding after 30s if it is connected with the STP bridges, so it can‘t maximize the performance of the RSTP.
Page 185 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration For traditional spanning-tree protocol is not related to the VLAN, it will cause the following problem under specified network topology: As shown in Figure 17-4, devices A and B are located in Vlan1, and devices C and D in Vlan2.
Page 186 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Figure 17-16 In this way, it prevents the form of loop and has no effect on the communication among the same vlans. 17.1.2.2 How to Partition MSTP region According to above description, the MSTP Region should be partitioned rationally and the MST configuration information of the switch within the MSTP Region should be the same to make the MSTP play corresponding role.
Page 187 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration to this port is of the same MST Region as itself. Otherwise, it is considered to come from another Region. We recommend you configure the corresponding table of the Instance-Vlan in the STP-closed mode, and then enable the MSTP to ensure the stability and convergence of the network topology.
Page 188 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Figure 17-18 As is shown in Figure 17-19, switch C with the highest priority is selected as the Region Root in the MSTI 2 (Instance 2). Then, the link between switch A and B is DISCARDING according to other parameters.
Page 189 DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration In Region 2, since Root Path Cost from device B to CST Root is the lowest one, device B is selected as the CIST Regional Root in this region. Similarly, device C is chosen as the CIST Regional Root in Region 3.
Page 190: Overview Of Optional Features Of Mstp
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.1.2.6 Compatibility with MSTP, RSTP and STP Protocol For the STP protocol, the MSTP will send the STP BPDU to be compatible with it like the RSTP. For detailed information, refer to the "Compatibility of RSTP and STP‖ section. For the RSTP protocol, it will process the CIST part of the MSTP BPDU, so it is not necessary for the MSTP to send the RSTP BPDU to be compatible with it.
Page 191: Understanding Bpdu Guard
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration 17.2.2 Understanding BPDU Guard The BPDU guard may be global enabled or execute enabled for single interface. There are some slightly difference between these two ways. You can use the spanning-tree portfast bpduguard default command to enable the global BPDU guard enabled status in the privileged mode.
Page 192: Understanding Tc Guard
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.2.5 Understanding TC Guard The Tc-Protection function can ensure to reduce the dynamic MAC address and remove the ARP when the network produces a large number of tc packets. However, it will still produce much deletion operation when it suffers from the TC packets attack.
Page 193: Configuring Mstp
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration When the automatic identification function of the edge port conflicts with the manual Port Fast, it will take the manual configuration as the standard. This function will take action when the specified port and the downstream port carry out the quick negotiation forwarding, so the STP protocol doesn‘t support this function.
Page 194: Enable And Disable Spanning Tree Protocol
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.3.2 Enable and Disable Spanning Tree Protocol Once the Spanning-tree protocol is enabled, the device starts to run the spanning-tree protocol. By default, this device runs MSTP. The Spanning-tree protocol is disabled on the device by default. In the privileged mode, perform these steps to open the Spanning Tree protocol: Command Function...
Page 195: Configuring Switch Priority
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Command Function DGS-3610# copy running-config Save the configuration. startup-config If you want to restore the default mode of the Spanning Tree protocol, use the global configuration command no spanning-tree mode to set. 17.3.4 Configuring Switch Priority The setting of the device priority concerns with which device is the root of the whole network,...
Page 196: Configuring Path Cost Of The Port
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide with smaller port number will enter the forwarding status. You can assign different port priorities for different instances on one port, by which each instance can run separate spanning tree protocol. Same as the device priority, it has 16 values, all a multiple of 16. They are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240 respectively.
Page 197: Configuring Default Calculation Method Of Path Cost (Path Cost Method)
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Command Function DGS-3610# configure terminal Enter the global configuration mode. Enter the configuration mode of this interface, the legal DGS-3610(config)# interface interface contains the physical port and the Aggregate interface-id Link. For the configuration of the port priority for different instances, it will configure the instance 0 if you don‘t add the instance parameters.
Page 198: Configuring Hello Time
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Port Rate Interface IEEE 802.1d (short) IEEE 802.1t (long) Common Port 20000 1000M Aggregate Link 19000 In the privileged mode, perform these steps to configure the default calculation method of the port path cost: Command Function DGS-3610# configure terminal...
Page 199: Configuring Max-Age Time
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration In the privilege mode, perform these steps to configure the Forward-Delay Time: Command Function Enter the global configuration mode. DGS-3610# configure terminal DGS-3610(config)# spanning-tree Configure the forward delay time, whose value range is 4-30s, 15s by default.
Page 200: Configuring Link-Type
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610# configure terminal Enter the global configuration mode. DGS-3610(config)# spanning-tree Configure the maximum count of the BPDU sent per second, whose value range is 1-10, 3 by default. tx-hold-count numbers DGS-3610(config)# end Return to the privileged EXEC mode.
Page 201: Configuring Protocol Migration Processing
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration 17.3.13 Configuring Protocol Migration Processing This setting is to enable this port to execute the version check forcibly. For related description, refer to the Compatibility of RSTP and STP. Command Function DGS-3610# clear spanning-tree Forcibly check versions of all the ports detected-protocols DGS-3610# clear spanning-tree...
Page 202: Configuring Maximum-Hop Count
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Command Function transferred to the instance 0 automatically. DGS-3610(config-mst)# name Specify the MST configuration name, this string can present up to 32 bytes. name DGS-3610(config-mst)# revision Specify the MST revision number, whose range is 0-65535.
Page 203: Configuring Optional Features Of Mstp
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Command Function DGS-3610# show running-config Check the configuration entries. DGS-3610# copy running-config Save the configuration. startup-config If you want to restore to the default value, use the global configuration command no spanning-tree max-hops to set. 17.4 Configuring Optional Features of MSTP 17.4.1...
Page 204: Enabling Bpdu Guard
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide 17.4.3 Enabling BPDU Guard If the BPDU is received from this port, the enabled BPDU guard will enter the error-disabled status. In the privileged mode, perform these steps to configure the BPDU guard: Command Function DGS-3610# configure terminal...
Page 205: Enabling Tc_Protection
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Command Function DGS-3610(config-if)# spanning-tree Enable the portfast of this interface. portfast DGS-3610(config-if)# end Return to the privileged EXEC mode. DGS-3610# show running-config Check the configuration entries. DGS-3610# copy running-config Save the configuration. startup-config If you want to close the BPDU filter, use the global configuration command no spanning-tree portfast bpdufilter default to set.
Page 206: Enabling The Bpdu Source Mac Check
Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610# show running-config Check the configuration entities. DGS-3610# copy running-config Save the configuration. startup-config It will enter the privilege mode and configure the TC Guard on the port according to the following steps Command Function...
Page 207: Disabling The Automatic Identification Of Edge Ports
DGS-3610 Series Configuration Guide Chapter 17 MSTP Configuration Command Function DGS-3610# copy running-config Save the configuration. startup-config To disable the BPDU source MAC check, run no bpdu src-mac-check in the interface mode. 17.4.8 Disabling the Automatic Identification of Edge Ports If a specified port has not received the BPDU in a certain time (3 seconds), the port is automatically recognized as an edge port.
Page 208 Chapter 17 MSTP Configuration DGS-3610 Series Configuration Guide Command Meaning DGS-3610# show spanning-tree Show the each instance information and the forwarding status information of this port of MSTP summary DGS-3610# show spanning-tree mst Show the configuration information of the MST domain. configuration DGS-3610# show spanning-tree mst Show the MSTP information of this instance.
Page 209: Span Configuration
DGS-3610 Series Configuration Guide Chapter 18 SPAN Configuration SPAN Configuration 18.1 Overview 18.1.1 Understanding SPAN You can copy the packets from one port to another port connected with a network analysis device or RMON analyzer by using the SPAN to analyze the communication on the port. The SPAN mirrors all the packets sent/received at a port to a physical port for analysis.
Page 210: Span Concepts And Terms
Chapter 18 SPAN Configuration DGS-3610 Series Configuration Guide couldn‘t be mirrored to the mirroring destination port (that is to say that the tx direction is not effective configured on the mirroring source port). For DGS-3610 series, SPAN supports the enabled mirroring destination port and ...
Page 211: Source Port
DGS-3610 Series Configuration Guide Chapter 18 SPAN Configuration 18.2.3 Source Port The source port (also known as the monitored interface) is a switched port, routed port or AP. This port is monitored for network analysis. In the single SPAN session, you can monitor input, output and bi-directional frames.
Page 212: Span Configuration Guide
Chapter 18 SPAN Configuration DGS-3610 Series Configuration Guide 18.2.8 SPAN Configuration Guide Please follow the rules below when configure the SPAN. The network analyzer should be connected to the monitoring interface.  The destination port can not be source port, and the source port can not be destination port. You can configure one disabled port as a destination port or source port, but the SPAN function does not take effect until the destination port and source port have been enabled again.
Page 213: Deleting A Port From The Span Session
DGS-3610 Series Configuration Guide Chapter 18 SPAN Configuration To delete the SPAN session, use the no monitor session session_number global configuration command. To delete the SPAN session, use the no monitor session all global configuration command. You can use the no monitor session session_number source interface interface-id global configuration command or the no monitor session session_number destination interface interface-id command to delete the source port or destination port.
Page 214: Showing The Span Status
Chapter 18 SPAN Configuration DGS-3610 Series Configuration Guide 18.3 Showing the SPAN Status The show monitor privileged command allows you to show the current SPAN status. The following example illustrates how to show the current status of SPAN session 1 by using the show monitor privileged command.
Page 215: Ip Address And Service Configuration
DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration IP Address and Service Configuration 19.1 IP Addressing Configuration 19.1.1 IP Address Overview IP address is made up of 32 binary bits and expressed in dotted decimal format for the convenience of writing and describing.
Page 216 Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide For category D, the four highest-order bits are set to ―1110‖, other bits are used as multicast addresses. D type network Multicast address No addresses are allowed with the four highest-order bits set to ―1111‖. These addresses, called "category E"-type addresses, are reserved.
Page 217: Ip Address Configuration Task List
DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration Class IP Address Range Network Numbers Category A network 10.0.0.0~10.255.255.255 1 Category A networks Category B network 172.16.0.0~172.31.255.255 16 Category B networks Category C network 192.168.0.0~192.168.255.255 256 Category C networks For the description of IP address, TCP/UDP port and other network number, please refer to document RFC 1166.
Page 218 Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide Theoretically, bits of subnet masks can be any bits of the host addresses. Our product only supports continuous subnet masks from left to right which is started from network portion. Note For the feature configuration related to the interface IP address, refer to the following tasks list.
Page 219 DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration Command Function DGS-3610(config-if)# no ip address Cancel the configuration of the secondary IP ip-address addresses on an interface. mask secondary 19.1.2.2 Configuration of Address Resolution Protocol (ARP) For each IP network device in a LAN, it uses two addresses including local address and network address.
Page 220 Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide To configure static ARP, execute the following command at global configuration mode: Command Function Define static ARP. where, arp-type can only DGS-3610(config)# arp ip-address mac-address support the arpa type currently. arp-type DGS-3610(config)# no arp ip-address Cancel the static ARP...
Page 221 DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration 19.1.2.4 Broadcast Packets Processing Configuration A broadcast packet is a data packet destined for all hosts on a particular physical network. Our product supports two kinds of broadcast packets: directed broadcasting and flooding broadcasting.
Page 222: Monitoring And Maintaining Ip Address
Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide directed broadcasts which arrived at the final destination subnet, while other directed broadcasts packets will be forwarded normally. You can define an access list to control which directed broadcasts are forwarded on an interface.
Page 223: Ip Addressing Configuration Examples
DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration Command Function DGS-3610# clear arp-cache Clear the ARP cache. DGS-3610# clear ip route {network [mask] | *} Clearing IP Routing Table 19.1.3.2 Displaying System and Network Status You can show the contents of the IP routing table, cache, and database. Such information is very helpful in troubleshooting the network.
Page 224 Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide Figure 19-1 Secondary IP address configuration example It is required to configure RIP routing protocol, but the version can only be set as RIPv1, and display the routes of 172.16.2.0/24 on router C, and display routes of 172.16.1.0/24 on router D.
Page 225: Ip Service Configuration
DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration router rip network 172.16.0.0 network 192.168.12.0 19.2 IP Service Configuration 19.2.1 IP Services Configuration Task List IP service configuration includes the following tasks which are all optional. You can perform IP connection management according to the actual requirement.
Page 226 Chapter 19 IP Address and Service Configuration DGS-3610 Series Configuration Guide 19.2.2.2 Enabling ICMP Redirect Messages Routes are sometimes less than optimal it is possible for the device to be forced to resend a packet through the same interface on which it was received. If the router resends a packet through the same interface on which it was received, it sends an ICMP redirect message to the data resource to inform the data resource that the gateway reached to this destination address is another router in the same subnet.
Page 227 DGS-3610 Series Configuration Guide Chapter 19 IP Address and Service Configuration To set the IP MTU value, use the following command in interface configuration mode: Command Function Set the MTU value with the range 68~1500. DGS-3610(config-if)# ip mtu bytes Restore the default setting DGS-3610(config-if)# no ip mtu 19.2.2.5 Configuring IP Source Routing Our product supports IP source routing.
Page 229: Dhcp Configuration
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration DHCP Configuration 20.1 Introduction to DHCP DHCP (Dynamic Host Configuration Protocol), detailed in RFC 2131, provides configuration parameters for hosts over the Internet. DHCP is based on Client/Server working mode. The DHCP server assigns IP addresses for the hosts to be configured dynamically and provides host configuration parameters.
Page 230 Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide Figure 20-1 (Broadcast packet) Host (Unicast packet) Server (Broadcast packet) (Unicast packet) Process of DHCP requesting an IP address: 1. The host sends a DHCPDISCOVER broadcast packet to locate a DHCP server in the network;...
Page 231: Introduction To Dhcp Client
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration Simplify configuration tasks and reduce network construction cost. Dynamic address  assignment significantly simplifies equipment configuration, and even reduces deployment cost if devices are deployed in the places where there are no professionals. Centralized management.
Page 232: Enabling Dhcp Server And Relay Agent
Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide DHCP client configuration of the HDLC encapsulation link (optional)  20.5.1 Enabling DHCP Server and Relay Agent To enable the DHCP server and the relay agent, execute the following commands in the global configuration mode: Command Function...
Page 233: Configuring Address Pool Name And Enter Its Configuration Mode
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration You can give a meaningful name that can be memorized easily to the DHCP address pool. The name of address pool contains characters and digits. Our producet allows you to define multiple address pools. The IP address of relay agent in the DHCP request packet is used to determine which address pool is used for address assignment.
Page 234: Configuring Default Gateway For Client
Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(dhcp-config)# bootfile filename Configure the name of the client boot file 20.5.6 Configuring Default Gateway for Client The configured default gateway for the client will be used as the default gateway parameter that the server assigns to the client.
Page 235: Configuring Domain Name Server
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration 20.5.9 Configuring Domain Name Server A DNS server should be specified for domain name resolution when the client accesses the network resources using a host name. To configure a domain name server available to the DHCP client, execute the following command in the address pool configuration mode: Command Function...
Page 236: Configuring Network Number And Mask For Dhcp Address Pool
Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(dhcp-config)# netbios-node-type Configure the NetBIOS node type type 20.5.12 Configuring Network Number and Mask for DHCP Address Pool To configure dynamic address binding, you must configure the subnet and its mask for the new address pool, so as to provide the DHCP server with an address space that can be assigned to clients.
Page 237: Configuring Number Of Packet Ping
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration To define manual address binding, you first need to define a host address pool for each manual binding, and then define the IP address and hardware address or client ID for the DHCP client.
Page 238: Configuring Packet Ping Timeout
Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide 20.5.15 Configuring Packet Ping Timeout By default, this IP address is considered not existent if there is no response within 500 milliseconds following the Ping operation by the DHCP server. You can change the time for the server to wait for a response to the Ping operation by adjusting the Ping packet timeout.
Page 239: Configuring Dhcp Client On Hdlc Encapsulated Link
DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration 20.5.19 Configuring DHCP Client on HDLC Encapsulated Link Our product supports the HDLC-encapsulated port to obtain a dynamically assigned IP address using DHCP. To configure the DHCP client, execute the following command in the interface configuration mode: Command Function...
Page 240: Monitoring And Maintaining Dhcp Client
Chapter 20 DHCP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610# show ip dhcp binding [address] Show DHCP address binding information DGS-3610# show ip dhcp conflict Show DHCP address conflict information DGS-3610# show ip dhcp server statistics Show DHCP server statistics information 20.6.2 Monitoring and Maintaining DHCP Client...
Page 241 DGS-3610 Series Configuration Guide Chapter 20 DHCP Configuration ip dhcp pool net172 network 172.16.1.0 255.255.255.0 default-router 172.16.1.254 domain-name rg.com dns-server 172.16.1.253 netbios-name-server 172.16.1.252 netbios-node-type h-node lease 30 20.7.2 Manual Binding Configuration In the following configuration, the IP address assigned to the DHCP client with the MAC address 00d0.df34.32a3 is 172.16.1.101, the mask is 255.255.255.0, the host name is Billy.rg.com, the default gateway is 172.16.1.254, the WINS server is 172.16.1.252, and the NetBIOS node is of the hybrid type.
Page 243: Dhcp Relay Configuration
DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration DHCP Relay Configuration 21.1 Overview 21.1.1 Understanding DHCP The DHCP is widely used to dynamically allocate the reusable network resources, for example, IP address. The DHCP Client sends the DHCP DISCOVER broadcast packets to the DHCP Server. After the DHCP Server receives DHCP DISCOVER packets, it allocates resources to the Client, for example, IP address according to the appropriate policy, and sends the DHCP OFFER packets.
Page 244: Understanding Dhcp Relay Agent Information(Option 82)
Chapter 21 DHCP Relay Configuration DGS-3610 Series Configuration Guide Figure 21-1 VLAN 10 and VLAN 20 correspond to the 10.0.0.1/16 and 20.0.0.1/16 networks respectively, while the DHCP Server is located on the 30.0.0.1/16 network. To have a dynamic IP management on the 10.0.0.1/16 and 20.0.0.1/16 networks through the DHCP Server at 30.0.0.2, just enable the DHCP Relay Agent on the device that functions as the gateway, and specify the DHCP Server IP as 30.0.0.2.
Page 245: Understanding Dhcp Relay Check Server-Id Function
DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration Figure 21-2 Agent Remote ID 21.1.4 Understanding DHCP relay Check Server-id Function When DHCP is used, generally multiple DHCP servers will be available for each network for the purpose of backup, so that the network will continue to work even if a server fails. During the four interaction processes of DHCP acquisition, a server has been selected when the DHCP client sends a DHCP request.
Page 246: Configuring The Dhcp Server Ip Address
Chapter 21 DHCP Relay Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config)# service dhcp Enable the DHCP agent DGS-3610(config)# no service dhcp Disable the DHCP agent 21.2.2 Configuring the DHCP Server IP Address After you have configured the IP address of the DHCP Server, the DHCP request packets received by the device will be forwarded to it.
Page 247: Configuring Dhcp Option Dot1X Access-Group
DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration Command Function DGS-3610(config)# ip dhcp relay Enable the DHCP option dot1x function information option dot1x DGS-3610(config)# no ip dhcp relay Disable the DHCP option dot1x function information option dot1x 21.2.4 Configuring DHCP option dot1x access-group In the option dot1x application scheme, the device needs to restrict the unauthorized IP or the IP with low privilege to access certain IP addresses, and restrict the access between...
Page 248: Configuring Dhcp Option 82
Chapter 21 DHCP Relay Configuration DGS-3610 Series Configuration Guide Then, apply the command to the global interfaces using the command ip dhcp relay information option dot1x access-group DenyAccessEachOtherOfUnauthrize. In the global configuration mode, configure DHCP option dot1x access-group by performing the following steps: Command Function DGS-3610(config)# ip dhcp relay...
Page 249: Configuring Dhcp Relay Suppression
DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration Command Function DGS-3610(config)# no ip dhcp relay Disable the DHCP relay check server-id function check server-id 21.2.7 Configuring DHCP relay suppression After the ip dhcp relay suppression command is configured, the interface configured with DHCP relay suppression does not translate the received DHCP boardcast request as unicast relay.
Page 250: Precautions On Dhcp Option Dot1X Configuration
Chapter 21 DHCP Relay Configuration DGS-3610 Series Configuration Guide 21.3.1 Precautions on DHCP option dot1x Configuration This command works only when the configuration related to AAA/802.1x is correct. When this scheme is adopted, the IP authorization of the DHCP mode of 802.1x should be enabled.
Page 251 DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration password 7 0137 line vty 3 4 login 21-9...
Page 253: Dns Configuration
DGS-3610 Series Configuration Guide Chapter 22 DNS Configuration DNS Configuration 22.1 DNS Overview Each IP address may present a host name, which consists of one or more strings, and it is separated by the decimal between the strings. For the host name, it is not necessary to remember the IP address of each IP device, but remember the meaningful host name.
Page 254: Enabling Dns Resolution Service
Chapter 22 DNS Configuration DGS-3610 Series Configuration Guide 22.2.2 Enabling DNS Resolution Service This section describes how to enable the DNS resolution service. Command Function DGS-3610(config)# ip Enable the function of DNS resolution. Domain-lookup The command no ip domain-lookup is used to disable the function of DNS resolution. DGS-3610(config)# ip domain-lookup 22.2.3 Configuring DNS Server...
Page 255: Clearing Cache Table Of Dynamic Host Names
DGS-3610 Series Configuration Guide Chapter 22 DNS Configuration 22.2.5 Clearing Cache Table of Dynamic Host Names This section describes how to clear the cache table of dynamic host names. If the command clear host or clear host * is entered, the dynamic cache table will be cleared. Otherwise, only the entries of specified domain names will be cleared.
Page 257: Ntp Configuration
DGS-3610 Series Configuration Guide Chapter 23 NTP Configuration NTP Configuration 23.1 Unerstanding NTP Network Time Protocol (NTP) is a protocol for the time synchronization of network devices. It is designed to synchronize the network devices with the server or clock source, to provide high accurate time correction (less than one millisecond on the LAN an dozens of milliseconds on the WAN, compared with the standard time), and to prevent from attack by the means of encryption and confirmation.
Page 258: Configuring Global Security Authentication Mechanism For The Ntp
Chapter 23 NTP Configuration DGS-3610 Series Configuration Guide 23.2.1 Configuring Global Security Authentication Mechanism for the The NTP client of DGS-3610 series supports encrypting communication with the server by means of key encryption. There are two steps to configure the NTP client to communicate with the server by means of encryption: Step 1, complete relevant settings for global security authentication and global key for the NTP client;...
Page 259: Configuring Global Trusted Key Id For The Ntp
DGS-3610 Series Configuration Guide Chapter 23 NTP Configuration Command Function Specify a global authentication key for the NTP. key-id: 1-4294967295 ntp authentication-key key-id md5 key-string [enc-type] key-string: its length is not limited. enc-type: there are two types: 0 and 7. no ntp authentication-key key-id md5 Remove a global authentication key for the NTP.
Page 260: Disabling Receiving Ntp Packets On The Interface
Chapter 23 NTP Configuration DGS-3610 Series Configuration Guide NTP version 3 is the default version of communication with the server. Meantime, the source interface can be configured to send the NTP message, and the NTP message from relevant server can only be received on the sending interface. To configure an NTP server, run the following commands in the global configuration mode: Command Function...
Page 261: Enabling/Disabling Ntp Function
DGS-3610 Series Configuration Guide Chapter 23 NTP Configuration 23.2.6 Enabling/Disabling NTP Function The function of command no ntp is to disable the NTP synchronization service, stop the time synchronization, and clear relevant information of NTP configuration. The NTP function is disabled by default, but may be enabled as long as the NTP server or NTP security authentication mechanism is configured.
Page 262: Display Of Ntp Information
Chapter 23 NTP Configuration DGS-3610 Series Configuration Guide 23.3 Display of NTP Information 23.3.1 Debugging the NTP If you want to debug the NTP function, this command may be used to output necessary debugging information for troubleshooting. To debug the NTP function, run the following commands in the privilege mode: Command Function Enable the debugging function.
Page 263 DGS-3610 Series Configuration Guide Chapter 23 NTP Configuration that on the NTP server, set this NTP server on the network as the synchronization server, and begin to synchronize the time. DGS-3610(config)# no ntp DGS-3610(config)# ntp authentication-key 6 md5 wooooop DGS-3610(config)# ntp authenticate DGS-3610(config)# ntp trusted-key 6 DGS-3610(config)# ntp server 192.168.210.222 key 6 DGS-3610(config)# ntp synchronize...
Page 265: Udp-Helper Configuration
DGS-3610 Series Configuration Guide Chapter 24 UDP-Helper Configuration UDP-Helper Configuration 24.1 UDP-Helper Configuration 24.1.1 UDP-Helper Overview The main function of UDP-Helper is to implement the relay and forward of UDP broadcast message. By configuring the destination server requiring forwarding, the UDP broadcast messages can be converted into unicast messages which are sent to the specified destination server.
Page 266: Enable The Function Of Relay And Forwarding For Udp-Helper
Chapter 24 UDP-Helper Configuration DGS-3610 Series Configuration Guide 24.2.2 Enable the Function of Relay and Forwarding for UDP-Helper Command Function The Command udp-helper enable is used to enable DGS-3610(config)# udp-helper the function of relay and forward for UDP broadcast enable packet.
Page 267: Configuring Udp Port Requiring Relay And Forwarding
DGS-3610 Series Configuration Guide Chapter 24 UDP-Helper Configuration 24.2.4 Configuring UDP Port Requiring Relay and Forwarding Command Function Configure the UDP port requiring delay and forwarding. If only the UDP parameter is specified, the default DGS-3610(config)# ip forward-protocol port will be relayed and forwarded, otherwise, the port can be configured upon necessary.
Page 269: Snmp Configuration
SNMP, and also referred to as NMS (Network Management System). HP OpenView, CiscoView and CiscoWorks 2000 are the typical network management platforms running on the NMS. D-Link has developed a suit of software (D-View) for network management for its own network devices. These typical network management software are convenient to monitor and manage the network devices.
Page 270 Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide Figure 25-1 Relation diagram between the NMS and agent Communication Agent Operation Operation Notification Notification The MIB (Management Information Base) is a virtual information base for network management. There are large volumes of information for the managed network equipment. In order to uniquely identify a specific management unit in the SNMP message, the tree hierarchy is used to by the MIB to describe the management units in the network management equipment.
Page 271: Snmp Protocol Versions
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration 25.1.2 SNMP Protocol Versions This software supports these SNMP versions: SNMPv1: the first formal version of the Simple Network Management Protocol, which is  defined in RFC1157. SNMPv2C: The community-based Administrative Framework for SNMPv2, an ...
Page 272: Snmp Security
Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide Figure 25-3 Packet Types in SNMP SNMP management process SNMP agent process UDP Port 161 UDP Port 161 UDP Port 161 UDP Port 162 The Port 161 of UDP is used by the first three operations sent from the NMS to the Agent and the response operation of the Agent.The Port 162 of UDP is used by the Trap operation sent from the Agent.
Page 273: Snmp Engine Id
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration Security Level Authentication Encryption Description Model Ensures the data validity SNMPv3 noAuthNoPriv User Name None through User Name. Provides an authentication SNMPv3 authNoPriv MD5 or SHA None mechanism based on HMAC-MD5 or HMAC-SHA. Provides an authentication mechanism based on HMAC-MD5 or HMAC-SHA.
Page 274: Snmp Configuration
Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide 2: The following 16 bytes are for IPv6 address 3: The following 6 bytes are for MAC address 4: Texts, assigned by product providers, 27 octets at most 5: Hexadecimal number, assigned by product providers, 27 bytes at most 6-127: Reserved 128-255: Special Form assigned by product providers 25.2 SNMP Configuration...
Page 275: Configuring Mib Views And Groups
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration 25.2.2 Configuring MIB Views and Groups You can decide whether a MIB object allowed by a SNMP view or not through the access-control model based on SNMP view, only the MIB objects allowed by the SNMP view can be accessed.
Page 276: Configuring Snmp Host Address
Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide To remove the specified user, the no snmp-server user username groupname command can be used. 25.2.4 Configuring SNMP Host Address In special cases, Agent may actively send messages to NMS. To configure NMS host address that the Agent actively sends messages to, execute the following commands in the global configuration mode: Command...
Page 277: Shielding Snmp Agent
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration 25.2.7 Shielding SNMP Agent The SNMP agent service is a service provided by the product of our company. It‘s enabled by default. When the agent service is not required, the snmp agent unction and related configuration information can be shielded through running following steps;...
Page 278: Configuring Message Sending Operation Parameters
Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-if)# no snmp-server Enable or disable the function to send the link trap for the interface. enable traps No link trap will be sent for the interface according to the following configuration. DGS-3610(config)# interface gigabitEthernet 1/1 DGS-3610(config-if)# no snmp trap link-status 25.2.11 Configuring Message Sending...
Page 279: Checking Mib Objects Supported By Current Snmp Agent
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration 0 Set-request PDUs 2406 SNMP packets output 0 Too big errors (Maximum packet size 1500) 4 No such name errors 0 Bad values errors 0 General errors 2370 Get-response PDUs 36 SNMP trap PDUs SNMP global trap: disabled SNMP logging: enabled SNMP agent: enabled...
Page 280 Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide snmpOutPkts snmpInBadVersions snmpInBadCommunityNames snmpInBadCommunityUses snmpInASNParseErrs snmpInTooBigs snmpInNoSuchNames snmpInBadValues snmpInReadOnlys snmpInGenErrs snmpInTotalReqVars snmpInTotalSetVars snmpInGetRequests snmpInGetNexts snmpInSetRequests snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps snmpEnableAuthenTraps snmpSilentDrops snmpProxyDrops entPhysicalEntry entPhysicalEntry.entPhysicalIndex entPhysicalEntry.entPhysicalDescr entPhysicalEntry.entPhysicalVendorType entPhysicalEntry.entPhysicalContainedIn entPhysicalEntry.entPhysicalClass...
Page 281: Viewing Snmp View And Group
DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration 25.3.3 Viewing SNMP User To view the SNMP users configured on the current agent, run the command show snmp user in the privileged user mode: DGS-3610# show snmp user User name: test Engine ID: 8000131103000000000000 storage-type: permanent active...
Page 282 Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide respectively. A network management software (taking HP OpenView as an example) is running on the NMS. Figure 25-4 Typical Networking Diagram of SNMP WAN port：  Detailed configuration of the network device Enable the SNMP agent service: DGS-3610(config)# snmp-server community public RO As long as the above command is configured in the global configuration mode, the SNMP...
Page 283 DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration Figure 25-5 Network topology diagram Now it is possible to query or set the managed units in the network device. Click the TOOL->SNMP MIB Brower menu on the HP OpenView to display the following dialog box. Enter the IP address 192.168.12.1 in the Name field, and input public in the Community Name field.
Page 284: Example Of Snmp Access List Association Control
Chapter 25 SNMP Configuration DGS-3610 Series Configuration Guide HP OpenView has powerful function for the network management. For example, the traffic statistics of network interface can be expressed in the form of graph. For the other functions of SNMP, see the document of network management software. Figure 25-7 Statistics graph of interface traffic 25.4.2 Example of SNMP Access List...
Page 285 DGS-3610 Series Configuration Guide Chapter 25 SNMP Configuration DGS-3610(config)# snmp-server host 192.168.65.199 traps version 3 priv v3user 25-17...
Page 287: Configuration Of Rmon
DGS-3610 Series Configuration Guide Chapter 26 Configuration of RMON Configuration of RMON 26.1 Overview RMON (Remote Monitoring) is a standard monitoring specification of IETF (Internet Engineering Task Force). It can be used to exchange the network monitoring data among various network monitors and console systems. In the RMON, detectors can be placed on the network nodes, and the NMS determines which information is reported by these detectors, for example, the monitored statistics and the time buckets for collecting history.
Page 288: Alarm
Chapter 26 Configuration of RMON DGS-3610 Series Configuration Guide 26.1.3 Alarm Alarm is the third group in RMON. It monitors a specific management information base (MIB) object at the specified interval. When the value of this MIB object is higher than the predefined upper limit or lower than the predefined lower limit, an alarm will be triggered.
Page 289: Configuring Alarm And Event
DGS-3610 Series Configuration Guide Chapter 26 Configuration of RMON The current version of our product supports only the records of Ethernet. The index value should be within 1-65535. At most 10 control entry can be configured. Caution Bucket-number: the control entry specifies the used data source and time interval. Each sampling interval should be sampled once.
Page 290: Showing Rmon Status
Chapter 26 Configuration of RMON DGS-3610 Series Configuration Guide The keyword Trap indicates the action is to send the Trap message to the NMS when the event is triggered. Community: the community name when sending the Trap. description-string: the description of the event. 26.2.4 Showing RMON status Command...
Page 291: Example Of Showing Rmon Status
DGS-3610 Series Configuration Guide Chapter 26 Configuration of RMON DGS-3610(config)# rmon alarm 10 1.3.6.1.2.1.2.2.1.12.6 30 delta rising-threshold 20 1 falling-threshold 10 1 owner zhangsan DGS-3610(config)# rmon event 1 log trap rmon description "ifInNUcastPkts is too much " owner zhangsan 26.3.4 Example of Showing rmon Status 26.3.4.1 show rmon alarms DGS-3610# show rmon alarms...
Page 292 Chapter 26 Configuration of RMON DGS-3610 Series Configuration Guide Pkts : 726 BroadcastPkts : 502 MulticastPkts : 189 CRCAlignErrors : 0 UndersizePkts : 0 OversizePkts : 0 Fragments : 0 Jabbers : 0 Collisions : 0 Utilization : 0 26.3.4.4 show rmon statistics DGS-3610# show rmon statistics Statistics : 1 Data source : Gi1/1...
Page 293: Rip Routing Protocol Configuration
DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration RIP Routing Protocol Configuration 27.1 RIP Overview The RIP (Routing Information Protocol) is a relatively old routing protocol, which is widely used in small or homogeneous networks. The RIP uses the distance-vector algorithm, and so is a distance-vector protocol.
Page 294: Rip Configuration Task List
Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide For other feature applications of the RIP, see the IP Routing “Protocol Independent” Feature Configuration chapter. 27.2 RIP Configuration Task List To configure the RIP, perform the following tasks. The first two tasks are required, while other tasks are optional.
Page 295: Configuration Of Packet Unicast For The Rip
DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration 27.2.2 Configuration of Packet Unicast for the RIP The RIP is usually a broadcast protocol. If the RIP routing information needs to be transmitted via the non-broadcast networks, you need to configure the router so that it supports the RIP to advertise the route update packets via unicast.
Page 296: Defining The Rip Version
Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-if)# ip split-horizon Enable split horizon The default of all the interface are configured as enabling split horizon. 27.2.4 Defining the RIP Version Our product supports RIP version 1 and version 2, where RIPv2 supports authentication, key management, route convergence, CIDR and VLSMs.
Page 297: Disable Automatic Route Summary
DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration 27.2.5 Disable automatic route summary The automatic route summary of the RIP is the process to automatically summarize them into classful network routers when subnet routes pass through classful network borders. By default, the RIPv2 will automatically perform route summary, while the RIPv1 does not support this feature.
Page 298: Adjusting The Rip Timer
Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide The key chain defines the set of the keys that can be used by the interface. If no key chain is configured, no authentication will be performed even if a key chain is applied to the interface. Oure product supports two RIP authentication modes: plain-text authentication and MD5 authentication.
Page 299: Configuring The Rip Route Source Address Validation
DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration 27.2.8 Configuring the RIP Route Source Address Validation By default, the RIP will validate the source addresses of the incoming route update packets. If the source address of a packet is invalid, the RIP will discard that packet. Determining the validity of the source address is determine if the source IP address is on the same network as the IP address of the interface.
Page 300: Rip Configuration Examples
Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide To forbid or allow some interface to receive the RIP packet, execute the following command in the interface configuration mode: Command Function DGS-3610(config-if)# no ip rip receive enable Forbid the interface to receive the RIP packet. DGS-3610(config-if)# ip rip receive enable Allow the interface to receive the RIP packet.
Page 301 DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration Figure 27-1 Example of Configuring RIP Split Horizon sub-address Frame relay The route should be configured to achieve the following purposes: 1) All routers run the RIP routing protocol; 2) RouterB and RouterC can learn the network segment routes advertised; 3) RouterE can learn the routes of the 192.168.12.0/24 network segment.
Page 302 Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide Configuration of Device B: #Configuring Ethernet port interface FastEthernet0/0 ip address 172.16.20.1 255.255.255.0 #Configure the WAN port interface Serial1/0 ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay #Configuring RIP route protocol router rip version 2 network 172.16.0.0 network 192.168.123.0...
Page 303: Example Of Configuring Rip Authentication
DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration Configuration of Device E: # Configuring Ethernet port interface FastEthernet0/0 ip address 192.168.13.5 255.255.255.0 # Configuring RIP route protocol router rip version 2 network 192.168.13.0 27.3.2 Example of Configuring RIP Authentication ...
Page 304: Example Of Configuring Packet Unicast For The Rip
Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide key-string keyb accept-lifetime 00:00:00 Dec 3 2000 infinite send-lifetime 00:00:00 Dec 4 2000 infinite # Configuring Ethernet interface interface FastEthernet0/0 ip address 192.168.12.1 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain ripkey # Configuring RIP route protocol router rip version 2...
Page 305 DGS-3610 Series Configuration Guide Chapter 27 RIP Routing Protocol Configuration Figure 27-3 Example of Configuring Packet Unicast for the RIP Following are to be implemented via the configuration of RIP packet unicast: 1. Router A can learn the route of notification from Router C. 2.
Page 306 Chapter 27 RIP Routing Protocol Configuration DGS-3610 Series Configuration Guide interface Loopback0 ip address 192.168.20.1 255.255.255.0 # Configuring RIP route protocol router rip version 2 network 192.168.12.0 network 192.168.20.0 Configuration of Device C: # Configuring Ethernet interface interface FastEthernet0/0 ip address 192.168.12.3 255.255.255.0 #Configure the loopback port interface Loopback0 ip address 192.168.30.1 255.255.255.0...
Page 307: Ospf Routing Protocol Configuration
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration OSPF Routing Protocol Configuration 28.1 OSPF Overview OSPF (Open Shortest Path First) is an internal gateway routing protocol based on link status as developed by IETF OSPF work group. OSPF is a routing protocol specially configured for IP and directly runs on the IP layer.
Page 308 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide If there is no link cost or network change, the OSPF will become quiet. If any changes occur on the network, the OSPF notifies the changes via the link status, but only the changed ones. The devices involved in the changes will have the Dijkstra algorithm run again, with a new shortest path tree created.
Page 309: Ospf Configuration Task List
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Currently, our product does not support the following functions, but will support them in future versions; OSPF line on-demand support, as defined in RFC 1793; Function of OSPF Graceful Restart, as defined in RFC 3623 and RFC 4167;...
Page 310 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide The default OSPF configuration is shown as below: Interface cost: none is preset LSA retransmit interval: 5 seconds. LSA transmit delay: 1 second. hello packet transmit interval : 10 seconds (30 seconds for non-broadcast networks) Interface parameters Failure time of adjacent routers: 4 times the hello interval.
Page 311: Creating The Ospf Routing Process
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration network area None (network area) Undefined; the OSPF protocol does not run by default Device ID Route summarization Undefined (summary-address) Changing LSAs Group 240 seconds Pacing The time between the receipt of the topology changes and Timers shortest path first SPF-holdtime: 5 seconds .
Page 312: Configuring The Ospf Interface Parameters
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide DGS-3610(config-router)# end 28.2.2 Configuring the OSPF Interface Parameters The OSPF allows you to change some particular interface parameters. You can set such parameters as needed. It should be noted that some parameters must be set to match those of the adjacent router of the interface.
Page 313: Configuring The Ospf To Accommodate Different Physical Networks
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Command Meaning (Optional) Prevent the interfaces from flooding the LSAs DGS-3610(config-if)#ip ospf packets. By default, OSPF floods new LSAs over all interfaces in the same area, except the interface on which database-filter all out the LSA arrives.
Page 314 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide commands, you can allow X.25 and frame relay to have the broadcast capability, so that the OSPF can see the networks like X.25 and frame relay as the broadcast networks. The point-to-multipoint network interface can be seen as the marked point-to-point interface of one or multiple neighbors.
Page 315 DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Command Function DGS-3610(config-if)# ip ospf network Configure the point-to-multipoint network type for an interface point-to-multipoint Exit to the global configuration mode DGS-3610(config-if)# exit DGS-3610(config)# router ospf 1 Enter the routing process configuration mode DGS-3610(config-router)# Specify the cost of the neighbor (optional) neighbor ip-address cost cost...
Page 316 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-router)# neighbor ip-address Specify the neighbor and designate its priority [priority number] [poll-interval seconds] and round robin interval of hello. In a non-broadcast network, if it cannot ensure that any two routers are in direct connection, the better solution is to set the network type of the OSPF to the point-to-multipoint non-broadcast network type.
Page 317: Configuring The Ospf Area Parameters
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration message from the designated routers within specified time and it is considered that the router is down. To configure the broadcast network type, execute the following commands in the interface configuration mode: Command Function...
Page 318: Configuring Ospf Nssa
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide There is no ASBR in stub areas. In other words, the routes outside an autonomous  system cannot be transmitted in the area. To configure the OSPF area parameters, execute the following commands in the routing process configuration mode: Command Function...
Page 319: Configuring The Route Summary Between Ospf Areas
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration To configure an area as the NSSA, execute the following commands in the routing process configuration mode: Command Function DGS-3610(config-router)# area area-id nssa [no-redistribution] [no-summary] (Optional) Define a NSSA [default-information-originate[metric metric][metric-type [1 | 2]]] DGS-3610(config-router)#area area-id Configure the cost of the default route sent to...
Page 320: Configuring Route Summary When Routes Are Injected To The Ospf
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide If route summary is configured, the detailed routes in this area will not be advertised by the ABR to other areas. Note 28.2.7 Configuring Route Summary When Routes Are Injected to the OSPF When the routes are redistributed from other routing process to the OSPF routing process, every route is advertised to the OSPF router as a separate link status.
Page 321: Creating The Default Routes
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration these routers, the packets are transparent to them and are simply forwarded as common IP packets), and the ABRs exchange route information directly. The route information means the Type-3 LSAs generated by the ABR, and the synchronization mode in the area is not changed as a result.
Page 322: Using The Loopback Address As The Route Id
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide When the stub area is configured, the ABR will generate the default route automatically, and notifies it to all routers within the stub area. Note 28.2.10 Using the Loopback address as the route ID The OSPF routing process always uses the largest interface IP address as the device ID.
Page 323: Configuring The Route Calculation Timer
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Command Function DGS-3610(config-router)#distance ospf {[inter-area dist1] [inter-area dist2] [external Change the OSPF management distance dist3]} 28.2.12 Configuring the Route Calculation Timer When the OSPF routing process receives the route topology change notification, it runs the SPF for route calculation after some time of delay.
Page 324: Configuring Route Selection
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide To restore the default value, use the no timers lsa-group-pacing in the router configuration mode. 28.2.14 Configuring Route Selection OSPF calculates the destination based on the Cost, where the route with the least Cost is the shortest route.
Page 325: Configuring Whether To Check The Mtu Value When The Interface Receives The Database Description Packets
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration 28.2.15 Configuring whether to check the MTU value when the interface receives the database description packets When the OSPF receives the database description packet, it will check whether the MTU interface is the same with its own.
Page 326: Ospf Trap Sending Configuration
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide By default, all interfaces are allowed to receive/send the OSPF packets. To re-enable the network interface to send the route information, you can use the no passive-interface interface-id command. To set all network interfaces, use the keyword default. 28.2.17 OSPF TRAP Sending Configuration The protocol defines several types of the OSPF TRAP, such TRAP information is used to send the TRAP information to snmp-server when part of the network configuration changes...
Page 327 DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Command Meaning DGS-3610# show ip ospf [process-id] [area-id] database DGS-3610# show ip ospf [process-id] [area-id] database [adv-router ip-address] DGS-3610# show ip ospf [process-id] [area-id] database [self-originate] DGS-3610# show ip ospf [process-id] [area-id] database [database-summary] DGS-3610# show ip ospf [process-id] [area-id] database [router] [link-state-id]...
Page 328 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Command Meaning DGS-3610# show ip ospf [process-id] [area-id] database [asbr-summary] [link-state-id] [self-originate] DGS-3610# show ip ospf [process-id] [area-id] database [external] [link-state-id] DGS-3610# show ip ospf [process-id] [area-id] database [external] [link-state-id] [adv-router ip-address] DGS-3610# show ip ospf [process-id] [area-id] database [external] [link-state-id]...
Page 329 DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration 10.10.10.50 1 Full/DR 00:00:38 10.10.10.50 eth0/0 OSPF process 100: Neighbor ID Pri State Dead Time Address I nterface 10.10.11.50 1 Full/Backup 00:00:31 10.10.11.50 eth0/1 DGS-3610# show ip ospf 1 neighbor OSPF process 1: Neighbor ID Pri State...
Page 330: Ospf Configuration Examples
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Number of outgoing current DD exchange neighbors 0/5 Number of external LSA 4. Checksum 0x0278E0 Number of opaque AS LSA 0. Checksum 0x000000 Number of non-default external LSA 4 External LSA database is unlimited. Number of LSA originated 6 Number of LSA received 2 Log Neighbor Adjency Changes : Enabled...
Page 331: Example Of Configuring The Ospf Nbma Network Type
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration 28.4.1 Example of configuring the OSPF NBMA network type  Configuration requirements: The three devices must be fully connected in a meshed network via frame relay. Each device has only one frame relay line, which has the same bandwidth and PVC rate. Figure 28-1 shows the IP address allocation and connection of the device.
Page 332: Example Of Configuring The Ospf Point-To-Multipoint Board Network Type
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Configuration of Device B: #Configure the WAN port interface Serial 1/0 ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay ip ospf network non-broadcast ip ospf priority 5 #Configuring OSPF routing protocol router ospf 1 network 192.168.123.0 0.0.0.255 area 0 neighbor 192.168.123.1 priority 10 neighbor 192.168.123.3...
Page 333 DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Figure 28-2 Example of Configuring the OSPF Point-to-Multipoint Network Type Requirements: 1) The point-to-multipoint network should be configured among devices A, B, and C.  Concrete Configuration of Devices If the interface is configured with the point-to-multipoint network type, the point-to-multipoint network type does not have the process to elect the specified router.
Page 334: Example Of Configuring Ospf Authentication
Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay ip ospf network point-to-multipoint #Configuring OSPF routing protocol router ospf 1 network 192.168.23.0 0.0.0.255 area 0 network 192.168.123.0 0.0.0.255 area 0 Configuration of Device C: #Configuring Ethernet interface interface FastEthernet 0/0 ip address 192.168.23.3 255.255.255.0...
Page 335: Example Of Configuring Route Summary
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration Figure 28-3 Example of configuring OSPF authentication  Concrete Configuration of Devices The authentication configuration of the OSPF involves two parts: Specifying the authentication mode of the area in the routing configuration mode; Configuring the authentication method and key in the interface.
Page 336 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide The two devices are connected via Ethernet. Figure 28-4 shows the IP address allocation and connection of the equipment. Figure 28-4 Example of configuring OSPF route summary Requirements: 1) Both devices run the OSPF routing protocol. The 192.168.12.0/24 network belongs to area 0, while the 172.16.1.0/24 and 172.16.2.0/24 networks belong to area 10;...
Page 337: Ospf Abr, Asbr Configuration Examples
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration #Configuring OSPF routing protocol router ospf 1 network 192.168.12.0 0.0.0.255 area 0 28.4.5 OSPF ABR, ASBR Configuration Examples  Configuration requirements: Four devices form an OSPF routing area. Networks 192.168.12.0/24 and 192.168.23.0/24 belong to area 0, while network 192.168.34.0/24 belongs to area 34.
Page 338 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide router ospf 1 network 192.168.12.0 0.0.0.255 area 0 Configuration of Device B: #Configuring Ethernet interface interface FastEthernet0/0 ip address 192.168.12.2 255.255.255.0 #Configure the WAN port interface Serial 1/0 ip address 192.168.23.2 255.255.255.0 #Configuring OSPF routing protocol router ospf 1 network 192.168.12.0 0.0.0.255 area 0...
Page 339: Example Of Configuring Ospf Stub Area
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration #Configuring RIP routing protocol router rip network 200.200.1.0 network 172.200.1.0 On Device B, you can see the OSPF generates the following routes. Please note that the external route type becomes ―E1‖. O E1 200.200.1.0/24 [110/85] via 192.168.23.3, 00:00:33, Serial1/0 O IA 192.168.34.0/24 [110/65] via 192.168.23.3, 00:00:33, Serial1/0 O E1...
Page 340 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Four devices form an OSPF routing area. Networks 192.168.12.0/24 and 192.168.23.0/24 belong to area 0, while network 192.168.34.0/24 belongs to area 34. Figure 28-6 shows the IP address allocation and connection of the equipment. Figure 28-6 Example of configuring OSPF stub area Full stub area The device is that only the OSPF default route and the network routes of the local area can...
Page 341: Example Of Configuring Ospf Virtual Connection
DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration interface Serial1/0 ip address 192.168.23.2 255.255.255.0 #Configuring OSPF routing protocol router ospf 1 network 192.168.12.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 Configuration of Device C: #Configuring Ethernet interface interface FastEthernet0/0 ip address 192.168.34.3 255.255.255.0 #Configure the WAN port...
Page 342 Chapter 28 OSPF Routing Protocol Configuration DGS-3610 Series Configuration Guide Four devices form an OSPF routing area. Networks 192.168.12.0/24 belongs to area 0, network 192.168.23.0/24 to area 23, while network 192.168.34.0/24 belongs to area 34. Figure 28-7 shows the IP address allocation and connection of the device. Figure 28-7 Example of configuring OSPF virtual connection The purpose is to allow device D to learn the routes of 192.168.12.0/24 and 192.168.23.0/24.
Page 343 DGS-3610 Series Configuration Guide Chapter 28 OSPF Routing Protocol Configuration #Add the loopback IP address and take it as the ID of the OSPF router. interface Loopback2 ip address 2.2.2.2 255.255.255.0 #Configuring OSPF route protocol router ospf 1 network 192.168.12.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 23 area 23 virtual-link 3.3.3.3 Configuration of device C:...
Page 345: Bgp Configuration
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration BGP Configuration The BGP (Border Gateway Protocol) is an EGP (Exterior Gateway Protocol) to communicate with the routers of different autonomous systems, whose main function is to switch the network availability information among different Autonomous Systems (AS) and eliminate the routing lookback by the protocol mechanism itself.
Page 346: Operating Bgp Protocol
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide BGP Route Aggregate Supported  BGP Route Dampening Supported  BGP Routing Reflector Supported  AS Confederation Supported  BGP Soft Reset Supported  29.1 Operating BGP Protocol To operate the BGP function, execute the following operations in the privileged mode: Command Meaning Router# configure terminal...
Page 347: Inject Route Information To Bgp Protocol
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration TCP MD5 Authentication Used Keepalive Time 60seconds Holdtime 180seconds Timer ConnectRetry Time 120seconds AdvInterval(IBGP) 15seconds AdvInterval(EBGP) 30seconds Path Attribute LOCAL_PREF Route Aggregate Status Suppress Limit 2000 Routing Half-life-time 15minutes Dampening Reuse Limit Max-suppress-time 4*half-life-time Status...
Page 348 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide To inject the network information advertised by the BGP Speaker to its BGP Speaker by means of the Network commands by manual, execute the following operations in the BGP configuration mode: Command Meaning Router(config-router)# network (Optional) Configure the network to inject the BGP...
Page 349: Configuring Bgp Peer (Group) And Its Parameters
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration 29.4 Configuring BGP Peer (Group) and Its Parameters For the BGP is an external gateway protocol (EGP), it is necessary for the BGP Speakers to know who is their peer (BGP Peer). It is mentioned in the overview of the BGP protocol that two modes can be used to set up the connection relationship among BGP Speakers, such as IBGP (Internal BGP) and EBGP (External BGP).
Page 350 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide To configure the peer of the BGP Speakers or the optional parameter of the peer group, Execute the following operations in the BGP configuration mode: Command Meaning DGS-3610(config-router)# neighbor (Optional) Configure the network interfaces to establish {address | peer-group-name} the BGP Session with specified BGP peer (groups).
Page 351 DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration Command Meaning Router(config-router)# neighbor {address | peer-group-name} (Optional) Limit the number of the route information received from specified BGP peer (group). maximum-prefix maximum [warning-only] Router(config-router)# neighbor (Optional) Configure to implement the routing strategy {address | peer-group-name} according to the access list when the route information is received from and sent to specified BGP peer...
Page 352 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide By default, each member of the peer group will inherit all configurations of the peer group. However, each member is allowed to configure the optional configurations which have no effect on the output update independently, to replace the unified configuration of the peer group.
Page 353: Configuring Management Policy For Bgp
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration To disable the connection established with specified peer (group) and reserve the configuration information set for this specified peer (group), use the neighbor shutdown command. If such configuration information Caution is not required again, use the no neighbor [peer-group] command. 29.5 Configuring Management Policy for BGP Once the routing policy (including the distribute-list, neighbor route-map, neighbor...
Page 354: Configuring Synchronization Between Bgp And Igp
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide Command Meaning (Optional) Restart the BGP session and reserve the unchanged route information sent by the BGP peer Router(config-router)# neighbor (group). {address | peer-group-name} Execution of this command will consume more memory. If both parties support the route refreshing soft-reconfiguration inbound performance, it is not necessary to execute this command.
Page 355: Configuring Interaction Between Bgp And Igp
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration To cancel the synchronization mechanism of BGP speakers, execute the following operations in the BGP configuration mode: Command Meaning Router(config-router)# (Optional) Cancel the synchronization of BGP and IGP. noSynchronization Execute the synchronization command to enable the synchronization mechanism. 29.7 Configuring Interaction between BGP and IGP To configure to inject the route information generated by the IGP protocol into the BGP,...
Page 356: Configuring Path Attribute For Bgp
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide Command Meaning (Optional) Configure the Keepalive and Holdtime value to establish the connection with specified BGP peer (group). Router(config-router)# neighbor {address | peer-group-name} times The range of the keepalive is 1~65535s, 60s by default.
Page 357: Next_Hop Attribute Related Configuration
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration Command Meaning (Optional) Configure to implement the route policy according to the route-map when the route information is received from and sent to specified BGP peer Router(config-router)# neighbor (group). {address | peer-group-name} In the route-map configuration mode, you can use the route-map map-tag {in | out} match as-path to operate the AS path attribute by the...
Page 358: Multi_Exit_Disc Attribute Related Configuration
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide This command is not recommended to use under the full mesh network environment (such as Ethernet), for this command will cause the extra hops of the message and increase unnecessary overhead. Caution 29.9.3 MULTI_EXIT_DISC Attribute Related Configuration...
Page 359: Local_Pref Attribute Related Configuration
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration Command Meaning (Optional) Allow to compare with the path of the peers Router(config-router)# bgp from the same AS firstly. By default, they will be compared with by the received sequence, the later deterministic-med received path will be compared with firstly.
Page 360 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide local-as: Indicate this path will not be issued to out of this AS. When the confederation  is configured, this path will not be issued to other autonomous systems or sub autonomous systems. You can control the receiving, priority and distribution of the route information by the community attribute.
Page 361: Other Related Configuration
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration 29.9.6 Other Related Configuration By default, if two paths with full identical path attributes are received from different EBGP Peers during the selection of the optimal path, we will select the optimal path according to the path received sequence.
Page 362: Configuring Route Aggregate For Bgp
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide 29.11 Configuring Route Aggregate for For the BGP-4 supports CIDR, it allows to create the aggregate table item to reduce the BGP route table. Of course, only when there is valid path within the aggregate scope, the BGP aggregate table item will be added to the BGP route table.
Page 363 DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration The rule to implement the route reflector within the AS is shown as follows: Configure the route reflector and specify its client, so the route reflector and other  clients form a cluster. The route reflector establishes the connection relationship with clients.
Page 364: Configuring Route Dampening For Bgp
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide In general, it is not necessary to establish the connection relationship between the clients of the route reflector within the cluster, and the route reflector will reflect the route among clients. However, if the full connection relationship is established for all clients, the function for the route reflector to reflect the client route can be cancelled.
Page 365: Configuring As Confederation For Bgp
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration Command Meaning (Optional) Configure the parameters of the route dampening. Router(config-router)# bgp half-life-time(1-45minutes), 15minutes by default. reuse (1-20000), 750 by default. dampening half-life-time reuse suppress (1-20000), 2000 by default. suppress max-suppress-time max-supress-time (1-255minutes), 4*half-life-time by default.
Page 366: Configuring Management Distance For Bgp
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide attribute information of NEXT_HOP, MED and LOCAL_PREF retains constant when the information is exchanged. To implement the AS confederation, execute the following operations in the BGP configuration mode: Command Meaning Router(config-router)# bgp Configure the AS confederation number.
Page 367: Monitoring Of Bgp
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration It is not recommended to change the management distance of the BGP route. If it is necessary to change, please keep it in mind that: 1. The External-distance should be lower than the management distance of other IGP route protocol (OSPF and RIP).
Page 368: Protocol Independent Configuration
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide 29.17 Protocol Independent Configuration 29.17.1 route-map Configuration The BGP protocol applies the Route-map policy on a large scale. For the configuration of the Route-map policy, refer to the Protocol Independent Configuration part in this manual. 29.17.2 Regular Expression Configuration The regular expression is the formula to match the string according to a certain template.
Page 369: Bgp Configuration Examples
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration *> 211.21.26.0/24 110.110.110.10 0 1000 *> 1.1.1.0/24 192.168.88.250 444 *> 179.98.0.0 192.168.88.250 444 *> 192.92.86.0 192.168.88.250 8883 *> 192.168.88.0 192.168.88.250 444 *> 200.200.200.0 192.168.88.250 777 At present, use the regular expression in the show command. The effect is shown as follows: DGS-3610# show ip bgp regexp __300__ Status codes: s suppressed, d damped, h history, * valid, >...
Page 370: Configuring Bgp Synchronization
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide Router B Router A 192.168.4.3 192.168.5.3 IBGP 192.168.4.2 192.168.5.2 EBGP Router C In this example, the bgp configuration of various devices is shown as follows: Configuration of Device A: router bgp 100 neighbor 192.168.4.2 remote-as 100 Configuration of Device B: router bgp 100...
Page 371: Configuring Neighbors To Use Aspath Filter
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration In the schematics, there is a route p in the router A, which is sent to router C by the IBGP neighbor relationship. If the router C is configured with the BGP synchronization, it is necessary for the router C to wait for the IGP (this example uses the OSPF protocol) to receive the same route information p, so as to send the route p to the EBGP neighbor router D.
Page 372: Configuring Aggregate Route
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide This configuration indicates that only the route which passes through the as-path access-list 2 to filter can be advertised to the neighbor 193.1.12.10, and the advertised route from the neighbor 193.1.12.10 can be received only when it is filtered by the as-path access-list 3.
Page 373: Configuring Confederation
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration The concrete configuration is shown as follows: router bgp 100 aggregate-address 193.0.0.0 255.0.0.0 Configure one aggregate route: router bgp 100 aggregate-address 193.0.0.0 255.0.0.0 as-set The as-path segment of aggregated route is an collection of as: router bgp 100 aggregate-address 193.0.0.0 255.0.0.0 summary-only The aggregated route will not be advertised...
Page 374 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide The configurations of all the devices in this example are as below: The configuration of Router A: router bgp 65530 bgp confederation identifier 100 bgp confederation peers 65531 bgp log-neighbor-changes neighbor 10.0.3.2 remote-as 65530 neighbor 10.0.4.4 remote-as 65530 The configuration of Router B: router bgp 65530...
Page 375 DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration neighbor 10.0.3.2 remote-as 65530 neighbor 10.0.4.4 remote-as 65530 The configuration of Router D: router bgp 65530 bgp confederation identifier 100 bgp confederation peers 65531 bgp log-neighbor-changes neighbor 10.0.2.4 remote-as 65530 neighbor 10.0.3.4 remote-as 65530 neighbor 192.168.5.3 remote-as 65531 neighbor 192.168.12.7 remote-as 200 The configuration of Router E:...
Page 376 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide In this example, the router D is a route reflector. The configurations of all the devices in this example are as below: The configuration of Router A: router bgp 100 bgp log-neighbor-changes neighbor 192.168.5.3 remote-as 100 neighbor 192.168.5.3 description route-reflector server The configuration of Router B:...
Page 377: Configuring Peergroup
DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration router bgp 100 bgp log-neighbor-changes neighbor 192.168.5.12 remote-as 100 neighbor 192.168.5.12 description route-reflector client neighbor 192.168.5.12 route-reflector-client neighbor 192.168.6.5 remote-as 100 neighbor 192.168.6.5 description route-reflector client neighbor 192.168.6.5 route-reflector-client neighbor 192.168.7.7 remote-as 100 neighbor 192.168.7.7 description not the route-reflector client neighbor 192.168.8.13 remote-as 200 The configuration of Router E:...
Page 378 Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide The configuration of Router A: router bgp 100 bgp log-neighbor-changes neighbor ibgp-group peer-group neighbor ibgp-group description peer in the same as neighbor 192.168.6.2 remote-as 100 neighbor 192.168.6.2 peer-group ibgp-group neighbor 192.168.6.2 description one peer in the ibgp-group neighbor 192.168.7.9 remote-as 100 neighbor 192.168.7.9 peer-group ibgp-group The configuration of Router B:...
Page 379 DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration 29.18.7.2 Configuring EBGP peergroup Use the neighbor A.B.C.D remote-as num command to configure an ebgp peer, firstly, take the neighbor external peer-group command to create a peergroup with the name external, and then apply the neighbor A.B.C.D peer-group internal command to add the peer A.B.C.D into the peergroup internal.
Page 380: Configuring Tcp Md5 Code
Chapter 29 BGP Configuration DGS-3610 Series Configuration Guide The configuration of Router A: router bgp 100 bgp log-neighbor-changes neighbor ebgp-group peer-group neighbor ebgp-group distribute-list 2 in neighbor ebgp-group route-map set-med out neighbor 192.168.1.5 remote-as 200 neighbor 192.168.1.5 peer-group ebgp-group neighbor 192.168.2.6 remote-as 300 neighbor 192.168.2.6 peer-group ebgp-group neighbor 192.168.2.6 distribute-list 3 in neighbor 192.168.3.7 remote-as 400...
Page 381 DGS-3610 Series Configuration Guide Chapter 29 BGP Configuration In the following topology, the configurations of MD5 on each router are as below: Figure 29-8 The relationship between the routers is: the as the router A located is 100, the as the router B and router C is 200, the usage of ip address shown in the figure.
Page 383: Protocol-Independent Configuration
DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration Protocol-Independent Configuration 30.1 IP Route Configuration 30.1.1 Configuring Static Routes Static routes are manually configured so that the packets to the specified destination network go through the specified route. When our product cannot learn the routes of some destination networks, it becomes critical to configure static routes.
Page 384: Configuring Default Routes
Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide Route source Default management distance OSPF route RIP route Unreachable route The static routes to the ports can be advertised by such dynamic routing protocols as RIP and OSPF, no matter whether static route redistribution is configured in the routing protocols. These static routes can be advertised by the dynamic routing protocols.
Page 385: Configuring The Number Of Equivalent Routes
DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration Command Function DGS-3610(config)# ip default-network network Configure the default network DGS-3610(config)# no ip default-network network Delete the default network To generate the default routes by using the default-network command, only the following two conditions must be met: 1) The default network is not a directly-connected port network, but is reachable in the routing table.
Page 386 Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide routing area , or those in the RIP routing area to the OSPF routing area. Routes can be redistributed among all the IP routing protocols. In route redistribution, the route maps are often used to enforce conditional control over the mutual route redistribution between two routers.
Page 387 DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration Command Function Match the next-hop address in the Route(config-route-map)# match ip next-hop access list access-list-number […access-list-number] access-list-number : 1-199, 1300-2699, Route(config-route-map)# match ip Match the route source address in the route-source access-list-number access list […access-list-number] Route(config-route-map)# match metric...
Page 388: Configuration Of Route Filtering
Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide At route redistribution, it is not necessary to convert the metric of one routing protocol into that of another routing protocol, since different routing protocols use distinctively different measurement methods. The RIP metric calculation is based on the hops, while the OSPF metric calculation is based on the bandwidth, so their metrics are not comparable.
Page 389 DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration Command Function DGS-3610(config-router)# no distribute-list {[access-list-number | access-list-name] | prefix prefix-list-name [gateway Cancel the prevention of the LSA prefix-list-name] | gateway prefix-list-name } out [interface-type interface-number | protocol] When you configure the OSPF, you cannot specify the interface and the features are only applicable to the external routes of the OSPF routing area.
Page 390 Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide 30.2.3 Configuration Examples: 30.2.3.1 Example of Static Route Redistribution  Configuration requirements: One device exchanges route information with other devices via the RIP. In addition, there are three static routes. The RIP is only allowed to redistribute the two routes of 172.16.1.0/24 and 192.168.1.0/24.
Page 391 DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration Figure 30-1 Example of RIP&OSPF Redistribution The OSPF only redistributes the routes in the RIP routing area and the route type is Type-1. The RIP only redistributes the 192.168.10.0/24 route in the OSPF routing area and its metric is 3.
Page 392 Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide DGS-3610(config-if)# ip address 200.168.23.2 255.255.255.0 #Configure OSPF and set the redistribution route type DGS-3610(config)# router ospf DGS-3610(config-router)# redistribute rip metric 100 metric-type 1 subnets DGS-3610(config-router)# network 192.168.12.0 0.0.0.255 area 0 #Configure the RIP and use the distribute list to filter the redistributed routes DGS-3610(config)# router rip DGS-3610(config-router)# redistribute ospf metric 2 DGS-3610(config-router)# network 200.168.23.0...
Page 393: Configuring Switch Fast Forwarding Ecmp/Wcmp Policy
DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration DGS-3610(config)# router ospf DGS-3610(config-router)# redistribute rip subnets route-map redrip DGS-3610(config-router)# network 192.168.12.0 0.0.0.255 area 0 DGS-3610(config)# access-list 20 permit 200.168.23.0 DGS-3610(config)# route-map redrip permit 10 DGS-3610(config-route-map)# match metric 4 DGS-3610(config-route-map)# set metric 40 DGS-3610(config-route-map)# set metric-type type-1 DGS-3610(config-route-map)# set tag 40 In the following configuration example, the RIP routing protocol redistributes only the OSPF...
Page 394: Selecting The Hash Algorithm
Chapter 30 Protocol-Independent Configuration DGS-3610 Series Configuration Guide SIP+DIP+TCP/UDP port  SIP+DIP+UDF  SIP + TCP/UDP port +UDF  SIP + DIP+TCP/UDP port +UDF  The default keyword has only SIP. 30.3.2 Selecting the Hash Algorithm There are two hash algorithms available: CRC32_Upper Select the upper bits of the crc32 to determine the next hop ...
Page 395 DGS-3610 Series Configuration Guide Chapter 30 Protocol-Independent Configuration DGS-3610(config)#ip ref ecmp load-balance crc32_lower dip port udf 50 30-13...
Page 397: Policy-Based Routing Configuration
DGS-3610 Series Configuration Guide Chapter 31 Policy-Based Routing Configuration Policy-Based Routing Configuration Policy-based routing is a packet forwarding mechanism more flexible than the routing based on the target network. If policy-based routing is used, the router will determine how to process the packets to be routed according to the route map, which determines the next-hop router of the packets.
Page 398 Chapter 31 Policy-Based Routing Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-route-map)# match ip Match the address in the access list address access-list-number DGS-3610(config-route-map)# match length Match the length of the packet Define the operation performed if the match rule is met. To define the operation after matching, execute the following commands in the route map configuration mode: Command...
Page 399 DGS-3610 Series Configuration Guide Chapter 31 Policy-Based Routing Configuration DGS-3610(config-route-map)# match ip address 1 DGS-3610(config-route-map)# set ip next-hop 192.168.5.5 DGS-3610(config-route-map)# int f 0/0 DGS-3610(config-if)# ip policy route-map name To configure the policy-based routing for the packets reaching a router interface, execute the following commands in the interface configuration mode: Command Function...
Page 400 Chapter 31 Policy-Based Routing Configuration DGS-3610 Series Configuration Guide 11. set ip next-hop 12. set ip default next-hop 13. set interface 14. set default interface 15. set tos 16. set preference 17. set dscp Restrictions: 1. On our products with version 10.2, one interface can be configured with only one route map for the maximum.
Page 401: Ipv6 Configuration
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration IPv6 Configuration 32.1 IPv6 Related Information With the quick growth of Internet and the increasing consumption of the IPv4 address space, the limitation of the IPv4 is more obvious. The research and practice of the Internet Protocol Next Generation –...
Page 402 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide play. It should be mentioned that the IPv6 supports such address configuration methods as the stateful and the stateless. In the IPv4, the dynamical host configuration protocol (DHCP) implements the automatic setting of the host IP address and related configuration, while the IPv6 inherits this auto-configuration service of the IPv4 and refers to it as the Stateful Auto-configuration.
Page 403: Ipv6 Address Format
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration ICMPv6 Redirection  Address Conflict Detection  IPv6 Stateless Auto-configuration  IPv6 Address Configuration  IPv6 Route Forwarding, Support Static Route Configuration  Configuration of various parameters for the IPv6 protocol  Diagnosis Tool ping ipv6 ...
Page 404: Type Of Ipv6 Address
Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide 32.1.2 Type of IPv6 Address In RFC2373, there are the following three defined types of IPv6 addresses: Unicast: Identifier of a single interface. The packet to be sent to a Unicast address will ...
Page 405 DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration TLA ID field (Top-Level Aggregation Identifier):  Top-Level Aggregation Identifier, containing toppest address routing information. It refers to the maximum route information in the inter-working. It is 13 bits long and can provide up to 8192 different top level routes.
Page 406 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Site-level Local Addresses The format of the site-level local addresses is shown as follows: | bits 38 bits | 16 bits | 64 bits +-------------+----------------+--------------+---------------------------------------+ |1111111011| | subnet ID | interface ID +-------------+---------------+-------------+-----------------------------------------+ The site-level local address can be taken to transmit the data within the site, and the router will not forward the message of the source address of the destination address with the...
Page 407 DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration | 4 | 4 | 112 bits +----------+----+----+-----------------------------------------------------------------+ |11111111|flgs|scop| group ID +----------+----+----+-----------------------------------------------------------------+ The first byte of the address format is full 1, which denote a multicast address. Flag field:  It consists of 4 bits. At present, only the fourth bit is specified. The bit is used to indicate whether the address is a known multicast address specified by Internet Number Constitution or a temporary multicast address used in a specific condition.
Page 408 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Figure 32-1 IPv6 Unicast or Anycast Address prefix Interface ID Multicast address of the 24bits corresponding requested node FF02 Lower 24 32.1.2.3 Anycast Addresses The anycast address is similar with the multicast address as more than one node shares an anycast address.
Page 409: Ipv6 Packet Header Structure
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration 32.1.3 IPv6 Packet Header Structure The format of the IPv6 packet header is shown as the figure below: Figure 32-3 In the IPv4, all packet headers take 4 bytes as the unit. While in the IPv6, the packet header takes 8 bytes as the unit and the total length of the packet header is 40 bytes.
Page 410: Ipv6 Mtu Discovery
Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Hop Limit:  The length is 8 bits. When one router forwards the packet for one time, this field will reduce 1. If this field is 0, this packet will be discarded. It is similar to the life span field in the IPv4 packet header.
Page 411: Ipv6 Neighbor Discovery
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration Furthermore, when the data packet to be sent is larger than the MTU in the data transmission path, the host will be fragment by itself. This host-fragmented behavior makes it not necessary for the router to process the fragment and save the resource of the IPv6 router, as well as improve the efficiency of the IPv6 network.
Page 412 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide The neighbor solicitation message can also be used to detect the reachability of the neighbor (for the existing neighbor). At this time, the destination address of the neighbor solicitation message is the unicast address of this neighbor. When the link layer address of one node changes, the neighbor advertisement will be sent actively.
Page 413: Ipv6 Configuration
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration The Router Advertisement (RA) is also used to respond to the Router Solicitation (RS) message sent by the host, and the Router Solicitation (RS) message allows the host to obtain the auto-configuration information immediately, but need not to wait the router to send the Router Advertisement (RA) once the host is activated.
Page 414 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Once the interface of IPv6 is created and the link of the interface is in the UP status, the system will automatically generate link-local addresses for the interface. At present, the IPv6 doesn‘t support the configuration of the Caution anycast address.
Page 415: Configuring Redirection Function For Icmpv6
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration ff02:1::1 ff02:1::2 ff02:1::1:ff00:1 MTU is 1500 bytes ICMP error messages limited to one every 10 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds...
Page 416: Configuring Static Neighbor
Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Use the no ipv6 redirects command to close the redirection function. The following is an example to configure the redirection function: DGS-3610(config)# interface vlan 1 DGS-3610(config-if)# ipv6 redirects DGS-3610(config-if)# end DGS-3610# show ipv6 interface vlan 1 Interface vlan 1 is Up, ifindex: 2001 address(es): Mac Address: 00:d0:f8:00:00:01...
Page 417: Configuring Address Conflict Detection
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration DGS-3610(config)# ipv6 neighbor fec0:0:0:1::100 vlan 1 00d0.f811.1234 DGS-3610(config)# end DGS-3610# show ipv6 neighbors verbose fec0:0:0:1::100 IPv6 Address Linklayer Addr Interface fec0:0:0:1::100 00d0.f811.1234 vlan 1 State: REACH/H Age: - asked: 0 32.2.4 Configuring Address Conflict Detection This section describes how to configure address conflict detection times.
Page 418: Configuring Other Interface Parameters Of Routers
Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide DGS-3610(config)# interface vlan 1 DGS-3610(config-if)# ipv6 nd dad attempts 3 DGS-3610(config-if)# end DGS-3610# show ipv6 interface vlan 1 Interface vlan 1 is Up, ifindex: 2001 address(es): Mac Address: 00:d0:f8:00:00:01 INET6: fe80::2d0:f8ff:fe00:1 , subnet is fe80::/64 INET6: fec0:0:0:1::1 , subnet is fec0:0:0:1::/64 Joined group address(es): ff01:1::1...
Page 419: Ipv6 Monitoring And Maintenance
DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration Command Meaning preferred-lifetime] | [at valid-date preferred-date] | infinite | no-advertise]] (Optional) Set the TTL of the router in the router advertisement (RA) message, namely the time as ipv6 nd ra-lifetime the default router. When the setting is 0, it indicates seconds that it will not act as the default router of the direct-connected network.
Page 420 Chapter 32 IPv6 Configuration DGS-3610 Series Configuration Guide Command Meaning show ipv6 neighbors [verbose] Show the neighbor information. [interface-id] [ipv6-address] show ipv6 route [static] [local] Show the information of the IPv6 route table. [connected] View the IPv6 information in an interface. DGS-3610# show ipv6 interface interface vlan 1 is Down, ifindex: 2001 address(es):...
Page 421 DGS-3610 Series Configuration Guide Chapter 32 IPv6 Configuration IPv6 Address Linklayer Addr Interface fe80::200:ff:fe00:1 0000.0000.0001 vlan 1 State: REACH/H Age: - asked: 0 fec0:1:1:1::1 0000.0000.0001 vlan 1 State: REACH/H Age: - asked: 0 32-21...
Page 423: Ipv6 Tunnel Configuration
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration IPV6 Tunnel Configuration 33.1 Overview The IPv6 is designed to inherit and replace the IPv4. However, the evolution from the IPv4 to the IPv6 is a gradual process. Therefore, before the IPv6 completely replaces the IPv4, it is inevitable that these two protocols coexist for a period.
Page 424: Ipv6 Manually Configured Tunnel
Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide The structure formed by connecting isolated IPv6 networks with the IPv6 tunnel technology is not the final network architecture of the IPv6. The technology is only for transition. Caution The model to use the tunnel technology is shown in the following figure: Figure 33-1 IPv6 Message Data IPv6 Message Header...
Page 425 DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration be configured on the Area Border Router of an isolated IPv6 network. For each packet, it automatically builds a tunnel connecting the Area Border Router in another IPv6 network. The destination address is the IPv4 address of the Area Border Router in the IPv6 network on the other end.
Page 426: Isatap Tunnel
Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide 33.1.4 ISATAP Tunnel Intra-site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv6 tunnel technology by which an intra-site IPv6 architecture takes an IPv4 network as one nonbroadcast multi-access (NBMA) link layer, namely taking an IPv4 network as the virtual link layer of the IPv6.
Page 427: Ipv6 Tunnel Configuration
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration For example, the IPv6 prefix is 2001::/64 and the embedded IPv4 address is 192.168.1.1. In the ISATAP address, the IPv4 address is denoted as the hexadecimal numeral of C0A8:0101. Therefore, its corresponding ISATAP address is as follows: 2001::0000:5EFE:C0A8:0101 33.2 IPv6 Tunnel Configuration 33.2.1...
Page 428: Configuring 6To4 Tunnel
Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide Command Meaning Specify the IPv4 source address or referenced source tunnel source interface number of a tunnel. {ip-address | type Note: If you specify an interface, the IPv4 address must have been configured on the interface. tunnel destination Specify the destination address of a tunnel.
Page 429: Configuring Isatap Tunnel
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration Command Meaning interface tunnel Specify a tunnel interface number to create a tunnel interface and enter the interface configuration mode. tunnel-num tunnel mode ipv6ip Specify that the type of a tunnel is the 6to4 tunnel. 6to4 Enable the IPv6 function of the interface.
Page 430 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide The reason is that the last 32 bits of the interface identifier in the IPv6 address are composed of theIPv4 address of the interface referenced by the tunnel source address. Refer to the above chapters and sections for more information about ISATAP address formats.
Page 431: Verifying Ipv6 Tunnel Configuration And Monitoring
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration Command Meaning By default, it is disabled to send router advertisement packets on an interface. Enable the function with the no ipv6 nd suppress-ra command, allowing automatic configuration of the ISATAP host. Return to the privileged EXEC mode.
Page 432 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide Command Meaning View the IPv6 router table. show ipv6 route View the information of a tunnel interface. DGS-3610# show interface tunnel 1 Tunnel 1 is up, line protocol is Up Hardware is Tunnel, Encapsulation TUNNEL Tunnel source 192.168.5.215 , destination 192.168.5.204 Tunnel protocol/transport IPv6/IP Tunnel TTL is 9...
Page 433: Ipv6 Tunnel Configuration Instances
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration 33.4 IPv6 Tunnel Configuration Instances The following chapters/sections introduce IPv6 tunnel configuration instances. Manual IPv6 Tunnel Configuration Instance  6to4 Tunnel Configuration Instance  ISATAP Tunnel Configuration Instance  Configuration Instance for Composite Application of ISATAP and 6to4 Tunnels ...
Page 434 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide interface FastEthernet 2/2 no switchport ipv6 address 2001::1/64 no ipv6 nd suppress-ra (optional) #Configure manual tunnel interface interface Tunnel 1 tunnel mode ipv6ip ipv6 enable tunnel source FastEthernet 2/1 tunnel destination 211.1.1.1 #Configure the router to the tunnel ipv6 route 2005::/64 tunnel 1 RT-B configuration...
Page 435: 6To4 Tunnel Configuration Instance
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration 33.4.2 6to4 Tunnel Configuration Instance Figure 33-5 As shown in the above figure, using a 6to4 tunnel, an IPv6 network (6to4 site) accesses the IPv6 backbone network (6bone) via the 6to4 relay router. With the 6to4 tunnel technology, isolated IPv6 networks can be interconnected and be accessed to the IPv6 backbone network via the 6to4 relay router very easily.
Page 436 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide no ipv6 nd suppress-ra # Configure the 6to4 tunnel interface interface Tunnel 1 tunnel mode ipv6ip 6to4 ipv6 enable tunnel source FastEthernet 0/1 # Configure the route to the tunnel ipv6 route 2002::/16 Tunnel 1 # Configure the route to the 6to4 relay router to access 6bone ipv6 route ::/0 2002:c058:6301::1 ISP 6to4 Relay Router configuration...
Page 437: Isatap Tunnel Configuration Instance
DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration 33.4.3 ISATAP Tunnel Configuration Instance Figure 33-6 The configuration on the tunneling interface (the ISATAP address to be automatically configured) FF02 : :1 the ISATAP address to be automatically configured As shown in the above figure, it is one typical topology by use of an ISATAP tunnel. The ISATAP tunnel is used to communicate between isolated IPv4/IPv6 dual stack hosts inside the IPv4 site.
Page 438: Configuration Instance For Composite Application Of Isatap And 6To4 Tunnels33-16
Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide ip address 192.168.1.1 255.255.255.0 # Configure the isatap tunnel interface interface Tunnel 1 tunnel mode ipv6ip isatap tunnel source FastEthernet 0/1 ipv6 address 2005:1::/64 eui-64 no ipv6 nd suppress-ra # Connect the interfaces of the IPv6 network interface FastEthernet 0/2 no switchport ipv6 address 3001::1/64...
Page 439 DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration In the above figure, it is an instance of composite application of 6to4 tunnel and ISATAP tunnels. With the 6to4 tunnel technology, various 6to4 sites are interconnected and the 6to4 site accesses the Cernet network via the 6to4 relay router.
Page 440 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide interface Tunnel 2 tunnel mode ipv6ip 6to4 ipv6 enable tunnel source GigabitEthernet 0/1 # Configure the route to the 6to4 tunnel ipv6 route 2002::/16 Tunnel 2 # Configure the routeto the 6to4 relay router RT-D to access the Cernet network ipv6 route ::/0 2002:d3a2::0901::1 RT-B configuration: # Connect the interfaces of the Internet...
Page 441 DGS-3610 Series Configuration Guide Chapter 33 IPV6 Tunnel Configuration interface GigabitEthernet 0/1 no switchport ip address 211.162.7.1 255.255.255.0 # Connect the interfaces of the IPv4 network inside the site interface FastEthernet 0/1 no switchport ip address 192.168.0.1 255.255.255.0 # Configuer the isatap tunnel interface interface Tunnel 1 tunnel mode ipv6ip isatap tunnel source FastEthernet 0/1...
Page 442 Chapter 33 IPV6 Tunnel Configuration DGS-3610 Series Configuration Guide tunnel source GigabitEthernet 0/1 #Configure the route to the 6to4 tunnel ipv6 route 2002::/16 Tunnel 1 33-20...
Page 443: Ospfv3 Configuration
DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration OSPFv3 Configuration OSPF V2 (RFC2328, OSPFv2) runs under the IPv4. The RFC2740 describes OSPF V3 (OSPFv3) and its extended OSPFv2 protocol and provides support for IPv6 routes. This document briefly describes the OSPFv3 protocol and the configuration for running the OSPFv3.
Page 444 Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide can be generated. Thus, when performing the SPF calculation, we must consider all the Router-LSAs generated by the device. Router-LSAs and Network-LSAs describe the link topology of areas together. Through the flag bits on Router-LSAs, we can know whether the routers are Area Border Routers (ABR), AS boundary routers (ASBR) or those at one end of a virtual link.
Page 445: Interface Configuration
DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration Associate router-LSAs and record the prefix information about routers in the current area, all Loopback interfaces, point-to-point links, point-to-multipoint links, virtual links and stub networks. Other main changes of LSA association: LSA flooding scope change ...
Page 446: Authentication Mechanism Setting
Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide 34.1.4 Authentication Mechanism Setting The OSPFv2 itself supports two authentication modes: plain text authentication and key authentication based on MD5. The OSPFv3 itself does not provide any authentication. It will use the IPSec authentication mechanism. In the future, we will support the IPSec authentication mechanism.
Page 447 DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration Router ID Undefined Virtual Link Undefined hello packet sending interval 10 seconds Virtual Link Dead interval: 4 times of the hello packet interval. LSA sending delay 1 second LSA retransmit interval. 5 seconds Area Undefined Area Configuration...
Page 448: Configuring Ospfv3 Interface Parameters
Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide To run the OSPFv3, follow these steps in the privileged mode: Command Function Enter the global configuration mode. configure terminal Start the OSPFv3 route process and ipv6 router ospf process-id enter the OSPFv3 configuration mode. Configure the Router ID used when this router-id router-id device runs the OSPFv3.
Page 449 DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration Command Function ipv6 ospf process-id area Configure the interface to participate in area-id [instance-id the OSPFv3 routing process. instance-id] ipv6 ospf network {broadcast | non-broadcast | point-to-point | Set the network type of an interface. point-to-multipoint The default is the broadcast network type.
Page 450: Configuring Ospfv3 Area Parameters
Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide You can modify the parameter setting of an interface based on actual needs. However, be sure that the settings of some parameters must be identical to those of neighbors. Otherwise, it is impossible to establish the adjacency relation.
Page 451: Configuring Ospfv3 Virtual Connection
DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration Command Function Configure a stub area. no-summary: configure the area to a totally stub area area-id stub [no-summary] area, blocking inter-stub-area Area Border Routers to send type 3 information into the stub area.
Page 452: Configuring Ospfv3 Route Information Convergence
Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide 1. It is not allowed to create a virtual connection in the stub area and NSSA. 2. A virtual connection can be taken as a special interface, so its configuration is the same to that of a normal interface. You must Caution ensure that the configurations of instance, hello-interval and dead-interval are the same.
Page 453: Configuring Ospfv3 Timer
DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration For example, if the bandwidth reference value of an interfaces is 100 Mbps and the bandwidth of network interfaces is 10Mbps, the automatically calculated interface cost value of the network interface is 100/10=10. Currently, the default value of the network interface bandwidth is 100 Mbps.
Page 454: Configuring Ospfv3 Passive Interface
Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide To configure the OSPFv3 route redistribution, run the following commands in the OSPFv3 configuration mode: Command Function Redistribute routes from one routing protocol to redistribute protocol another. You can reset the conditions for [metric metric-value] redistribution.
Page 455: Ospfv3 Debug Command
DGS-3610 Series Configuration Guide Chapter 34 OSPFv3 Configuration 34.8.1 OSPFv3 Debug Command In the privileged configuration mode, execute the following commands to start the debug commands of the OSPFv3 process: Command Function Show the OSPFv3 event information. debug ipv6 ospf event Show interface state machine events and debug ipv6 ospf ifsm changes.
Page 456 Chapter 34 OSPFv3 Configuration DGS-3610 Series Configuration Guide Command Function show ipv6 ospf neighbor[process-id] Show the neighbor information of the OSPFv3 [detail] [neighbor-id | interface-type process. interface-number [neighbor-id]] show ipv6 ospf [process-id] route Show the OSPFv3 route information. show ipv6 ospf [process-id] topology Show each area topology of the OSPFv3.
Page 457: Ip Multicast Routing Configuration
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration IP Multicast Routing Configuration 35.1 Overview This chapter describes how to configure multicast routing protocols. For a complete description of the IP multicast routing commands, please refer to other chapters IP Multicast Routing Commands.
Page 458: Igmp Overview
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide IGMP is used between the hosts and routers in a LAN to track relations between group  members.. PIM-DM is a dynamic multicast routing protocol, which is used between routers for ...
Page 459 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration 35.1.2.2 IGMPV2 In Version 2, there are only four packet types:  Membership query  Version 1 membership report  Version 2 membership report  Leave group The process is basically the same as that of version 1, except that the leave mechanism of the host has been improved.
Page 460 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide 35.1.2.3 IGMPV3 In the applications of the IGMPV1 and V2, there are the following defects: Lack of effective measures to control multicast sources  Difficult to establish the multicast path due to the unknown location of the multicast ...
Page 461 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration If the equipment in the network supports IGMP v3, host A wants to receive the traffic from S1 only, it can send the IGMPv3 packet of join G include S1. If host B wants to receive the traffic from S2 only, it can send the IGMPv3 packet of join G include S2.
Page 462: Pim-Dm Overview
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide The process of IGMP Version3 is similar to that of the IGMP Version2. IGMP Version3 is downward compatible with IGMP Version1 and IGMP Version2. 35.1.3 PIM-DM Overview The protocol independent multicast (PIM) is designed by the IDMR work group. As indicated by its name, the PIM does not rely on a certain unicast routing protocol.
Page 463: Pim-Sm Overview
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration active to send a prune message to upstream without waiting for timeout of upstream pruning state so as to enable pruning to forwarding state. As long as Source S can still send messages to Group G, the first hop switch will periodically send (S,G) a state refresh message to initial broadcast tree to finish the refreshing.
Page 464 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Figure 35-4 Join Mechanism of PIM-SM Explicitly Sender (*,G) Joining to Share tree (S,G) Registration Unicast (S,G) Joining to Source tree (S,G) Registration Unicast stopped Data flow Receiver The PIM-SM will forward the multicast data packet by establishing the multicast distribution tree.
Page 465 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration group address. The BSR message is sent hop-by-hop within the whole domain. The device receives and saves these BSR message. If the DR receives the member relationship report of some group from the direct connection host and there is no routing item of this group, the DR will use one Hash algorithm to map the group address to one candidate RP that can serve for this group.
Page 466: Basic Configuration Of The Multicast Routing
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide multicasts them, and sets the TTL to 1. In this way, the GSR message is received by all devices hop-by-hop. Since the messages contain the IP address of the BSR, the candidate BSR can know which router is the current RP based on this message.
Page 467: Enabling Igmp
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Command Purpose Enter the interface that needs to run PIM-DM and enable PIM-DM multicast routing process in the ip pim dense-mode interface configuration mode. It demonstrates how to configure PIM-DM on FastEthernet0/1 in the following example. ip multicast-routing interface FastEthernet 0/1 ip address 172.16.8.1 255.255.255.0...
Page 468 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Purpose Configure TTL threshold at the interface. ip multicast ttl-threshold ttl-value 35.6.1.2 Configuring IP Multicast Boundary Execute ip multicast boundary to configure multicast boundary of an interface and execute no ip multicast boundary to disable the configured boundary.
Page 469: Configuring Igmp
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration In the global configuration mode, execute the following command to configure multicast static route. Command Purpose ip mroute source-address mask Configure multicast static route {interface-type interface-number} [distance] The following example shows boundary configuration on FastEthernet 5/2. interface FastEthernet 5/2 ip multicast boundary acl ip access-list standard acl...
Page 470 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide 35.6.2.2 Adding Membership Information on Routers Statically Sometimes the subnet connected to an interface has no host that can send IGMP member reports, but you still want the switch to forward the multicast packets of one group to the subnet.
Page 471: Configuring Query Count Of The Last Member
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration 35.6.3 Configuring Query Count of the Last Member When the packet of leaving group is received, the querier sends the specific membership query to verify whether there is any member in the group. By default the period is 2. Run the following commands for configuration in the interface mode: Command Function...
Page 472: Configuring The Maximum Response Interval
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Execute the command no ip igmp query-interval to restore the default configuration. 35.6.6 Configuring the Maximum Response Interval The membership query packet sent by the querier requires the maximum response interval. Interval decreasing can make the device know the change of the members quickly, which will result in increase of the member reports diffusing in the network.
Page 473 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration when exceeding the limit configured for the interface or globally. Run the following commands in the interface mode: Command Function Configure the IGMP Status quantity limit globally. DGS-3610(config) # ip igmp limt number Range: 1-65536 Configure the IGMP status quantity limit on the DGS-3610(config-if) # ip igmp limit...
Page 474: Configuring Immediate Group Leaving
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide When ACL is located from 1 to 99, IGMP v1/v2/v3 will only match group (g). When ACL is 100-199, IGMP v1 / v2 will match (source IP of 0.0.0.0, group IP). When ACL is located in 100-199, IGMP v3 will match (source ip, group ip), For source ip, indicates the source ip of IGMP v3 report packet.
Page 475: Configuring Igmp Mroute - Proxy
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration interface will judge the member information maintained itself is connected from the interface with mroute-proxy. Hence, the configuration of proxy-server is equal that this interface only executes the host behavior, but not executes the router behavior. Execute the following commands in the interface mode: Command Function...
Page 476: Clearingup Dynamic Group Membership In Igmp Cache From Response Message
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config)# ip igmp ssm-map static All groups that comply with acl 11 will be mapped into the source address 192.168.2.2. 11 192.168.2.2 35.6.14 ClearingUp Dynamic Group Membership in IGMP Cache from Response Message To clear up dynamic group member information acquired from response message which is stored in IGMP cache, execute the following command in the privilege mode:...
Page 477: Showing The Configuration Information Of The Igmp Interface
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Command Function DGS-3610# show ip igmp groups Show the details of the specified member in the A.B.C.D directly-connected subnets. Detail Show the information of the specified interface in the DGS-3610# show ip igmp interface directly-connected subnets.
Page 478: Show The Configuration Information Of Igmp Ssm-Map
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide igmp last member query counter is 7 igmp last member query interval is 255 1/10seconds igmp has 5 different config in this interface igmp nif learnt mem num is 0 igmp nif limit num is 1024 igmp other querier interval is 255 igmp querier ip is 192.11.11.11...
Page 479: Configuring Pim-Dm
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Command Function DGS-3610# debug ip igmp fsm Turn on IGMP debug final-state-machine switch DGS-3610# debug igmp tib Turn on IGMP debug tree switch. DGS-3610# debug ip igmp warnning Turn on IGMP debug warning switch. You can use no debug ip igmp to disable the degugging information swith of IGMP.
Page 480 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide To configure the sending interval of Hello message, please execute the following commands in the interface mode: Command Function DGS-3610(config-if)# ip pim Set the sending interval of the Hello message on the interface as seconds (unit: sec).
Page 481 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration 35.6.21.4 Configuring PIM Neighbor Filtering The function of neighbor filtering can be enabled on the interface to enhance the network security. When the neighbor filtering is configured, if a neighbor is refused by the neighbor filtering access list, the PIM-DM either refuses to establish the connection with the neighbor or terminates the established connection with the neighbor.
Page 482 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Function Enable the processing and forwarding of the PIM-DM no ip pim state-refresh status update messages disable The status renew function is enabled by default. Disabling the status update messages may cause the re-convergence of the converged PIM-DM multicast forward tree, resulting in unnecessary bandwidth waste and routing table vibration.
Page 483: Configuring Pim-Sm
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Show the status of PIM-DM Command Function show ip pim dense-mode interface [ interface-type interface-number ] Show the PIM-DM interface information. [ detail ] show ip pim dense-mode neighbor Show the PIM-DM neighbor information. [interface-type interface-number] For detailed using guide of above-mentioned commands, please refer to the Command Reference of PIM-DM.
Page 484 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Enabling PIM-SM (required)  Configuring the Hello message sending interval (optional)  Configuring PIM-SM neighbor filtering (optional)  Configuring the priority of specified device DR (optional)  Configuring the candidate BSR status (optional) ...
Page 485 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Enabling the PIM-SM is effective only when the multicast routing is enabled in the global configuration mode. During the execution of this command, if the prompt "Failed to enable PIM-SM on <Interface Name>, resource temporarily unavailable, please try again"...
Page 486 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Function Disabling the function of PIM neighbor filtering in no ip pim neighbor-filter access-list current interface. By default, the neighbor filtering function is disabled in the interface. ip pim neighbor-filter command description: When the associated ACL rule is set to permit, only the neighbor address in the ACL list can be regarded as the PIM neighbor of the current interface.
Page 487 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration 35.6.22.7 Configure the Static RP In a small-scale network, you can use the static RP to use the PIM-SM, which requires that the static RP configuration of all devices in the PIM-SM domain must be consistent to ensure the uniqueness of PIM-SM multicast routes.
Page 488 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide 35.6.22.8 Configuring Candidate RP The configured candidate RP can be sent to the BSR by certain interval and then flooded to all the PIM-SM devices in the domain, thus ensuring the uniqueness of RP mapping. Please execute the following commands in the global configuration mode: Command Function...
Page 489 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Command Function ip pim rp-candidate Use the candidate RP to configure this device IFNAME (PRIORITY) (INTERVAL) (GROUPLIST) Cancel the candidate RP configuration no ip pim rp-candidate 35.6.22.11 Configuring the Speed Limit on the Sending of RP This command configures the speed for the DR to send the RP.
Page 490 Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Function ip pim register-source Configure the source address used in RP [SOURCEADDRESS | IFNAME] Set the RPF interface address as the source address of no ip pim register-source 35.6.22.14 Configure the RP Suppression Time This command configures the RP suppression time.
Page 491 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration Command Function Allow the last-hop device to switch from the shared tree ip pim spt-threshold to the shortest path tree Disable this function no ip pim spt-threshold 35.6.22.17 Switching the last-hop device from shared tree to the shortest path tree in multiple multicast groups The last-hop device is allowed to switch from the shared tree to the shortest path tree in...
Page 492: Multicast Routing Configuration Examples
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide Command Function Execute this command to show the RP information show ip pim sparse-mode rp-hash selected. A.B.C.D Show the group-RP mapping information and RP show ip pim sparse-mode rp settings mapping Show the next hop of PIM-SM from NSM.
Page 493: Pim-Sm Configuration Example
DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration 35.7.1.2 Device Configuration Take the device 1 as an example to show how to configure PIM-DM. The steps of device 2 and 3 are similar to device 1. Step 1: Enable multicast router DGS-3610# configure terminal DGS-3610(config)# ip multicast-routing Step 2: Enable PIM-DM in the interface eth0...
Page 494: Bsr Configuration Examples
Chapter 35 IP Multicast Routing Configuration DGS-3610 Series Configuration Guide route rip network 192.168.21.0 network 192.166.1.0 network 192.166.100.0 version 2 ip pim-sm bsr-candidate Loopback0 30 201 ip pim-sm rp-candidate Loopback0 ROUTER_B: ip multicast-routing interface Ethernet0/1 ip address 192.168.200.144 255.255.255.0 ip pim-sm ip pim-sm dr-priority 200 interface Serial0/0 ip address 192.168.21.144 255.255.255.0...
Page 495 DGS-3610 Series Configuration Guide Chapter 35 IP Multicast Routing Configuration router rip network 192.168.21.0 network 192.168.100.0 ip pim-sm bsr-candidate Loopback0 30 201 ROUTER_B: ip multicast-routing interface Loopback0 ip address 192.168.100.144 255.255.255.0 ip pim-sm interface Ethernet0/1 ip address 192.168.200.144 255.255.255.0 ip pim-sm ip pim-sm bsr-candidate Loopback0 30 35-39...
Page 497: Port-Based Flow Control Configuration
DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration Port-Based Flow Control Configuration 36.1 Storm Control 36.1.1 Overview Excessive broadcast, multicast or unicast packets with unknown names in LAN will result in slow network speed and considerably increased possibility of packet transmission timeout. This is called LAN storm.
Page 498: Viewing The Enable Status Of Storm Control
Chapter 36 Port-Based Flow Control Configuration DGS-3610 Series Configuration Guide Command Function broadcast: Enable the broadcast storm control function. multicast: Enable the unknown multicast storm control function. DGS-3610(config-if)# storm-control unicast: Enable the unknown unicast storm control function. {broadcast | multicast | unicast} percent: Set according to the bandwidth percentage, for [{ level percent | pps packets | example, 20 means 20%...
Page 499: Protected Port
DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration GigabitEthernet 0/2 Disabled Disabled Disabled none GigabitEthernet 0/3 Disabled Disabled Disabled none GigabitEthernet 0/4 Disabled Disabled Disabled none GigabitEthernet 0/5 Disabled Disabled Disabled none GigabitEthernet 0/6 Disabled Disabled Disabled none GigabitEthernet 0/7 Disabled Disabled...
Page 500: Configuring Protected Ports
Chapter 36 Port-Based Flow Control Configuration DGS-3610 Series Configuration Guide 36.2.2 Configuring Protected Ports Set one port as the protection port: Command Function Set this interface as a protected port DGS-3610(config-if)# switchport protected You can reset a port as unprotected port with interface configuration command no switchport protected.
Page 501: Port Security
DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration You can use the command of show interfaces switchport to view the configuration of protected port. DGS-3610# show interfaces gigabitethernet 0/3 switchport Interface Switchport Mode Access Native Protected VLAN lists --------- ---------- ---- ------ ----- --------...
Page 502: Configuring Port Security
Chapter 36 Port-Based Flow Control Configuration DGS-3610 Series Configuration Guide 36.3.2 Configuring Port Security 36.3.2.1 Default Configuration of Port Security The table below shows the default configuration of port security: Item Default Configuration Port security switch The port security function is disabled for all the ports. Maximum number of security addresses Security address None...
Page 503 DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration Command Function Set the maximum number of security addresses on the DGS-3610(config-if)# switchport interface. The range is between 1 and 1000 and the default port-security maximum value value is 128. Set the violation handling mode: protect: Protected port.
Page 504 Chapter 36 Port-Based Flow Control Configuration DGS-3610 Series Configuration Guide Command Function Manually configure the security address on the DGS-3610(config-if)# switchport interface. port-security mac-address mac-address ip-address (optional): IP address bound up with the [ip-address ip-address] security address. In the interface configuration mode, you can execute the command no switchport port-security mac-address mac-address to delete the security address of this interface.
Page 505 DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration In the interface configuration mode, execute no switchport port-security aging time to disable the port security aging. Execute the no switchport port-security aging static to apply the aging time only to dynamically learned security address. The example below describes how to configure the port security aging time on interface Gigabitethernet 0/3.
Page 506: Viewing Port Security Information
Chapter 36 Port-Based Flow Control Configuration DGS-3610 Series Configuration Guide 36.3.3 Viewing Port Security Information In the privileged mode, you can view the security information of a port with the following commands. Command Function DGS-3610#show port-security View the port security configuration information of an interface.
Page 507 DGS-3610 Series Configuration Guide Chapter 36 Port-Based Flow Control Configuration Gi0/1 Restrict Gi0/2 Restrict Gi0/3 Protect 36-11...
Page 509: Configuration Of 802.1X
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Configuration of 802.1X This chapter describes the contents related to the AAA service configurations. The 802.1X is used to control the authentication over network access of users, and provide authorization and accounting functions for users. This chapter includes: Overview ...
Page 510: Device Roles
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Before the client passes the authentication, only the EAPOL (Extensible Authentication Protocol over LAN) packets can be transmitted over the network. After successful authentication, normal data flows can be transmitted over the network. By using 802.1x, our devices provide Authentication, Authorization, and Accounting (AAA).
Page 511: Authentication Initiation And Packet Interaction During Authentication
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Authenticator:  The authenticator is usually an access device like the switch. The responsibility of the device is to control the status of the connection of a client to the network according to the current authentication status of that client.
Page 512: States Of Authorized Users And Unauthorized Users
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Figure 37-2 Work station (client) Switch Authorized Users Unauthorized Users This is a typical authentication process initiated by users (in some special cases, the switch can actively initiate authentication request, whose process is the same as that shown in the diagram, except that it does not contain the step where the user actively initiates the request).
Page 513: Topologies Of Typical Applications
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X On an 802.1X-enabled device, all ports are uncontrolled ports by default. We can set a port as a controlled port, to impose authentication over all the users under that port. When a user has passed authentication (the switch has received success packets from the RADIUS Server), the user is authorized and therefore can freely use network resources.If the user fails in the authentication and remains in the unauthenticated status, it is possible to initiate authentication once again.
Page 514 Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide This solution is described as below: Requirements of this solution:  The user supports 802.1X. That is, it is installed with the 802.1X client (Windows XP carried, Star-supplicant or other IEEE802.1X-compliant client software). The access layer device supports IEEE 802.1X.
Page 515 DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X B. The 802.1X-enabled device is used as the convergence layer device Figure 37-4 Backbone layer Win2000 Radius server equipment Set the port to Convergence layer be an equipment (Supporting uncontrolled port 802.1x authenticator) Access layer equipment (Be able to transparently...
Page 516: Configuring 802.1X
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Characteristics of this solution:  The convergence layer device must be of high quality since the network is large and numerous users are connected, since any of its fault may cause the failures of accessing the network.
Page 517: Default Configuration Of 802.1X
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Configuring On-line Client Probe  Configuring the Option Flag for EAPOL Frames to Carry TAG  37.2.1 Default Configuration of 802.1X The following table lists some defaults of the 802.1X Item Default Authentication DISABLE...
Page 518: Configuring The Communication Between The Device And Radius Server
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide You cannot enable 1X authentication for Aggregate Port.  If the 1x function is enabled on only one port of a switch, all the ports will send the 1x  protocol packets to the CPU. 37.2.3 Configuring the Communication Between the Device and Radius Server...
Page 519: Setting The 802.1X Authentication Switch
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X following example sets the Server IP to 192.168.4.12, authentication UDP port to 600, and the key to agreed password: DGS-3610# configure terminal DGS-3610(config)# radius-server host 192.168.4.12 DGS-3610(config)# radius-server host 192.168.4.12 auth-port 600 DGS-3610(config)# radius-server key MsdadShaAdasdj878dajL6g6ga DGS-3610(config)# end The officially agreed authentication UDP port is 1812.
Page 520: Enabling/Disabling The Authentication Of A Port
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide DGS-3610(config)# aaa authentication dot1x authen group radius DGS-3610(config)# dot1x authentication authen DGS-3610(config)# end DGS-3610# show running-config aaa new-model aaa authentication dot1x authen group radius username DGS-3610 password 0 starnet radius-server host 192.168.217.64 radius-server key 7 072d172e071c2211 dot1x authentication authen interface VLAN 1...
Page 521: Enabling Timing Re-Authentication
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function Set the port to be a controlled port (enable interface authentication). You can use the no option of the dot1x port-control auto command to disable the authentication of the interface.
Page 522: Changing The Quiet Time
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide The following example enables re-authentication and sets the re-authentication interval to 1000 seconds. DGS-3610# configure terminal DGS-3610(config)# dot1x re-authentication DGS-3610(config)# dot1x timeout re-authperiod 1000 DGS-3610(config)# end DGS-3610# show dot1x 802.1X Status: Disabled Authentication Mode: EAP-MD5...
Page 523: Setting The Packet Retransmission Interval
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X 37.2.8 Setting the Packet Retransmission Interval After the device sends the EAP-request/identity, it resends that message if no response is received from the user within a certain period. By default, this value is 3 seconds. You should modify this value to suit the specific network size.
Page 524: Setting The Maximum Number Of Re-Authentications
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide DGS-3610#show dot1x You can use the no dot1x max-req command to restore the maximum number of packet re-transmissions to its default. The following example sets the maximum number of packet retransmissions to 5: DGS-3610# configure terminal DGS-3610(config)# dot1x max-req 5 DGS-3610(config)# end...
Page 525: Configuring Acti Ve Initiation Of 802.1X Authentication
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function Set the maximum response time of the Radius Server. You can use the no option of the command dot1x timeout server-timeout seconds to restore it to its default. Return to the privileged mode. Save the configuration.
Page 526 Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function Enable automatic authentication. It is disabled by dot1x auto-req default. Return to the privileged mode. Save the configuration. write Show the dot1x configurations. show dot1x The no option of the command turns off the function. The following settings take effect only when the function is enabled,.
Page 527: Configuring 802.1X Accounting
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X It is possible to set to the function of stopping sending the request packets when the user authentication passes. In some applications (only one user under a port, for example), we can stop sending authentication requests to the related port when the device finds the user authentication passes.
Page 528 Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide authentication of the user and the user‘s logoff or when the device detects user disconnection. After the first successful authentication of the user, the device sends an accounting start request to the server. When the user gets off-line or the device finds that the user has got off line or when the physical connection of the user is broken, the device sends an accounting end request to the server.
Page 529 DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X The no aaa accounting network command deletes the accounting method list. The no dot1x accounting command restores the default dot1x accounting method. The following example sets the IP address of the accounting server to 192.1.1.1, that of the backup accounting server to 192.1.1.2, and the UDP port of the accounting server to 1200, and enables 802.1X accounting: DGS-3610# configure terminal...
Page 530: Configuring Ip Authorization Modes
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide DGS-3610# configure terminal DGS-3610(config)# aaa accounting update DGS-3610(config)# end DGS-3610# write memory DGS-3610# show running-config 37.2.14 Configuring IP Authorization Modes The 802.1X implemented on DGS-3610 series can force the authenticated users to use fixed IP.
Page 531 DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X In this mode, it is required to configure the DHCP Relay and the related option82. If the DHCP relay function is enabled and the option82 policy is selected, see the DHCP Relay Configuration Guide and Command References for the configurations.
Page 532: Releasing Advertisement
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide DGS-3610(config)# end DGS-3610# show running-config aaa new-model aaa authorization ip-auth-mode radius-server DGS-3610# write memory 37.2.15 Releasing Advertisement Our 802.1X allows you to configure the Reply-Packet field on the Radius Server. When authorization succeeds, the information of the field is shown on our 802.1X client of Star-Supplicant, by which the operators can release some information.
Page 533: Authorization
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function Show the configuration. show running-config If the list of the host is empty, the port allows any host authentication. Caution 37.2.17 Authorization To make it easier for operators, our products can provide services of different qualities for different types of services, for example, offering different maximum bandwidths.
Page 534: Configuring Authentication Modes
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Figure 37-8 For the customized header, follow those provided above. The maximum data rate is 10M, that is, 10000kbsp, and makes 0x00002710 in the Hex system. You only need to fill in the corresponding field.
Page 535: Configuring The Backup Authentication Server
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X DGS-3610(config)# end DGS-3610# show dot1x 802.1X Status: Disabled Authentication Mode: CHAP Authed User Number: Re-authen Enabled: Disabled Re-authen Period: 3600 sec Quiet Timer Period: 10 sec Tx Timer Period: 3 sec Supplicant Timeout: 3 sec Server Timeout:...
Page 536: Configuring And Managing Online Users
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide 37.2.20 Configuring and Managing Online Users DGS-3610 series provides management for authenticated users via SNMP. The administrator can view the information of the authorized users via SNMP, and forcedly log off a user.
Page 537: Shielding Proxy Server And Dial-Up
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function Show the configuration. show dot1x 37.2.24 Shielding Proxy Server and Dial-up The two major potential threats to network security are: The user sets its own proxy server and the user makes dial-up to access the network after authentication. DGS-3610 series provide the function of shielding proxy servers and dial-up connections.
Page 538: Configuring On-Line Client Probe
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Figure 37-10 37.2.25 Configuring On-line Client Probe To ensure accurate charging, an on-line probe mechanism is needed to detect whether a user is on-line within a short period. The re-authentication mechanism specified in the standard can meet such needs, but it needs the participation of the RADIUS server.
Page 539: Configuring The Option Flag For Eapol Frames To Carry Tag
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function Show the configuration. show dot1x 37.2.26 Configuring the Option Flag for EAPOL Frames to Carry TAG In accordance with IEEE 802.1X, the EAPOL packets cannot be added with VLAN TAG. However, based on the possible application requirements, the selection flag is provided.
Page 540: Viewing The Configuration And Current Statistics Of The 802.1X
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function dot1x port-control-mode Select the controlled mode {mac-based|port-based} Return to the privileged mode. Save the configuration Write Show the configuration of port 802.1X show dot1x port-control You can run no dot1x port-control-mode to restore to the default control mode. The following example shows how to configure the authentication mode of a port DGS-3610(config)# DGS-3610#configure terminal...
Page 541: Viewing The Radius Authentication And Accounting Configuration
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X 37.3.1 Viewing the Radius Authentication and Accounting Configuration Run the show radius server command to check the related configuration of the Radius Sever, and run the show aaa user command to view the user-related information. DGS-3610# sh radius server Server IP: 192.168.5.11...
Page 542: Viewing The User Authentication Status Information
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function Enter the global configuration mode. configure terminal dot1x auth-address-table address Set the list of the hosts that can be authenticated. mac-addr interface interface Return to the privileged mode. Save the configuration. write Show the list of the hosts that can be authenticated.
Page 543: Other Precautions For Configuring 802.1X
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Hello Interval: 20 Seconds Hello Alive: 250 Seconds DGS-3610# 37.3.6 Other Precautions for Configuring 802.1X When there is no IP authorization mode, each device supports 10,000 authenticated users. Concurrent use of 1X and ACL In the non-IP authorization mode, if you enable the 802.1X authentication function of a port and at the same time associate one ACL with an interface, the ACL takes effect on the basis of the MAC address.
Page 544 Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide users cannot communicate. For the filtering domain templates in particular, at least one must be available for user authentication in the IP authentication mode. 37-36...
Page 545: Basic Aaa Principles
The AAA of some products only provides the authentication function. For all problems with product specifications, contact the market or technical support personnel of D-Link Cooporation. Note Although the AAA is the primary access control method, our product also provides simple...
Page 546: Basic Aaa Principles
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide password authentication and more. The difference lies in the degree of their network protection, and the AAA provides the security protection of a higher level. The AAA has the following advantages: Powerful flexibility and controllability ...
Page 547: Basic Aaa Configuration Steps
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X The figure above illustrates a typical AAA network configuration, including two security servers: R1 and R2 are both RADIUS servers. Suppose the system administrator has defined a method list, R1 is used first to capture the identity information, then R2, and finally the local username database on the NAS.
Page 548: Enabling Aaa
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide For complete descriptions of the commands mentioned in this chapter, see the related chapters in the Security Configuration Command Reference. 37.5.2 Enabling AAA It is required to enable AAA first to use the AAA security features. To enable AAA, execute the following command in the global configuration mode: Command Function...
Page 549: Defining Aaa Authentication Method List
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X 37.6.1 Defining AAA Authentication Method List To configure the AAA authentication, the first step is to define a named list of the authentication method, and then the applications use the defined list for authentication. The method list defines the authentication type and execution order.
Page 550: General Steps In Configuring Aaa Authentication
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function Enter the global configuration mode. configure terminal Turn on the AAA switch. aaa new-model Define a method list named "test" in the global aaa authentication login test configuration mode. group radius local DGS-3610(config)# line vty 2 Enter the configuration layer of line 2...
Page 551 DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X The AAA security features are available for your configuration only after the AAA is enabled through the command aaa new-model in the global configuration mode. For details, see AAA Overview. Caution In many cases, the user needs to access the network access server (NAS) through Telnet.
Page 552 Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Since the keyword none enables any dial-up user to pass the authentication even if the security server has no reply, it is only used as the backup authentication method. We suggest not using the "none" identity authentication in general cases.
Page 553 DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function aaa authentication login {default | Define the local method list. list-name} local Return to the privileged mode. Confirm the configured method list. show aaa method-list Enter the global configuration mode. configure terminal Enter the line configuration mode line vty line-num...
Page 554: Example Of Authentication Configuration
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function Return to the privileged mode. Confirm the configured method list. show aaa method-list Enter the global configuration mode. configure terminal Enter the line configuration mode line vty line-num login authentication {default | list-name} Apply the method list.
Page 555: Configuring Authorization
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X 37.7 Configuring Authorization The AAA authorization enables the administrator to control services available to users. After the AAA authorization service is enabled, the network device configures user sessions through user configuration files stored locally or in the server. After the authorization, the user can only use the services allowed in the profile.
Page 556: Radius Authorization
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide Command Function aaa authorization network{default | Enable the AAA authorization and define the authorization method. list-name} method1 [method2|…] 37.7.3 RADIUS Authorization To use the Radius security server for authorization, you can execute the aaa authorization command with the keyword Radius.
Page 557: None Authorization
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X 37.7.5 None Authorization To enable no authorization for the user, you need to execute the aaa authorization command with keyword none. Command Function Enter the global configuration mode. configure terminal Turn on the AAA switch. aaa new-model aaa authorization network Define the none authorization.
Page 558: Network Accounting
Chapter 37 Configuration of 802.1X DGS-3610 Series Configuration Guide 37.8.2 Network Accounting The network accounting provides the accounting information about user session, including the packet number, bytes, IP address and username. The format of Radius accounting information varies with the Radius security server.
Page 559: Example Of Configuring Accounting
DGS-3610 Series Configuration Guide Chapter 37 Configuration of 802.1X Command Function show aaa user { id | all } View the information of the current AAA user. 37.8.6 Example of Configuring Accounting Below is an example to use the Radius for accounting: DGS-3610# config DGS-3610(config)# aaa new-model DGS-3610(config)# radius-server host 192.168.217.64...
Page 561: Radius Configuration
DGS-3610 Series Configuration Guide Chapter 38 Radius Configuration Radius Configuration 38.1 Radius Overview The Remote Authentication Dial-In User Service (Radius) is a distributed client/server system that works with the AAA to perform authentication for the users who are attempting to make connection and prevent unauthorized access.
Page 562: Radius Configuration Tasks
Chapter 38 Radius Configuration DGS-3610 Series Configuration Guide Figure 38-1 Typical RADIUS network configuration PC 1 RADIUS Server PC 2 38.2 RADIUS Configuration Tasks To configure Radius on the network device, perform the following tasks first: Enable AAA. For the details, see AAA Overview. ...
Page 563: Specifying The Radius Authentication
DGS-3610 Series Configuration Guide Chapter 38 Radius Configuration Command Function Configure the IP address or hostname of the remote radius-server host ip-address [auth-port Radius security server and specify the authentication port and accounting port. port] [acct-port port] Configure the sharing password for the communication radius-server key string between the device and Radius server Specify the times of sending requests before the router...
Page 564 Chapter 38 Radius Configuration DGS-3610 Series Configuration Guide Function TYPE net ip user name password file-directory file-count file-name-0 file-name-1 file-name-2 file-name-3 file-name-4 max up-rate version to server flux-max-high32 flux-max-low32 proxy-avoid dailup-avoid ip privilege login privilege limit to user number Default configuration of extended manufacturer ID: Function TYPE max down-rate...
Page 565 DGS-3610 Series Configuration Guide Chapter 38 Radius Configuration Function TYPE file-name-4 max up-rate version to server flux-max-high32 flux-max-low32 proxy-avoid dailup-avoid ip privilege login privilege limit to user number Two functions cannot be configured with the same type number. Note Here is an example about how to configure the private type for network device: RedGiant# show radius vendor-specific vendor-specific type-value...
Page 566: Monitoring Radius
Chapter 38 Radius Configuration DGS-3610 Series Configuration Guide RedGiant# configure RedGiant(config)# radius attribute 24 vendor-type 67 RedGiant(config)# show radius vendor-specific vendor-specific type-value ---- -------------------- ---------- max down-rate user ip vlan id version to client net ip user name password file-diractory file-count file-name-0 file-name-1...
Page 567 DGS-3610 Series Configuration Guide Chapter 38 Radius Configuration The RADIUS server can be a component that comes with the Windows 2000/2003 server (IAS) or the UNIX system, or the special server software of some manufacturers. Note Here is an example about how to configure the Radius for network devices: DGS-3610# configure terminal DGS-3610(config)# aaa new-model DGS-3610(config)# radius-server host 192.168.12.219...
Page 569: Ssh Terminal Service
DGS-3610 Series Configuration Guide Chapter 39 SSH Terminal Service SSH Terminal Service 39.1 About SSH SSH is short for Secure Shell. The SSH connection functions like a Telnet connection, except that all transmissions based on the connection are encrypted. When the user logs on to the device via a network environment where security cannot be guaranteed, the SSH feature provides safe information and powerful authentication function to protect the devices from IP address fraud, plain password interception and other kinds of attacks.
Page 570: Ssh Configuration
Chapter 39 SSH Terminal Service DGS-3610 Series Configuration Guide 39.4 SSH Configuration 39.4.1 Default SSH Configurations Item Default value SSH service end status SSH version Compatible mode (supporting versions 1 and 2) SSH user authentication timeout period 120s SSH user re-authentication times 39.4.2 User Authentication Configuration Considering the SSH connection security, the login without authentication is forbidden.
Page 571: Configuring Ssh Server Support Version
DGS-3610 Series Configuration Guide Chapter 39 SSH Terminal Service Command Description Enter the configuration mode configure terminal Disable the SSH Server. no enable service ssh-server 39.4.5 Configuring SSH Server Support Version By default, the SSH Server V1 and V2 are compatible. You can configure the SSH version through the following commands.
Page 572: Device Management Through Ssh
Chapter 39 SSH Terminal Service DGS-3610 Series Configuration Guide Command Description Configure SSH re-authentication times (range 0-5) ip ssh authentication-retries retry times Reset the SSH re-authentication times to the default no ip ssh authentication-retries value 3. Note: For details of the above commands, see SSH Command Reference Manual. 39.5 Device Management Through You may enable the SSH function for device management.
Page 573 DGS-3610 Series Configuration Guide Chapter 39 SSH Terminal Service Click OK, and the following dialog box appears: Figure 39-2 Click Connect to log into the host just configured, as shown below: Figure 39-3 Ask the machine that is logging into the host 192.168.5.245 to see whether the key from the server end is received or not.
Page 574 Chapter 39 SSH Terminal Service DGS-3610 Series Configuration Guide Figure 39-4 Enter the Telnet login password to enter the UI that is the same as the Telnet. See the interface below: Figure 39-5 39-6...
Page 575: Cpu Protection Configuration
DGS-3610 Series Configuration Guide Chapter 40 CPU Protection Configuration CPU Protection Configuration 40.1 Overview 40.1.1 Function of CPU Protect Malicious attacks often occur in the network environment, and such attacks will create too much load for our switches. Sometimes when the packets in the network overload the switches, this may cause too high CPU utilization on the switch and its abnormal operation.
Page 576: Configuring Cpu Protect
Chapter 40 CPU Protection Configuration DGS-3610 Series Configuration Guide The switch provides a protection method to control the bandwidth and priority for each type of packets sent to the CPU. You can configure the maximum rate and priority for each type of packet sent to the CPU port in packets per second (PPS).
Page 577: Configuring The Bandwidth For Each Type Of Packets
DGS-3610 Series Configuration Guide Chapter 40 CPU Protection Configuration Type Default maximum bandwidth (pps) Default priority DHCP_OPTION82 UDP_HELPER Through the command no cpu-protected type, the maximum bandwidth and priority setting of the packet can be reset to the default value. The default maximum bandwidth is 1000pps, priority is 0.
Page 578: Viewing Cpu Protect Information
Chapter 40 CPU Protection Configuration DGS-3610 Series Configuration Guide 40.3 Viewing CPU Protect Information On the switch, you can view the following information about the CPU Protect: Viewing the statistics of packets received by the CPU of the management board ...
Page 579: Viewing The Statistics Of Received Packets Of A Specific Type
DGS-3610 Series Configuration Guide Chapter 40 CPU Protection Configuration Type Total Drop ------------ --------- --------- --------- bpdu dhcp gvrp ipv6-mc dvmrp igmp ospf vrrp unknow-ipmc err-ttl 40.3.3 Viewing the Statistics of Received Packets of a Specific Type In the privileged mode, show the priority and bandwidth of each type of packet with the following commands: Command Function...
Page 581: Anti-Attack System Guard Configuration
DGS-3610 Series Configuration Guide Chapter 41 Anti-attack System Guard Configuration Anti-attack System Guard Configuration 41.1 Overview It is known that many attacks of hackers and invasion of network virus start with scanning the active hosts in the network. The great amount of scanning packet consumes network bandwidth significantly and causes abnormal operation of the network communication.
Page 582: Anti-Attack System Guard Configuration
Chapter 41 Anti-attack System Guard Configuration DGS-3610 Series Configuration Guide 41.2 Anti-attack System Guard Configuration The anti-attack system guard is completed in the global configuration mode. It is required to enter the global configuration mode first for anti-attack system guard configuration. 41.2.1 IP Anti-Scanning Configuration Task List...
Page 583: Setting The Threshold To Judge Illegal Attacking Ip
DGS-3610 Series Configuration Guide Chapter 41 Anti-attack System Guard Configuration Command Meaning Enter the global configuration mode. configure terminal Enter the configuration mode of this interface. interface interface-id Legal interfaces include physical interfaces. Configure the isolation time of unauthorized users. system-guard isolate-time seconds Its value range is 30s –...
Page 584: Setting The Maximum Number Of Monitored Ips
Chapter 41 Anti-attack System Guard Configuration DGS-3610 Series Configuration Guide Command Meaning Check the configuration entities. show system-guard Save the configuration. copy running-config startup-config The smaller the threshold is set, the weaker the accuracy of the judging for the attacked host is. It is easy to isolate the normal host online incorrectly. It is recommended that administrators configure corresponding threshold according to the security of the actual network environment.
Page 585: Setting Exceptional Ips Free From Monitoring
DGS-3610 Series Configuration Guide Chapter 41 Anti-attack System Guard Configuration If you want to restore the default value of the maximum quantity for monitored hosts, execute the no system-guard detect-maxnum command in the global configuration mode. 41.2.6 Setting Exceptional IPs Free From Monitoring You may set exceptional IPs free from monitoring.
Page 586: Viewing Related Information Of System Guard
Chapter 41 Anti-attack System Guard Configuration DGS-3610 Series Configuration Guide Command Meaning Clear Isolated Users. Where, clear system-guard indicates clearing all isolated users; clear system-guard clear system-guard interface interface-id indicates [interface interface-id clearing all users under that port; [ip-address ip-address]] clear system-guard interface interface-id ip-address ip-address indicates clearing the specified IP user under the interface.
Page 587 DGS-3610 Series Configuration Guide Chapter 41 Anti-attack System Guard Configuration 41.2.8.2 Viewing the Information of Isolated IPs for System Guard Command Meaning Check the information of isolated IPs of the ports for show system-guard isolate-ip anti-scanning [interface interface-id] DGS-3610# show system-guard isolated-ip interface ip-address isolate reason remain-time(second)
Page 589: Gsn Configuration
DGS-3610 Series Configuration Guide Chapter 42 GSN Configuration GSN Configuration 42.1 Overview of GSN Security Solution The GSN security solution consists of the following four elements: Security policy Management Platform 42.2 42.3 Security Agent 42.4 Restore System 42.5 Security Switch Security Policy Management Platform (SMP) 42.6 Through policy configuration, the SMP checks whether to allow or forbid transmission of data...
Page 590: Security Switch
Chapter 42 GSN Configuration DGS-3610 Series Configuration Guide When the security agent detects that its own security policy does not comply with the security level set by the management platform, the security agent will immediately upload its own security log to the security policy management platform. According to the alarm log from the security agent, the policy management platform selects one from the preset policies and delivers it to all the security switches.
Page 591: Configuring The Minimum Interval For Tranmission Of Security Events
DGS-3610 Series Configuration Guide Chapter 42 GSN Configuration Command Description Configure the security name for communication with the SMP server. This command supports SNMP v1, v2 and v3. By default, no community is configured. By default, security v1 community and security [no] security { [v1 | v2] community community are the same for configuring v1.
Page 592: Gsn Configuration Display
Chapter 42 GSN Configuration DGS-3610 Series Configuration Guide Command Description [no] security address-bind enable Enable the address binding policy This function takes effect only when the global GSN support is enabled and the configured port is an authentication port. In addition, when you use this function, you should disable the 802.1X IP authorization.
Page 593: Functions In Conflict With The Gsn
DGS-3610 Series Configuration Guide Chapter 42 GSN Configuration GSN, you should not enable any other functions that may consume hardware entries as far as possible when you enable GSN. 42.9.2 Functions in Conflict with the GSN Due to the features of GSN application, the GSN is in conflict with the following functions. Avoid enabling the functions at the same time that may cause function exception.
Page 595: Dynamic Arp Inspection Configuration
DGS-3610 Series Configuration Guide Chapter 43 Dynamic ARP Inspection Configuration Dynamic ARP Inspection Configuration 43.1 Understanding DAI DAI, an acronym of Dynamic ARP Inspection, refers to validity inspection of received ARP packets. Illegal ARP packets will be discarded. 43.1.1 Understanding ARP Spoofing Attack ARP itself does not check the validity of incoming ARP packets.
Page 596: Understanding Dai And Arp Spoofing Attacks
Chapter 43 Dynamic ARP Inspection Configuration DGS-3610 Series Configuration Guide buffer using IPA and MACA, and sends an ARP response. Upon receiving this response, device A updates its ARP buffer using IPB and MACB. With this model, device C can mistake the corresponding relationship of ARP entries in device A and device B.
Page 597: Interface Trust Status And Network Security
DGS-3610 Series Configuration Guide Chapter 43 Dynamic ARP Inspection Configuration 43.1.4 Interface Trust Status and Network Security ARP packets are checked according to the trust status of each port on the device. DAI check is ignored for the packets that are received through trusted ports and are considered as legal ARP packets.
Page 598: Enabling Global Dai Function
Chapter 43 Dynamic ARP Inspection Configuration DGS-3610 Series Configuration Guide 43.2.1 Enabling Global DAI Function This feature is disabled by default. DAI-related security check will be performed for ARP packets only when the global DAI function is enabled. If this global switch is enabled, the words ip arp inspection can be seen through the show running-config command.
Page 599: Set Maximum Receiving Rate Of Arp Packets For A Port
DGS-3610 Series Configuration Guide Chapter 43 Dynamic ARP Inspection Configuration To set the trust status of a port, execute the following commands in the interface configuration mode: Command Function DGS-3610(config-if)# ip arp inspection trust Set the port as a trusted port DGS-3610(config-if)# no ip arp inspection Set the port as an untrusted port trust...
Page 600: Showing Dai Configuration
Chapter 43 Dynamic ARP Inspection Configuration DGS-3610 Series Configuration Guide 43.3 Showing DAI Configuration 43.3.1 Showing DAI Enabling Status of VLAN To show the enabling status of VLAN, execute the following command in the global configuration mode: Command Function DGS-3610(config)# show ip arp inspection Show the enabling status of each VLAN vlan 43.3.2...
Page 601: Access Control List Configuration
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Access Control List Configuration 44.1 Overview As part of the GSN security solution, DGS-3610 series uses access control lists to provide a powerful data flow filtering function. At present, DGS-3610 series support the following access lists: Standard IP access control list ...
Page 602: Why To Configure Access Lists
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.1.2 Why to Configure Access Lists There are many reasons why we need configure access lists, shown as follows: Restrict route updating: Control the places of sending and receiving the route updating ...
Page 603: Input/Output Acl, Filtering Domain Template And Rules
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Access lists are usually configured in the following locations of network devices: Devices between the internal network and external network (such as the Internet)  Devices at the borders of two parts in a network ...
Page 604 Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide of a packet and the source port field of UDP. In this way, these two ACEs use different filtering domain templates. Rules refer to the values of the ACE filtering domain template. For example, one ACE is: ...
Page 605: Configuring Ip Access Lists
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration address is not in the IP range of the SVI-associated subnet. Suppose the IP address of vlan 1 is 192.168.64.1 255.255.255.0, ACE is set to deny udp any 192.168.65.1 0.0.0.255 eq 255, and an IP extended ACL is created.
Page 606: Configuring Ip Access List
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.2.1.1 Implicating “Deny Any Data Flow” Rule Statement The ending part of each access list implicates a ―Deny any data flow‖ rule statement. Therefore, if a packet matches no rule, it is denied. as shown in the following example: access-list 1 permit host 192.168.4.12 This list allows only the packets of host 192.168.4.12 and denies any other host.
Page 607: Configuration Of Showing Ip Access Lists
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration There are two methods to configure a basic access list. Method 1: Run the following command in the global configuration mode: Command Function DGS-3610(config)# access-list id {deny | permit} Define an access list {src src-wildcard | host src | any } [time-range tm-rng-name] Select the interface to which the access list is...
Page 608: Ip Access List Example
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.2.4 IP Access List Example Configuration requirements: There are two devices Switch A and Switch B, as shown in Figure 45-3: Figure 44-3 Basic Access List Example UNIX Host To implement the following security functions by configuring access lists on Switch B: Hosts in the 192.168.12.0/24 network segment can only access the remote TELNET services of UNIX hosts in the normal working period and deny the PING service.
Page 609: Configuring Mac Extended Access List
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration DGS-3610(config)# access-list 101 permit tcp 192.168.12.0 0.0.0.255 any eq telnet time-range check DGS-3610(config)# access-list 101 deny icmp 192.168.12.0 0.0.0.255 any DGS-3610(config)# access-list 101 deny ip 2.2.2.0 0.0.0.255 any DGS-3610(config)# access-list 101 deny ip any any Configure the time range DGS-3610(config)# time-range check DGS-3610(config-time-range)# periodic weekdays 8:30 to 17:30...
Page 610: Configuring Mac Extended Access List
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide The MAC extended access list (number 700 – 799) forwards or blocks the packets based on the source and destination MAC addresses, and can also match the Ethernet protocol type. A single MAC access list can use multiple separate access list statements to define multiple rules.
Page 611: Configuration Of Showing Mac Extended Access Lists
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Method 1 only configures the numerical value ACL. Method 2 can configure names and numerical value ACL and specify the priorities of table entries (supporting priority ACE products). Note 44.3.3 Configuration of Showing MAC Extended Access Lists To monitor access lists, please run the following command the in privileged mode:...
Page 612: Configuring Expert Extended Access List
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.4 Configuring Expert Extended Access List To configure expert extended access lists on a device, you must specify unique names or numbers for the access lists of a protocol to uniquely identifying each access list inside the protocol.The table below lists the number range of the Expert access list.
Page 613 DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Command Function DGS-3610(config)# access-list id {deny | permit} [prot | {[ethernet-type] [cos cos]}] [VID vid] {src src-wildcard | host src } Define an access list. For details about {host src-mac-addr | any} {dst dst-wildcard | commands, please see command reference.
Page 614: Configuration Of Showing Expert Extended Access Lists
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.4.3 Configuration of Showing Expert Extended Access Lists To monitor access lists, please run the following command the in privileged user mode: DGS-3610# show access-lists [id | name] You can view expert access lists 44.4.4 Expert Extended Access List Example You can implement the following security functions by configuring expert access lists:...
Page 615: Configuration Of Showing Ipv6Extended Access Lists
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Command Function DGS-3610(config-ipv6-nacl)# [sn] {permit | deny }prot {src-ipv6-prefix/prefix-len | host src-ipv6-addr | any} Add table entries for ACL. For details about {dst-ipv6-pfix/pfix-len | any | host commands, please see command reference. dst-ipv6-addr} [dscp dscp] [flow-label flow-label] [time-range tm-rng-name]...
Page 616: Configuring Access List Acl80
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.6 Configuring Access List ACL80 The ACL80 is also called the user-defined access list, which means matching the first 80 bytes of a packet for filtering. A packet consists of a series of byte flows. The ACL80 enables a user to match and filter the specified 16 bytes by bits in the first 80 bytes.
Page 617 DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Letter Meaning Offset Letter Meaning Offset VLAN tag field Source IP address DSAP (destination service access point) Destination IP address field SSAP (source service TCP source port access point) field Ctrl field TCP destination port Org Code field...
Page 618: Configuring Tcp Flag Filtering Control
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide deeff ffffffffffffffffffffffffffffffff 54 Configuration of the second ACE fails because the 16 bytes are occupied by the first ACE. To configure for the second ACE, you must delete the first one. 44.7 Configuring TCP Flag Filtering Control The TCP flag filtering feature provides a flexible mechanism.
Page 619: Configuring Acl Entries By Priority
DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration DGS-3610# configure terminal DGS-3610(config)# Enter the ACL configuration mode. DGS-3610(config)# ip access-list extended test-tcp-flag DGS-3610(config-ext-nacl)# Add an ACL entry DGS-3610(config-ext-nacl)# permit tcp any any match-all rst Add a deny entry DGS-3610(config-ext-nacl)# deny tcp any any match-all fin Adding/delete entries repeatedly.
Page 620: Configuring Acl Based On Time-Range
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide The ACE numbers are as follows after ip access-list resequence tst_acl 100 3 is run: DGS-3610(config)# ip access-list resequence tst_acl 100 3 ace1: 100 ace2: 103 ace3: 106 When adding ace4 without entering sn-num, the numbers are as follows: DGS-3610(config-std-nacl)# permit …...
Page 621 DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration Command Function Set the absolute time range (optional). DGS-3610(config-time-range)# absolute For details, see the configuration guide of [start time date] end time date time-range. DGS-3610(config-time-range)# periodic Set the periodic time range (optional). For details, see the configuration guide of day-of-the-week time to time-range.
Page 622: Configuration Examples
Chapter 44 Access Control List Configuration DGS-3610 Series Configuration Guide 44.10 Configuration Examples 44.10.1 Configuring TCP One-Way Connection The one-way ACL function can be enabled through the configuration of TCP flag filtering 44.10.1.1 Configuration Requirements To ensure the security of network A, the host of network A can initiate a TCP communication request to the host of network B.
Page 623 DGS-3610 Series Configuration Guide Chapter 44 Access Control List Configuration # Permit other IP packets DGS-3610(config-ext-nacl)# permit ip any any 2) Applying the ACL to the interface # Exit the ACL mode. DGS-3610(config-ext-nacl)# exit # Enter the application of the interface G3/2 DGS-3610(config)# interface gigabitEthernet 3/2 # Apply ACL 101 in packet filtration in the G3/2 input direction DGS-3610(config-if)# ip access-group 101 in...
Page 625: Qos Configuration
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration QOS Configuration 45.1 QOS Overview The fast development of the Internet results in more and more demands for multimedia streams. Generally, people have different service quality requirements for different multimedia, which requires the network to be able to allocate and dispatch resources according to the user demands.
Page 626: Qos Processing Flow
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide Carried by the first 3 bits in the Tag Control Information of 802.1Q frame header, which  contains the priority information of one of the 8 categories. These three bits are generally called User Priority bits. Carried by the first 3 bits of the TOS field for IPv4 packet header or Traffic Class field for ...
Page 627 DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration The above criteria take effect only when the QoS trust mode of the port is enabled. Enabling the QoS trust mode of a port does not mean getting the QoS information directly from the packet or the input port of the packet without analyzing the packet contents.
Page 628 Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide 45.1.2.2 Policing The Policing action happens after the data classifying is completed. It is used to constrain the transmission bandwidth occupied by the classified dataflow. The Policing action will check every packet in the classified dataflow. If the packet is occupying more bandwidth as allowed by the police that applies on that dataflow, the packet will be treated specially, either to be discarded or assigned with another DSCP value.
Page 629: Configuring Qos
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration 45.2 Configuring QOS 45.2.1 Default QOS Configuration Make clear the following points of QoS before configuration: One interface can be associated with at most one policy-map.  One policy-map can have multiple class-maps. ...
Page 630: Configuring The Qos Trust Mode Of The Interface
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide 45.2.2 Configuring the QOS Trust Mode of the Interface By default, the QoS trust mode of an interface is disabled. Command Description Enter the configuration mode configure terminal Enter the interface configuration mode. interface interface Configure the Qos trust mode of the interface mls qos trust {cos | ip-precedence |...
Page 631: Configuring Class Maps
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration Default COS: trust dscp Default COS: 6 DGS-3610# 45.2.4 Configuring Class Maps You may create and configure Class Maps through the following steps: Command Description Enter the configuration mode configure terminal ip access-list extended {id | name} …...
Page 632: Configuring The Interface To Apply Policy Maps
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide Command Description Enter the configuration mode configure terminal Create and enter into the policymap configuration mode, where policy-map-name is the name of the policymap to be [no] policy-map policy-map-name created. The no option will delete an existing policy map. Create and enter into the data classifying configuration mode, where class-map-name is the name of the class [no] class class-map-name...
Page 633: Configuring The Output Queue Scheduling Algorithm
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration Command Description Apply the created policy map to the interface, where the policy-map-name is the name of the created policy map, [no] service-policy {input | output} input is the input rate limit and output is the output rate policy-map-name limit.
Page 634: Configuring Output Round-Robin Weight
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide 45.2.8 Configuring Output Round-Robin Weight You may set the output round-robin weight through the following steps: Command Description Enter the configuration mode configure terminal weight1...weightn are the weight values specified for the {wrr-queue | drr-queue} bandwidth output queues.
Page 635: Configuring Cos-Map
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration 45.2.9 Configuring Cos-Map You may set cos-map to select the queue the output packets enter. The default value of cos-map is provided in the default QoS configuration section. Command Description Enter the configuration mode configure terminal priority-queue Cos-Map qid qid is the queue id;...
Page 636: Configuring Cos-To-Dscp Map
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide 45.2.10 Configuring CoS-to-DSCP Map CoS-to-DSCP Map is used to map the CoS value of a packet to internal DSCP value. You may follow these steps to set CoS-to-DSCP Map. The default value of CoS-to-DSCP is provided in the default QoS configuration section.
Page 637: Configuring Port Rate Limit
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration DGS-3610# configure terminal DGS-3610(config)# mls qos map dscp-cos 0 32 56 to 6 DGS-3610(config)# show mls qos maps dscp-cos dscp cos dscp cos dscp cos dscp cos ---- --- ---- --- ---- --- ---- --- 45.2.12 Configuring Port Rate Limit You may follow these steps to limit the port rate:...
Page 638: Qos Display
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide Command Description Enter the configuration mode configure terminal Modify the setting of IP-Precedence-to-Dscp Map, where mls qos map ip-prec-dscp dscp1...dscp8 are the DSCP values corresponding to dscp1...dscp8 IP-Precedence values 0~7 no mls qos map ip-prec-dscp For Example: DGS-3610# configure terminal DGS-3610(config)# mls qos map ip-precedence-dscp 56 48 46 40 34 32 26 24...
Page 639: Showing Policy-Map
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration 45.3.2 Showing policy-map You may show the contents of policy-map through the following steps: Command Description Show QoS policy map, policy-name is the selected name of policy map, specified show policy-map [policy-name as class [class class-name]] Show the class map bound with the policy map in case of...
Page 640: Showing Mls Qos Scheduler
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide Cos-queue map: cos qid --- --- wrr bandwidth weights: qid weights --- ------- 45.3.5 Showing mls qos scheduler You may show the QoS scheduling method through the following steps: Command Description Show the port priority queue scheduling method. show mls qos scheduler For example: DGS-3610# show mls qos scheduler...
Page 641: Showing Mls Qos Rate-Limit
DGS-3610 Series Configuration Guide Chapter 45 QOS Configuration --- ---- DGS-3610# show mls qos maps dscp-cos dscp cos dscp cos dscp cos dscp cos ---- --- ---- --- ---- --- ---- --- DGS-3610# show mls qos maps ip-prec-dscp ip-precedence dscp ------------- ---- 45.3.7 Showing mls qos rate-limit...
Page 642: Showing Policy-Map Interface
Chapter 45 QOS Configuration DGS-3610 Series Configuration Guide 45.3.8 Showing policy-map interface You can show the configuratiom of port policymap through following steps Command Function Showing the configuration of (port) policymap show policy-map interface interface] DGS-3610# show policy-map interface f0/1 FastEthernet 0/1 input (tc policy): pp Class cc set ip dscp 22...
Page 643: Vrrp Configuration
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration VRRP Configuration 46.1 Overview The Virtual Router Redundancy Protocol (VRRP) is designed to work in the active/standby mode to ensure that the function switching can be implemented without affecting internal and external data communication, and the internal network parameters need no modification. Multiple devices within a VRRP group are mapped to a virtual device.
Page 644: Vrrp Applications
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide than one device within the group becomes Master, repeat the preempt process in step 1. In this process, the device with the maximum priority will be selected as the master device to execute the VRRP backup function. Figure 46-1 VRRP working principles Once a master device is elected in a VRRP backup group, the hosts in the LAN will execute route forwarding through that master device.
Page 645: Route Redundancy
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration 46.2.1 Route Redundancy The basic VRRP applications are illustrated in Figure 47-2. Figure 46-2 Basic VRRP applications As shown in Figure 47-2, devices A, B and C are connected with the LAN through Ethernet interfaces, on which the VRRP is configured.
Page 646: Vrrp Configuration
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide As shown in Figure 47-3, two virtual devices are set. For virtual device 1, device A uses the IP address 192.168.12.1 of Ethernet interface Fa0/0 as the IP address of the virtual device, and thus device A becomes the master device and device B standby.
Page 647: Setting The Authentication String Of The Vrrp Backup Group
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration parameter is not used, the IP address set here will become the master IP address of the virtual router. If the virtual IP address (Primary or Secondary) of the VRRP group is the same as the IP address (Primary or Secondary) of the Ethernet interface, it is regarded that VRRP group owns the actual IP address of the Ethernet interface, and the priority of the VRRP group is 255.
Page 648: Setting The Preemption Mode Of Device In The Vrrp Backup Group
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide If the current device becomes the master in the VRRP group, it will notify its VRRP status, priority and more information by sending VRRP advertisements in the set interval. By default, this interval is 1 second. When the VRRP timer learning function is not configured, the same VRRP advertisement interval shall be set for the same VRRP group;...
Page 649: Setting A Monitored Interface For The Vrrp Backup Group
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration matter whether the VRRP group in the preemption mode, the corresponding VRRP group will be in the Master status automatically (as long as the corresponding Ethernet interface is available). 46.3.7 Setting a Monitored Interface for the VRRP Backup Group After a monitored interface is configured for the VRRP backup group, the system dynamically adjusts the priority of the routing device according to the status of the monitored...
Page 650: Setting The Description String Of A Network Device In The Vrrp Backup Group
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide In case the advertisement interval in the VRRP advertisement received by the VRRP backup device is inconsistent with the advertisement interval configured locally, the VRRP backup device discards the VRRP advertisement if the timer learning function is not configured on the VRRP backup device;...
Page 651 DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration Command Purpose DGS-3610# show vrrp interface type Show the VRRP status of the specified network number interface [brief] Here are some examples of the command: show vrrp DGS-3610# show vrrp GigabitEthernet 0/1 - Group 1 State is Backup Virtual IP address is 192.168.201.1 configured Virtual MAC address is 0000.5e00.0101...
Page 652: Debug Vrrp
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide DGS-3610# show vrrp interface GigabitEthernet 0/0 GigabitEthernet 0/0 - Group 1 State is Backup Virtual IP address is 192.168.201.1 configured Virtual MAC address is 0000.5e00.0101 Advertisement interval is 3 sec Preemption is enabled min delay is 0 sec Priority is 100 Master Router is 192.168.201.213 , pritority is 120...
Page 653 DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration Here are some examples of the command: debug vrrp command DGS-3610# debug vrrp DGS-3610# VRRP: Grp 1 Advertisement priority 120, ipaddr 192.168.201.213 VRRP: Grp 1 Event - Advert higher or equal priority %VRRP-6-STATECHANGE: FastEthernet 0/0 Grp 1 state Master ->...
Page 654: Example Of Typical Vrrp Configuration
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide The above displayed information indicates the VRRP advertisement is received from 192.168.201.213 for VRRP group 1, whose priority is 120. debug vrrp state command DGS-3610# debug vrrp state VRRP State debugging is on DGS-3610# %VRRP-6-STATECHANGE: GigabitEthernet 0/0 Grp 2 state Master ->...
Page 655: Example Of Single Vrrp Backup Group
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration hostname "R3" interface FastEthernet 0/0 no switchport ip address 192.168.12.217 255.255.255.0 interface GigabitEthernet 1/1 no switchport ip address 60.154.101.5 255.255.255.0 interface GigabitEthernet 2/1 no switchport ip address 202.101.90.61 255.255.255.0 router ospf network 202.101.90.0 0.0.0.255 area 10 network 192.168.12.0 0.0.0.255 area 10 network 60.154.101.0 0.0.0.255 area 10 46.5.2...
Page 656: Example Of Monitored Interface Configuration Of Vrrp
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide vrrp 1 timers advertise 3 vrrp 1 ip 192.168.201.1 interface GigabitEthernet 2/1 no switchport ip address 202.101.90.63 255.255.255.0 router ospf network 202.101.90.0 0.0.0.255 area 10 network 192.168.201.0 0.0.0.255 area 10 Configurations on device R2: hostname "R2"...
Page 657 DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration failure, device R2 takes its place to function as the gateway (which is just the virtual device address 192.168.201.1). Especially, when the WAN interface GigabitEthernet 2/1 of device R1 is unavailable, device R1 will decrease its priority in the VRRP backup group so that device R2 has the chance to become active and functions as the virtual gateway (192.168.201.1).
Page 658: Example Of Multiple Vrrp Backup Groups
Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide network 60.154.101.0 0.0.0.255 area 10 network 192.168.201.0 0.0.0.255 area 10 As shown above, devices R1 and R2 are in the same VRRP backup group 1, use the same VRRP backup group authentication mode (no authentication), point to the same virtual IP address (192.168.201.1) and are both in the VRRP preemption mode.
Page 659: Vrrp Diagnosis And Troubleshooting
DGS-3610 Series Configuration Guide Chapter 46 VRRP Configuration interface GigabitEthernet 2/1 no switchport ip address 202.101.90.63 255.255.255.0 router ospf network 202.101.90.0 0.0.0.255 area 10 network 192.168.201.0 0.0.0.255 area 10 Configurations on device R2: hostname "R2" interface Loopback 0 ip address 20.20.20.5 255.255.255.0 interface FastEthernet 0/0 no switchport ip address 192.168.201.213 255.255.255.0...
Page 660 Chapter 46 VRRP Configuration DGS-3610 Series Configuration Guide Analysis: Ensure that at least one router in the backup group is active.  If it is possible to ping the virtual IP address from other network devices, the causes  may be the VRRP status changing needs some time (although brief). Execute the show vrrp command to check the VRRP information and confirm this.
Page 661: Rldp Configuration
47.1 About RLDP 47.1.1 Understanding RLDP The Rapid Link Detection Protocol (RLDP) is one of D-Link's proprietary link protocol designed to detect Ethernet link fault quickly. General Ethernet link detection mechanism only makes use of the status of the physical connections and detects the connectivity of the link via the auto-negotiation of the physical layer.
Page 662: Typical Application
Chapter 47 RLDP Configuration DGS-3610 Series Configuration Guide able to receive the Echo packet of the neighbor port as well as the Probe packet of the neighbor port. Otherwise, the link is considered abnormal. To make use of the one-way detection and two-way detection functions of the RLDP, it is necessary to ensure the RLDP is enabled on the ports at both ends of the link.
Page 663 DGS-3610 Series Configuration Guide Chapter 47 RLDP Configuration One-way link detection: Figure 47-3 One-way link detection The so-called one-way link detection means the link connected with the port can receive packet only or send packets only (due to misconnection of the optical receiving line pair, for example).
Page 664: Configuring Rldp
Chapter 47 RLDP Configuration DGS-3610 Series Configuration Guide This means that a fault occurs at the frame transmission/receiving at both ends of the link. As shown above, the port of the device sends the RLDP probe packet but has never received the Echo packet or the Probe packet from the neighbors.
Page 665: Configuring Global Rldp
DGS-3610 Series Configuration Guide Chapter 47 RLDP Configuration 47.2.2 Configuring Global RLDP The port RLDP works only when the global RLDP is enabled. In the global configuration mode, follow these steps to enable RLDP: Command Function DGS-3610(config)# rldp enable Turn on the global RLDP function switch. DGS-3610(config)# end Return to the privileged mode.
Page 666: Configuring Detection Vlan
Chapter 47 RLDP Configuration DGS-3610 Series Configuration Guide unidirection detect information: action : shutdown svi state : normal bidirection detect information : action : warnning state : normal loop detect information action : block state : normal Several precautions in configuring port detection: The routing interface does not support the shutdown-svi error handling method, so this ...
Page 667: Configure The Rldp Maximum Detection Times
DGS-3610 Series Configuration Guide Chapter 47 RLDP Configuration Command Function DGS-3610(config)# rldp Configure the detection interval within the range 2-15s, 3s by default. detect-interval interval DGS-3610(config)# end Return to the privileged mode. The no option of the command restores default. 47.2.6 Configure the RLDP Maximum Detection Times...
Page 668: Viewing Rldp Information
Chapter 47 RLDP Configuration DGS-3610 Series Configuration Guide The errdisable recover command can be used in the global configuration mode to restart, instantly or at fixed time, the RLDP detection of the port that is set as the violation port by RLP. Note 47.3 Viewing RLDP Information The following RLDP-related information can be viewed:...
Page 669: Viewing The Rldp Status Of A Specified Port
DGS-3610 Series Configuration Guide Chapter 47 RLDP Configuration As shown above, port GigabitEthernet 0/1 is configured with unidirection detection. No error is detected now, and the port status is normal. Port GigabitEthernet 0/24 is configured with bidirection detection, and bidirection fault is detected. 47.3.2 Viewing the RLDP Status of a Specified Port...
Page 671: Tpp Configuration
DGS-3610 Series Configuration Guide Chapter 48 TPP Configuration TPP Configuration 48.1 TPP Overview The Topology Protection Protocol (TPP) is a topology stability protection protocol. The network topology is rather fragile. Illegal attacks in the network may cause abnormal CPU utilization on network devices, frame path blocked and so on. These are apt to cause network topology turbulence.
Page 672: Tpp Configuration
Chapter 48 TPP Configuration DGS-3610 Series Configuration Guide Figure 48-1 As shown in the above dual-core topology, A and B are the L3 convergence devices, and C and D are the L2 access devices. A is the MSTP root bridge. The topology protection functions of all the devices are enabled.
Page 673: Configuring Global Topology Protection
DGS-3610 Series Configuration Guide Chapter 48 TPP Configuration The topology protection function is suitable for the point-to-point link network, and adjacent network devices must enable the topology protection function. Besides, during the TPP configuration, you often need to use CPU topology-limit to configure the threshold for CPU utilization detection.
Page 674: Typical Tpp Configuration Examples
Chapter 48 TPP Configuration DGS-3610 Series Configuration Guide Command Function DGS-3610(config-if)# end Exit to the privileged mode. The no tp-guard port enable command disables the topology protection on the port. This command is suitable only on layer-2 switching ports and routing ports.It is inapplicable to AP member ports.
Page 675: Viewing Tpp Information
DGS-3610 Series Configuration Guide Chapter 48 TPP Configuration The global topology protection function is enabled on A, B, C, D, and E, and the topology protection function is enabled on all the ports.. 48.5 Viewing TPP Information The following TPP-related information can be viewed: View the TPP configuration and status of devices 48.5.1 Viewing the TPP Configuration and...
Page 677: File System Configuration
DGS-3610 Series Configuration Guide Chapter 49 File System Configuration File System Configuration 49.1 Overview The file system is an organization for storing and managing the files on the auxiliary storage devices. The switch provides the serial Flash as the auxiliary storage device to store and manage the NM operating system files and configuration files of the switch.
Page 678: Changing Directories
Chapter 49 File System Configuration DGS-3610 Series Configuration Guide 49.2.2 Changing Directories It means the shifts from the current director to the specified directory. In the privileged mode, use this command through the following steps: Command Function DGS-3610# cd directroy Enter the specified directory.
Page 679: Formating The System
DGS-3610 Series Configuration Guide Chapter 49 File System Configuration DGS-3610# dir DGS-3610# dir ../bak 49.2.5 Formating the System In the privileged user mode, format the device managed and operated by the file system through the following command: Command Function DGS-3610# makefs dev devname fs Format the device named dev for the file system named fs_name fs_name...
Page 680: Removing Files
Chapter 49 File System Configuration DGS-3610 Series Configuration Guide 49.2.9 Removing Files In the privileged user mode, delete a file permanently through the following step: Command Function DGS-3610# del filename Delete the specified file. The following example deletes the temporary file named large.c in the MNT directory: DGS-3610# del mnt/large.c 49.2.10 Deleting Empty Directories In the privileged user mode, delete an empty directory permanently through the following...
Page 681: Log Configuration
DGS-3610 Series Configuration Guide Chapter 50 Log Configuration Log Configuration 50.1 Overview During the operation of a device, various state changes occur such as the link status up/down, and various events occur such as receiving abnormal packets and handling exceptions. Our product provides a mechanism to generate packets of a fixed format (log packet) in case of status change or event occurring.
Page 682: Log Configuration
Chapter 50 Log Configuration DGS-3610 Series Configuration Guide 50.2 Log Configuration 50.2.1 Log Switch The log switch is turned on by default. If it is turned off, the device will not print log information in the user window, or send log information to the syslog server, or record the log information in the related media (memory buffer, flash).
Page 683: Enabling The Log Timestamp Switch Of Log Information
DGS-3610 Series Configuration Guide Chapter 50 Log Configuration Terminal Monitor allows log information to be displayed on the current VTY (such as the Telnet window). Logging Host specifies the address of the syslog server that will receive the log information. Our product allows the configuration of at most 5 syslog servers.
Page 684: Enabling Switches In Log System
Chapter 50 Log Configuration DGS-3610 Series Configuration Guide 50.2.4 Enabling Switches in Log System By default, the system name is not included in the log information. To add or remove the system name in the log information, perform the following commands in the global configuration mode.
Page 685 DGS-3610 Series Configuration Guide Chapter 50 Log Configuration Command Function Set the level of log information allowed to be DGS-3610(config)# logging console level displayed on the console Set the level of log information allowed to be displayed on the VTY window (such as telnet DGS-3610(config)# logging monitor level window) DGS-3610(config)# logging buffered...
Page 686: Configuring The Log Information Device Value
Chapter 50 Log Configuration DGS-3610 Series Configuration Guide By default, the level of the log information allowed to be displayed in the VTY window is set to 7. By default, the level of the log information to be sent to the Syslog Server is set to 6. By default, the level of the log information allowed to be recorded in the memory buffer is set to 7.
Page 687: Configuring The Source Address Of Log Packets
DGS-3610 Series Configuration Guide Chapter 50 Log Configuration log alert clock daemon local use 0 (local0) local use 1 (local1) local use 2 (local2) local use 3 (local3) local use 4 (local4) local use 5 (local5) local use 6 (local6) local use 7 (local7) The default device value of our products is 23.
Page 688: Log Monitoring
Chapter 50 Log Configuration DGS-3610 Series Configuration Guide 50.3 Log Monitoring To monitor log information, run the following commands in the privileged user mode: Command Function View the log packets in memory buffer as well as DGS-3610# show logging the statistical information of logs View the statistical information of logs in every DGS-3610# show logging count module...
Page 689: Poe Management Configuration
DGS-3610 Series Configuration Guide Chapter 51 POE Management Configuration POE Management Configuration 51.1 Overview PoE (Power Over Ethernet) is a mechanism that provides 45V~-57V DC to the remote PD devices (IP Phone, WLAN AP and Network Camera) via twisted pair cables. The PSE (Power Sourcing Equipment) can transmit both data and current at the same time via Category 3/5 twisted pair cables (1, 3, 2, 6), with a maximum distance of 100m.
Page 690: Enabling/Disabling The Poe Of A Port
Chapter 51 POE Management Configuration DGS-3610 Series Configuration Guide 51.2.1 Remote Power Supply Configuration The switch supporting POE can automatically detect whether the device connected to a port is a standard PD device and provide supply power to the standard PD device. You can enable or turn off the remote power supply of a port, set the minimum allowed voltage of the POE system, set the maximum allowed voltage of the POE system, set the power management mode of the switch, and set the disconnection detection mode through...
Page 691: Setting The Minimum Allowed Voltage Of The Poe System
DGS-3610 Series Configuration Guide Chapter 51 POE Management Configuration Verify the configuration of the steps above show run copy running-config Save the settings into the parameter file. startup-config For example, enable/disable the PoE of interface 1 on line card 1: DGS-3610# DGS-3610# configure DGS-3610(config)#interface gigabitEthernet 1/1...
Page 692: Setting The Maximum Allowed Voltage Of The Poe System
Chapter 51 POE Management Configuration DGS-3610 Series Configuration Guide 51.2.4 Setting the Maximum Allowed Voltage of the POE System The Ethernet interface of the switch supporting POE can provide the maximum allowed voltage of 57V. You can set the maximum allowed voltage according to the actual need, within the range of 55v~57v.
Page 693: Disconnection Detection Mode
DGS-3610 Series Configuration Guide Chapter 51 POE Management Configuration In the Auto mode, the power is allocated according to the detected port PD type. In the Auto mode, the equipment allocates power to classes 1~3 PD devices as follows: class1~4W, class2~7W, lass3~15.4W and class0~15.4W.
Page 694 Chapter 51 POE Management Configuration DGS-3610 Series Configuration Guide Command Description show poe interfaces Show the power supply status of the specified port gigabitEthernet [interface-id] Show the power supply status of all POE ports (the 24 ports show poe interfaces that the POE system can power) Show the power supply status of the entire POE system show poe powersupply...
Page 695 DGS-3610 Series Configuration Guide Chapter 51 POE Management Configuration The remote power supply of S7600P-48GT is PSE. The following exmaple shows the power status of the POE system of S7600 products: External Power Mangement: auto External PSE Total Power: 1200.0 W External PSE Total Power Consumption : 0 W External PSE Total Remain Power Consumption : 1200.0 W External PSE Peak Value : 0 W...
Page 697: Stack Management
DGS-3610 Series Configuration Guide Chapter 52 Stack Management Stack Management 52.1 Understanding Stack 52.1.1 Overview The stack technology is for centralized management and port expansion. You can connect multiple separate switches into a centralized stack system by using stack ports and stack cables.
Page 698: Starting And Stopping A Stack
52.1.3 Starting and Stopping a Stack If no stack module is inserted in the slot of a switch in the start process, the switch works in the standalone mode. If a stack module is inserted, the switch detects whether the stack link is connected.
Page 699: Identifying Stack Member Device According To The Device Number
DGS-3610 Series Configuration Guide Chapter 52 Stack Management Attribute Default value Device description SWITCH 52.2.2 Identifying Stack Member Device According to the Device Number The host in the stack system is selected according to device priorities. The one with the highest priority is selected as the host.
Page 700: Configuring Device Description
Its length is 31, and it indicates the [member member] description description of the device. By default, 1 is configured for a member device. Configuration Examples: Specify the description of member equipment 2 to D-Link: DGS-3610(config)# device-description member 2 D-Link 52.2.5 Saving Parameters...
Page 701 DGS-3610 Series Configuration Guide Chapter 52 Stack Management Command Description Show the stack information of the member device. DGS-3610# show member [member] member: 1-MAX, configuring the specified member device. The display information of partial examples in this manual may include the content of other product series (such as the product model and description).
Page 702 DEM-412CX DGS-3610-52_Static_Module DEM-412CX DEM-412CX DGS-3610#show version System description : DGS-3610-26 Gigabit Ethernet Switch System start time : 2007-4-23 17:39:11 System hardware version : 1.0 System software version : v10.2.00(2), Release(39975) System BOOT version : 10.1.11330 System CTRL version : 10.1.11330 System Serial Number : 1234942570002 Device information:...
Page 703 DGS-3610 Series Configuration Guide Chapter 52 Stack Management Software version : v10.2.00(2), Release(39975) BOOT version : 10.1.11330 CTRL version : 10.1.11330 Serial Number : 1234942570007 Device-8 Hardware version : 1.0 Software version : v10.2.00(2), Release(39975) BOOT version : 10.1.11330 CTRL version : 10.1.11330 Serial Number : 1234942570008...

D-Link xStack DGS-3610 Series Configuration Manual

1 Command Line Interface Configuration

2 Configuration of Switch Basic Management

3 LINE Mode Configuration

4 Configuration of System Upgrade and Maintenance

5 Network Communication Detection Tools

6 Configuring Interfaces

7 Aggregate Port Configuration

8 VLAN Configuration

9 Super VLAN Configuration

10 Protocol VLAN Configuration

11 Private VLAN Configuration

12 802.1Q Tunneling

13 MAC Address Configuration

14 DHCP Snooping Configuration

15 IGMP Snooping Configuration

16 PIM Snooping Configuration

17 MSTP Configuration

18 SPAN Configuration

19 IP Address and Service Configuration

Quick Links

Related Manuals for D-Link xStack DGS-3610 Series

Summary of Contents for D-Link xStack DGS-3610 Series