H3C S5120-SI Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5120-SI Series
  6. Configuration manual

H3C S5120-SI Series Configuration Manual

Hide thumbs Also See for S5120-SI Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Operating Manual
H3C S5120-SI Series Ethernet Switches
Layer 3 IP Services Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5120-SI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5120-SI Series

Summary of Contents for H3C S5120-SI Series

  • Page 1 H3C S5120-SI Series Ethernet Switches Layer 3 IP Services Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.

  • Page 3: Preface

    The H3C S5120-SI documentation set includes 13 configuration guides, which describe the software features for the H3C S5120-SI Series Ethernet Switches and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

  • Page 4: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.
  • Page 5 Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 6: About The H3C S5120-Si Documentation Set

    Provides a complete guide to hardware installation Installation guide and hardware specifications. Card manuals Provide the hardware specifications of cards. H3C Cabinet Installation Guides you through installing and remodeling H3C Hardware specifications and Remodel Introduction cabinets. and installation H3C Pluggable SFP...

  • Page 7: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...

  • Page 8: Table Of Contents

    Table of Contents Preface ·········································································································································································· 3 Audience ············································································································································································ 3 Conventions ······································································································································································· 4 About the H3C S5120-SI documentation set ················································································································· 6 ARP configuration ······················································································································································ 11 ARP overview ·································································································································································· 11 ARP function ··························································································································································· 11 ARP message format ············································································································································· 11 ARP address resolution process ··························································································································· 12 ARP table ································································································································································...
  • Page 9 ARP detection configuration example II ·············································································································· 27 Configuring periodic sending of gratuitous ARP packets ·························································································· 28 Introduction ···························································································································································· 28 Configuration procedure ······································································································································ 28 IP addressing configuration ······································································································································· 30 IP addressing overview ·················································································································································· 30 IP address classes ·················································································································································· 30 Special IP addresses ············································································································································· 31 Subnetting and masking ·······································································································································...
  • Page 10 Configuring DHCP snooping to support Option 82 ·························································································· 50 Displaying and maintaining DHCP snooping ············································································································· 52 DHCP snooping configuration examples ····················································································································· 52 DHCP snooping configuration example ············································································································· 52 DHCP snooping Option 82 support configuration example ············································································ 53 BOOTP client configuration ······································································································································· 55 Introduction to BOOTP client ········································································································································...

  • Page 11: Arp Configuration

    ARP configuration ARP overview ARP function ARP is used to resolve an IP address into a physical address, such as an Ethernet MAC address. In an Ethernet LAN, when a device sends data to another device, it uses ARP to translate the destination IP address to the corresponding MAC address.

  • Page 12: Arp Address Resolution Process

    • Target protocol address: This field specifies the protocol address of the device the message is being sent to. ARP address resolution process Suppose that Host A and Host B are on the same subnet and Host A sends a packet to Host B, as shown in Figure 2.

  • Page 13: Arp Table

    ARP table After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its own ARP table. This mapping is used for forwarding packets with the same destination in future. An ARP table contains ARP entries, which fall into one of two categories: dynamic or static. Dynamic ARP entry A dynamic entry is automatically created and maintained by ARP.

  • Page 14: Configuring The Maximum Number Of Arp Entries For An Interface

    To do… Use the command… Remarks Required Configure a permanent arp static ip-address mac-address No permanent static ARP entry is static ARP entry vlan-id interface-type interface-number configured by default. Required Configure a non- permanent static ARP arp static ip-address mac-address No non-permanent static ARP entry entry is configured by default.

  • Page 15: Enabling Arp Entry Check

    Enabling ARP entry check The ARP entry check function controls whether the switch can learn multicast MAC addresses. • When ARP entry check is enabled, the switch cannot learn any ARP entry with a multicast MAC address, and you are not allowed to configure a static ARP entry with a multicast MAC address. If you try, the system displays an error message.

  • Page 16: Configuring Gratuitous Arp

    Configuration procedure Configure Switch Create VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit Add interface GigabitEthernet 1/0/1 to VLAN 10. [Switch] interface GigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] port access vlan 10 [Switch-GigabitEthernet1/0/1] quit Create interface VLAN-interace 10 and configure its IP address. [Switch] interface vlan-interface 10 [Switch-vlan-interface10] ip address 192.168.1.2 8 [Switch-vlan-interface10] quit...

  • Page 17: Displaying And Maintaining Arp

    To do… Use the command… Remarks Enter system view system-view — Required Enable the device to send By default, a device cannot send gratuitous ARP packets when gratuitous-arp-sending gratuitous ARP packets when receiving ARP requests from enable receiving ARP requests from another network segment another network segment.

  • Page 18: Arp Attack Defense Configuration

    ARP attack defense configuration Although ARP is easy to implement, it can be vulnerable to network attacks. ARP attacks and viruses can be a threat to LAN security. However, the device provides multiple features to detect and prevent such attacks. Configuring ARP active acknowledgement Introduction Typically, the ARP active acknowledgement feature is configured on gateway devices to identify invalid...

  • Page 19: Configuring Source Mac Address Based Arp Attack Detection

    Configuring source MAC address based ARP attack detection Introduction With this feature enabled, the device checks the source MAC address of ARP packets delivered to the CPU. It detects an attack when one MAC address sends more ARP packets in five seconds than the configured threshold.

  • Page 20: Displaying And Maintaining Source Mac Address Based Arp Attack Detection

    Configuring protected MAC addresses You can specify certain MAC addresses, such as that of a gateway or important servers, as protected MAC addresses. A protected MAC address is excluded from ARP attack detection. It will not trigger an alarm or filtering even when it sends more ARP packets than the specified threshold. To configure protected MAC addresses: To do…...

  • Page 21: Configuring Arp Detection

    To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface interface-type interface- — view number Required Configure ARP packet arp rate-limit { disable | rate By default, the ARP packet rate limit is not rate limit pps drop } enabled Configuring ARP detection...

  • Page 22: Enabling Arp Detection Based On Dhcp Snooping Entries/802.1X Security Entries/Static Ip-To-Mac Bindings

    Figure 4 Man-in-the-middle attack Switch Host A Host C IP_ A IP_C MAC_ A MAC_C Forged Forged ARP reply ARP reply Host B IP_B MAC_B ARP detection mechanism With ARP detection enabled for a specific VLAN, ARP messages arrived on any interface in the VLAN are redirected to the CPU to have their MAC and IP addresses checked.
  • Page 23 You can select detection types according to the network environment. • If all access clients acquire IP addresses through DHCP, H3C recommends that you enable DHCP snooping and ARP detection based on DHCP snooping entries on your access device. •...

  • Page 24: Configuring Arp Detection Based On Specified Objects

    To do… Use the command… Remarks Required Disabled by default. That is, ARP detection Enable ARP detection for arp detection enable based on DHCP snooping entries/802.1X the VLAN security entries/static IP-to-MAC bindings is not enabled by default. Return to system view quit —...

  • Page 25: Displaying And Maintaining Arp Detection

    • ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or multicast IP addresses are considered invalid and the corresponding packets are discarded. With this object specified, the source and destination IP addresses of ARP replies, and the source IP address of ARP requests are checked.
  • Page 26 Figure 5 Network diagram for ARP detection configuration Gateway DHCP server VLAN 10 DHCP snooping GE1/0/3 Switch A GE1/0/2 GE1/0/1 Host B Host A 10.1.1.6 DHCP client 0001-0203-0607 Configuration procedure • Add all the ports on Switch A to VLAN 10 (the configuration procedure is not shown). •...

  • Page 27: Arp Detection Configuration Example Ii

    [SwitchA] arp detection validate dst-mac ip src-mac After the preceding configurations are completed, when ARP packets arrive at interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, their MAC and IP addresses are checked, and then the packets are checked against the IP-to-MAC binding and finally DHCP snooping entries. ARP detection configuration example II Network requirements As shown in Figure 6:...

  • Page 28: Configuring Periodic Sending Of Gratuitous Arp Packets

    [SwitchA-GigabitEthernet1/0/2] quit Add local access user test. [SwitchA] local-user test [SwitchA-luser-test] service-type lan-access [SwitchA-luser-test] password simple test [SwitchA-luser-test] quit Enable ARP detection for VLAN 10. [SwitchA] vlan 10 [SwitchA-vlan10] arp detection enable Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an untrusted port by default).
  • Page 29 This feature takes effect only when the link of the enabled interface goes up and an IP address has been • assigned to the interface. If you change the interval for sending gratuitous ARP packets, the configuration is effective at the next sending •...

  • Page 30: Ip Addressing Configuration

    IP addressing configuration IP addressing overview IP address classes IP addressing uses a 32-bit address to identify each host on a network. An example is 00001000000000010000000100000001 in binary, which can also be written as 10.1.1.1 in the easier- to-read dotted decimal notation (in which each address is four octets in length). Each IP address breaks down into two parts: •...

  • Page 31: Special Ip Addresses

    Class Address range Remarks 224.0.0.0 to Multicast addresses. 239.255.255.255 240.0.0.0 to Reserved for future use except for the broadcast address 255.255.255.255 255.255.255.255. Special IP addresses The following IP addresses are for special use, and they cannot be used as host IP addresses: •...

  • Page 32: Configuring Ip Addresses

    before being subnetted. (65,534 is 2 – 2, the two deducted addresses being the broadcast address and the network address.) When the first 9 bits of the host-id are used to break the Class B network down into 512 (2 ) subnets, only 7 bits remain to use for the host-id in each subnet, and, in each subnet, the all-one host-id and all-zero host-id addresses are still reserved.

  • Page 33: Dhcp Relay Agent Configuration

    DHCP relay agent configuration Introduction to DHCP relay agent Application environment Via a relay agent, DHCP clients can communicate with a DHCP server on another subnet to obtain configuration parameters. DHCP clients on different subnets can contact the same DHCP server rather than having a DHCP server on each subnet.

  • Page 34: Dhcp Relay Agent Support For Option 82

    Figure 10 DHCP relay agent work process As shown in Figure 10, the DHCP relay agent works as follows: After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode.

  • Page 35: Configuring The Dhcp Relay Agent

    If a client’s Handling Padding format The DHCP relay agent will… requesting message strategy has… Forward the message after replacing the original Option 82 with the user-defined user-defined Option 82. Forward the message after adding the — normal Option 82 padded in normal format. Forward the message after adding the no Option 82 —...

  • Page 36: Correlating A Dhcp Server Group With A Relay Agent Interface

    The address pool of the subnet to which the IP address of the DHCP relay agent belongs must be configured on the DHCP server. Otherwise, the DHCP client cannot obtain a correct IP address via the DHCP relay agent. Correlating a DHCP server group with a relay agent interface This is a required task.
  • Page 37 With this feature enabled, the DHCP relay agent can dynamically record clients’ IP-to-MAC bindings after the clients obtain IP addresses through DHCP. The feature also supports static bindings, so you can configure static IP-to-MAC bindings on the DHCP relay agent, enabling users to access external networks using fixed IP addresses.

  • Page 38: Using The Dhcp Relay Agent To Send A Dhcp-Release Request

    To configure dynamic binding update interval: To do… Use the command… Remarks Enter system view system-view — Enable periodic Optional dhcp relay security refresh of dynamic refresh enable Enabled by default. client entries Optional Configure binding dhcp relay security auto by default. (auto interval is calculated by the update interval tracker { interval | auto } relay agent according to the number of bindings.)

  • Page 39: Configuring The Dhcp Relay Agent To Support Option 82

    Configuring the DHCP relay agent to support Option 82 Prerequisites Complete the following tasks first, before configuring the DHCP relay agent to support Option 82. • Enabling DHCP • Enabling the DHCP relay agent on the specified interface • Correlating a DHCP server group with relay agent interfaces Configuring the DHCP relay agent to support Option 82 To configure the DHCP relay agent to support Option 82: To do…...

  • Page 40: Displaying And Maintaining Dhcp Relay Agent Configuration

    To support Option 82, related configuration is required on both the DHCP server and relay agent. • If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding • format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format. If sub-option 1 (node identifier) of Option 82 is padded with the device name (sysname) of a node, the device •...
  • Page 41 relay agent is deployed to forward messages between DHCP clients and the DHCP server. VLAN- interface 1 on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. The IP address of VLAN-interface 1 is 10.10.1.1/24 and the IP address of VLAN-interface 2 is 10.1.1.2/24. Figure 1 1 Network diagram for DHCP relay agent Configuration procedure...

  • Page 42: Dhcp Relay Agent Option 82 Support Configuration Example

    DHCP relay agent Option 82 support configuration example Network requirements • As shown in Figure 1 1 on page 41, enable Option 82 on the DHCP relay agent (Switch A). • Configure the handling strategy for DHCP requests containing Option 82 as replace. •...
  • Page 43 Analysis Some problems may occur with the DHCP relay agent or server configuration. Enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem. Solution Check that: •...

  • Page 44: Dhcp Client Configuration

    DHCP client configuration When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay • agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server. Introduction to DHCP client With the DHCP client enabled on an interface, the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server.

  • Page 45: Displaying And Maintaining The Dhcp Client

    Displaying and maintaining the DHCP client To do… Use the command… Remarks Display specified display dhcp client [ verbose ] [ interface Available in any view configuration information interface-type interface-number ] DHCP client configuration example Network requirements As shown in Figure 12, on a LAN, Switch B contacts the DHCP server via VLAN-interface 1 to obtain an IP address.

  • Page 46: Dhcp Snooping Configuration

    DHCP snooping configuration The DHCP snooping-enabled device must be either between the DHCP client and relay agent, or between the • DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. DHCP snooping overview Function of DHCP snooping As a DHCP security feature, DHCP snooping can do the following:...

  • Page 47: Application Environment Of Trusted Ports

    • Ports that connect to DHCP clients • VLANs to which the ports belong Application environment of trusted ports Configuring a trusted port connected to a DHCP server Figure 13 Configure trusted and untrusted ports As shown in Figure 13, a DHCP snooping device’s port that is connected to an authorized DHCP server should be configured as a trusted port.

  • Page 48: Dhcp Snooping Support For Option 82

    Figure 14 Configure trusted ports in a cascaded network Table 3 describes roles of the ports shown in Figure 14. Table 3 Roles of ports Device Untrusted port Trusted port disabled from Trusted port enabled to recording binding entries record binding entries Switch A GE1/0/1 GE1/0/3...

  • Page 49: Configuring Dhcp Snooping Basic Functions

    Table 4 DHCP snooping and Option 82 If a client’s Handling Padding The DHCP snooping device will… requesting strategy format message has… Drop Random Drop the message. Keep Random Forward the message without changing Option 82. Forward the message after replacing the original normal Option 82 with the Option 82 padded in normal format.

  • Page 50: Configuring Dhcp Snooping To Support Option 82

    You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can • obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
  • Page 51 To do… Use the command… Remarks Optional By default, the code type depends on the padding Configure the code dhcp-snooping format of Option 82. Each type for the circuit information circuit-id field has its own code type. ID sub-option format-type { ascii | hex } This code type configuration applies to non-user-defined Option 82 only.

  • Page 52: Displaying And Maintaining Dhcp Snooping

    Displaying and maintaining DHCP snooping To do… Use the command… Remarks display dhcp-snooping [ ip ip- Display DHCP snooping entries address ] display dhcp-snooping Display Option 82 configuration information on information { all | interface Available in any the DHCP snooping device interface-type interface-number } view display dhcp-snooping packet...

  • Page 53: Dhcp Snooping Option 82 Support Configuration Example

    Figure 15 Network diagram for DHCP snooping configuration Configuration procedure Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp-snooping Specify GigabitEthernet 1/0/1 as trusted. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP snooping Option 82 support configuration example Network requirements •...
  • Page 54 [SwitchB-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2 to support Option 82. [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information strategy replace [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information circuit-id string company001 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information remote-id string device001 [SwitchB-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 to support Option 82. [SwitchB] interface gigabitethernet 1/0/3 [SwitchB-GigabitEthernet1/0/3] dhcp-snooping information enable [SwitchB-GigabitEthernet1/0/3] dhcp-snooping information strategy replace...

  • Page 55: Bootp Client Configuration

    BOOTP client configuration If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, • the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. Introduction to BOOTP client BOOTP application After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration.

  • Page 56: Configuring An Interface To Dynamically Obtain An Ip Address Through Bootp

    • RFC 951: Bootstrap Protocol (BOOTP) • RFC 2132: DHCP Options and BOOTP Vendor Extensions • RFC 1542: Clarifications and Extensions for the Bootstrap Protocol Configuring an interface to dynamically obtain an IP address through BOOTP To configure an interface to dynamically obtain an IP address: To do…...
  • Page 57 Figure 16 Network diagram for BOOTP Client WINS server 10.1.1.4/25 Vlan-int1 10.1.1.126/25 10.1.1.1/25 Gateway A DHCP server 10.1.1.2/25 Vlan-int1 Switch B DNS server Client Configuration procedure The following describes only the configuration on Switch B serving as a client. Configure VLAN-interface 1 to dynamically obtain an IP address from the DHCP server. <SwitchB>...

  • Page 58: Ip Performance Optimization Configuration

    If a device is enabled to receive directed broadcasts, the device determines whether to forward them according to the configuration on the outgoing interface. This command is ineffective on the S5120-SI series Ethernet switches. That is, the switches cannot be disabled from receiving directed broadcasts.

  • Page 59: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network

    Enabling forwarding of directed broadcasts to a directly connected network If a device is enabled to receive directed broadcasts, the device will determine whether to forward them according to the configuration on the outgoing interface. To enable the device to forward directed broadcasts: To do…...

  • Page 60: Enabling Protection Against Naptha Attacks

    To enable the SYN Cookie feature: To do... Use the command... Remarks Enter system view system-view — Required Enable the SYN Cookie feature tcp syn-cookie enable Disabled by default. When you enable the SYN Cookie feature, it will not function if MD5 authentication is enabled. However, if you •...

  • Page 61: Configuring Tcp Optional Parameters

    With protection against Naptha attack enabled, the device periodically checks and records the number of TCP • connections in each state. With protection against Naptha attack enabled, if the device detects that the number of TCP connections in a • state exceeds the maximum number, the device considers that as Naptha attacks and accelerates the aging of these TCP connections.
  • Page 62 Advantages of sending ICMP error packets Sending ICMP timeout packets If the device received an IP packet with a timeout error, it drops the packet and sends an ICMP timeout packet to the source. The device will send an ICMP timeout packet under the following conditions: ○...

  • Page 63: Displaying And Maintaining Ip Performance Optimization

    Clear statistics of UDP traffic reset udp statistics Available in user view The S5120-SI series Ethernet switches do not support the display fib ip-prefix ip-prefix-name command. That is, they do not display FIB entries matching a specified IP prefix list.

  • Page 64: Obtaining Support For Your Product

    Contact your authorized reseller or 3Com for a complete list of the value-added services available in your area. Troubleshoot online You will find support tools posted on the web site at http://www.h3cnetworks.com/ under Support, Knowledgebase. The Knowledgebase helps you troubleshoot H3C products. This query-based interactive tool contains thousands of technical solutions.

  • Page 65: Access Software Downloads

    Access software downloads Software Updates are the bug fix / maintenance releases for the version of software initially purchased with the product. In order to access these Software Updates you must first register your product on the web site at http://www.h3cnetworks.com, go to Support, Product Registration. First time users will need to apply for a user name and password.

  • Page 66: Acronyms

    Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronym Full spelling Return 10GE Ten-GigabitEthernet 3DES Triple Data Encryption Standard Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current...
  • Page 67 Acronym Full spelling Apple Talk Asynchronous Transfer Mode Auxiliary (port) Active Virtual Forwarder Return BAGG Bridge Aggregation Broadband access server Bearer Control Backup Designated Router Best Effort Bidirectional Forwarding Detection Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface...
  • Page 68 Acronym Full spelling Continuity Check Message Cisco Discovery Protocol Customer Edge; Customer Edge Device CF-Card Compact Flash Card Connectivity Fault Detection Canonical Format Indicator Configuration File Management; Connectivity Fault Management CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter-Domain Routing Committed Information Rate CIST Common and Internal Spanning Tree Command Line Interface...
  • Page 69 Acronym Full spelling Dynamic Bandwidth Allocation Data Circuit-terminal Equipment Database Description Digital Data Network Data Encryption Standard DHCP Dynamic Host Configuration Protocol DiffServ Differentiated Service Designated Intermediate System DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Distinguished name Domain Name System Downstream on Demand Denial of Service...
  • Page 70 Acronym Full spelling Expedited Forwarding Exterior Gateway Protocol EOAM Ethernet Operation, Administration, and Maintenance EPON Ethernet Passive Optical Network End System ES-IS End System-Intermediate System Return FCoE Fabric Channel over Ethernet Forwarding Class Frame Check Sequence Forwarding Database FDDI Fiber Distributed Data Interface Forward Defect Indication Forwarding Equivalence Class;...
  • Page 71 Acronym Full spelling GVRP GARP VLAN Registration Protocol Return High Availability HABP HW Authentication Bypass Protocol HDLC High-level Data Link Control Header Error Control HGMP HW Group Management Protocol HGMPv2 HW Group Management Protocol version 2 HMAC Hash-based Message Authentication Code HO-DSP High Order Part of Domain Specific Part HoPE...
  • Page 72 Acronym Full spelling Interior Gateway Protocol IS-to-IS Hello Protocol Data Unit Incoming Label Map Internet Locator Service Intelligent Management Center Intelligent Network IntServ Integrated Service Internet Protocol Inter-Process Communication IPng IP Next Generation IPSec IP Security IPTN IP Phone Telephony Network IPTV Internet Protocol Television IPv6...
  • Page 73 Acronym Full spelling LACPDU Link Aggregation Control Protocol Data Unit Local Area Network LAPB Link Access Procedure, Balanced Loopback Loopback Message Loopback Reply Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control;...
  • Page 74 Acronym Full spelling Lintrace Message Linktrace Reply Message Listening Virtual Forwarder Return Maintenance Association Media Access Control Multi-Active Detection MAFV MAC-based Auth-Fail VLAN Metropolitan Area Network MaxBC Max Bandwidth Constraints MBGP Multicast Border Gateway Protocol Multi-VPN instance Customer Edge Multicast Domain; Maintenance Domain Message-Digest 5 Medium Dependent Interface Message-Digest Algorithm 5...
  • Page 75 Acronym Full spelling Multicast Port Management Mobile Switching Center MSDP Multicast Source Discovery Protocol MSOH Multiplex Section Overhead Multiple Spanning Tree MSTI Multi-Spanning Tree Instance MSTP Multiple Spanning Tree Protocol Multicast Tunnel MTBF Mean Time Between Failure Multicast Tunnel Interface MTTR Mean Time To Repair Maximum Transmission Unit...
  • Page 76 Acronym Full spelling Network Quality Analyzer Neighbor Solicitation NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector Non-Stop Routing NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Need to Know Network Time Protocol Return Open Application Architecture Operation Administration and Maintenance OAMPDU OAM Protocol Data Units Optical Access Network...
  • Page 77 Acronym Full spelling Policy-Based Route Printed Circuit Board Pulse Code Modulation Powered Device, Prefix Delegation or Pure Data Protocol Data Unit Provider Edge, Provider Edge Device Port-based Guest VLAN Penultimate Hop Popping Physical Layer Protocol Independent Multicast PIM-DM Protocol Independent Multicast-Dense Mode PIM-SM Protocol Independent Multicast-Sparse Mode Peak Information Rate...
  • Page 78 Acronym Full spelling PVID Permitted VLAN ID PVST Per-VLAN Spanning Tree Pseudo wires Pre-boot Execution Environment Return QACL QoS/ACL QinQ 802.1Q in 802.1Q Quality of Service QQIC Querier's Query Interval Code Querier's Robustness Variable Return Registration Authority; Router Advertisement RADIUS Remote Authentication Dial in User Service RAGG Route Aggregation...
  • Page 79 Acronym Full spelling RRPPD Rapid Ring Protection Protocol Data Unit Router Solicitation Revest-Shamir-Adleman Algorithm Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource Reservation Protocol RSVP-TE Resource Reservation Protocol – Traffic Engineering Route Target RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol...
  • Page 80 Acronym Full spelling Standby Main Board SMTP Simple Mail Transfer Protocol SNAP Sub Network Access Point SNMP Simple Network Management Protocol Sequence Number Packet SNPA Sub-network Points of Attachment Section Overhead SONET Synchronous Optical Network Site-of-Origin Strict Priority Queuing Superstratum PE; Sevice Provider-end PE Shortest Path First Shortest Path Tree Sequenced Packet Exchange...
  • Page 81 Acronym Full spelling Transmission Control Protocol Topology Change Notification TDMA Time Division Multiple Access Traffic Engineering TEDB Traffic Engineering Database TFTP Trivial File Transfer Protocol Transparent LAN Service Type-Length-Value Type of Service Traffic Policing TPID Tag Protocol Identifier Time Quantum TRIP Trigger RIP Traffic Shaping...
  • Page 82 Acronym Full spelling Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch Virtual Private Network VRID Virtual Router ID VRRP Virtual Router Redundancy Protocol Virtual Switch Interface Virtual Tributary VLAN Trunking Protocol Virtual Type Terminal Return...

  • Page 83: Index

    Index address displaying ARP detection ........ 25 assigning to interface (IP addressing) ....32 displaying source MAC address based ARP attack detection ........... 20 address resolution (ARP) ........12 dynamic entry ..........13 aging time (ARP) ..........14 enabling entry check ........15 application function ............
  • Page 84 configuring (BOOTP) ......... 55, 56 relay agent security function (DHCP) ....36 configuring (DHCP) ........44, 45 relay agent to send release request (DHCP) ..38 enabling on interface (DHCP) ......44 relay agent to support Option 82 (DHCP) ..39 concept snooping (DHCP) ........
  • Page 85 correlating server group with relay agent interface enabling ..............36 client on interface (DHCP) ....... 44 creating static binding ........36 entry check (ARP) ........... 15 displaying client ..........45 forwarding of directed broadcast to network (IP displaying relay agent configuration ....40 performance optimization) ......
  • Page 86 subnetting ............. 31 DHCP snooping Option 82 support configuration ..............53 IP performance optimization IP performance optimization configuration ..58 configuration ..........58 relay agent configuration (DHCP) ..... 40 configuring ICMP error packet sending ..... 61 relay agent Option 82 support configuration configuring protection against Naptha attacks ...60 (DHCP) ............
  • Page 87 configuring detection based on 802.1X security enabling entry check (ARP) ......15 entries (ARP) ..........22 enabling forwarding of directed broadcast to configuring detection based on DHCP snooping network (IP performance optimization) ... 59 entries for a VLAN (ARP) ......22 enabling reception of directed broadcast to configuring detection based on specified objects network (IP performance optimization) ...
  • Page 88 configuring basic functions (DHCP) ....49 SYN Cookie feature (IP performance optimization) 59 configuring Option 82 support (DHCP) ..50, 53 table (ARP) ............13 function (DHCP) ..........46 support for Option 82 (DHCP) ......48 configuring attributes (IP performance optimization) ..............

Table of Contents