Page 1: Configuration Guide
Switch 7700 Configuration Guide http://www.3com.com/ Published December 2003 Part No.10014298...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
BOUT UIDE Conventions YSTEM CCESS Product Overview Function Features Configuring the Switch 7700 Setting Terminal Parameters Configuring Through Telnet Configuring Through a Dial-up the Modem Configuring the User Interface Command Line Interface Command Line View Feature and Functions of the Command Line...
Page 4 Subnet and Mask Configure IP Address Displaying and Debugging an IP Address Troubleshooting an IP Address Configuration ARP Configuration Configure Static ARP DHCP Relay Configuring DHCP Relay Displaying and Debugging DHCP Relay Troubleshooting a DHCP Relay Configuration IP Performance Displaying and Debugging IP Performance Troubleshooting IP Performance OUTING ROTOCOL...
Page 5 Routing Policy Fault Diagnosis and Troubleshooting Route Capacity Route Capacity Limitation Route Capacity Configuration Displaying and Debugging Route Capacity ULTICAST ROTOCOL IP Multicast Overview Multicast Addresses IP Multicast Protocols IP Multicast Packet Forwarding Application of Multicast GMRP ConfigurING GMRP Displaying and Debugging GMRP IGMP Snooping Configure IGMP Snooping Display and debug IGMP Snooping...
Page 6 Traffic Configuring QoS Displaying and Debugging QoS User LogonACL Control Configuration Configure ACL Control over the TELNET User Configure ACL Control over SNMP Users STP O PERATION STP Overview Designated Switch and Designated Port Calculating the STP Algorithm Generating the Configuration BPDU Selecting the Optimum Configuration BPDU Designating the Root Port Configuring the BPDU Forwarding Mechanism...
Page 7 Configuring AAA Configuring the RADIUS Protocol Displaying and Debugging the AAA and RADIUS Protocols AAA and RADIUS Protocol Fault Diagnosis and Troubleshooting ELIABILITY VRRP Overview Configuring VRRP Enabling and Disabling Pinging the Virtual IP Address Setting the Correspondence between Virtual IP and MAC Addresses Adding and Deleting a Virtual IP Address Configuring the Priority of Switches Configuring Preemption and Delay for a Switch...
Page 8 RMON Configure RMON Displaying and Debugging RMON Configuring NTP Displaying and Debugging NTP NTP Configuration Examples...
Page 9: About This Guide
BOUT UIDE This guide describes the 3Com ® Switch 7700 and how to configure it in version 2.0 of the software. Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1 Notice Icons Icon...
Page 10 BOUT UIDE...
Page 11: System
Layer 2/Layer 3 Ethernet switch. It is designed for IP metropolitan area networks (MAN), large-sized enterprise network and campus network users. The Switch 7700 has an integrated chassis structure. The chassis contains a card area, fan area, power supply area, and a power distribution area. In the card area, there are seven slots.
Page 12: Configuring The Switch 7700
PING and Tracert Remote maintenance using Telnet and a modem Configuring the On the Switch 7700, you can set up the configuration environment through the Switch 7700 console port. To set up the the local configuration environment: 1 Plug the DB-9 or DB-25 female plug of the console cable into the serial port of the PC or the terminal where the switch is to be configured.
Page 13: Setting Terminal Parameters
Setting Terminal Parameters Figure 1 Setting up the Local Configuration Environment Through the Console Port RS-232 Serial port Console port Console cable Setting Terminal To set terminal parameters: Parameters 1 Start the PC and select Start > Programs > Accessories > Communications > HyperTerminal.
Page 14 1: S HAPTER YSTEM CCESS Figure 3 Properties Dialog Box 5 Click OK. The Port Settings tab, shown in Figure 4, displays and you can set serial port parameters. Set the following parameters: Baud rate = 9600 ■ Databit = 8 ■...
Page 15 Setting Terminal Parameters Figure 4 Set Communication Parameters 6 Click OK. The HyperTerminal dialogue box displays, as shown in Figure 5. 7 Select Properties. Figure 5 HyperTerminal Window 8 In the Properties dialog box, select the Settings tab, as shown in Figure 6. 9 Select VT100 in the Emulation dropdown menu.
Page 16: Configuring Through Telnet
Ethernet switch through the console port (using the ip address command in VLAN interface view), and added the port (that connects to a terminal) to this VLAN (using the port command in VLAN view), you can telnet this Switch 7700 and configure it.
Page 17 At most, 5 Too many users! Telnet users are allowed to log on to the Switch 7700 Switch simultaneously. 7 Use the appropriate commands to configure the Ethernet switch or to monitor the running state. Enter to get the immediate help.
Page 18 [SW7700-ui-vty0] set authentication password simple/cipher xxxx (xxxx is the preset login password of Telnet user) 3 Log in to the Telnet client (Switch 7700). For the login process, see “Connecting the PC to the Switch 7700”. 4 Perform the following operations on the Telnet client: <SW7700>...
Page 19: Configuring Through A Dial-Up The Modem
Note: By default, the password is required for authenticating the modem user to log in to the Switch 7700. If a user logs in through the modem without a password, the user sees the message, Password required, but none set a Enter system view, return user view with Ctrl+Z.
Page 20: Configuring The User Interface
4 Enter the preset login password on the remote terminal emulator and wait for the prompt. <SW7700> 5 Use the appropriate commands to configure the Switch 7700 or view its running state. Enter to get the immediate help. For details on a specific command, refer to the appropriate chapter in this guide.
Page 21 VTY user interface is used to telnet the Ethernet switch. ■ Note: For the Switch 7700, the AUX port and Console port are the same port. There is only the type of AUX user interface. The user interface is numbered by absolute number or relative number.
Page 22 Enabling and Disabling Terminal Service After the terminal service is disabled on a user interface, you cannot log in to the Switch 7700 through the user interface. However, if a user logged in through the user interface before disabling the terminal service, the user can continue operation.
Page 23 Setting Terminal Parameters through the user interface only when the terminal service is enabled again. Use the commands described in Table 4 to enable or disable terminal service. Table 4 Enable/Disable Terminal Service Operation Command Enable terminal service shell Disable terminal service undo shell By default, terminal service is enabled on all the user interfaces.
Page 24 Remove the local authentication undo set authentication password password Configure for password authentication when a user logs in through a VTY 0 user interface and set the password to 3Com: [SW7700] user-interface vty 0 [SW7700-ui-vty0] authentication-mode password [SW7700-ui-vty0] set authentication password simple 3Com...
Page 25 For detailed information, see “AAA and RADIUS Operation” Perform username and password authentication when a user logs in through the VTY 0 user interface and set the username and password to zbr and 3Com respectively: [SW7700-ui-vty0] authentication-mode scheme...
Page 26 1: S HAPTER YSTEM CCESS By default, a user can access the commands at Level 3 after logging in through the AUX user interface, and the commands at Level 0 after logging in through the VTY user interface. When a user logs in to the switch, the command level that the user can access depends on two points.
Page 27 Setting Terminal Parameters Configure Redirection The send command can be used for sending messages between user interfaces. See Table 15. Perform the following configuration in user view. Table 15 Configure to Send Messages Between User Interfaces Operation Command Configure to send messages send { all | number | type number } between different user interfaces.
Page 28: Command Line Interface
Local configuration through the console port. ■ Local or remote configuration through Telnet. ■ Remote configuration through a dial-up Modem to log in to the Switch 7700. ■ Hierarchy command protection to prevent unauthorized users from accessing ■ the switch.
Page 29 Command Line Interface this level involve file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands, and level setting commands. Login users are also classified into four levels that correspond to the four command levels. After users of different levels log in, they can only use commands at their own, or lower, levels.
Page 30 1: S HAPTER YSTEM CCESS Figure 14 Relation Diagram of the Views Ethernet port view User interface viiew VLAN view VLAN interface view RIP view OSPF view OSPF area view Route policy view Basic ACL view System User view view Advanced ACL view Interface-based ACL view Layer-2 ACL view...
Page 31 Command Line Interface Table 18 Function Feature of Command View Command Command to Command to view Function Prompt enter exit VLAN Configure IP Key in interface quit returns to [SW7700-Vlan- interface interface vlan-interface 1 System view interface1] view parameters for a in System view return returns VLAN or a VLAN...
Page 32: Feature And Functions Of The Command Line
1: S HAPTER YSTEM CCESS Table 18 Function Feature of Command View Command Command to Command to view Function Prompt enter exit Layer-2 ACL Define the rule of Key in acl quit returns to [SW7700-acl- view layer-2 ACL number 200 in System view link-200] System view...
Page 33 Command Line Interface -v Verbose output. ICMP packets other than ECHO_RESPONSE that are received are listed STRING<1-20> IP address or hostname of a remote system IP Protocol Enter a command with a , separated by a space. If this position is for ■...
Page 34 1: S HAPTER YSTEM CCESS Table 20 Retrieve History Command Operation Result Retrieve the previous Up cursor key <> or <Ctrl+P> Retrieves the previous history history command command, if there is any. Retrieve the next history Down cursor key <> or Retrieves the next history command <Ctrl+N>...
Page 35: Port Configuration
Ethernet Port Overview ■ Link Aggregation Configuration ■ Ethernet Port A brief description of Switch 7700 I/O modules are listed below: Overview 48-port 10/100Base-T auto-sensing fast Ethernet card ■ 8-port 1000Base-X (Gigabit Interface Converter or GBIC) Gigabit Ethernet card ■...
Page 36 Command Enter Ethernet port view interface {Gigabit | Ethernet} slot/subslot/port Note: In the Switch 7700, the subslot is always 0. Enabling and Disabling Ethernet PortS The following command can be used for disabling or enabling the port. After configuring the related parameters and protocol of the port, you can use the following command to enable the port.
Page 37 Ethernet Port Overview Perform the following configuration in Ethernet port view. Table 4 Set Duplex Attribute for Ethernet Port Operation Command Set duplex attribute for duplex {auto | full | half} Ethernet port. Restore the default duplex undo duplex attribute of Ethernet port. Note: 100M electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode.
Page 38 Note: The settings only take effect on 10/100Base-T and 10/100/1000Base-T ports. The Switch 7700 only supports auto (auto-sensing). If you set some other type, you will see the prompt “Not support this operation!”. The cable type is auto (auto-recognized) by default. The system will automatically recognize the type of cable connecting to the port.
Page 39 Ethernet Port Overview Setting the Maximum MAC Addresses an Ethernet Port can Learn Use the following command to set an amount limit on MAC addresses learned by the Ethernet port. If the number of MAC address learned by this port exceeds the value set by the user, this port will not learn MAC address.
Page 40 2: P HAPTER ONFIGURATION Adding the Ethernet Port to a VLAN The following commands are used for adding an Ethernet port to a specified VLAN. The access port can only be added to one VLAN, while the hybrid and trunk ports can be added to multiple VLANs.
Page 41: Set The Vlan Vpn Feature
Ethernet Port Overview Table 12 Set the Default VLAN ID for the Ethernet Port Operation Command Restore the default VLAN ID of the undo port trunk pvid trunk port to the default value Note: The Trunk port and isolate-user-vlan cannot be configured simultaneously, ■...
Page 42 2: P HAPTER ONFIGURATION forward the packets. The loop test will finish automatically after being executed for a while. Table 14 Display and Debug Ethernet Port Operation Command Configure to perform loopback {external | internal} loopback test on the Ethernet port.
Page 43: Ethernet Port Troubleshooting
{master_port_num | all} aggregation Note: The Ethernet ports to be aggregated should be configured with the same speed and duplex otherwise, they cannot be aggregated. The Switch 7700 does not support ingress aggregation mode. Display and Debug Link...
Page 44: Ethernet Link Aggregation Troubleshooting
2: P HAPTER ONFIGURATION Trunk port allows frames from several VLANs to pass through, the heavy traffic needs balancing among all the ports. Ethernet Switch (Switch A) is connected to the Ethernet Switch (Switch B) upstream by the aggregation of three ports, Ethernet1/0/1 through Ethernet1/0/3. Figure 2 Configure Link Aggregation Switch B Link Aggregation...
Page 45: Vlan Configuration
VLAN C ONFIGURATION VLAN Overview ■ Configuring GARP/GVRP ■ VLAN Overview A virtual local area network (VLAN) groups the devices of a LAN logically, but not physically, into segments to implement the virtual workgroups. Using VLAN technology, network managers can logically divide the physical LAN into different broadcast domains.
Page 46 3: VLAN C HAPTER ONFIGURATION The vlan_id parameter specifies the VLAN ID. Note that the default VLAN, namely VLAN 1, cannot be deleted. Add Ethernet Ports to a VLAN You can use the following command to add Ethernet ports to a VLAN. Perform the following configuration in VLAN view.
Page 47 VLAN Overview Set or Delete VLAN Description Character String You can use the following command to set or delete VLAN description character string. The description character strings, such as workgroup name and department name, are used to distinguish the different VLANs. Perform the following configuration in VLAN view.
Page 48: Display And Debug Vlan
3: VLAN C HAPTER ONFIGURATION Perform the following configuration in VLAN interface view. Table 7 Shut Down or Enable a VLAN interface Operation Command Shut down the VLAN interface shutdown Enabling the VLAN interface undo shutdown The operation of shutting down or enabling the VLAN interface has no effect on the status of the Ethernet ports on the local VLAN.
Page 49: Configuring Garp/Gvrp
GARP participants and processes them with the corresponding GARP applications (GVRP or GMRP). GARP and GMRP are described in details in the IEEE 802.1p standard (which has been added to the IEEE 802.1D standard). The Switch 7700 fully supports the GARP compliant with the IEEE standards. Note: The value of the GARP timer is used in all the GARP applications, including ■...
Page 50 3: VLAN C HAPTER ONFIGURATION Setting the GARP Timer GARP timers include the hold, join, leave, and leaveall timers. The GARP participant sends join message regularly when join timer times out so that other GARP participants can register its attribute values. When the GARP participant wants to remove some attribute values, it sends a leave message outward.
Page 51: Configuring Gvrp
GVRP is described in details in the IEEE 802.1Q standard. The Switch 7700 fully supports the GARP compliant with the IEEE standards. Main GVRP configuration steps include: Enable or Disable Global GVRP ■...
Page 52 3: VLAN C HAPTER ONFIGURATION Perform the following configurations in Ethernet port view. Table 12 Enable/Disable Port GVRP Operation Command Enable port GVRP gvrp Disable port GVRP undo gvrp GVRP should be enabled globally before it is enabled on the port. GVRP can only be enabled or disabled on a Trunk port.
Page 53 Configuring GARP/GVRP Table 14 Display and Debug GVRP Operation Command Disable GVRP packet or event undo debugging gvrp { packet | event} debugging The network requirement is to dynamically register and update VLAN information Example: GVRP Configuration Example among switches. Figure 2 GVRP Configuration Example E1/01 E2/0/1...
Page 54 3: VLAN C HAPTER ONFIGURATION...
Page 55: Network Protocol Operation
ETWORK ROTOCOL PERATION This chapter covers the following topics: Configure IP Address ■ ARP Configuration ■ DHCP Relay ■ IP Performance ■ Configure IP Address IP address is a 32-bit address represented by four octets. IP addresses are divided into five classes: A, B, C, D and E. The octets are set according to the first a few bits of the first octet.
Page 56: Configure Ip Address
4: N HAPTER ETWORK ROTOCOL PERATION With the rapid development of the Internet, IP addresses are depleting very fast. The traditional IP address allocation method uses up IP addresses with little efficiency. The concept of mask and subnet was proposed to make full use of the available IP addresses.
Page 57: Displaying And Debugging An Ip Address
1 Enter VLAN interface 1. [3Com] interface vlan 1 2 Configure the IP address for VLAN interface 1. [3Com-vlan-interface1] ip address 129.2.2.1 255.255.255.0 Troubleshooting an IP If the Ethernet Switch cannot ping through a certain host in the LAN: Address Configuration 1 Determine which VLAN includes the port connected to the host.
Page 58: Arp Configuration
4: N HAPTER ETWORK ROTOCOL PERATION but not receive the ARP packets, there are probably errors on the Ethernet physical layer. ARP Configuration An IP address cannot be directly used for communication between network devices because devices can only identify MAC addresses. An IP address is only the address of a host in the network layer.
Page 59: Dhcp Relay
DHCP Relay Manually Add/Delete Static ARP Mapping Entries Perform the following configuration in System view. Table 4 Manually Add/Delete Static ARP Mapping Entries Operation Command Manually add a static ARP mapping arp static ip-address mac-address VLANID { entry interface_type interface_num | interface_name } Manually delete a static ARP undo arp static ip-address mapping entry...
Page 60: Configuring Dhcp Relay
4: N HAPTER ETWORK ROTOCOL PERATION The DHCP relay serves as conduit between the DHCP Client and the server located on different subnets. The DHCP packets can be relayed to the destination DHCP server (or Client) across network segments. The DHCP clients on different networks can use the same DHCP server.
Page 61: Displaying And Debugging Dhcp Relay
DHCP Relay Note: The backup server IP address cannot be configured independently, instead, it has to be configured together with the master server IP address. The corresponding IP address of the DHCP Server is not configured by default. The DHCP Server address must be configured before DHCP relay can be used. Configure Corresponding DHCP Server Group of the VLAN Interface Perform the following configuration in VLAN interface view.
Page 62 VLAN 3 1.88.255.35 1 Configure the IP address corresponding to DHCP Server Group 1. [3Com] dhcp-server 1 ip 1.99.255.36 1.99.255.35 2 Configure the DHCP Server Group 1 corresponding to the VLAN interface 2. [3Com-VLAN-Interface2] dhcp-server 1 3 Configure the IP address corresponding to DHCP Server Group 2.
Page 63: Troubleshooting A Dhcp Relay Configuration
<3Com> display dhcp-server 1 9 Show the DHCP Server Group number corresponding to the VLAN interface in User view. <3Com> display dhcp-server interface vlan-interface 2 <3Com> display dhcp-server interface vlan-interface 3 Troubleshooting a DHCP If a user cannot apply for IP address dynamically, perform the following procedure:...
Page 64: Ip Performance
4: N HAPTER ETWORK ROTOCOL PERATION IP Performance TCP attributes to be configured include: : When sending the syn packets, TCP starts the synwait timer. If ■ synwait timer response packets are not received before synwait timeout, the TCP connection will be terminated.
Page 65: Troubleshooting Ip Performance
Debug and trace the packets of the TCP connection that take this device as one ■ end. Operations include: <3Com> terminal debugging <3Com> debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.1...
Page 66 4: N HAPTER ETWORK ROTOCOL PERATION...
Page 67: Routing Protocol Operation
OUTING ROTOCOL PERATION This chapter covers the following topics: IP Routing Protocol Overview ■ Static Routes ■ ■ OSPF ■ IS-IS ■ ■ IP Routing Policy ■ Route Capacity ■ IP Routing Protocol Routers select an appropriate path through a network for an IP packet according Overview to the destination address of the packet.
Page 68: Route Selection Through The Routing Table
5: R HAPTER OUTING ROTOCOL PERATION Figure 1 About Hops Route Segment Networks can have different sizes so the segment lengths connected between two different pairs of routers are also different. If a router in a network is regarded as a node and a route segment in the Internet is regarded as a link, message routing in the Internet works in a similar way as the message routing in a conventional network.
Page 69: Routing Management Policy
12.0.0.3 12.0.0.1 Routing Management The Switch 7700 supports the configuration of a series of dynamic routing Policy protocols such as RIP, OSPF, as well as the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the routing protocol.
Page 70: Static Routes
As the algorithms of various routing protocols are different, different protocols can generate different routes. This situation creates the problem of how to resolve different routes being generated by different routing protocols. The Switch 7700 supports an operation of importing the routes generated by one routing protocol into another routing protocol.
Page 71: Configuring Static Routes
Static Routes The following routes are static routes: Reachable route — The normal route in which the IP packet is sent to the next ■ hop by the route marked by the destination. It is a common type of static route.
Page 72 5: R HAPTER OUTING ROTOCOL PERATION The IP address and mask use a decimal format. Because the 1s in the 32-bit mask must be consecutive, the dotted decimal mask can also be replaced by the mask-length which refers to the digits of the consecutive 1s in the mask. Transmitting interface or next hop address ■...
Page 73: Display And Debug Static Route
Static Routes Perform the following configurations in system view. Table 4 Configure the Default Preference of Static Routes Operation Command Configure the default preference value of ip route-static default-preference static routes default-preference-value By default the value is 60 Display and Debug After you configure static and default routes, execute the display command in all Static Route views to display the running of the static route configuration, and to verify the...
Page 74: Static Route Fault Diagnosis And Troubleshooting
Using this procedure, all the hosts or switches in Figure 3 can be interconnected in pairs. Static Route Fault The Switch 7700 is not configured with the dynamic routing protocol, and both Diagnosis and the physical status and the link layer protocol status of the interface is enabled, Troubleshooting but the IP packets cannot be forwarded normally.
Page 75: Rip
Routing Information Protocol (RIP) is a simple, dynamic routing protocol, that is Distance-Vector (D-V) algorithm-based. It uses hop counts to measure the distance to the destination host, which is called routing cost. In RIP, the hop count from a router to its directly connected network is 0. The hop count to a network which can be reached through another router is 1, and so on.
Page 76: Configuring Rip
5: R HAPTER OUTING ROTOCOL PERATION validity of the routes. With these mechanisms, RIP, an interior routing protocol, enables the router to learn the routing information of the entire network. RIP has become one of the most popular standards of transmitting router and host routes.
Page 77 Perform the following configurations in RIP view. Table 7 Enable RIP Interface Operation Command Enable RIP on the specified network network network-address interface Disable RIP on the specified undo network network-address network interface Note that after the RIP task is enabled, you should also specify its operating network segment, for RIP only operates on the interface on the specified network.
Page 78 5: R HAPTER OUTING ROTOCOL PERATION RIP-1 from incorrectly receiving and processing the routes with subnet mask in RIP-2. When an interface is running RIP-2, it can also receive RIP-1 packets. Perform the following configuration in VLAN interface view. Table 9 Specify RIP Version of the Interface Operation Command Specify the interface version as...
Page 79 Table 11 Specify the Operating State of the Interface Operation Command Disable the interface to send RIP undo rip output update packet The rip work command is functionally equivalent to both rip input and rip output commands. By default, all interfaces except loopback interfaces both receive and transmit RIP update packets.
Page 80 5: R HAPTER OUTING ROTOCOL PERATION Set RIP-2 Packet Authentication RIP-1 does not support packet authentication. However, you can configure packet authentication on RIP-2 interfaces. RIP-2 supports two authentication modes: Simple authentication — Does not ensure security. The unencrypted ■ authentication key is sent with the packet, so simple authentication should not be applied when there are high security requirements MD5 authentication —...
Page 81 Perform the following configurations in RIP view. Table 16 Configure RIP to Import Routes of Other Protocols Operation Command Configure RIP to import routes of import-route protocol [ cost value ] [route-policy other protocols route-policy-name ] Cancel the imported routing undo import-route protocol information of other protocols By default, RIP does not import the route information of other protocols.
Page 82 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 19 Set Additional Routing Metric Operation Command Set the additional routing rip metricin value metric of the route when the interface receives an RIP packet Disable the additional routing undo rip metricin metric of the route when the...
Page 83: Display And Debug Rip
Display and Debug RIP After configuring RIP, execute the display command in all views to display the RIP configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the RIP module. Execute the reset command in RIP view to reset the ssytem configuratio parameters of RIP.
Page 84: Rip Fault Diagnosis And Troubleshooting
[Switch C-rip] network 110.11.2.0 RIP Fault Diagnosis and Troubleshooting 1 The Switch 7700 cannot receive update packets when the physical connection to the peer routing device is normal. RIP does not operate on the corresponding interface (for example, if the ■...
Page 85 OSPF LSA describes the network topology around a router, so the LSDB describes the ■ network topology of the entire network. Routers can easily transform the LSDB to a weighted directed graph, which actually reflects the topology of the whole network.
Page 86: Ospf Configuration
5: R HAPTER OUTING ROTOCOL PERATION In a broadcast network, in which all routers are directly connected, any two routers must establish adjacency to broadcast their local status information to the whole AS. In this situation, every change that a router makes results in multiple transmissions, which is not only unnecessary but also wastes bandwidth.
Page 87 OSPF should be noted that after OSPF is disabled, the OSPF-related interface parameters also become invalid. OSPF configuration includes the tasks that are described in the following sections: Enable OSPF and Enter OSPF View ■ Enter OSPF Area View ■ Specify Interface ■...
Page 88 5: R HAPTER OUTING ROTOCOL PERATION By default, OSPF is not enabled. Enter OSPF Area View Perform the following configurations in OSPF view. Table 23 Enter OSPF Area View Operation Command Enter an OSPF area view area area-id Delete a designated OSPF area undo area area-id Specify Interface OSPF divides the AS into different areas.
Page 89 OSPF Configure the Network Type on the OSPF Interface The route calculation of OSPF is based on the topology of the adjacent network of the local router. Each router describes the topology of its adjacent network and transmits it to all the other routers. OSPF divides networks into four types by link layer protocol: Broadcast: If Ethernet or FDDI is adopted, OSFP defaults the network type to ■...
Page 90 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 26 Configure a Network Type on the Interface that Starts OSPF Operation Command Configure network type on the ospf network-type { broadcast | NBMA | P2MP | P2P } interface After the interface has been configured with a new network type, the original network type of the interface is removed automatically.
Page 91 OSPF Note that: The DR on the network is not necessarily the router with the highest priority. ■ Likewise, the BDR is not necessarily the router with the second highest priority. If a new router is added after DR and BDR election, it is impossible for the router to become the DR even if it has the highest priority.
Page 92 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 30 Set Hello Timer and Poll Interval Operation Command Set the hello interval of the ospf timer hello seconds interface Restore the default hello of the undo ospf timer hello interface Set the poll interval on the NBMA...
Page 93 OSPF By default, LSU packets are transmitted by seconds. Set an Interval for LSA Retransmission Between Neighboring Routers If a router transmits an LSA to the peer, it requires the acknowledgement packet from the peer. If it does not receive the acknowledgement packet within the retransmission, it retransmits this LSA to the neighbor.
Page 94 5: R HAPTER OUTING ROTOCOL PERATION To insure that routes to the destinations outside the AS are still reachable, the ABR in this area generates a default route (0.0.0.0) and advertises it to the non-ABR routers in the area. Note the following items when you configure a STUB area: The backbone area cannot be configured as a STUB area and the virtual link ■...
Page 95 OSPF Figure 5 NSSA NSSA NSSA Area 1 ASBR NSSA Area 0 Area 2 Perform the following configuration in OSPF Area view. Table 36 Configure NSSA of OSPF Operation Command Configure an area to be the nssa [ default-route-advertise ] [ no-import-route ] [ NSSA area no-summary ] Cancel the configured NSSA...
Page 96 5: R HAPTER OUTING ROTOCOL PERATION transmitted separately. Therefore, the sizes of the LSDBs in other areas can be reduced. Once the aggregate segment of a certain network is added to the area, all the internal routes of the IP addresses in the range of the aggregate segment are no longer separately broadcast to other areas.
Page 97 10 seconds, retransmit is 5 seconds, trans-delay is 1 second, and the dead timer is 40 seconds. Configure Route Summarization Imported into OSPF The OSPF implementation in the Switch 7700 supports route summarization of imported routes. Perform the following configurations in OSPF view.
Page 98 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in OSPF Area view. Table 40 Configure the OSPF Area to Support Packet Authentication Operation Command Configure the area to support authentication-mode [ simple | md5 ] authentication type Cancel the configured undo authentication-mode authentication key By default, the area does not support packet authentication.
Page 99 OSPF is the same as the cost of routes within the AS. Also, this route cost and the route cost of the OSPF itself are comparable. That is, the cost to reach the external route type 1 equals the cost to reach the corresponding ASBR from the local router plus the cost to reach the destination address of the route from the ASBR The external type-2 routes refers to imported EGP routes.
Page 100 5: R HAPTER OUTING ROTOCOL PERATION Table 43 Configure Parameters for OSPF to Import External Routes Operation Command Configure the default tag for the default tag tag OSPF to import external routes Restore the default tag for the undo default tag OSPF to import external routes Configure the default type of default type { 1 | 2 }...
Page 101 OSPF Configure OSPF Route Filtering Perform the following configuration in OSPF view. Table 46 Enable OSPF to Filter the Imported Routes Operation Command Configure OSPF to fileter imported external routes Disable to filter the imported filter-policy { acl-number | ip-prefix ip-prefix-name | global routing information gateway prefix-list- name } import Cancel to filter the imported...
Page 102: Display And Debug Ospf
5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in OSPF view. Table 48 Disable the Interface to Send OSPF Packets Operation Command Disable the interface to send OSPF silent-interface silent-interface-type packets silent-interface-number Enable the interface to send OSPF undo silent-interface silent-interface-type packets silent-interface-number...
Page 103 Configuring DR Election Based on OSPF Priority Example: OSPF Configuration In this example, four Switch 7700 routers, Switch A, Switch B, Switch C, and Switch D, which can perform the router functions and run OSPF, are located on the same segment, as shown in Figure 6.
Page 104 5: R HAPTER OUTING ROTOCOL PERATION 3 Configure Switch C: [Switch C] interface Vlan-interface 1 [Switch C-Vlan-interface1] ip address 196.1.1.3 255.255.255.0 [Switch C-Vlan-interface1] ospf dr-priority 2 [Switch C] router id 3.3.3.3 [Switch C] ospf [Switch C-ospf] area 0 [Switch C-ospf-area-0.0.0.0] network 196.1.1.0 0.0.0.255 4 Configure Switch D: [Switch D] interface Vlan-interface 1 [Switch D-Vlan-interface1] ip address 196.1.1.4 255.255.255.0...
Page 105 OSPF Figure 7 OSPF Virtual Link Configuration Switch A 1.1.1.1 196.1.1.1/24 Area 0 196.1.1.2/24 197.1.1.2/24 Switch B 2.2.2.2 Area 1 Virtual 197.1.1.1/24 Link Switch C Area 2 3.3.3.3 152.1.1.1/24 The commands listed below implement this configuration. 1 Configure Switch A: [Switch A] interface Vlan-interface 1 [Switch A-Vlan-interface1] ip address 196.1.1.1 255.255.255.0 [Switch A] router id 1.1.1.1...
Page 106: Ospf Fault Diagnosis And Troubleshooting
5: R HAPTER OUTING ROTOCOL PERATION OSPF Fault Diagnosis and Troubleshooting 1 OSPF has been configured according to the previous procedures, but OSPF on the router does not run normally. Troubleshoot locally ■ Check whether the protocol between two directly connected routers is operating normally.
Page 107: Is-Is
IS-IS areas. RTB belongs to area0, which complies with the backbone area membership requirement. However, RTC does not belong to area0. Therefore, a virtual link must be set up between RTC and RTB to insure that area2 and area0 (the backbone area) are connected. Figure 8 OSPF Areas area1 area2...
Page 108: Two-Level Structure Of Is-Is Routing Protocol
5: R HAPTER OUTING ROTOCOL PERATION Two-level Structure of IS-IS adopts the two-level structure including Level-1 and Level-2 in a routing IS-IS Routing Protoco domain (or the AS) to support the routing network at a large scale. A large RD is divided into one or more areas.
Page 109: Nsap Structure Of Is-Is Routing Protocol
IS-IS Figure 9 IS-IS topology Figure 10 illustrates the NSAP structure. The whole address is of 8 to 20 bytes NSAP Structure of IS-IS Routing Protocol long. Figure 10 NSAP structure NSAP includes initial domain part (IDP) and domain specific part (DSP). IDP and DSP are length-variable with total length of 20 bytes.
Page 110: Is-Is Routing Protocol Packets
5: R HAPTER OUTING ROTOCOL PERATION and format identifier (AFI) and initial domain identifier (IDI). AFI defines the format of IDI. DSP has several bytes. Area Address is composed of routing field and area identifier. The routing field includes AFI and IDI and may also includes the first byte of DSP. It identifies the organization structure.
Page 111 IS-IS IS-IS configuration includes: Enabling IS-IS and Entering the IS-IS View ■ Setting the Network Entity Title (NET) ■ Enabling IS-IS on the Specified Interface ■ Setting IS-IS Link State Routing Cost ■ Setting the Hello Packet Broadcast Interval ■ Setting the CSNP Packet Broadcast Interval ■...
Page 112 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in system view. Table 51 Enable IS-IS and Enter the IS-IS View Operation Command Enable the IS-IS and enter the IS-IS view isis [ tag ] Cancel the specified IS-IS routing process undo isis [ tag ] The tag parameter identifies the IS-IS process.
Page 113 IS-IS Table 54 Set IS-IS Link State Routing Cost Operation Command Restore the default routing cost of the undo isis cost [ level-1 | level-2 ] interface If the level is not specified, the default setting is Level-1 routing cost. The value parameter is configured according to the link state of the Interface.
Page 114 5: R HAPTER OUTING ROTOCOL PERATION If the level is not specified, it defaults to setting CSNP packet broadcast interval for Level-1. By default, the CSNP packet is transmitted by interface every 10 second. Setting the LSP Packet Interval LSP carries the link state records for propagation throughout the area. Perform the following configurations in VLAN interface view..
Page 115 IS-IS Set Priority for DIS Election In the broadcast network, the IS-IS needs to elect a DIS from all the routers. When you need to select a DIS from the IS-IS neighbors on the broadcast network, you should select level-1 DIS and level-2 DIS. The higher the priority is, the more possible it is selected.
Page 116 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in VLAN interface view.. Table 62 Set Interface Authentication Password Operation Command isis authentication-mode { simple | md5 } password Set authentication password [ { level-1 | level-2 } [ ip | osi ] ] undo isis authentication-mode { simple | md5 } Delete authentication-mode password password [ { level-1 | level-2 } [ ip | osi ] ]...
Page 117 IS-IS Setting Default Route Generation In the IS-IS route domain, the Level-1 router only has the LSDB of the local area, so it can only generate the routes in the local areas. But the Level-2 router has the backbone LSDB in the IS-IS route domains and generates the backbone network routes only.
Page 118 5: R HAPTER OUTING ROTOCOL PERATION Setting a Summary Route You can aggregate several different routes, which turns advertisement processes of several routes to the advertisement of single route so as to simplify the routing table. Perform the following configurations in IS-IS view.. Table 67 Set Summary Route Operation Command...
Page 119 IS-IS Setting Peer Change Logging After peer changes log is enabled, the IS-IS peer changes will be output on the configuration terminal until the log is disabled. Perform the following configurations in IS-IS view.. Table 70 Set to Log the Peer Changes Operation Command Enable peer changes log...
Page 120 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in IS-IS view.. Table 73 Set SPF Calculation in Slice Operation Command Set SPF calculation in slice spf-slice-size seconds Restore the default configuration undo spf-slice-size By default, SPF calculation does not divide into slices but runs to the end once, which can also be implemented by setting the parameter seconds to 0.
Page 121 IS-IS By default, SPF calculation runs every 5 seconds. Enabling or Disabling the Interface to Send Packets To prevent the IS-IS routing information from obtaining by some router in a certain network, the silent-interface command can be used to prohibit sending IS-IS packets by the interface connecting with the router.
Page 122 5: R HAPTER OUTING ROTOCOL PERATION Configuring IS-IS Route Filtering The IS-IS protocol can filter the received and distributed routes according to the access control list specified by acl-number. Perform the following configurations in IS-IS view. Configure filtering of the routes received by IS-IS . ■...
Page 123: Displaying And Debugging Is-Is
IS-IS Resetting All the IS-IS Data Structure When it is necessary to refresh some LSPs immediately, perform the following configuration in user view.. Table 81 Resetting all the IS-IS Data Structures Operation Command Reset the IS-IS data structure reset isis all Resetting the Specified IS-IS Peer When it is necessary to connect a specified peer again, perform the following configuration in user view..
Page 124 5: R HAPTER OUTING ROTOCOL PERATION Figure 11 IS-IS Configuration Example 1 Configure Switch A [Switch A] isis [Switch A-isis] network-entity 86.0001.0000.0000.0005.00 [Switch A] interface vlan-interface 100 [Switch A-Vlan-interface100] isis enable [Switch A] interface vlan-interface 101 [Switch A-Vlan-interface101] isis enable [Switch A] interface vlan-interface 102 [Switch A-Vlan-interface102] isis enable 2 Configure Switch B...
Page 125: Bgp
[Switch C-Vlan-interface101] isis enable [Switch C] interface vlan-interface 100 [Switch C-Vlan-interface100] isis enable 4 Configure Switch D [Switch D] isis [Switch D-isis] network-entity 86.0001.0000.0000.0008.00 [Switch D] interface vlan-interface 102 [Switch D-Vlan-interface102] isis enable [Switch D] interface vlan-interface 100 [Switch D-Vlan-interface100] isis enable Border Gateway Protocol (BGP) is an inter-AS dynamic route discovery protocol.
Page 126: Configuring Bgp
5: R HAPTER OUTING ROTOCOL PERATION abundant route policies to implement flexible filtering and selecting of routes, which can be extended easily to support new developments of the network. BGP, as an upper-layer protocol, runs on a special router. On the first startup of the BGP system, the BGP router exchanges routing information with its peers by transmitting the complete BGP routing table, after that only update messages are exchanged.
Page 127: Enabling Bgp
Configuring BGP Route Summarization ■ Configuring an BGP Route Reflector ■ Configuring BGP AS Confederation Attributes ■ Configuring BGP Route Dampening ■ Configuring the Repeating Time for a Local AS ■ Configuring the Redistribution of BGP and IGP ■ Defining ACL, AS Path List, and Route Policy ■...
Page 128 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in BGP view. Configuring an AS number To configure a BGP peer group as the neighbor of local router, the AS to which the peer group belongs should be specified first. Exchange of routing information between two ends is disabled until the peer ends and AS to which the peer ends belong are specified.
Page 129 Table 88 Configure a Description of a Peer Group Operation Command undo peer { peer-address | group-name } description Delete description of a peer group By default, no BGP peer group description is set. Configuring to Permit Connections with EBGP Peer Groups on Indirectly Connected Networks Generally, EBGP peers must be connected physically.
Page 130 5: R HAPTER OUTING ROTOCOL PERATION By default, the intervals at which route update messages are sent by an IBGP and EBGP peer group are 5 seconds and 30 seconds respectively. Configuring Transmission of the Community Attributes to a Peer Group Table 92 Configuring Transmission of the Community Attributes to a Peer Group Operation Command...
Page 131 Configuring a Route Map for a Peer Group By configuring the route map for a peer group, the routes coming from the peer group or advertised to the peer group can be controlled. The route map of advertised routes configured for each member of a peer group must be same with that of the peer group but their route maps of coming routes may be different.
Page 132 5: R HAPTER OUTING ROTOCOL PERATION Removing Private AS Numbers While Transmitting BGP Update Messages Generally, the AS numbers (public AS numbers or private AS numbers) are included in the AS paths while transmitting BGP update messages. This command is used to configure certain outbound routers to ignore the private AS numbers while transmitting update messages.
Page 133 Perform the following configurations in BGP view. Table 103 Configuring a BGP Timer Operation Command peer { group-name | peer-address } timer Configure BGP Timer keep-alive keepalive-interval hold holdtime-interval undo peer { group-name | peer-address } timer Restore the default value of the timer By default, the interval of sending keepalive packet is 60 seconds.
Page 134 5: R HAPTER OUTING ROTOCOL PERATION By default, the MED metric is 0. Comparing the MED Routing Metrics from the Peers in Different ASs This comparison is used to select the best route. The route with smaller MED value will be selected. Perform the following configurations in BGP view.
Page 135 Configuring BGP Route Summarization The CIDR supports route summarization. There are two modes of BGP route summarization: summary automatic and aggregate. The summary automatic is the summary of the BGP subnet routes. After the configuration of the summary automatic, the BGP will not be able to receive subnets imported by the IGP; the aggregate is the aggregation of the BGP local routes.
Page 136 5: R HAPTER OUTING ROTOCOL PERATION Figure 12 The Route Reflector Diagram The reflector is the router that can complete the route reflection function. The route reflector regards the IBGP peers as client and non-client. All peers that do not belong to such cluster in the autonomous system are the non-clients. The designation of route reflector and the addition of the client peer are implemented with the command peer reflect-client.
Page 137 Two Kinds of Measures to Avoid Looping Inside AS As route reflector is imported, it is possible that path looping will be generated in AS. Path update packets already left the cluster may attempt to return to the cluster. The conventional AS path method can’t detect the internal AS looping, because the path update packet hasn’t left AS.
Page 138 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in BGP view. Table 112 Configuring the Sub-AS of the Confederation Operation Command Configure a confederation consisting of which confederation peer-as as-number-1 [ ... sub-ASs as-number-n ] Cancel the specified sub-AS in the undo confederation peer-as [ as-number-1 confederation ] [ ...as-number-n ]...
Page 139 Defining ACL, AS Path List, and Route Policy This section describes the configuration of ACL, AS path list, and route-policy. Defining the ACL For information on defining the ACL, see “Defining ACL” in the QoS/ACL Operation chapter and to the Switch 7700 Command Reference Guide.
Page 140 5: R HAPTER OUTING ROTOCOL PERATION Defining the AS Path List The routing information packet of the BGP includes an AS path domain. The AS path-list can be used to match with the AS path domain of the BGP routing information to filter the routing information, which does not conform to the requirements.
Page 141: Displaying And Debugging Bgp
Please perform the following configuration in the BGP view. Table 119 Configuring Filters on the Routes Distributed by the BGP Operation Command Configure to filter the routes distributed by filter-policy { acl-number | ip-prefix the BGP ip-prefix-name } export [ routing-process ] Cancel the filtering of the routes distributed undo filter-policy by the BGP...
Page 142: Bgp Configuration Example
5: R HAPTER OUTING ROTOCOL PERATION Table 121 Display and Debug BGP Operation Command display bgp routing-table flap-info [ { Display route flapping statistics information regular-expression as-regular-expression } | { as-path-acl acl-number } | { network-address [ mask [ longer-match ] ] } ] View routes with different source ASs display bgp routing-table different-origin-as...
Page 143 Figure 13 Networking Diagram of AS Confederation Configuration 1 Configure Switch A: [Switch A] bgp 1001 [Switch A-bgp] confederation id 100 [Switch A-bgp] confederation peer-as 1002 1003 [Switch A-bgp] peer 172.68.10.2 as-number 1002 [Switch A-bgp] peer 172.68.10.3 as-number 1003 2 Configure Switch B: [Switch B] bgp 1002 [Switch B-bgp] confederation id 100 [Switch B-bgp] confederation peer-as 1001 1003...
Page 144 5: R HAPTER OUTING ROTOCOL PERATION Configuring BGP Route Reflector Switch B receives an update packet passing EBGP and transmits it to Switch C. Switch C is a reflector with two clients: Switch B and Switch D. When Switch C receives a route update from Switch B, it will transmit such information to Switch D.
Page 145 3 Configure Switch C: a Configure VLAN 3: [Switch C] interface Vlan-interface 3 [Switch C-Vlan-interface3] ip address 193.1.1.1 255.255.255.0 b Configure VLAN 4: [Switch C] interface vlan-Interface 4 [Switch C-Vlan-interface4] ip address 194.1.1.1 255.255.255.0 [Switch C] ospf [Switch C-ospf] area 0 [Switch C-ospf-area-0.0.0.0] network 194.1.1.0 0.0.0.255 c Configure BGP peers and route reflector: [Switch C] bgp 200...
Page 146 5: R HAPTER OUTING ROTOCOL PERATION Using the display bgp routing-table command ,you can view the BGP routing table on Switch D. Note: Switch D also knows the existence of network 1.0.0.0. <Switch D> display bgp routing-table Flags: # - valid, ^ - best, D - damped, H - history, I - internal,...
Page 147 Add ACL on Switch A, enable network 1.0.0.0. ■ [Switch A] acl number 1 [Switch A-acl-basic-1] rule permit source 1.0.0.0 0.255.255.255 Define two route policies, one is called apply_med_50 and the other is ■ called apply_med_100. The first MED attribute with the route policy as network 1.0.0.0 is set as 50, while the MED attribute of the second is 100.
Page 148 5: R HAPTER OUTING ROTOCOL PERATION [Switch C] interface Vlan-interface 3 [Switch C-Vlan-interface3] ip address 193.1.1.2 255.255.255.0 [Switch C] interface vlan-interface 5 [Switch C-Vlan-interface5] ip address 195.1.1.2 255.255.255.0 [Switch C] ospf [Switch C-ospf] area 0 [Switch C-ospf-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [Switch C-ospf-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [Switch C] bgp 200 [Switch C-bgp] peer 193.1.1.1 as-number 100...
Page 149: Bgp Troubleshooting
[Switch C-acl-basic-1] rule permit source 1.0.0.0 0.255.255.255 Define the route policy with the name of localpref, of those, the local ■ preference matching ACL 1 is set as 200, and that of not matching is set as 100. [Switch C] route-policy localpref permit node 10 [Switch C-route-policy] if-match acl 1 [Switch C-route-policy] apply local-preference 200 [Switch C-route-policy] route-policy localpref permit node 20...
Page 150: Ip Routing Policy
The rules can be set in advance and then used in the routing policy to advertise, receive, and import the route information. Routing Information The Switch 7700 supports four kinds of filters, route-policy, acl, ip-prefix, and Filters community-list. The following sections introduce these filters: Route Policy ■...
Page 151: Configuring An Ip Routing Policy
IP Routing Policy IP Prefix The function of the ip-prefix is similar to that of the acl, but it is more flexible and easier for users to understand. When the ip-prefix is applied to routing information filtering, its matching objects are the destination address information, domain of the routing information.
Page 152 5: R HAPTER OUTING ROTOCOL PERATION The permit argument specifies that if a route satisfies all the if-match clauses of a node, the route passes the filtering of the node, and the apply clauses for the node are executed without taking the test of the next node. If a route does not satisfy all the if-match clauses of a node, however, the route takes the test of the next node.
Page 153 IP Routing Policy Table 123 Define If-match Conditions Operation Command Cancel the matched next-hop undo if-match ip next-hop [ip-prefix ip-prefix-name ] of the routing information Match the routing cost of the if-match cost cost routing information Cancel the matched routing undo if-match cost cost of the routing information Match the tag domain of the...
Page 154 5: R HAPTER OUTING ROTOCOL PERATION Table 124 Define Apply Clauses Operation Command Set the routing cost of the routing apply cost value information Cancel the routing cost of the undo apply cost routing information set the cost type of the routing apply cost-type [ internal | external ] information remove the setting of the cost type undo apply cost-type...
Page 155 IP Routing Policy Define IP Prefix A prefix list is identified by the IP prefix name. Each IP prefix can include multiple items, and each item can independently specify the matching range of the network prefix forms. The index-number specifies the matching sequence in the prefix list.
Page 156: Display And Debug The Routing Policy
5: R HAPTER OUTING ROTOCOL PERATION Configuring Filtering for the Distributed Routes Define a policy concerning route distribution that filters the routing information that does not satisfy the conditions and distributes routes with the help of an ACL or address ip-prefix. Perform the following configuration in routing protocol view.
Page 157: Routing Policy Fault Diagnosis And Troubleshooting
IP Routing Policy Figure 16 Filtering Received Routing Information static 20.0.0.1/8 1.1.1.1 2.2.2.2 30.0.0.1/8 area 0 40.0.0.1/8 Switch A Switch B Configure Switch A: 1 Configure the IP address of VLAN interface. [Switch A] interface vlan-interface 100 [Switch A-Vlan-interface100] ip address 10.0.0.1 255.0.0.0 [Switch A] interface vlan-interface 200 [Switch A-Vlan-interface200] ip address 12.0.0.1 255.0.0.0 2 Configure three static routes.
Page 158: Route Capacity
OSPF routes. Therefore, the route capacity limitation of the Switch Limitation 7700 is only effective to these two types of routes and has no impact on static routes and other dynamic routing protocols. When the free memory of a Switch 7700 reduces to the lower limit value, the system will disconnect BGP and OSPF and remove corresponding routes from the routing table so that the memory occupied is released.
Page 159 Route Capacity Setting the Lower Limit for Switch Memory When the Ethernet switch memory is equal to or lower than the lower limit, BGP and OSPF will be disconnected. Perform the following configurations in system view. Table 130 Set the Lower Limit of the Ethernet Switch Memory Operation Command Set the lower limit of the Ethernet switch...
Page 160 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in the system view. Table 132 Set the Lower Limit and the Safety Value of the Ethernet Switch Memory Simultaneously Operation Command Set the lower limit and the safety value of the memory safety safety-value limit limit-value Ethernet switch memory simultaneously Restore the lower limit and the safety value of...
Page 161 Route Capacity Displaying and After the above configuration, executethe display command in all views to display the running of the Route capacity configuration. Debugging Route Capacity Table 135 Display and Debug Route Capacity Operation Command Display the route capacity related memory display memory limit setting and state information...
Page 162 5: R HAPTER OUTING ROTOCOL PERATION...
Page 163: Multicast Protocol
ULTICAST ROTOCOL This chapter includes information on the following: IP Multicast Overview ■ GMRP ■ IGMP Snooping ■ Common Multicast Configuration ■ IGMP Configuration ■ PIM-DM Configuration ■ PIM-SM Configuration ■ IP Multicast Overview Many transmission methods can be used when the destination (including data, voice and video) is the secondary use of the network.
Page 164: Multicast Addresses
6: M HAPTER ULTICAST ROTOCOL Figure 1 Comparison Between the Unicast and Multicast Transmission Receiver Unicast Receiver Receiver Server Receiver Multicast Receiver Server Receiver Note: A multicast source does not necessarily belong to a multicast group. It only sends data to the multicast group and it is not necessarily a receiver. Multiple sources can send packets to a multicast group simultaneously.
Page 165 IP Multicast Overview Ranges and meanings of Class D addresses are shown in Table 1. Table 1 Ranges and Meanings of Class D Addresses Class D address range Meaning Reserved multicast addresses (addresses of permanent 224.0.0.0∼224.0.0.255 groups). Address 224.0.0.0 is reserved. The other addresses can be used by routing protocols.
Page 166: Ip Multicast Protocols
6: M HAPTER ULTICAST ROTOCOL Figure 2 Mapping Between the Multicast IP Address and the Ethernet MAC Address 32-bit IP address 5 bits Lower 23 bits directly mapped mapped 48-bit MAC address Only 23 bits of the last 28 bits in the IP multicast address are mapped to the MAC address.
Page 167: Ip Multicast Packet Forwarding
IP Multicast Overview resources related (such as bandwidth and CPU of routers) are consumed. In order to decrease the consumption of these precious network resources, branches that do not have members send Prune messages toward the source to reduce the unwanted/unnecessary traffic. To enable the receivers to receive multicast data streams, the pruned branches can be restored periodically to a forwarding state.
Page 168: Application Of Multicast
6: M HAPTER ULTICAST ROTOCOL Application of Multicast IP multicast technology effectively solves the problem of packet forwarding from single-point to multi-point. It implements high-efficient data transmission from single-point to multi-point in IP networks and can save a large amount of network bandwidth and reduce network loads.
Page 169: Displaying And Debugging Gmrp
GMRP By default, GMRP is disabled. Enabling/Disabling GMRP on the Port Perform the following configuration in Ethernet port view. Table 4 Enabling/Disabling GMRP on the Port Operation Command Enable GMRP on the port gmrp Disable GMRP on the port undo gmrp GMRP should be enabled globally before being enabled on a port.
Page 170: Igmp Snooping
IGMP Snooping runs on the link layer. When receiving the IGMP messages, the Layer 2 Switch 7700 uses IGMP Snooping to analyze the information. If the switch hears IGMP host report message from an IGMP host, it adds the host to the corresponding multicast table.
Page 171 IGMP report message before the timer times out, it will remove the port from the multicast member ports The Switch 7700 runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement...
Page 172 Switch 7700 will reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the Switch 7700 will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for the port.
Page 173: Configure Igmp Snooping
By default, the port aging time is 260 seconds. Configuring Maximum Response Time This task sets the maximum response time. If the Switch 7700 receives no report message from a port in the maximum response time, it will remove the port from...
Page 174: Display And Debug Igmp Snooping
6: M HAPTER ULTICAST ROTOCOL Perform the following configuration in system view. Table 8 Configuring the Maximum Response Time Operation Command Configure the maximum response igmp-snooping max-response-time seconds time Restore the default setting undo IGMP-snooping max-response-time By default, the maximum response time is 10 seconds. Configure Aging Time of Multicast Group Member This task sets the aging time of the multicast group member port.
Page 175: Troubleshootinigmp Snooping
Common Multicast Configuration Figure 7 IGMP Snooping Configuration Network Internet Router Multicast Switch 1 Display the status of GMRP. <SW7700> display gmrp status 2 Display the current status of IGMP Snooping when GMRP is disabled. <SW7700> display igmp-snooping configuration 3 Enable IGMP Snooping if it is disabled. [SW7700] igmp-snooping enable TroubleshootinIGMP If the multicast function cannot be implemented on the switch, check for the...
Page 176: Display And Debug Common Multicast Configuration
6: M HAPTER ULTICAST ROTOCOL Common Multicast Common multicast configuration includes: Configuration Enabling multicast ■ Enabling Multicast Enable multicast first before enabling the multicast routing protocol. Enabling multicast will automatically enable IGMP operation on all interfaces. Perform the following configuration in system view. Table 11 Enabling Multicast Operation Command...
Page 177: Igmp Configuration
IGMP Configuration IGMP Configuration IGMP (Internet Group Management Protocol) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their connected neighboring routers. IGMP excludes transmitting and maintenance information among multicast routers, which are completed by multicast routing protocols.
Page 178 6: M HAPTER ULTICAST ROTOCOL multicast group. This prevents the hosts of members of other multicast groups from sending response messages. Max response time ■ The Max Response Time is added in IGMP Version 2. It is used to dynamically adjust the allowed maximum time for a host to response to the membership query message.
Page 179 IGMP Configuration Limit ing Access to IP Multicast Groups A multicast router learns whether there are members of a multicast group on the network by the received IGMP membership message. A filter can be set on an interface to limit the range of allowed multicast groups. Perform the following configuration in VLAN-interface view.
Page 180: Display And Debug Igmp
6: M HAPTER ULTICAST ROTOCOL Configuring the IGMP Querier Present Timer The IGMP querier present timer defines the period of time before the router takes over as the querier. Perform the following configuration in VLAN interface view. Table 17 Configure the IGMP Querier Present Timer Operation Command Change the IGMP querier present...
Page 181: Pim-Dm Configuration
PIM-DM Configuration Table 19 Display and Debug IGMP Operation Command Display the IGMP display igmp interface [ interface-type interface-number ] configuration and running information about the interface Enable the IGMP information debugging igmp { all | event | host | packet | timer } debugging Disable the IGMP information undo debugging igmp { all | event | host | packet | timer }...
Page 182: Pim-Dm Configuration
6: M HAPTER ULTICAST ROTOCOL independent of any specified unicast routing protocol such as the routing information learned by RIP and OSPF Assert mechanism ■ As shown in the following figure, both routers A and B on the LAN have their own receiving paths to multicast source S.
Page 183: Display And Debug Pim-Dm
PIM-DM Configuration Perform the following configuration in VLAN interface view. Table 20 Enable PIM-DM Operation Command Enable PIM-DM on an pim dm interface Disable PIM-DM on an undo pim dm interface It’s recommended you configure PIM-DM on all interfaces in non-special cases. This configuration is effective only after the multicast routing is enabled in system view.
Page 184: Pim-Dm Configuration Example
6: M HAPTER ULTICAST ROTOCOL Table 22 Display and Debug PIM-DM Operation Command Display the information about PIM display pim neighbor [ interface interface-type neighboring routers interface-number ] Enable the PIM debugging debugging pim common { all | event | packet | timer Disable the PIM debugging undo debugging pim common { all | event | packet | timer }...
Page 185: Pim-Sm Configuration
PIM-SM Configuration [SW7700-vlan-interface11] ip address 2.2.2.2 255.255.0.0 [SW7700-vlan-interface11] pim dm [SW7700-vlan-interface11] quit [SW7700] interface vlan-interface 12 [SW7700-vlan-interface12] ip address 3.3.3.3 255.255.0.0 [SW7700-vlan-interface12] pim dm PIM-SM Configuration PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope with few group members.
Page 186: Preparations Before Configuring Pim-Sm
6: M HAPTER ULTICAST ROTOCOL Multicast Source S Receiver join Multicast source registration Figure 10 RPT Schematic Diagram Multicast source S Receiver join Multicast source registration Multicast Source Registration When multicast source S sends a multicast packet to the group G, the PIM-SM multicast router is responsible for encapsulating the packet into a registration packet upon receipt.
Page 187: Pim-Sm Configuration
PIM-SM Configuration calculate the RPs corresponding to multicast groups according to the same algorithm after receiving the C-RP messages that the BSR advertises. It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be uniquely correspondent to one RP at a time rather than multiple RPs.
Page 188 6: M HAPTER ULTICAST ROTOCOL Once enabled , PIM-DM cannot be enabled on the same interface. Configure the Interface Hello Message Interval Generally, PIM-SM advertises Hello messages periodically on the interface enabled with it to detect PIM neighbors and discover which router is the Designated Router (DR).
Page 189 PIM-SM Configuration Using undo pim command, you can clear the configuration in PIM view, and back to system view. Configure Candidate-BSRs In a PIM domain, one or more candidate BSRs should be configured. A BSR (Bootstrap Router) is elected among candidate BSRs. The BSR takes charge of collecting and advertising RP information.
Page 190: Display And Debug Pim-Sm
6: M HAPTER ULTICAST ROTOCOL multicast group in the specified range. It is suggested to configure Candidate RP on the backbone router. Configure RP to Filter the Register Messages Sent by DR In the PIM-SM network, the register message filtering mechanism can control which sources to send messages to which groups on the RP, i.e., RP can filter the register messages sent by DR to accept specified messages only.
Page 191 PIM-SM Configuration Table 31 Display and Debug PIM-SM Operation Command Display the RP information display pim rp-info [ group-address ] Enable the PIM-SM debugging debugging pim sm { all | mbr | register-proxy | mrt | timer | warning | { recv | send } { assert | graft | graft-ack | join | prune } } Disable the PIM-SM undo debugging pim sm { all | mbr | register-proxy | mrt |...
Page 192 6: M HAPTER ULTICAST ROTOCOL [SW7700] vlan 12 [SW7700-vlan12] port Ethernet 1/0/6 to Ethernet 1/0/7 [SW7700-vlan12] quit [SW7700] pim [SW7700-pim] interface vlan-interface 12 [SW7700-vlan-interface12] pim sm [SW7700-vlan-interface12] quit 2 Configure the threshold for multicast group to switch from shared tree to the STP as 10kbps.
Page 193 PIM-SM Configuration Configure LS_C: 1 Enable PIM-SM. [SW7700] multicast routing-enable [SW7700] vlan 10 [SW7700-vlan10] port Ethernet 1/0/2 to Ethernet 1/0/3 [SW7700-vlan10] quit [SW7700] pim [SW7700-pim] interface vlan-interface 10 [SW7700-vlan-interface10] pim sm [SW7700-vlan-interface10] quit [SW7700] vlan 11 [SW7700-vlan11] port Ethernet 1/0/4 to Ethernet 1/0/5 [SW7700-vlan11] quit [SW7700] pim [SW7700-pim] interface vlan-interface 11...
Page 194 6: M HAPTER ULTICAST ROTOCOL...
Page 195: Q O S/Acl Operation
S/ACL O PERATION ACL Overview ■ Configuring ACL ■ Displaying and Debugging ACL ■ QoS Overview ■ User LogonACL Control Configuration ■ ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered. After identifying the packets, the switch can permit or deny them to pass through according to the defined policy.
Page 196: Acl Supported By Ethernet Switch
If the port numbers are in the same range, the configuration sequence is used. ACL Supported by For the Switch 7700, ACLs are divided into the following categories: Ethernet Switch Numbered basic ACL ■...
Page 197: Configuring Acl
The end time must be later than the start time. Selecting the ACL Mode The Switch 7700 can only have one of two modes, ip-based or link-based. In link-based mode, only L2 ACL can be defined, activated, and cited by other applications.
Page 198: Defining Acl
Operation Command Select ACL mode acl mode { ip-based | link-based } The Switch 7700 uses ip-based mode and the L3 traffic classification rule by default. Defining ACL The Switch 7700 supports several kinds of ACLs. to define the ACL:...
Page 199 Configuring ACL the packet priority to process the data packets. The advanced ACL supports the analyses of three kinds of packet priorities, ToS (Type of Service), IP, and DSCP priorities. Perform the following configuration in designated view. Table 5 Define Advanced ACL Operation Command Enter advanced ACL view (from...
Page 200: Activating Acl
The numbered interface ACLs can be identified with numbers ranging from 1000 to 1999. Notes: The Switch 7700 does not have any Layer-3 physical interface but has Layer-3 VLAN virtual interface. Therefore when the command line prompts for the input interface type, you can only select Vlan-interface. Otherwise, the system will display a failure message.
Page 201: Displaying And Debugging Acl
CPU. The matched information of the transmitted data by the switch can be displayed with the display qos-info traffic-statistic command. For a description of the syntax of these commands, see the Switch 7700 Command Reference Guide.
Page 202: Qos Overview
PERATION Define the work time range: 1 Set the time range from 8:00 to 18:00. [SW7700] time-range 3com 8:00 to 18:00 Define the ACL to access the payment server: 1 Enter the name of the advanced ACL. [SW7700] acl name traffic-of-payserver advanced match-order config 2 Set the rules for other department to access the payment server.
Page 203 The port rate limit is the port-based rate limit used for limiting the general speed of packet output on the port. Traffic Priority The Switch 7700 can deliver priority tag service for special packets. The tags include TOS, DSCP and 802.1p, etc., which can be used and defined in different QoS modules.
Page 204 With flow-based traffic counting, you can request a traffic count to count and analyze the packets. When the congestion reaches a certain degree, the Switch 7700 selects some frames to drop, using the RED algorithm. The RED alogrithm can alleviate the excessive congestion.
Page 205: Configuring Qos
ACL. The traffic beyond the limit will be dealt with in some other way, such as discarding. For details about the command, see the Switch 7700 Command Reference Guide. Configure Priority Marking Configuring priority-marking creates a policy to tag the priority of the packets so they match the ACL.
Page 206 } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } The Switch 7700 supports a function to tag the packets with IP precedence (specified by ip-precedence in the traffic-priority command), or DSCP (specified by dscp in the traffic-priority command).
Page 207 } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } For details about the command, see the Switch 7700 Command Reference Guide. Configure Bandwidth Assurance Bandwidth Assurance guarantees bandwidth for specified traffic.
Page 208: Displaying And Debugging Qos
{ acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } For output and description of the related commands, see the Switch 7700 Command Reference Guide. The interconnection between different departments on a company network is...
Page 209: User Logonacl Control Configuration
[SW7700-Ethernet1/0/1] traffic-limit inbound ip-group traffic-of-payserver 20 User LogonACL The Switch 7700 provides several logon and device access measures, mainly Control Configuration including TELNET access, SNMP access, and HTTP access. The security control over the access measures is provided with the switches to prevent illegal users from logging onto and accessing the devices.
Page 210 Call an ACL (from acl acl-number { inbound | outbound } user-interface view) For more information about the command, see the Switch 7700 Command Reference Guide. Note: Only the numbered basic ACL can be called for TELNET user control. Figure 4 illustrates a configuration that controls TELNET user with ACL.
Page 211: Configure Acl Control Over Snmp Users
[SW7700] user-interface vty 0 4 [SW7700-user-interface-vty0-4] acl 20 inbound Configure ACL Control The Switch 7700 supports remote management with the network management over SNMP Users software. The network management users can access the switch with SNMP. Controlling such users with ACL can filter the illegal network management users and prevent them from accessing the local switch.
Page 212 Note: You can call different ACLs for these commands. Only the numbered basic ACL can be called for network management user control. For more about the commands, see the Switch 7700 Command Reference Guide. Figure 5 illustrates a configuration that controls SNMP users with ACL.
Page 213: Stp Operation
STP O PERATION This chapter covers the following topics: STP Overview ■ RSTP ■ Configuring RSTP ■ MSTP ■ Configuring MSTP ■ STP Overview Spanning Tree Protocol (STP) is applied in a loop network to block some undesirable redundant paths with certain algorithms and prune the network into a loop-free tree, thereby avoiding the proliferation and infinite cycling of a packet in the loop network.
Page 214: Calculating The Stp Algorithm
Switch B E1/0/4 E1/0/1 Calculating the STP The following example illustrates the calculation process of STP. Algorithm The figure1-2 below illustrates the network. Figure 2 Switch 7700 Networking Switch A with priority 0 E1/0/1 E1/0/2 E1/0/7 Switch B with priority 1...
Page 215: Selecting The Optimum Configuration Bpdu
STP Overview Configuration BPDU of Ethernet 1/0/7: {1, 0, 1, e1/0/7} Configuration BPDU of Ethernet 1/0/4: {1, 0, 1, e1/0/4} Switch C ■ Configuration BPDU of Ethernet 1/0/1: {2, 0, 2, e1/0/1} Configuration BPDU of Ethernet 1/0/5: {2, 0, 2, e1/0/5} Selecting the Optimum Every switch transmits its configuration BPDU to others.
Page 216 8: STP O HAPTER PERATION Configuration BPDU of Ethernet 1/0/1: {0, 0, 0, e1/0/1} Configuration BPDU of Ethernet 1/0/2: {0, 0, 0, e1/0/2} Switch B ■ Ethernet 1/0/7 receives the configuration BPDU from Switch A and finds that the received BPDU has a higher priority than the local one, so it updates its configuration BPDU.
Page 217: Configuring The Bpdu Forwarding Mechanism
RSTP The basic version of Switch 7700 software implements the Rapid Spanning Tree Protocol (RSTP), an enhancement to STP. The Forward Delay for the root ports and designated ports to enter forwarding state is greatly reduced in certain conditions,...
Page 218: Configuring Rstp
8: STP O HAPTER PERATION To achieve the rapid transition of the root port state, the following requirement should be met: The old root port on this switch has stopped data forwarding and the designated port in the upstream has begun forwarding data. The conditions for rapid state transition of the designated port are: The port is an Edge port that does not connect with any switch directly or ■...
Page 219 RSTP Among the above-mentioned tasks, only the steps of enabling STP on the switch and enabling STP on the port are required. For other tasks, if you do not configure them, the system will use the default settings. Before enabling spanning tree, relative parameters of Ethernet port or the device can be configured.
Page 220 8: STP O HAPTER PERATION Perform the following configurations in system view. Table 3 Setting the Diameter of a Switching Network Operation Command Set diameter of a switching stp bridge-diameter bridgenum network Restore a default diameter of the undo stp bridge-diameter switching network The diameter of the switching network should not exceed 7.
Page 221 RSTP is enabled, an assignment of a priority to the bridge will lead to recalculation of the spanning tree. By default, the priority of the bridge is 32768. Specifying the Switch as a Primary or Secondary Root Switch RSTP can determine the spanning tree root through calculation. You can also specify the current switch as the root using this command.
Page 222 8: STP O HAPTER PERATION state and resume data frame forwarding. This delay ensures that the new configuration BPDU has been propagated throughout the network before the data frame forwarding is resumed. Perform the following configurations in system view. Table 7 Set the Forward Delay for a Bridge Operation Command Set forward delay of a specified...
Page 223 RSTP Table 9 Set Max Age for a Bridge Operation Command Restore the default Max Age undo stp timer max-age of the specified bridge If the Max Age is too short, it results in frequent calculation of spanning tree or misjudging the network congestion as a link fault.
Page 224 8: STP O HAPTER PERATION bridge is configured as an edge port, RSTP will automatically detect and reconfigure it as a non-EdgePort. After the network topology changes, if a configured non-EdgePort changes to an EdgePort and is not connected to any other port, you should configure it as an EdgePort manually because RSTP cannot configure a non-EdgePort as an EdgePort automatically.
Page 225 RSTP tree. If all the Ethernet ports of the bridge adopt the same priority parameter value, then the priority of these ports depends on the Ethernet port index number. Note that changing the priority of an Ethernet port causes recalculation of the spanning tree.
Page 226 8: STP O HAPTER PERATION Perform the following configurations in Ethernet port view. Table 15 Set mCheck for the Port Operation Command Set mCheck for the port stp mcheck This command can be used when the bridge runs RSTP in RSTP mode, but it cannot be used when the bridge runs RSTP in STP-compatible mode.
Page 227: Displaying And Debugging Rstp
By default, the switch does not enable loop protection, BPDU protection or root protection. For more information about the configuration commands, refer to the “3Com Command Reference Guide”. Displaying and...
Page 228 8: STP O HAPTER PERATION Figure 4 RSTP Configuration Example Switch A GE1/0/1 GE1/0/2 GE1/M GE1/M E0/23 E0/23 Switch C E0/24 E0/24 Switch B E0/3 E0/1 E0/3 E0/2 E0/1 E0/2 E2/1 E1/1 E1/1 E2/1 E2/1 E1/1 Switch D Switch E Switch F Only the configurations related to RSTP are listed in the following procedure.
Page 229 RSTP and do not disable those involved. (The following configuration takes Ethernet 0/4 as an example.) [SW7700] interface ethernet 0/4 [SW7700-Ethernet0/4] stp disable 3 Configure Switch C and Switch B to serve as standby of each other and sets the Bridge priority of Switch B to 4069.
Page 230: Mstp
4 RSTP operating mode, time parameters, and port parameters take default values. MSTP The Switch 7700 implements the Multiple Spanning Tree Protocol (MSTP), which is an enhancement to STP, and is compatible with both STP and RSTP. However, a single switch cannot support both MSTP and RSTP. An MSTP switch can recognize both STP and RSTP packets and can calculate the spanning tree with them.
Page 231 MSTP group several switches into a MST region, using MSTP configuration commands. For example, in Figure 5, in MST region A0, the 4 switches are configured with the same region name, vlan mapping table (VLAN1 map to instance 1, VLAN 2 map to instance 2, other VLAN map to instance 0), and revision level (not indicated in figure2-1).
Page 232: Mstp Principles
8: STP O HAPTER PERATION The designated port is the one through which the data is forwarded to the ■ downstream network segment or switch. Master port is the port connecting the entire region to the common root bridge ■ and located on the shortest path between them.
Page 233: Configuring The Bridge Priority For A Switch
For more detailed information, refer to the task description or to the command descriptions in the Switch 7700 Command Reference Guide. The MST region that a switch belongs to is determined with the configurations of...
Page 234 8: STP O HAPTER PERATION Configuring the MST Region Perform the following configuration in MST region view. Table 19 Configure the MST region for a switch Operation Command Configure MST region name region-name name Restore the default MST region name undo region-name Configure VLAN mapping table instance instance-id vlan vlan-list...
Page 235 Configuring MSTP Perform the following configuration in system view. Table 21 Specify the Switch as Primary or Secondary Root Switch Operation Command Specify current switch as the primary root stp instance instance-id root primary [ switch of the specified spanning tree. bridge-diameter bridgenum [ hello-time centi-senconds ] ] Specify current switch as the secondary root...
Page 236 8: STP O HAPTER PERATION connected to the STP switch) and the switch provides multiple spanning tree function. You can use the following command to configure MSTP running mode. MSTP can intercommunicate with STP. If there is STP switch in the switching network, you can use the command to configure the current MSTP to run in STP-compatible mode, otherwise, configure it to run in MSTP mode.
Page 237 Configuring MSTP switch discards the configuration BPDU with 0 hops left. This makes it impossible for the switch beyond the max hops to take part in the spanning tree calculation, thereby limiting the scale of the MST region. You can use the following command to configure the max hops in an MST region. Perform the following configuration in system view.
Page 238 8: STP O HAPTER PERATION Forward delay is the switch state transition mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the configuration BPDU recalculated cannot be immediately propagated throughout the network. Temporary loops can occur if the new root port and designated port forward data right after being elected.
Page 239 Restore the max transmission speed on a port. undo stp transit-limit For more about the commands, see the Switch 7700 Command Reference Guide. This parameter only takes a relative value without units. If it is set too large, too many packets will be transmitted during every hello time and too many network resources will be occupied.
Page 240 For more about the commands, see the Switch 7700 Command Reference Guide. After it is configured as an edge port, the port can transit rapidly from a blocking state to a forwarding state without any delay. In the case that BPDU protection has not been enabled on the switch, the configured edge port will turn into non-edge port again when it receives BPDU from the other port.
Page 241 Restore the default path cost of a port. undo stp instance instance-id cost For more about the commands, see the Switch 7700 Command Reference Guide. Upon the change of path cost of a port, MSTP will recalculate the port role and transit the state.
Page 242 Restore the default port priority. undo stp instance instance-id port priority For more about the commands, see the Switch 7700 Command Reference Guide. After the change of port priority, MSTP will recalculate the port role and transit the state. A smaller value represents a higher priority. If all the Ethernet ports of a switch are configured with the same priority value, the priorities of the ports will be differentiated by the index number.
Page 243 Perform mCheck operation on a port. stp mcheck For more about the commands, see the Switch 7700 Command Reference Guide. Note that the command can be used only if the switch runs MSTP. The command does not make any sense when the switch runs in STP-compatible mode.
Page 244 8: STP O HAPTER PERATION transition. When such port receives BPDU packet, the system will automatically set it as a non-edge port and recalculate the spanning tree, which causes the network topology flapping. In normal case, these ports will not receive STP BPDU. If someone forges BPDU to attack the switch, the network will flap.
Page 245 By default, the switch does not enable BPDU protection or Root protection. For more about the configuration commands, see the Switch 7700 Command Reference Guide. You can use the following command to enable MSTP on the device.
Page 246: Displaying And Debugging Mstp
Restore the default MSTP state on the port. undo stp For more information about the commands, see the Switch 7700 Command Reference Guide. Note that redundant route may be generated after MSTP is disabled. By default, MSTP is enabled on all the ports after it is enabled on the device.
Page 247: Aaa And Radius Operation
RADIUS O PERATION This chapter covers the following topics: IEEE 802.1x ■ Configuring the AAA and RADIUS Protocols ■ IEEE 802.1x IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication. In LANs that comply with IEEE 802 standards, the user can access devices and share resources in the LAN by connecting a device such as the LAN Switch.
Page 248 9: AAA RADIUS O HAPTER PERATION There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The Uncontrolled Port is always in a bi-directional connection state. The user can access and share the network resources any time through the ports.
Page 249: Configuring 802.1X
IEEE 802.1x Implement 802.1x on Ethernet Switch The 3Com Switch 7700 not only supports the port access authentication method regulated by 802.1x, but also extends and optimizes it in the following way: Support to connect several End Stations in the downstream by a physical port.
Page 250 9: AAA RADIUS O HAPTER PERATION By default, 802.1x authentication has not been enabled globally and on any port. Setting the Port Access Control Mode The following commands can be used for setting 802.1x access control mode on the specified port. When no port is specified, the access control mode of all ports is configured.
Page 251 [interface interface-list] of users on the port to the default value By default, 802.1x allows up to 1024 supplicants on each port for Switch 7700 Enabling DHCP to Launch Authentication Use the following commands for setting whether 802.1x enables the Ethernet switch to launch the user ID authentication when the user runs DHCP and applies for dynamic IP addresses.
Page 252 9: AAA RADIUS O HAPTER PERATION Setting the Maximum Retransmission Times The following commands are used for setting the maximum authenticator-to-supplicant frame-retransmission times. Perform the following configurations in system view. Table 8 Set the Maximum Retransmission Times Operation Command Set the maximum dot1x retry max-retry-value retransmission times Restore the default maximum...
Page 253: Displaying And Debugging 802.1X
Enabling/Disabling Quiet-Period Timer You can use the following commands to enable/disable a quiet-period timer of the Switch 7700. If an 802.1x user has not passed authentication, the Authenticator will keep quiet (specified by quiet-period) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.
Page 254 As shown in the following figure, the workstation is connected to the 1/0/2 of the Example: 802.1x Configuration Switch 7700. The switch administrator will enable 802.1x on all the ports to authenticate the supplicants to control their access to the Internet. The access control mode is based on the MAC address.
Page 255 IEEE 802.1x Figure 2 Enabling 802.1x and RADIUS to Perform AAA on the Requester Authentication servers (RADIUS server cluster IP address: 10.11.1.1, 10.11.1.2) Switch E1/0/2 Internet Authenticator Requestor The following examples concern most of the AAA/RADIUS configuration commands. The configurations for accessing user workstation and the RADIUS server are omitted.
Page 256: Configuring The Aaa And Radius Protocols
9: AAA RADIUS O HAPTER PERATION 10 Configure the system to transmit the user name to the RADIUS server after removing the domain name. [SW7700-radius-radius1] user-name-format without-domain [SW7700-radius-radius1] quit 11 Create the user domain 3com163.net and enters isp configuration mode. [SW7700] domain 3com163.net 12 Specify radius1 as the RADIUS server group for the users in the domain 3com163.net.
Page 257 Implementing AAA/RADIUS on Ethernet Switch By now, we understand that in the Switch 7700, serving as the user access device or NAS, is the client end of RADIUS. In other words, the AAA/RADIUS concerning client-end is implemented on The Switch 7700.
Page 258: Configuring Aaa
AAA policy (RADIUS server group applied etc.) For the Switch 7700, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name,...
Page 259 Configuring the AAA and RADIUS Protocols Perform the following configurations in system view. Table 13 Create/Delete ISP Domain Operation Command Create ISP domain or enter the domain [isp-name | default {disable | enable isp-name}] view of a specified domain. Remove a specified ISP domain undo domain isp-name By default, there is no ISP domain in the system.
Page 260 9: AAA RADIUS O HAPTER PERATION Perform the following configurations in system view. Table 15 Create/Delete a Local User and Relevant Properties Operation Command Add local users local-user user-name Delete all the local users undo local-user all Delete a local user by undo local-user {user-name | all [service-type {lan-access | specifying its type ftp | telnet}]}...
Page 261: Configuring The Radius Protocol
| ucibindex ucib-index | user-name user-name } By default, no online user will be disconnected by force. Configuring the RADIUS On the Switch 7700, the RADIUS protocol is configured per RADIUS server group Protocol basis. In real networking environment, a RADIUS server group can be an independent RADIUS server or a set of primary/second RADIUS servers with the same configuration but two different IP addresses.
Page 262 9: AAA RADIUS O HAPTER PERATION Creating/Deleting a RADIUS Server Group As mentioned above, RADIUS protocol configurations are performed on the per RADIUS server group basis. Therefore, before performing other RADIUS protocol configurations, it is compulsory to create the RADIUS server group and enter its view to set its IP address.
Page 263 (Especially for some earlier RADIUS Servers, authentication/authorization port number is often set to 1645 and accounting port number is 1646.) The RADIUS service port settings on The Switch 7700 need to be consistent with the port settings on RADIUS server. Normally, RADIUS accounting service port is 1813 and the authentication/authorization service port is 1812.
Page 264 9: AAA RADIUS O HAPTER PERATION Table 21 Set RADIUS Packet Encryption Key Operation Command Restore the default RADIUS undo key authentication authentication/authorization packet encryption key. Set RADIUS accounting packet key accounting string Restore the default RADIUS undo key accounting accounting packet key Setting the Response Timeout Timer of RADIUS Server RADIUS (authentication/authorization or accounting) request packet is transmitted...
Page 265 Accordingly, it may be necessary to disconnect the user at NAS end and on RADIUS server when some unpredictable failure exists. The Switch 7700 supports setting the maximum times of real-time accounting request failing to be responded. NAS disconnects the user if it has not received real-time accounting response from RADIUS server for some specified times.
Page 266 NAS makes its best effort to send the message to RADIUS accounting server. Accordingly, if the message from the Switch 7700 to RADIUS accounting server has not been responded, the switch saves it in the local buffer and retransmits until the server responds or discards the messages.
Page 267 Setting Username Format Transmitted to RADIUS Server As mentioned above, the supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. The Switch 7700 will put users into different ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name.
Page 268: Displaying And Debugging The Aaa And Radius Protocols
By default, the IP address of local RADIUS server group is 127.0.0.1 and the password is 3com. When using local RADIUS server function of the Switch 7700, remember the number of UDP port used for authentication is 1812 and that for accounting is 1813.
Page 269: Aaa And Radius Protocol Fault Diagnosis And Troubleshooting
Configuring the AAA and RADIUS Protocols Table 34 Display and Debug AAA and RADIUS Protocol Operation Command Display related information of display connection {access-type {dot1x | gcm} | domain user’s connection isp-name | interface portnum | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name} Display related information of...
Page 270 9: AAA RADIUS O HAPTER PERATION RADIUS packet cannot be transmitted to RADIUS server. 1 The communication lines (on physical layer or link layer) connecting NAS and RADIUS server may not work well. 2 The IP address of the corresponding RADIUS server may not have been set on NAS. Set a proper IP address for RADIUS server.
Page 271: Reliability
ELIABILITY This chapter covers the following topics: VRRP Overview ■ Configuring VRRP ■ VRRP Overview Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route, for example, 10.100.10.1 in Figure 1, is configured for every host on a network, so that packets destined for another network segment go through the default route to the Layer 3 Switch1, implementing communication between the host and the external network.
Page 272: Configuring Vrrp
10: R HAPTER ELIABILITY Figure 2 Virtual Router Network Actual IP address 10.100.10.3 Actual IP address 10.100.10.2 Backup Master Virtual IP address 10.100.10.1 Ethernet Virtual IP address 10.100.10.1 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 This virtual router has its own IP address: 10.100.10.1, which can be the interface address of a switch within the virtual router.
Page 273: Setting The Correspondence Between Virtual Ip And Mac Addresses
Based on the chips installed, some switches support matching one IP address to multiple MAC addresses. Switch 7700 switches also support choosing to match the virtual IP address with the real MAC address or virtual MAC address of the routing interface.
Page 274: Configuring The Priority Of Switches
10: R HAPTER ELIABILITY Perform the following configuration in VLAN interface view. Table 3 Add/Delete a Virtual IP Address Operation Command Add a virtual IP address. vrrp vrid virtual-router-ID virtual-ip virtual-address Delete a virtual IP address. undo vrrp vrid virtual-router-ID [ virtual-ip virtual-address ] Configuring the Priority The status of each switch in the virtual router is determined by its priority in VRRP.
Page 275: Configuring Authentication Type And Authentication Key
Configuring VRRP The delay ranges from 0 to 255, measured in seconds. The default mode is preemption with a delay of 0 second. Note: If the preemption mode is cancelled, the delay time automatically becomes 0 seconds. Configuring VRRP provides following authentication types: Authentication Type and simple: Simple character authentication ■...
Page 276: Configuring A Switch To Track An Interface
10: R HAPTER ELIABILITY Perform the following configuration in VLAN interface view. Table 7 Configure VRRP Timer Operation Command Configure VRRP timer vrrp vrid virtual-router-ID timer advertise adver-interval Clear VRRP timer undo vrrp vrid virtual-router-ID timer advertise By default, adver-interval is configured to be 3. Configuring a Switch to VRRP interface track function expands the backup function.
Page 277 Configuring VRRP VRRP virtual router information includes virtual router ID1, virtual IP address 202.38.160.111, switch A as the Master and switch B as the backup allowed preemption. Figure 3 VRRP Configuration Host B 10.2.3.1 Internet VLAN-interface3: 10.100.10.2 Switch B Switch A VLAN-interface2: 202.38.160.1 VLAN-interface2: 202.38.160.2 Virtual IP address: 202.38.160.111...
Page 278 10: R HAPTER ELIABILITY Configure switch A 1 Create a virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 Set the priority for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 priority 110 3 Set the authentication key for the virtual router. [LSW_A-vlan-interface2] vrrp authentication-mode md5 lanswitch 4 Set Master to send VRRP packets every 5 seconds.
Page 279: Troubleshooting Vrrp
Configuring VRRP Configure switch B: 1 Create virtual router 1. [LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 Create virtual router 2. [LSW_B-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 3 Set the priority for the virtual router. [LSW_B-vlan-interface2] vrrp vrid 2 priority 110 Troubleshooting VRRP The configuration of VRRP is simple so almost all troubleshooting can be done by viewing the configuration and debugging information.
Page 280 10: R HAPTER ELIABILITY...
Page 281: System
YSTEM ANAGEMENT This chapter covers the following topics: File System Management ■ MAC Address Table Management ■ Device Management ■ System Maintenance and Debugging ■ SNMP ■ RMON ■ ■ File System The Ethernet switch provides a file system module for efficient management with Management storage devices such as flash memory.
Page 282: File Operation
11: S HAPTER YSTEM ANAGEMENT Table 1 Directory Operation Operation Command Display the information about dir [ / all ] [ file-url ] directories or files Change the current directory cd directory File Operation The file system can be used to delete or undelete a file or permanently delete a file.
Page 283: Configuring File Management
File System Management All sectors will be erased, proceed? [confirm]y Format flash: completed 2 Display the working directory in the flash. <SW7700> cd flash:/ <SW7700> pwd flash:/ 3 Create a directory named test. <SW7700> mkdir test 4 Display the flash directory information after creating the test directory. <SW7700>...
Page 284: Ftp
11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in all views. Table 5 Display the Configurations of the Ethernet Switch Operation Command Display the display saved-configuration saved-configuration of the Ethernet switch Display the display current-configuration current-configuration of the Ethernet switch The configuration files are displayed in their corresponding saving formats.
Page 285 File System Management The Ethernet switch provides the following FTP services: FTP server: You can run FTP client program to log in the server and access the ■ files on it. FTP client: After connected to the server through running the terminal emulator ■...
Page 286: Tftp
11: S HAPTER YSTEM ANAGEMENT Only clients who have passed the authentication and authorization successfully can access the FTP server. Configure the Running Parameters of FTP Server You can use the following commands to configure the connection timeout of the FTP server.
Page 287: Mac Address Table Management
Upload files by means of TFTP tftp put mmm.nnn //A.A.A.A/xxx.yyy MAC Address Table The Switch 7700 maintains a MAC address table for fast forwarding packets. A Management table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.
Page 288: Mac Address Table Configuration
MACD MACA Port 2 The Switch 7700 also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table. However, this function has no effect on the static MAC addresses.
Page 289 MAC Address Table Management Set MAC Address Table Entries Administrators can manually add, modify, or delete the entries in MAC address table according to the actual needs. They can also delete all (unicast) MAC address table entries related to a specified port or delete a specified type of entries, such as dynamic entries or static entries.
Page 290 11: S HAPTER YSTEM ANAGEMENT Perform the following configurations in the ethernet port view. Table 17 Disable/Enable the MAC Address Learning Operation Command Disable the MAC address learning mac-address mac-learning disable Enable the MAC address learning undo mac-address mac-learning disable By default, the MAC address learning function is enabled.
Page 291: Display And Debug Mac Address Table
MAC Address Table Management Perform the following configuration in Ethernet port view. Table 19 Set an Amount Limit to the MAC Addresses Learned by the Ethernet Port Operation Command Set an amount limit to the mac-address max-mac-count count MAC addresses learned by the Ethernet port Restore the default limit to the undo mac-address max-mac-count...
Page 292: Reboot Ethernet Switch
Learned Ethernet1/0/2 Device Management With device management, the Switch 7700 displays the current running state and event debugging information about the slots and physical devices. In addition, there is a command for rebooting the system, when a function failure occurs.
Page 293: Designate The App Adopted When Booting The Ethernet Switch Next Time
Operation Command Upgrade BootROM boot BootROM file-url Reset a slot The Switch 7700 allows the administrator to reset a slot in the system. Perform the following configuration in user view. Table 24 Reset a Slot Operation Command Reset a slot reboot [ slot slot-num ] The parameter slot-num ranges from 0 to 6.
Page 294: Display And Debug Device Management
Set backboard view The backboard view command determines the backplane bandwidth allocated to each slot in the Switch 7700. Currently, the Switch Fabric has the capability of 32Gbpos full duplex yet the chassis has a maximum capability of 48 Gbps full duplex.
Page 295: Display The State And Information Of The System
System Maintenance and Debugging Setting the System Clock ■ Set the Time Zone ■ Setting Daylight Saving Time ■ Setting the System Name Perform the following commands in system view. Table 28 Set System Name Operation Command Set the switch name sysname sysname Restore the switch name to the default name undo sysname...
Page 296: System Debugging
} ] [ module-name ] System Debugging Enable/disable the terminal debugging The Switch 7700 provides various ways for debugging most of the supported protocols and functions, which can help you diagnose errors. The following switches control the outputs of debugging information: Protocol debugging switch controls debugging output of a protocol.
Page 297 System Maintenance and Debugging Figure 3 Debug Output Debugging information Protocol debugging switch Screen output switch You can use the following commands to control the above-mentioned debugging. Perform the following operations in user view. Table 33 Enable/Disable the Debugging Operation Command Enable the protocol debugging debugging { all | module-name [ debugging-option ] }...
Page 298: Testing Tools For Network Connection
] [ -w timeout ] host Logging Function The Syslog is an indispensable part of the Switch 7700. It serves as an information center of the system software modules. The logging system is responsible for most of the information outputs, and it also makes detailed classification to filter the...
Page 299 R&D personnel to monitor the operating state of networks and diagnose network failures. The syslog of the Switch 7700 has the following features: Support to output log in six directions, i.e., Console, monitor to Telnet terminal, ■...
Page 300 11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in system view. Table 38 Log Output Operation Command Configure to output the info-center console channel { channel-number | information to the Console channel-name } Configure to output the info-center monitor channel { channel-number | information to the Telnet terminal channel-name } or monitor...
Page 301 System Maintenance and Debugging Table 40 Syslog-Defined Severity Severity Description alerts The errors that need to be corrected immediately. critical Critical errors errors The errors that need to be concerned but not critical warnings Warning, there might exist some kinds of errors. notifications The information should be concerned.
Page 302 11: S HAPTER YSTEM ANAGEMENT This configuration is performed on the info-center loghost. The following configuration example is implemented on SunOS 4.0. The configurations on the Unix operating systems of other vendors are basically the same. a Perform the following commands with the identity of root mkdir /var/log/SW7700 touch /var/log/SW7700/config touch /var/log/SW7700/security...
Page 303: Displaying And Debugging The Syslog Function
SNMP Configure the info-center loghost as follows: 1 Enable the logging system. [SW7700] info-center enable 2 Set the host at 202.38.1.10 as info-center loghost, sets the severity threshold to informational, the output language to English and allows the RSTP and IP modules to output information.
Page 304: Snmp Versions And Supported Mib
11: S HAPTER YSTEM ANAGEMENT In terms of structure, SNMP can be divided into two parts, namely, NMS and Agent. NMS (Network Management Station) is the workstation for running the client program. At present, the commonly used NM platforms include Sun NetManager and IBM NetView.
Page 305: Configure Snmp
SNMP The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following table. Table 44 MIBs Supported by the Ethernet Switch attribute MIB content References Public MIB MIB II based on TCP/IP network RFC1213 device BRIDGE MIB...
Page 306 11: S HAPTER YSTEM ANAGEMENT You can use the following commands to set the community name. Perform the following configuration in system view. Table 45 Set Community Name Operation Command Set the community name and the snmp-agent community { read | write } access authority community-name [ [ mib-view view-name ] [ acl acl-list ] Remove the community name and...
Page 307 SNMP Perform the following configuration in system view. Table 48 Set the Destination Address of Trap Operation Command Set the destination address of trap snmp-agent target-host trap adress udp-domain host-addr [ udp-port udp-port-number ] params securityname community-string [ v1 | v2c | v3 { authentication | privacy } ] Delete the destination address of undo snmp-agent target-host host-addr...
Page 308 11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in system view. Table 51 Set the Engine ID of a Local or Remote Device Operation Command Set the engine ID of the device snmp-agent local-engineid engineid Restore the default engine ID of the undo snmp-agent local-engineid engineid device.
Page 309 This parameter is supported only in SNMP V3. For details, see the Switch 7700 Command Reference Guide. Creating and Updating View Information or Deleting a View You can use the following commands to create, update the information of views or delete a view.
Page 310: Displaying And Debugging Snmp
11: S HAPTER YSTEM ANAGEMENT Disabling the SNMP Agent To disable SNMP Agent, please Perform the following configuration in system view. Table 57 Disable SNMP Agent Operation Command Disable snmp agent undo snmp-agent If user disable NMP Agent, it will be enabled whatever snmp-agent command is configured thereafter.
Page 311: Rmon
RMON Figure 5 SNMP Configuration Example 129.102.149.23 129.102.0.1 Ethernet 1 Enter the system view. <SW7700> system-view 2 Set the community name and the access authority. [SW7700] snmp-agent community read public 3 Set the administrator ID, contact and the physical location of the Ethernet switch. [SW7700] snmp-agent sys-info contact Mr.Smith-Tel:3306 [SW7700]...
Page 312: Configure Rmon
11: S HAPTER YSTEM ANAGEMENT exchange data information with SNMP Agent and collect NM information. However, not all the data of RMON MIB can be obtained with this method, depending on resources. In most cases, only four groups of information can be collected.
Page 313 RMON Perform the following configuration in system view. Table 60 Add/Delete an Entry to/from the Event Table Operation Command Add an entry to the event table. rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner rmon-station ] Delete an entry from the event undo rmon event event-entry...
Page 314: Displaying And Debugging Rmon
Figure 6 RMON Configuration Networking Internet Network port Console port Switch 1 Configure RMON. [SW7700-Ethernet2/0/1] rmon statistics 1 owner 3com-rmon 2 View the configurations in user view. <SW7700> display rmon statistics Ethernet2/0/1 Statistics entry 1 owned by 3com-rmon is VALID.
Page 315: Ntp
Gathers statistics of interface Ethernet2/0/1. Received: octets : 270149,packets : 1954 broadcast packets :1570 ,multicast packets:365 undersized packets ,oversized packets:0 fragments packets ,jabbers packets CRC alignment errors:0 ,collisions Dropped packet events (due to lack of resources):0 Packets received according to length (in octets): :644 65-127 :518...
Page 316: Configuring Ntp
11: S HAPTER YSTEM ANAGEMENT In the figure above, Ethernet Switch A and Ethernet Switch B are connected the Ethernet port. They have independent system clocks. Before implement automatic clock synchronization on both switches, we assume that: Before synchronizing the system clocks on Ethernet Switch A and B, the ■...
Page 317 Configuring NTP Operating Mode S3026 and S2403H Ethernet Switches can only serve as ntp client but not ntp server. You can set the NTP operating mode of an Ethernet Switch according to its location in the network and the network structure. For example, you can set a remote server as the time server of the local equipment.
Page 318 11: S HAPTER YSTEM ANAGEMENT a broadcast, multicast or reference clock IP address. In this mode, both the local switch and the remote server can synchronize their clocks with the clock of opposite end. Perform the following configurations in system view. Table 66 Configure NTP Peer Mode Operation Command...
Page 319 Perform the following configurations in VLAN interface view. Table 68 Configure NTP Broadcast Client Mode Operation Command Configure NTP broadcast client mode ntp-service broadcast-client Disable NTP broadcast client mode undo ntp-service broadcast-client This command can only be configured on the interface where the NTP broadcast packets are received.
Page 320 11: S HAPTER YSTEM ANAGEMENT Configuring NTP ID Authentication Enable NTP authentication, set the MD5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key. Perform the following configurations in system view. Table 71 Configure NTP Authentication Operation Command...
Page 321 Perform the following configurations in system view. Table 74 Designate an interface to transmit NTP message Operation Command Designate an interface to transmit NTP ntp-service source-interface { message interface-name | interface-type interface-number } Cancel the interface to transmit NTP message undo ntp-service source-interface An interface is specified by interface-name or interface-type interface-number.
Page 322: Displaying And Debugging Ntp
11: S HAPTER YSTEM ANAGEMENT with peer, serve, serve only, and query only in an ascending order of the limitation. The first matched authority will be given. Perform the following configurations in system view. Table 77 Set Authority to Access a Local Ethernet Switch Operation Command Set authority to access a local Ethernet switch ntp-service access { query |...
Page 323: Ntp Configuration Examples
NTP Configuration Configuring NTP Servers Examples On SW77001, set the local clock as the NTP master clock at stratum 2. On SW77002, configure SW77001 as the time server in server mode and set the local equipment as in client mode. Figure 8 Typical NTP Configuration Networking Diagram SW00773 SW00771...
Page 324 11: S HAPTER YSTEM ANAGEMENT peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000) After the synchronization, SW77002 turns into the following status: [SW77002] display ntp-service status clock status: synchronized clock stratum: 8 reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms...
Page 325 Configure NTP peers On SW77003, set local clock as the NTP master clock at stratum 2. On SW77002, configure SW77001 as the time server in server mode and set the local equipment as in client mode. At the same time, SW77005 sets SW77004 as its peer. See Figure 3-3.
Page 326 11: S HAPTER YSTEM ANAGEMENT root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms reference time: 20:54:25.156 UTC Mar 7 2002(C0325201.2811A112) By this time, SW77004 has been synchronized by SW77005 and it is at stratum 2, or higher than SW77005 by 1. Display the sessions of SW77004 and you will see SW77004 has been connected with SW77005.
Page 327 2 Enter Vlan-interface2 view. [SW77004] interface vlan-interface 2 [SW77004-Vlan-Interface2] ntp-service broadcast-client Configure Ethernet Switch SW77001: 1 Enter system view. <SW77001> system-view 2 Enter Vlan-interface2 view. [SW77001] interface vlan-interface 2 [SW77001-Vlan-Interface2] ntp-service broadcast-client The above examples configured SW77004 and SW77001 to listen to the broadcast through Vlan-interface2, SW77003 to broadcast packets from Vlan-interface2.
Page 328 11: S HAPTER YSTEM ANAGEMENT [5]1.0.1.11 0.0.0.0 [5]128.108.22.44 0.0.0.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Configure NTP multicast mode SW77003 sets the local clock as the master clock at stratum 2 and multicast packets from Vlan-interface2. Set SW77004 and SW77001 to receive multicast messages from their respective Vlan-interface2.
Page 329 Configure Authentication-Enabled NTP Server Mode SW77001 sets the local clock as the NTP master clock at stratum 2. SW77002 sets SW77001 as its time server in server mode and itself in client mode and enables authentication. See Figure 1-2. Configure Ethernet Switch SW77001: 1 Enter system view.
Page 330 11: S HAPTER YSTEM ANAGEMENT...

3Com 7700 Configuration Manual

About this Guide

System

Ccess

Port Configuration

Vlan Configuration

Network Protocol Operation

Routing Protocol Operation

Multicast Protocol

Q O S/Acl Operation

Stp Operation

Aaa and Radius Operation

Reliability

System

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for 3Com 7700

Summary of Contents for 3Com 7700