Page 1 H3C S9500 Series Routing Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08163E-20071125-C-1.01 Product Version: S9500-CMW310-R1278...
Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Page 3 It introduces all commands available in Command Manual the S9500, as well as a command index. Organization H3C S9500 Series Routing Switches Operation Manual consists of the following parts: Part Contents 1 Getting Started This module profiles the access types and steps to the...
Page 4 Part Contents 8 MPLS This module introduces the configuration on MPLS and BGP/MPLS VPN features.. 9 STP This module introduces the configuration on STP feature. 10 Security This module presents the configuration on 802.1x, AAA and RADIUS protocols, HABP, and HWTACACS protocol.
Page 5 Convention Description Optional alternative items are grouped in square brackets [ x | y | ... ] * and separated by vertical bars. Many or none can be selected. A line starting with the # sign is comments. II. GUI conventions Convention Description Button names are inside angle brackets.
Page 6: Table Of Contents
Operation Manual – Getting Started H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Product Overview....................... 1-1 1.2 Function Features ......................1-2 Chapter 2 Logging in to Switch ....................2-1 2.1 Setting Up Configuration Environment through the Console Port ........2-1 2.2 Setting up Configuration Environment through Telnet............
Page 7 Operation Manual – Getting Started H3C S9500 Series Routing Switches Table of Contents 6.2.2 Configuration Tasks ....................6-2 6.2.3 System Logging Function..................6-9 6.2.4 Password Control Configuration Example .............. 6-9...
Page 8: Chapter 1 Product Overview
Chapter 1 Product Overview 1.1 Product Overview The H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series) are a series of large capacity, modularized L2/L3 switches. They are mainly designed for broadband MAN, backbone, switching core and convergence center of large-sized enterprise network and campus network.
Page 9: Function Features
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 1 Product Overview 1.2 Function Features Table 1-1 Function features Features Implementation Supports VLAN compliant with IEEE 802.1Q Standard Supports port-based VLAN VLAN Supports GARP VLAN Registration Protocol (GVRP)
Page 10 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 1 Product Overview Features Implementation Supports traffic classification Supports bandwidth control Supports congestion control Quality Supports traffic shaping and traffic supervision Service (QoS) Supports queues of different priority on the port...
Page 11: Chapter 2 Logging In To Switch
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch Chapter 2 Logging in to Switch 2.1 Setting Up Configuration Environment through the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
Page 12: Setting Up Configuration Environment Through Telnet
Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as <H3C>. Step 4: Input a command to configure the switch or view the operation state. Input a “?”...
Page 13 Enter system view , return user view with Ctrl+Z. [H3C] user-interface vty 0 [H3C-ui-vty0] set authentication password simple xxxx (xxxx is the login password of Telnet user) Step 2: To set up the configuration environment, connect the Ethernet port of the PC to that of the switch via the LAN, as shown in Figure 2-5.
Page 14: Accessing A Switch Through Another Switch Via Telnet
After you input the correct password, it displays the command line prompt (such as <H3C>). If the prompt “All user interfaces are used, please try later! The connection was closed by the remote host!” appears, it indicates that the maximum number of Telnet users that can be accessed to the switch is reached at this moment.
Page 15: Setting Up Configuration Environment Through Modem Dial-Up
If it is the hostname, you need to use the ip host command to specify.) Step 4: Enter the preset login password and you will see the prompt such <H3C>. If the prompt “All user interfaces are used, please try later! The connection was closed by the remote host!”...
Page 16 H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch [H3C-ui-aux0] set authentication password simple xxxx (xxxx is the login password of the Modem user.) Step 2: As shown in the figure below, to set up the remote configuration environment, connect the Modems to a PC (or a terminal) serial port and the switch AUX port respectively.
Page 17 Step 4: Enter the preset login password on the remote terminal emulator and wait for the prompt such as <H3C>. Then you can configure and manage the switch. Enter “?” to get the immediate help. For details of specific commands, refer to the following chapters.
Page 18: Chapter 3 Command Line Interface
Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface H3C series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port and AUX port.
Page 19 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Management level: They are commands that influence basis operation of the system and system support module, which plays a support role on service. Commands of this level involve file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands, and level setting commands.
Page 20 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Route policy view Basic ACL view Advanced ACL view Layer-2 ACL view Conform-level view WRED index view RADIUS server group view ISP domain view MPLS view...
Page 21 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter 100M Ethernet port view [H3C-Et hernet2/ Key in interface 1/1] ethernet 2/1/1 in system view...
Page 22 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter Use quit to return User Configure user to system view [H3C-ui interface interface user-interface 0...
Page 23 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter Use quit to return to system view Configure [H3C-bg Key in bgp 100 BGP view...
Page 24 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter Use quit to return RADIUS Key in radius to system view server Configure radius...
Page 25 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter Use quit to return [H3C-vp Configure vpn-instance to system view vpn-insta n-vpn-in vpn-instance vpn-instance_...
Page 26: Features And Functions Of Command Line
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Comman Command to Function Prompt Command to exit d view enter Enter lanswitch view. Use quit to return After entering the [H3C-la to HGMP view...
Page 27: Displaying Characteristics Of Command Line
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface <cr> indicates no parameter in this position. The next command line repeats the command, you can press <Enter> to execute it directly. Input a character string with a “?”, then all the commands with this character string as their initials will be listed.
Page 28: Common Command Line Error Messages
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Table 3-3 Retrieve history command Operation Result Display history Display history command by user display command inputting history-command Retrieve Up cursor key <↑> or Retrieve the previous history...
Page 29 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 3 Command Line Interface Table 3-5 Editing functions Function Insert from the cursor position and the cursor moves to the Common keys right, if the edition buffer still has free space.
Page 30: Chapter 4 User Interface Configuration
To facilitate system management, the switches support user interface based configuration for the configuration and management of port attributes. Presently, the S9500 series switches support the following user interface based configuration methods: Local configuration via the Console port and AUX port Local and remote configuration through Telnet on Ethernet port Remote configuration through dialing with modem via the AUX port.
Page 31: User Interface Configuration
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration VTY is numbered after AUX user interface. The absolute number of the first VTY is incremented by 1 than the AUX user interface number. II. Relative number The relative number is in the format of “user interface type”...
Page 32: Configuring Asynchronous Port Attributes
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration When the users log in to the switch, if a connection is activated, the login header will be displayed. After the user successfully logs in the switch, the shell header will be displayed.
Page 33: Configuring Terminal Attributes
Restore the default stop bit undo stopbits By default, an asynchronous port supports 1 stop bit. Note that setting 1.5 stop bits is not available on S9500 series at present. V. Configuring the data bit Table 4-7 Configure the data bit...
Page 34 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration I. Enabling/disabling terminal service After the terminal service is disabled on a user interface, you cannot log in to the switch through the user interface. However, the user logged in through the user interface before disabling the terminal service can continue his operation.
Page 35: Managing Users
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration Table 4-10 Lock user interface Operation Command Lock user interface lock IV. Setting the screen length If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
Page 36 # Configure for password authentication when a user logs in through a VTY 0 user interface and set the password to H3C. [H3C] user-interface vty 0 [H3C-ui-vty0] authentication-mode password [H3C-ui-vty0] set authentication password simple H3C...
Page 37 In the following example, local username and password authentication are configured. # Perform username and password authentication when a user logs in through VTY 0 user interface and set the username and password to zbr and H3C respectively. [H3C-ui-vty0] authentication-mode scheme...
Page 38 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration III. Setting the command level used after a user logs in from a user interface You can use the following command to set the command level after a user logs in from a specific user interface, so that a user is able to execute the commands at such command level.
Page 39: Configuring Modem Attributes
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration Table 4-17 Set the command priority Operation Command Set the command priority in a specified command-privilege level level view view. view command Restore the default command level in a Undo command-privilege view view specified view.
Page 40: Configuring Redirection
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration 4.2.7 Configuring Redirection I. Send command The following command can be used for sending messages between user interfaces. Perform the following configuration in user view.
Page 41: Displaying And Debugging User Interface
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 4 User Interface Configuration 4.3 Displaying and Debugging User Interface After the above configuration, execute display command in any view to display the running of the user interface configuration, and to verify the effect of the configuration.
Page 42: Chapter 5 Management Interface Configuration
Chapter 5 Management Interface Configuration 5.1 Management Interface Overview S9500 series provide a 10/100Base-TX management interface on their SRPU board. The management interface can connect a background PC for software loading and system debugging, or a remote network management station for remote system management.
Page 43: Chapter 6 Password Control Configuration
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration Chapter 6 Password Control Configuration 6.1 Introduction to Password Control Configuration The Ethernet switch provides the password control function. Before a user can log in to the Ethernet switch, a system login password must be configured.
Page 44: Password Control Configuration
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration When purging all history records or the history records of a certain user, the system requests the standby card to perform backup. When adding a user to or deleting a user from the blacklist, the system requests the standby card to perform backup.
Page 45 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration Deleting history password records After the configuration, you can carry out display password-control in any view to view the password control information for all users, including the enabled/disabled state...
Page 46 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration Operation Command Description Delete history reset password-control password records of history-record [ username one or all users username ] reset password-control Delete history records history-record super [ level...
Page 47 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration If the user chooses not to change the password or fails to change the password, the user can still log in normally before the password expires.
Page 48 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration of days in which the password will expire, and ask the user whether to change the password. Table 6-3 Configuring alert time before password expiration...
Page 49 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration IV. Configuring the maximum number of attempts of entering a password and the processing mode for failed login attempts There is a limitation of the number of entering a password. When the number of...
Page 50 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration Operation Command Description If the command is carried out without username, all users will be removed from the reset password-control blacklist Remove a user or...
Page 51: System Logging Function
Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration VI. Configuring the timeout time for password authentication An authentication process for a user starts when the server obtains the user name and ends when the password authentication is completed for the user.
Page 52 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration II. Network diagram console console console console console console Switch Switch Switch Switch Switch Switch Figure 6-1 Network diagram for password control configuration III. Configuration procedure # Configure the system login password: <H3C>...
Page 53 Operation Manual – Getting Started H3C S9500 Series Routing Switches Chapter 6 Password Control Configuration Password alert-before-expire : 7 days Password authentication-timeout : 60 seconds Password attempt times : 3 times Password attempt-failed action : Lock for 120 minutes # Display the user names and the corresponding IP addresses added to the blacklist...
Page 54 Operation Manual – Port H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 Port Configuration Overview ..................1-1 Chapter 2 Ethernet Port Configuration ..................2-1 2.1 Ethernet Port Overview...................... 2-1 2.2 Ethernet Port Configuration ....................2-1 2.2.1 Entering Ethernet Port View..................
Page 55 Operation Manual – Port H3C S9500 Series Routing Switches Table of Contents 3.3 Displaying and Debugging Link Aggregation..............3-9 3.4 Link Aggregation Configuration Example ................ 3-10 Chapter 4 POS Port Configuration ....................4-1 4.1 POS Port Overview......................4-1 4.2 POS Port Configuration ..................... 4-1 4.2.1 Entering POS Port View..................
Page 56 Operation Manual – Port H3C S9500 Series Routing Switches Table of Contents Chapter 7 Port Isolation Configuration ..................7-1 7.1 Port Isolation Overview...................... 7-1 7.2 Configuration Tasks ......................7-1 7.2.1 Configuring an Isolated Group ................7-1 7.2.2 Configuring an Uplink Port in the Isolated Group............ 7-2 7.2.3 Configuring Isolated Ports for an Isolated Group............
Page 57 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 1 Port Configuration Overview Chapter 1 Port Configuration Overview The H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series) support these LPU boards: GT8P F32G GP12 GP24 GT12...
Page 58 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 1 Port Configuration Overview GP24 provides 24 × 1000 Mbps optical/electrical ports and works in 1000 Mbps full duplex mode without user intervention. GT12 provides 12 × 10/100/1000 Mbps electrical ports, supports auto-MDI/MDI-X, and can work in 1000 Mbps full duplex, 100 Mbps half/full duplex, or 10 Mbps half/full duplex mode.
Page 59 Chapter 2 Ethernet Port Configuration 2.1 Ethernet Port Overview S9500 series can provide conventional Ethernet ports, fast Ethernet ports, 1000 Mbps Ethernet ports and 10 Gbps Ethernet ports. The configurations of these Ethernet ports are basically the same, which will be described in the following sections.
Page 60 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration 2.2.2 Enabling/Disabling an Ethernet Port After configuring the related parameters and protocol of the port, you can use undo shutdown command to enable the port. If you do not want a port to forward data any more, use shutdown command to disable it.
Page 61 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Note that, 10/100 Mbps electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode. The10/100/1000 Mbps electrical Ethernet port can operate in full duplex, half duplex or auto-negotiation mode. When the port operates at 1000 Mbps or in auto mode, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).
Page 62 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Table 2-6 Setting the type of the cable connected to the Ethernet port Operation Command Set the type of the cable connected to mdi { across | auto | normal }...
Page 63 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Table 2-8 Enabling/disabling jumbo frames’ passing a card Operation Command Enable Jumbo frames to pass the card on a jumboframe enable specified slot, and set the maximum length...
Page 64 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Caution: You cannot enable both broadcast suppression and multicast suppression simultaneously on the same card. Namely, once you have enabled broadcast suppression on some ports of a card, you cannot enable multicast suppression on the other ports of the card, and vice versa.
Page 65 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration be sent without tags, but the trunk port only allows the packets from the default VLAN to be sent without tags. Perform the following configuration in Ethernet port view.
Page 66 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Note that the access port shall be added to an existing VLAN other than VLAN 1. The VLAN to which Hybrid port is added must have been existed.
Page 67 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration The port VLAN VPN feature of the switch can provide duplex VLAN Tags to a packet, namely, mark the packet with another VLAN Tag besides the original one, thus to provide 4k x 4k VLANs to meet user’s demands for VLANs.
Page 68 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Table 2-15 Configurations that can be copied Attribute Detailed Setting Enable/disable STP Port priority Path cost Link attributes(point-to-point or not) Port mCheck STP setting Max transmission speed...
Page 69 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Note: Using copy configuration command will clear protocol VLAN attributes of the destination port, but it can not copy protocol VLAN attributes of source port to the destination port.
Page 70 By default, the Ethernet port is set in loopback mode. At present, the Ethernet ports of the S9500 series switches do not support the external loopback mode. 2.3 Displaying and Debugging Ethernet Port After the above configuration, execute display command in any view to display the running of the Ethernet port configuration, and to verify the effect of the configuration.
Page 71 # Set the GigabitEthernet2/1/1 as a trunk port and allows VLANs 2, 6 through 50, and 100 to pass. [H3C-GigabitEthernet2/1/1] port link-type trunk [H3C-GigabitEthernet2/1/1] port trunk permit vlan 2 6 to 50 100 # Create the VLAN 100. [H3C] vlan 100 # Configure the default VLAN ID of GigabitEthernet2/1/1 as 100.
Page 72 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 2 Ethernet Port Configuration Solution: Please check If the cable connection is correct and if the optical fiver cable is inversely connected. If the shutdown command is used on the port.
Page 73 The VLAN setting includes permitted VLAN types, default VLAN ID. The port setting includes port link type. One S9500 series routing switch can support up to 920 aggregation groups. IDs 1 though 31 indicate manual or static aggregation groups. IDs 32 through 64 are reserved.
Page 74 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration information from the sender, the receiver compares it with the locally saved information about other ports, chooses member ports for the aggregation group and reaches agreement about if a port can join or leave a dynamic aggregation group.
Page 75 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration In a static aggregation group, the system sets the ports to active or inactive state based on these rules: Based on the descending order of priority levels from full duplex/high speed, to full...
Page 76 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration 3.1.4 Load Sharing I. Types of Load sharing In terms of load balancing, link aggregation may be load balancing aggregation and non-load balancing aggregation The 9500 series allocate IP packet load sharing according to destination and source IP addresses.
Page 77 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration The system sets to inactive state the ports which cannot aggregate with the master port, due to hardware limit. The system sets to inactive state the ports with basic configurations different from the master port.
Page 78 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration 3.2.1 Enabling/Disabling LACP at Port You should first enable LACP at the ports before performing dynamic aggregation, so that both parties can agree on adding/deleting the ports into/from a dynamic LACP aggregation group.
Page 79 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration Note: Port aggregation includes manual aggregation, static aggregation and dynamic aggregation. In the manual aggregation mode, ports working at different rates can be aggregated. Manual aggregation can be load balancing aggregation if the aggregation resource is available.
Page 80 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration When a port is added into an aggregation group, the original ARP information of the port will be lost. 3.2.4 Configuring/Deleting Aggregation Group Description You can use the following command to create/delete aggregation group description (for manual aggregation and static link aggregation).
Page 81 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration By default, system priority is 32,768. 3.2.6 Configuring Port Priority The LACP compares system IDs first and then port IDs (if system IDs are the same) in determining if the member ports are active or inactive ones for a dynamic LACP aggregation group.
Page 82 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration Operation Command reset lacp statistics interface Clear LACP statistics on the port interface-type interface-number [ to interface-type interface-number ] ] [ undo ] debugging lacp state...
Page 83 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 3 Link Aggregation Configuration [H3C] interface ethernet2/1/1 [H3C-Ethernet2/1/1] port link-aggregation group 1 [H3C-Ethernet2/1/1] interface ethernet2/1/2 [H3C-Ethernet2/1/2] port link-aggregation group 1 [H3C-Ethernet2/1/2] interface ethernet2/1/3 [H3C-Ethernet2/1/3] port link-aggregation group 1 # When the aggregation group numbers are continuous, you can directly aggregate multiple ports into a group.
Page 84 The POS ports of S9500 series work at the rates of STM-1/OC-3 (155.52 Mbps), STM-16 (2.5 Gbps) and STM-64 (10 Gbps), use point-to-point protocol (PPP) at the data link layer and internet protocol (IP) at the network layer.
Page 85 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration Table 4-1 Entering POS port view Operation Command Enter POS port view interface pos interface-number 4.2.2 Adding/Deleting POS Port into/from VLAN You can add the current POS port into a designated VLAN, so that it can forward the packets of that VLAN.
Page 86 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration Table 4-4 Configuring POS port description Operation Command Configure a POS port description description text Delete the POS port description undo description By default, a POS port has no description.
Page 87 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration is to say when there are few error bits, the line gives out the SD alarm; and when the bit error rate reaches a certain extent, which means the line performance is seriously degraded, the line gives out the SF alarm.
Page 88 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration Table 4-9 Setting polling interval of the state timer on POS port Operation Command Set polling interval of the state timer of POS port timer hold seconds...
Page 89 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration Table 4-11 Setting loopback mode of POS port Operation Command Set loopback mode of the POS port to internal loopback internal Set loopback mode of the POS port to external...
Page 90 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration C2, J0 and J1 configuration should be consistent at both ends. Otherwise, the system may give alarms. The frame format of overhead bytes J0 and J1 must be consistent at both POS ports.
Page 91 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration Table 4-15 Displaying and debugging POS port configuration Operation Command Display all information display interface pos [ interface-number ] about the POS port Clear statistics of the...
Page 92 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 4 POS Port Configuration [SwitchB-Vlan-interface2] quit [SwitchB] interface pos 3/1/1 [SwitchB-Pos3/1/1] pos access vlan 2 [SwitchB-Pos3/1/1] clock master 4.5 Troubleshooting POS Port Configuration Symptom 1: The POS port is down at the physical layer.
Page 93 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration Chapter 5 RPR Port Configuration 5.1 RPR Standard Overview Resilient packet ring (RPR) is a new MAC layer protocol designed for transferring mass data services over MANs. With multiple technology advantages, such as high utilization of ring bandwidth, self-healing ability, and plug and play nodes, it can match the requirements for next-generation MANs.
Page 94 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration RPR supports plug and play, and can bear services almost without configurations. In general, you do not need to configure RPR. For some special purposes such as debugging, you can also modify the configuration by referring to the related commands.
Page 95 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration Configuration steps Command Description Optional. By default, for packets with a tag, the mapping will implemented as per tag; for packets without a tag, if they are MPLS packets,...
Page 96 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration Configuration steps Command Description clock-source line Optional. The default is Configure clock source internal ] internal. Optional. scrambling mode, c2 is 0x16 by default. In non-scrambling...
Page 97 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration Configuration steps Command Description Optional. Without display rs-table Display integrated ring parameter, the command [overall | static | dynamic | selection table displays the integrated ring...
Page 98 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration III. Configuration procedure The following section takes Node A configuration as an example. Other node configurations are similar. # Add RPR port 2/1/1 to VLAN 2.
Page 99 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 5 RPR Port Configuration Configuration Command Description Optional. Without parameter, the command Display integrated display rpr rs-table [overall | displays integrated ring ring selection table static dynamic vrrp] selection table information...
Page 100 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 6 IDS Linkage Configuration Chapter 6 IDS Linkage Configuration 6.1 Overview 6.1.1 Necessity Users always resort to a single type of security products to satisfy a specific security need. For example, they purchase firewalls for purpose of preventing attacks of suspicious data packets, password machines for encrypting transmitted data, and intrusion detection systems (IDSs) for detecting intrusion.
Page 101 For example, you can set to monitor only outgoing packets on the specified ports. For the S9500 series, you can use the mirroring group to configure port mirroring function. Each mirroring group contains one monitor port and a group of mirroring ports.
Page 102 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 6 IDS Linkage Configuration Configuration item Command Description Enable IDS linkage Required ids-acl enable on the port Display port display mirroring-group mirroring { integer<1-20> | <cr> } Optional. You can use...
Page 103 III. Configuration procedure Note: Only the commands related to the switch (router) are listed here. <H3C> system-view [H3C] mirroring-group 1 inbound Ethernet 3/1/1 mirrored-to Ethernet 3/1/48 [H3C]vlan 192 [H3C-vlan192]port Ethernet3/1/1 Ethernet3/1/3 Ethernet3/1/5 Ethernet3/1/47 [H3C-vlan192]interface vlan-interface 192 [H3C-Vlan-interface192]ip add 192.168.1.1 255.255.255.0...
Page 104 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 6 IDS Linkage Configuration 6.5 Displaying IDS Linkage Configuration Execute the display command in any view to display IDS linkage configuration. Table 6-2 Display IDS linkage configuration Configuration Command Description...
Page 105 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 7 Port Isolation Configuration Chapter 7 Port Isolation Configuration 7.1 Port Isolation Overview Using port isolation feature, you can place different user ports into the same VLAN. As these users cannot communicate with each other, the network security is improved, flexible networking scheme is provided, and a lot of VLAN sources are saved.
Page 106 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 7 Port Isolation Configuration 7.2.2 Configuring an Uplink Port in the Isolated Group Table 7-3 Configuring an uplink port in the isolated group Operation Command Description Enter system view system-view...
Page 107 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 7 Port Isolation Configuration Operation Command Description Required You can configure isolated ports for the isolated group only after you create the isolated group. The isolated port can only be...
Page 108 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 7 Port Isolation Configuration III. Configuration procedure # Create isolated group 1. <H3C>system-view [H3C] port-isolate group 1 # Configure port Ethernet2/1/2 as an isolated port in isolated group 1. [H3C] interface Ethernet2/1/2 [H3C-Ethernet2/1/2] port-isolate group 1 # Configure port Ethernet2/1/1 as an upstream port in isolated group 1.
Page 109 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 8 Packet Statistics Configuration Chapter 8 Packet Statistics Configuration 8.1 Introduction to Egress Packet Statistics A card provides two sets of counters for monitoring egress packet statistics of the card.
Page 110 Operation Manual – Port H3C S9500 Series Routing Switches Chapter 8 Packet Statistics Configuration This command does not support egress packet statistics on POS ports not bound to a VLAN. After successful configuration, it is necessary to reset the counters to start counting again.
Page 111 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 VLAN Overview ........................ 1-1 1.2 Configuring VLAN ......................1-1 1.2.1 Creating/Deleting a VLAN ....................1-1 1.2.2 Specifying a Description Character String for a VLAN or VLAN interface ....1-2 1.2.3 Naming the Current VLAN ....................1-2...
Page 112 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Table of Contents 4.2.2 Configuring a Secondary VLAN ..................4-2 4.2.3 Mapping an isolate-user-vlan to Secondary VLANs ............4-3 4.3 Displaying and Debugging an isolate-user-VLAN ............4-4 4.4 Isolate-user-VLAN Configuration Example ..............4-4 Chapter 5 Q-in-Q Configuration ....................
Page 113 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview Virtual local area network (VLAN) groups the devices in a LAN logically, not physically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Q in 1999 to standardize the VLAN implementations.
Page 114 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration Table 1-1 Create/Delete a VLAN or VLANs Operation Command Create a VLAN and enter the VLAN view vlan vlan-id Create VLANs in batch vlan vlan-id-list Delete an VLAN or VLANs...
Page 115 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration Table 1-3 Name the current VLAN Operation Command Name the current VLAN name Restore the default name of the current VLAN undo name By default, the name of the current VLAN is its VLAN ID.
Page 116 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration 1.3 Configuring Port-Based VLAN 1.3.1 Adding Ethernet Ports to a VLAN You can use the following commands to add the Ethernet ports to a VLAN. Perform the following configuration in VLAN view.
Page 117 VLAN. 1.5 Configure the CPU Port in an VLAN The CPU is a special port in the S9500 series routing switches. By default, because the CPU port is in a VLAN, when common broadcast packets and unknown multicast packets are broadcast within a VLAN, these packets will also be broadcast to the CPU.
Page 118 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration Table 1-10 Move the CPU port out of/into the specified VLANs Operation Command Move the CPU port out of the specified trap-to-cpu disable vlan { vlan_list |...
Page 119 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 1 VLAN Configuration II. Network diagram Switch E3/1/1 E4/1/1 E3/1/2 E4/1/2 VLAN 3 VLAN 2 Figure 1-1 Network diagram for VLAN configuration III. Configuration procedure # Create VLAN 2 and enter its view.
Page 120 (GVRP or GMRP). GARP and GMRP are described in details in the IEEE 802.1P standard (which has been added to the IEEE802.1D standard). H3C series switches fully support the GARP compliant with the IEEE standards. The following section describes the GARP configuration task:...
Page 121 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 2 GARP/GVRP Configuration Note: The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switched network. In one switched network, the GARP timers on all the switching devices should be set to the same value.
Page 122 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 2 GARP/GVRP Configuration Note that, the value of Join timer should be no less than the doubled value of Hold timer, and the value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value.
Page 123 GVRP includes both the local static registration information configured manually and the dynamic registration information from other switches. GVRP is described in details in the IEEE 802.1Q standard. H3C series switches fully support the GARP compliant with the IEEE standards.
Page 124 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 2 GARP/GVRP Configuration Table 2-3 Enable/disable global GVRP Operation Command Enable global GVRP gvrp Disable global GVRP undo gvrp By default, global GVRP is disabled. 2.2.3 Enabling/Disabling Port GVRP You can use the following command to enable/disable the GVRP on a port.
Page 125 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 2 GARP/GVRP Configuration Table 2-5 Set the GVRP registration type Operation Command Set GVRP registration type gvrp registration { normal | fixed | forbidden } Restore the default GVRP undo gvrp registration registration type By default, GVRP registration type is normal.
Page 126 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 2 GARP/GVRP Configuration # Enable GVRP globally. [H3C] gvrp # Set Ethernet3/1/1 as a Trunk port and allows all the VLANs to pass through. [H3C] interface ethernet3/1/1 [H3C-Ethernet3/1/1] port link-type trunk [H3C-Ethernet3/1/1] port trunk permit vlan all # Enable GVRP on the Trunk port.
Page 127 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 3 Super VLAN Configuration Chapter 3 Super VLAN Configuration 3.1 Super VLAN Overview Super VLAN is also called VLAN aggregation. The following is the fundamental principle: A super VLAN contains multiple sub VLANs. A super VLAN can be configured with an IP address of the virtual port, while a sub VLAN cannot be configured with the IP address of the virtual port.
Page 128 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 3 Super VLAN Configuration Table 3-1 Configure a super VLAN Operation Command Description Enter system view system-view Enter VLAN view vlan vlan-id Required Required. The VLAN-ID is Set the VLAN type...
Page 129 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 3 Super VLAN Configuration Caution: A Super VLAN cannot contain ports. After you set the VLAN type to super VLAN, the ARP proxy is automatically enabled on the VLAN port, and you do not need to configure the proxy.
Page 130 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 3 Super VLAN Configuration [H3C-vlan5]arp proxy enable [H3C-vlan5] vlan 10 [H3C-vlan10] subvlan 2 3 5 [H3C-vlan10] interface vlan 10 [H3C-Vlan-interface10] ip address 10.110.1.1 255.255.255.0...
Page 131 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 4 Isolate-user-VLAN Configuration Chapter 4 Isolate-user-VLAN Configuration 4.1 Isolate-user-VLAN Overview Isolate-user-VLAN can save the VLAN resource in a network. It adopts the two-level VLAN architecture. One level is isolate-user-VLAN level, and the other is Secondary VLAN level, as shown in Figure 4-1.
Page 132 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 4 Isolate-user-VLAN Configuration 4.2.1 Configuring an isolate-user-VLAN Table 4-2 Configure an isolate-user-VLAN Operation Command Description Enter system view system-view Create a VLAN vlan vlan-id Required Required Configure isolate-user-vlan VLAN You cannot configure VLAN 1 as an...
Page 133 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 4 Isolate-user-VLAN Configuration Note: An isolate-user-VLAN can correspond to up to 64 S econdary VLAN s . You can configure up to 32 isolate-user-VLANs for a system. You can configure up to 1,024 Secondary VLANs for a system.
Page 134 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 4 Isolate-user-VLAN Configuration II. Note the following after mapping an isolate-user-VLAN to a Secondary VLAN Trunk ports and access ports cannot join an isolate-user-VLAN or Secondary VLAN. Hybrid ports can join or exit from an isolate-user-VLAN and Secondary VLAN.
Page 135 [H3C-vlan3] vlan 2 [H3C-vlan2] port ethernet2/1/2 # Configure the mapping relationship between the isolate-user-VLAN and the Secondary VLANs. [H3C-vlan2] quit [H3C] isolate-user-vlan 5 secondary 2 to 3 Configuration on Switch C # Configure an isolate-user-VLAN. <H3C>system-view [H3C] vlan 6 [H3C-vlan6] isolate-user-vlan enable [H3C-vlan6] port ethernet2/1/1 # Configure Secondary VLANs.
Page 136 H3C S9500 Series Routing Switches Chapter 4 Isolate-user-VLAN Configuration [H3C-vlan6] vlan 3 [H3C-vlan3] port ethernet2/1/3 [H3C-vlan3] vlan 4 [H3C-vlan4] port ethernet2/1/4 # Configure the mapping relationship between the isolate-user-VLAN and the Secondary VLANs. [H3C-vlan4] quit [H3C] isolate-user-vlan 6 secondary 3 to 4...
Page 137 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration Chapter 5 Q-in-Q Configuration 5.1 Q-in-Q Overview 5.1.1 Introduction to Q-in-Q Q-in-Q refers to the technology that enables packets to be transmitted across the operators’ backbone networks with VLAN tags of private networks nested in those of public networks.
Page 138 Figure 5-3 The structure of the Tag field of an Ethernet frame By default, a S9500 series switch uses 0x8100 as the value of the TPID field, which is defined by IEEE 802.1Q. But S9500 series switches can also adjust the TPID values of Q-in-Q packets.
Page 139 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration packets before transmitting the packet through the VLAN-VPN uplink ports to enable these packets to be accepted by devices of other vendors. 5.2 Configuration of VLAN VPN Feature on a Port 5.2.1 Configuration Prerequisites...
Page 140 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration Caution: VLAN VPN cannot be enabled if the port has any of the protocol among GVRP, STP, and 802.1x enabled. VLAN VPN cannot be enabled on a port if the VLAN which the port belongs to has IGMP Snooping enabled or its VLAN interface has IGMP enabled.
Page 141 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration Configuration step Command Description Deliver traffic-redirect inbound Layer ip-group { acl-number | traffic acl-name } [ rule rule classification [ system-index index ] ] rule nested-vlan nested-vlanid...
Page 142 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration 5.3.3 Traffic Classification-Based Nested VLAN Configuration Example I. Network requirements Switch A, Switch B and Switch C are S9500 routing switches. User networks are connected to Switch A and Switch C respectively.
Page 143 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration System View: return to User View with Ctrl+Z. [SwitchA]vlan 11 [SwitchA-vlan11]quit [SwitchA]flow-template user-defined slot 2 vlanid [SwitchA]acl number 4000 [SwitchA-acl-link-4000]rule 0 permit ingress 10 [SwitchA-acl-link-4000]quit # Configure the GigabitEthernet2/1/1 port.
Page 144 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration Note: Following describes how a packet is forwarded from Switch A to Switch C. As packets sourced from VLAN 10 match rule 0 of the ACL 4000 configured on Switch A, a packet of this type is tagged with two VLAN tags when it flow in the GigabitEthernet2/1/1 port of Switch A.
Page 145 5.4.3 TPID Value Configuration Example I. Network requirements Switch A and Switch C are S9500 series switches. Switch B is a switch produced by other vendor. It uses TPID value of 0x9100. Two networks are connected to the GigabitEthernet2/1/1 ports of Switch A and Switch C respectively.
Page 146 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration It is desired that packets of VLANs other than VLAN 10 can be exchanged between the networks connected to Switch A and Switch C. II. Network diagram...
Page 147 Operation Manual – VLAN-QinQ H3C S9500 Series Routing Switches Chapter 5 Q-in-Q Configuration Configure Switch B Because Switch B is produced by other vendor, related commands may differ from those available to S9500 switches. So only the operation is listed, as shown below: Configure GigabitEthernet3/1/1 and GigabitEthernet3/1/2 ports of Switch B to be trunk ports.
Page 148 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 Introduction to IP Addresses....................1-1 1.1.1 IP Address Classification and Representation............1-1 1.1.2 Subnet and Mask ....................1-3 1.2 Configuring IP Address......................
Page 149 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Table of Contents 4.3.1 Creating a Global DHCP IP Address Pool .............. 4-7 4.3.2 Configuring IP Address Assignment Mode ............. 4-8 4.3.3 Forbidding Specified IP Addresses to Be Automatically Assigned ....... 4-10 4.3.4 Configuring Lease Time For DHCP Address Pool..........
Page 150 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Table of Contents 6.6 Troubleshooting Domain Name Resolution Configuration ..........6-5 Chapter 7 IP Performance Configuration..................7-1 7.1 Configuring IP Performance ....................7-1 7.1.1 Configuring TCP Attributes ..................7-1 7.2 Displaying and Debugging IP Performance............... 7-2...
Page 151 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration 1.1 Introduction to IP Addresses 1.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device that accesses the Internet. It consists of two fields: net-id field and host-id field.
Page 152 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Table 1-1 IP address classes and ranges IP network Network Address range Note class range available Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing.
Page 153 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration IP network Network Address range Note class range available Addresses of class D are multicast addresses, among which: IP address 224.0.0.0 is reserved and will not be allocated. Those from 224.0.0.1 to 224.0.0.255 are...
Page 154 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration 138.38.160.0, 138.38.192.0 and 138.38.224.0 (Refer to the following figure). Each subnet can contain more than 8000 hosts. ClassB ClassB 10001010, 00100110, 000 00000, 00000000 10001010, 00100110, 000 00000, 00000000 138.38.0.0...
Page 155 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration 1.2.2 Configuring the IP Address of the VLAN Interface You can configure an IP address for every VLAN interface of the switch. Generally, it is enough to configure one IP address for an interface.
Page 156 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration After the IP address protection function is enabled on a VLAN interface, the current interface will no longer dynamically learn ARP mapping entries, and existing dynamic ARP mapping entries will be removed.
Page 157 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Table 1-5 Display and debug IP address Operation Command Display all hosts on the network and the display ip host corresponding IP addresses Display the configurations of a VLAN...
Page 158 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 1 IP Address Configuration Check which VLAN includes the port of the switch used to connect to the host. Check whether the VLAN has been configured with a VLAN interface. Then check whether the IP address of the VLAN interface and that of the host are on the same network segment.
Page 159 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration Chapter 2 ARP Configuration 2.1 Introduction to ARP Address Resolution Protocol (ARP) is used to resolve an IP address into a MAC address. I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses.
Page 160 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration corresponding MAC address of Host B and adds them to its own ARP mapping table. Then Host A sends Host B all the packets standing in the queue.
Page 161 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration ARP map entries with port parameters can be configured on manually aggregated ports or static aggregated ports, but cannot be configured on LACP-enabled dynamic aggregated ports.
Page 162 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration Table 2-3 Add multicast ARP ports Configuration step Command Description Enter system view system-view arp static ip-address mac-address multicast vlan-id multi-port interface-type ports interface-number vpn-instance vpn-instance-name ] To cancel the configuration, use the corresponding undo command.
Page 163 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration Table 2-4 Enable ARP proxy Operation Command Description Enter system view system-view Enter VLAN view vlan vlan-id vlan-id is the ID of a VLAN By default, ARP proxy function is...
Page 164 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 2 ARP Configuration Table 2-5 Configure the gratuitous ARP packet learning function Operation Command Description Enter system view system-view Required Enable gratuitous gratuitous-arp-learning By default, the gratuitous packet learning...
Page 165 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration Chapter 3 ARP Table Size Configuration 3.1 Introduction to ARP Table Size Configuration You can manually configure the maximum numbers of ARP entries (that is, the sizes of ARP tables) on an S9500 routing switch to meet your actual needs.
Page 166 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration Caution: After the configuration of a short static ARP entry, the system will include it into the number of normal ARP entries. If the short static ARP entry resolved from a non-aggregated port, the count will remain unchanged;...
Page 167 3.4 Configuration Example I. Network requirements A host is connected to a S9500 series routing switch. The model names of all the cards in the switch system are suffixed with C, CA, or CB. II. Network diagram...
Page 168 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration III. Configuration procedure # Configure the maximum number of ARP entries supported by the whole switch to 64K. <H3C> system-view System View: return to User View with Ctrl+Z.
Page 169 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Chapter 4 DHCP Configuration 4.1 Some Concepts about DHCP 4.1.1 BOOTP Relay Agent Bootstrap protocol (BOOTP) relay agent is an Internet host or router that transports DHCP messages between the DHCP server and DHCP clients.
Page 170 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration number of hosts in a network exceeds that of the available IP addresses, and position changes of hosts (when users carry their laptops from here to there, or move to a wireless network) require reassigned new IP addresses.
Page 171 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration IP addresses in the address pool of the DHCP server that are statically bound to the MAC addresses of the DHCP clients. IP addresses that are reclaimed by the DHCP server. That is, those in the Requested IP Addr Option fields of DHCP Discover packets sent by DHCP clients.
Page 172 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Second round registration A second round registration goes through the following steps: After going through the first round registration successfully and logging out, when the DHCP client logs on to the network again, it directly broadcasts a DHCP_Request packet that contains the IP address assigned to it in the first round registration instead of a DHCP_Discover packet.
Page 173 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Table 4-1 Enable/Disable DHCP service Operation Command Enable DHCP service dhcp enable Disable DHCP service undo dhcp enable DHCP service is disabled by default. 4.2.2 Configuring Processing Method of DHCP Packets You can perform the configurations listed in the following tables on your switch.
Page 174 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Table 4-3 Configure the processing method for multiple VLAN interfaces Operation Command Specify to forward DHCP packets to dhcp select global interface local DHCP server and let the local...
Page 175 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration 4.3 Configuring DHCP Server The following sections describe the DHCP server configuration tasks: Creating a Global DHCP IP Address Pool Configuring IP Address Assignment Mode Forbidding Specified IP Addresses to Be Automatically Assigned...
Page 176 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration inherited by its subnets, whose configurations in turn can be inherited by their clients. So, you can configure the parameters (such as domain name) that are common to all levels in the address pool structure or some subnets only for the network segment or for corresponding subnets.
Page 177 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration to the MAC address) and assigns the fixed IP address to the client. At present, only one-to-one MAC-IP binding is supported for global DHCP address pool.
Page 178 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Caution: A binding in a VLAN interface address pool cannot be overwritten directly. If an IP-to-MAC address binding entry is configured and you want to modify it, you must remove it and redefine a new one.
Page 179 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration You can set multiple IP address ranges that are not assigned automatically by executing the dhcp server forbidden-ip command multiple times. 4.3.4 Configuring Lease Time For DHCP Address Pool You can configure different lease times for different DHCP address pools.
Page 180 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Operation Command Restore the lease time of DHCP address undo dhcp server expired { interface pools of multiple VLAN interfaces to the vlan-interface vlan-id default value...
Page 181 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Table 4-15 Configure a DHCP client domain name for multiple VLAN interfaces Operation Command Configure a DHCP client domain dhcp server domain-name domain-name name for DHCP address pools of...
Page 182 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Operation Command Remove one or all DNS server addresses undo dhcp server dns-list configured for the DHCP address pool of the { ip-address | all } current VLAN interface III.
Page 183 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration II. Configuring NetBIOS server address for current VLAN interface Perform the following configuration in VLAN interface view. Table 4-20 Configure NetBIOS server address for current VLAN interface...
Page 184 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration m-node: Nodes of this type are p nodes which take some broadcast features. (m stands for mixed.) h-node: Nodes of this type are b nodes which take peer-to-peer mechanism. (h stands for hybrid.)
Page 185 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration By default, the DHCP clients of global and VLAN interface address pools are all of h-node type. 4.3.9 Configuring Custom DHCP Options With the evolvement of DHCP, new options come forth continuously. To utilize these options, you can manually add them to the property list of a DHCP server.
Page 186 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Operation Command Remove custom DHCP option undo dhcp server option code configured for DHCP address pools of { interface vlan-interface vlan-id [ to multiple VLAN interfaces...
Page 187 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Table 4-29 Configure parameters for DHCP server to send ping packets Operation Command Set the maximum number of ping dhcp server ping packets number packets the DHCP is allowed to send...
Page 188 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Operation Command Display the statistics about the DHCP display dhcp server statistics server Display the information about the display dhcp server tree { pool tree-like structure of DHCP address...
Page 189 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration II. Network diagram DHCP cli e nt DHCP cli e nt DHCP cli e nt DHCP cli e nt DHCP client DHCP client DHCP client DHCP client 10.110.0.0...
Page 190 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration 4.4 Configuring DHCP Relay 4.4.1 Introduction to DHCP Relay This is a world where networks are ever-growing in both size and complexity, and the network configuration is getting more and more complex. As is often the case, the...
Page 191 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration After receiving the packet, the DHCP server generates configuration information accordingly and sends it to the DHCP client through the DHCP Relay to complete the dynamic configuration of the DHCP client.
Page 192 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Caution: The IP address of the intended DHCP server for the DHCP relay feature cannot be IP address of the VLAN interface corresponding to the DHCP relay. Otherwise, the system gives the information such as “...
Page 193 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Table 4-35 Enable/disable DHCP security on a VLAN interface Operation Command Enable DHCP security on a VLAN dhcp relay security address-check interface enable Disable DHCP security on a VLAN...
Page 194 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration 4.4.4 DHCP Relay Configuration Example I. Network requirements As shown in Figure 4-4, two DHCP clients located at the same network segment (10.110.0.0) are connected to a switch through a port in VLAN 2. The switch, acting as a DHCP relay, is supposed to forward DHCP packets between the two DHCP clients and the DHCP server with the IP address of 202.38.1.2.
Page 195 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 4 DHCP Configuration Note: Besides the above configurations for DHCP Relay, you need to configure address pool on the DHCP server and make sure the DHCP server and the switch interface connecting the two DHCP clients is routing reachable with each other.
Page 196 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration Chapter 5 DHCP Option 82 Configuration 5.1 DHCP Option 82 Overview 5.1.1 Introduction to Option 82 Support on DHCP Relay Option 82 is the relay agent information option in the DHCP packets. When a DHCP...
Page 197 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration IV. Sub-option 2 Sub-option 2 also belongs to Option 82 and defines the Remote ID. Usually configured on the DHCP relay devices, it indicates that the forwarded packets will carry the MAC address of the relay device.
Page 198 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 3 ARP Table Size Configuration SubOpt Len SubOpt Len Sub-option Value Sub-option Value SubOpt Len SubOpt Len Sub-option Value Sub-option Value SubOpt Len SubOpt Len Sub-option Value Sub-option Value Figure 5-2 Sub-option structure SubOpt: Indicates the number of the sub-option.
Page 199 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 5 DHCP Option 82 Configuration Configuration”. The following only introduces the working mechanism of Option 82 H C P support on DHCP relay. A DHCP client broadcasts a request packet during initialization.
Page 200 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 5 DHCP Option 82 Configuration In addition, you should make proper configuration to ensure that the DHCP relay and the DHCP server devices are reachable to each other. For detailed configurations, refer to C hapter 4 “...
Page 201 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 5 DHCP Option 82 Configuration II. Network diagram DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client...
Page 202 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 6 DNS Configuration Chapter 6 DNS Configuration 6.1 Introduction to DNS Used in the TCP/IP application, Domain Name System (DNS) is a distributed database which provides the translation between domain name and the IP address. In this way, the user can use domain names that are easy to memorize and meaningful, and never needs to keep obscure IP addresses in mind.
Page 203 When the domain name suffix is used, if the input domain name does not include “.”, like “H3C”, the system regards it as a host name and add a domain name suffix to search. After all the domain names are failed to be searched out in this way, the system finally searches with the primarily input domain name.
Page 204 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 6 DNS Configuration 6.3.1 Enable/Disable Static Domain Name Resolution You can use the following command to enable dynamic domain name resolution. However, since dynamic domain name resolution may take some time, you can disable this function when you do not want to perform dynamic domain name resolution sometimes.
Page 205 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 6 DNS Configuration Table 6-4 Configure domain name suffix Operation Command Configure domain name suffix dns domain domain-name Delete domain name suffix undo dns domain [ domain-name ] 6.4 Displaying and Debugging Domain Name Resolution...
Page 206 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 6 DNS Configuration II. Network diagram 172.16.1.1 Internet DNS Server Switch Figure 6-1 Network diagram for DNS client III. Configuraiton procedure # Enable dynamic domain name resolution [H3C] dns resolve # Configure the IP address of the domain name server to 172.16.1.1.
Page 207 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 6 DNS Configuration Check whether there is a correct route between the domain name sever and the switch. Check whether there is network connection failure, such as network cable break,...
Page 208 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 7 IP Performance Configuration Chapter 7 IP Performance Configuration 7.1 Configuring IP Performance IP performance configuration includes: C onfiguring TCP Attributes 2 0 8 H 7.1.1 Configuring TCP Attributes TCP attributes that can be configured include: synwait timer: When sending the syn packets, TCP starts the synwait timer.
Page 209 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 7 IP Performance Configuration 7.2 Displaying and Debugging IP Performance After the above configuration, execute the display command in any view to display the running of the IP performance configuration, and to verify the effect of the configuration.
Page 210 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 7 IP Performance Configuration Operation Command Enable debugging debugging packet task-id connections socket-id ] Disable debugging undo debugging udp packet [ task-id connections socket-id ] Enable debugging debugging packet...
Page 211 Operation Manual – Network Protocol H3C S9500 Series Routing Switches Chapter 7 IP Performance Configuration Use the debugging tcp packet command to enable the TCP debugging to trace the TCP packets. Operations include: <H3C> terminal debugging <H3C> debugging tcp packet Then the TCP packets received or sent can be checked in real time.
Page 212 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route and Route Segment ................. 1-1 1.1.2 Route Selection through the Routing Table ............
Page 213 4.1.2 Process of OSPF Route Calculation ............... 4-1 4.1.3 OSPF Packets......................4-2 4.1.4 LSA Type......................... 4-3 4.1.5 Basic Concepts Related to OSPF ................4-3 4.1.6 OSPF Features Supported by S9500 Series ............4-5 4.2 Configuring OSPF......................4-6 4.2.1 Configuring Router ID ..................... 4-7 4.2.2 Enabling OSPF......................4-7 4.2.3 Entering OSPF Area View..................
Page 214 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Table of Contents 4.5 Troubleshooting OSPF Faults ..................4-33 Chapter 5 Integrated IS-IS Configuration..................5-1 5.1 Introduction to Integrated IS-IS..................5-1 5.1.1 Terms of IS-IS Routing Protocol ................5-1 5.1.2 Two-level Structure of IS-IS Routing Protocol ............5-2 5.1.3 NSAP Structure of IS-IS Routing Protocol ..............
Page 215 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Table of Contents 6.1.5 BGP Peer and Peer Group ..................6-4 6.2 Configuring BGP ........................ 6-5 6.2.1 6.2.1Enabling BGP....................6-5 6.2.2 Configuring Basic Features for BGP Peer .............. 6-6 6.2.3 Configuring application features of a BGP peer (group) ......... 6-9 6.2.4 Configuring Route Filtering of a Peer (group) ............
Page 216 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Table of Contents Chapter 8 Route Capacity Configuration ..................8-1 8.1 Introduction to Route Capacity Configuration..............8-1 8.1.1 Configuration Tasks ....................8-1 8.1.2 Setting the Maximum Number of Route Entries Supported by the System .... 8-1 8.1.3 Setting the Maximum Number of VRFs Supported by the System......
Page 217 S9500 series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS module in H3C S9500 Series Routing Switches Operation Manual.
Page 218 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 1 IP Routing Protocol Overview Route Route segment segment Figure 1-1 The concept of route segment As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also different.
Page 219 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 1 IP Routing Protocol Overview Output interface: It indicates an interface through which an IP packet should be forwarded. Next hop address: It indicates the IP address of the next router that an IP packet will pass through.
Page 220 1.2 Routing Management Policy For S9500 series, you can configure manually the static route to a specific destination, and configure dynamic routing protocol to interact with other routers on the network. The routing algorithm can also be used to discover routes. For the configured static routes and dynamic routes discovered by the routing protocol, the S9500 series implement unified management.
Page 221 By far, S9500 series support eight routes to implement load sharing. II. Route backup The S9500 series support route backup. When the main route fails, the system will automatically switch to a backup route to improve the network reliability. In order to achieve static route backup, the user can configure multiple routes to the same destination according to actual situations.
Page 222 The S9500 series support the import of routes discovered by one routing protocol into another. Each protocol has its own route importing mechanism. For details, refer to the description about "Importing an External Route"...
Page 223 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration 2.1 Introduction to Static Route 2.1.1 Static Route A static route is a special route configured manually by an administrator. You can set up an interconnecting network with the static route configuration.
Page 224 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 2 Static Route Configuration there is no default route and the destination address of the packet fails in matching any entry in the routing table, this packet will be discarded, and an internet control message protocol (ICMP) packet will be sent to the originating host to inform that the destination host or network is unreachable.
Page 225 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 2 Static Route Configuration The packets sent to NULL interface, a kind of virtual interface, will be discarded at once. This can decrease the system load. Preference Depending on the configuration of preference, you can achieve different route management policies.
Page 226 2.4 Typical Static Route Configuration Example I. Network requirements As shown in Figure 2-1, the masks of all the IP addresses are 255.255.255.0. It is required that all the hosts or S9500 series routing switches can be interconnected in pairs by static route configuration.
Page 227 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 2 Static Route Configuration II. Network diagram Host 1. 1.5. 1 Host 1. 1.5. 1 1.1.5. 2/2 4 1.1.5. 2/2 4 1.1.2. 2/2 4 1.1.2. 2/2 4 1.1.3. 1/2 4 1.1.3.
Page 228 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 2 Static Route Configuration Use the display ip routing-table protocol static command to view whether the configured static route is correct and in effect.
Page 229 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration Chapter 3 RIP Configuration 3.1 Introduction to RIP Routing Information Protocol (RIP) is a relatively simple interior gateway protocol (IGP), which is mainly applied to small scale networks.
Page 230 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration Period Update is triggered periodically to send all RIP routes to all neighbors. If the RIP route is not updated (a router receives the update packets from the neighbor) when the Timeout timer expires, this route is regarded as unreachable.
Page 231 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration If the link, which does not support broadcast or multicast packets, runs RIP, you need to configure RIP to send any packet to the specified destination, establishing RIP neighbors correctly.
Page 232 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration Perform the following configurations in RIP view. Table 3-2 Enable RIP Interface Operation Command Enable RIP on the specified network network network-address Disable RIP on the specified network...
Page 233 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration advertisement of the routes at the cost of efficiency. For example, split horizon is disabled on a NBMA network if it runs RIP. Perform the following configuration in interface view.
Page 234 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration 3.2.6 Configuring RIP to Import Routes of Other Protocols RIP allows users to import the route information of other protocols into the RIP routing table. RIP can import the routes of Direct, Static, OSPF, IS-IS and BGP, etc.
Page 235 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration II. Configuring RIP to filter the routes advertised by RIP Table 3-8 Configure RIP to filter the advertised routes Operation Command Configure RIP to filter the...
Page 236 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration 3.2.9 Configuring RIP-2 Route summary Function The so-called route summary means that different subnet routes in the same natural network can be aggregated into one natural mask route for transmission when they are sent to the outside (i.e.
Page 237 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration mode is that the hosts not operating RIP in the same network can avoid receiving RIP broadcast packets. In addition, this mode can also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2.
Page 238 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration always become unreachable at the point when a new period starts, the actual value of Garbage-collection timer is three to four times that of Period Update timer.
Page 239 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration Operation Command Enable the interface to send RIP update packet rip output Disable the interface to send RIP update packet undo rip output The undo rip work command and the undo network command have similar but not all the same functions.
Page 240 3.4 Typical RIP Configuration Example I. Network requirements As shown in Figure 3-1, the S9500 series routing switch C connects to the subnet 117.102.0.0 through the Ethernet port. The Ethernet ports of the S9500 series routing switches A and Switch B are respectively connected to the network 155.10.1.0 and 196.38.165.0.
Page 241 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 3 RIP Configuration II. Network diagram Network address: 155.10.1.0/24 Interface address: 155.10.1.1/24 SwitchA Interface address: Ethernet 110.11.2.1/24 Interface address: Interface address: 110.11.2.2/24 110.11.2.3/24 SwitchC SwitchB Interface address: Interface address: 117.102.0.1/16...
Page 242 [Switch C-rip] network 110.11.2.0 3.5 Troubleshooting RIP Faults Symptom: The S9500 series cannot receive the update packets when the physical connection to the peer routing device is normal. Solution: RIP does not operate on the corresponding interface (for example, the undo rip work command is executed) or this interface is not enabled through the network command.
Page 243 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Chapter 4 OSPF Configuration 4.1 OSPF Overview 4.1.1 Introduction to OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used, which is...
Page 244 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the nodes in the autonomous system. The external routing information is the leave node.
Page 245 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.1.4 LSA Type I. Five basic LSA types As mentioned previously, OSPF calculates and maintains routing information from LSAs. RFC2328 defines five LSA types as follows: Router-LSAs: Type-1.
Page 246 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration II. DR and BDR Designated Router (DR) In multi-access networks, if any two routers establish adjacencies, the same LSA will be transmitted repeatedly, wasting bandwidth resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only the DR (and the BDR) can establish adjacencies with other routers in this network.
Page 247 Figure 4-1 Area and route summary 4.1.6 OSPF Features Supported by S9500 Series The S9500 series support the following OSPF features: Support stub areas: OSPF defines stub areas to decrease the overhead when the routers within the area receive ASE routes.
Page 248 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Authenticator: OSPF provides clear text authenticator and MD5 encryption authenticator to authenticate packets transmitted between neighboring routers in the same area. Flexible configuration for the router port parameter: On the router port, you can...
Page 249 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Setting an SPF calculation interval for OSPF Configurations related to OSPF networking Configuring OSPF authentication Prohibit OSPF packet receiving/sending Configuring OSPF virtual link Configuring Stub area of OSPF...
Page 250 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration When enabling OSPF, pay attention to the following points: The default OSPF process ID is 1. If no process ID is specified in the command, the default one is adopted.
Page 251 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.2.5 Configuring OSPF to Import Routes of Other Protocols The dynamic routing protocols on the router can share the routing information. As far as OSPF is concerned, the routes discovered by other routing protocols are always processed as the external routes of AS.
Page 252 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration The routes that can be imported include Direct, Static, rip, is-is, and bgp. In addition, the routes of other OSPF processes can also be imported. Note: It is recommended to configure the imported route type, cost and tag for the import-route command simultaneously.
Page 253 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Operation Command Restore the default tag for the OSPF to import undo default tag external routes Configure the default type of external routes that default type { 1 | 2 }...
Page 254 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration If you use the default-route-advertise command on an ASBR or ABR of a common OSPF area, the system generates a Type-5 LSA, advertising the default route in the OSPF route area.
Page 255 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.2.7 Configuring OSPF Route Filtering Perform the following configuration in OSPF view. I. Configuring OSPF to filter the received routes Table 4-10 Enable OSPF to filter the received routes...
Page 256 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Note: The filter-policy import command only filters the OSPF routes of this process received from the neighbors, and routes that cannot pass the filter will not be added to the routing table.
Page 257 Cancel route summary of OSPF area undo abr-summary ip-address mask By default, route summary is disabled on ABRs. II. Configuring summarization of imported routes by OSPF OSPF of the S9500 series supports route summary of imported routes. Perform the following configurations in OSPF view. 4-15...
Page 258 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Table 4-15 Configure summarization of imported routes by OSPF Operation Command Configure summarization of imported asbr-summary ip-address mask routes by OSPF [ not-advertise | tag value ]...
Page 259 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration According to RFC2328, the consistency of Hello intervals between network neighbors should be kept. The Hello interval value is in inverse proportion to the route convergence rate and network load.
Page 260 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Table 4-19 Set an interval for LSA retransmission between neighboring routers Operation Command Configure the interval of LSA retransmission ospf timer retransmit interval for the neighboring routers...
Page 261 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration With OSPF, NBMA refers to the networks that are fully connected, non-broadcast and multi-accessible. However, a p2mp network is not necessarily fully connected. DR and BDR are required on a NBMA network but not on p2mp network.
Page 262 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.2.13 Setting the Interface Priority for DR Election On a broadcast or NBMA network, a designated router (DR) and a backup designated router (BDR) must be elected.
Page 263 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration By default, the priority of the interface is 1 in the DR election. Use the ospf dr-priority and peer commands to set priorities with different usages: Use the ospf dr-priority command to set priority for DR selection.
Page 264 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration For S9500 series, the default cost for running OSPF on the VLAN interface is 10. 4.2.16 Configuring to Fill the MTU Field When an Interface Transmits DD Packets OSPF-running routers use Database Description (DD) packets to describe their own LSDBs during LSDB synchronization.
Page 265 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.2.18 Disabling the Interface to Send OSPF Packets To prevent OSPF routing information from being acquired by the routers on a certain network, use the silent-interface command to disable the interface to transmit OSPF packets.
Page 266 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration By default, the area does not support packet authentication. II. Configuring OSPF packet authentication OSPF supports simple authentication or MD5 authentication between neighboring routers. Perform the following configuration in interface view.
Page 267 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration physical interfaces, you can also configure various interface parameters on this link, such as hello timer. The "logic channel" means that the routers running OSPF between two ABRs only take...
Page 268 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Table 4-31 Configure stub area of OSPF Operation Command Configure an area to be the stub area stub [ no-summary ] Remove the configured stub area...
Page 269 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Perform the following configuration in OSPF area view. Table 4-32 Configure NSSA of OSPF Operation Command nssa default-route-advertise Configure an area to be the NSSA area...
Page 270 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration By default, MIB is bound to the first enabled OSPF process. II. Configuring OSPF TRAP The OSPF Trap function enables the switch to send multiple types of SNMP Trap packets in case of OSPF process exceptions.
Page 271 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration 4.3 Displaying and Debugging OSPF After the above configuration, execute the display command in any view to display the running of the OSPF configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the OSPF module.
Page 272 4.4.1 Configuring DR Election Based on OSPF Priority I. Network requirements Four S9500 series, Switch A, Switch B, Switch C and Switch D, which can perform the router functions and run OSPF, are located on the same segment, as shown in the following figure.
Page 273 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration [Switch A-Vlan-interface1] ospf dr-priority 100 [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch B.
Page 274 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration Only when the current DR is offline, will the DR be changed. Shut down Switch A, and execute the display ospf peer command on Switch D to display its neighbors. Note that the original BDR (Switch C) becomes the DR, and Switch B is BDR now.
Page 275 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration [Switch B] interface vlan-interface 8 [Switch B-Vlan-interface8] ip address 197.1.1.2 255.255.255.0 [Switch B] router id 2.2.2.2 [Switch B] ospf [Switch B-ospf-1] area 0 [Switch B-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [Switch B-ospf-1-area-0.0.0.0] quit...
Page 276 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 4 OSPF Configuration If the physical link and the lower layer protocol are normal, check the OSPF parameters configured on the interface. The parameters should be the same parameters configured on the router adjacent to the interface. The same area ID should be used, and the networks and the masks should also be consistent.
Page 277 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Chapter 5 Integrated IS-IS Configuration 5.1 Introduction to Integrated IS-IS Intermediate System-to-Intermediate System (IS-IS) intra-domain routing information exchange protocol is designed by the international organization for standardization (ISO) for connection-less network protocol (CLNP).
Page 278 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration II. Link types IS-IS routing protocol is applied to IS-IS routing protocol can run on point to point Links, such as PPP, HDLC and others.
Page 279 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Area 1 Area 2 Routing Domain 1 Routing Domain 2 Routing Domain Boundary Area 3 IS-IS Area End system Intermediate system Subnetwork Path Interdomain Routing...
Page 280 System ID System ID uniquely identifies terminal system or router in a route area. You can select length for it. For S9500 series, System ID length is 48 bits (6 bytes). In general, you can obtain System ID according to Router_ID.
Page 281 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration You can specify a System ID using different methods. However, you should ensure a System ID can uniquely identify a terminal system or a router.
Page 282 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration II. LSP Link state packet (LSP) can switch link state information. LSP can be divided into Level-1 LSP and Level-2 LSP. Level-2 routers transmit Level-2 LSPs; Level-1 routers transmit Level-1 LSPs;...
Page 283 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Configuring IS-IS Timers Setting Parameters Related to LSP Setting Parameters Related to SPF Configuration related to IS-IS networking Setting IS-IS Authentication Setting Overload Flag Bit...
Page 284 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration The format of the network-entity-title argument is X…X.XXXXXXXXXXXX.XX, among which the first “X…X” is the area address, the twelve Xs in the middle is the System ID of the router.
Page 285 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration 5.2.5 Setting Router Type Based upon the position of the router, the levels can be divided into Level-1 (intra-domain router), Level-2 (inter-domain router) and Level-1-2 (that is, intra-domain router as well as inter-domain router).
Page 286 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration 5.2.7 Configuring IS-IS to Import Routes of Other Protocols For IS-IS, the routes discovered by other routing protocols are processed as the routes outside the routing domain. When importing the routes of other protocols, you can specify the default cost for them.
Page 287 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration II. Configuring to filter the advertised routes Table 5-9 Configure to filter the advertised routes Operation Command Configure to filter the routes advertised filter-policy acl-number...
Page 288 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration 5.2.10 Setting IS-IS Route Summary Users can set the routes with the same next hops as one route in the routing table. Perform the following configurations in IS-IS view.
Page 289 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Perform the following configuration in IS-IS view. Table 5-13 Configure the preference of IS-IS protocol Operation Command Configure the preference of IS-IS protocol preference value...
Page 290 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration The value argument is configured according to the link state of the interface. By default, the routing cost of IS-IS on an interface is 10.
Page 291 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration If neither level-1 nor level-2 is specified, the default setting is Level-1 and Level-2 Hello interval. Namely, the command works on both Level-1 and Level-2.
Page 292 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Table 5-20 Set the LSP packet transmission interval Operation Command Set LSP packet interval on the interface. isis timer lsp time Restore the default LSP packet interval on the interface undo isis timer lsp By default, the LSP packet is transmitted via the interface every 33 milliseconds.
Page 293 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration If this command does not specify level-1 or level-2, the system regard the invalid Hello packets are set for both Level-1 and Level-2 routers. 5.2.16 Setting IS-IS Authentication I.
Page 294 Set the IS-IS to use the default MD5 algorithm undo md5-compatible By default, the system uses the H3C MD5 algorithm. 5.2.17 Setting the Mesh Group of the Interface On a NBMA network, the interface of a router will flood the received LSP to other interfaces.
Page 295 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Table 5-26 Set the mesh group of the interface Operation Command isis mesh-group { mesh-group-number | Add an interface to a mesh group mesh-blocked }...
Page 296 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Table 5-28 Set to discard the LSPs with checksum errors Operation Command Set to discard the LSP with checksum error ignore-lsp-checksum-error Set to ignore the LSP checksum error undo ignore-lsp-checksum-error By default, the LSP checksum error is ignored.
Page 297 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Perform the following configuration in IS-IS view. Table 5-31 Set Lifetime of LSP Operation Command Set lifetime of LSP timer lsp-max-age seconds Restore the default LSP lifetime undo timer lsp-max-age By default, LSP can live for 1200 seconds (20 minutes).
Page 298 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration By default, SPF calculation is not divided into slices but runs to the end once, which can also be implemented by setting the seconds argument to 0.
Page 299 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration The silent-interface command is only used to restrain the IS-IS packets not to be sent on the interface, but the interface routes can still be sent from other interfaces. On a switch, this command can disable/enable the specified VLAN interface to send IS-IS packets.
Page 300 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration Table 5-38 Display and debug IS-IS Operation Command display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | Display IS-IS LSDB...
Page 301 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration II. Network diagram Vlan-interface 101 Vlan-interface 102 100.0.0.1/24 Switch B 200.0.0.1/24 Switch A Vlan-interface 100 Vlan-interface 100 100.10.0.1/24 100.10.0.2/24 Vlan-interface 102 Vlan-interface 101 100.20.0.1/24 200.10.0.1/24...
Page 302 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 5 Integrated IS-IS Configuration [Switch B-Vlan-interface100] isis enable # Configure Switch C [Switch C] isis [Switch C-isis] network-entity 86.0001.0000.0000.0007.00 [Switch C] interface vlan-interface 101 [Switch C-Vlan-interface101] ip address 200.10.0.2 255.255.255.0...
Page 303 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Chapter 6 BGP Configuration 6.1 BGP/MBGP Overview 6.1.1 Introduction to BGP Border gateway protocol (BGP) is an inter-autonomous system (inter-AS) dynamic route discovery protocol. Three early versions of BGP are BGP-1 (RFC1105), BGP-2 (RFC1163) and BGP-3 (RFC1267).
Page 304 BGP speakers among which messages are exchanged are peers to one another. Multiple related peers compose a peer group. I. Route advertisement policy In the implementation of S9500 series, these policies are used by BGP when advertising routes: If there are multiple routes available, a BGP speaker only selects the optimum one.
Page 305 Once the connection is set up, a BGP speaker will advertise all its BGP routes to its peers. II. Route selection policy In the implementation of S9500 series, these policies are adopted for BGP to select routes: First discard the routes unreachable to the next hop.
Page 306 II. Relationship between peer configuration and peer group configuration In S9500 series, a BGP peer must belong to a peer group. If you want to configure a BGP peer, you need first to create a peer group and then add a peer into the group.
Page 307 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration 6.2 Configuring BGP These categories are involved in BGP configuration: Basic BGP configuration 6.2.1Enabling BGP Configuring Basic Features for BGP Peer BGP peer configuration Configuring application features of a BGP peer (group)
Page 308 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Table 6-1 Enable/Disable BGP Operation Command Enable BGP and enter the BGP view bgp as-number Disable BGP undo bgp [ as-number ] By default, BGP is not enabled.
Page 309 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Table 6-3 Configure AS number of a EBGP peer group Operation Command Configure the AS number of the EBGP peer group-name as-number peer group as-number Delete the AS number of the EBGP peer...
Page 310 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration When exchanging routing information between BGP speakers, the peer group must be enabled first and then the peer should be added to the enabled peer group.
Page 311 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration higher than the timer command that is used to configure timers for the whole BGP peers. Perform the following configuration in BGP view. Table 6-9 Configure timer of a peer (group)
Page 312 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Table 6-11 Configure to permit connections with EBGP peer groups on indirectly connected networks Operation Command Configure to permit connections with EBGP peer group-name ebgp-max-ho peer groups on indirectly connected networks...
Page 313 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration After you use the peer default-route-advertise command, the local router will send a default route with the next hop as itself to the peer unconditionally, even if there is no default route in BGP routing table.
Page 314 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration VI. Configuring to send the community attributes to a peer group Perform the following configuration in BGP view. Table 6-16 Configure to send the community attributes to a peer group...
Page 315 TCP link. 6.2.4 Configuring Route Filtering of a Peer (group) S9500 series support filtering imported and advertised routes for peers (groups) through Route-policy, AS path list, ACL and ip prefix list. The route filtering policy of advertised routes configured for each member of a peer group must be same with that of the peer group but their route filtering policies of ingress routes may be different.
Page 316 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration I. Configuring route policy for a peer (group) Table 6-20 Configure route policy for a peer (group) Operation Command Configure the ingress route policy for a...
Page 317 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration The acl-number argument indicates AS path list number, which is configured by means of the ip as-path-acl command instead of the acl command. For the detailed configuration, refer to Chapter 7 “IP Routing Policy Configuration”.
Page 318 Command Cancel the synchronization of BGP and IGP undo synchronization By default, BGP does not synchronize with IGP. S9500 series switches do not support synchronization of BGP and IGP. 6.2.7 Configuring BGP Route Aggregation The BGP supports two forms of route aggregation: Automatic aggregation (by means of the summary command): The aggregation of IGP subnet routes imported by the BGP.
Page 319 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Perform the following configuration in BGP view. Table 6-27 Configure BGP route aggregation Operation Command Enable automatic aggregation of summary subnet routes Disable automatic aggregation of...
Page 320 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration II. Configuring to filter the routes advertised by other protocols Perform the following configuration in the BGP view. Table 6-29 Configure to filter the routes advertised by other routing protocols...
Page 321 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration is the basis to evaluate the future stability. When the route flapping occurs, penalty will be given, and when the penalty reaches a specific threshold, the route will be suppressed.
Page 322 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration The ebgp-value, ibgp-value and local-value arguments are in the range of 1 to 256. By default, the first two is 256 and the last one is 130.
Page 323 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration 6.2.13 Configuring MED for AS Multi-Exit Discriminators (MED) attribute is the external metric for a route. AS uses the local preference to select the route to the outside, and uses the MED to determine the optimum route for entering the AS.
Page 324 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration 6.2.15 Configuring BGP Route Reflector To ensure the interconnection between IBGP peers, it is necessary to establish a fully connected network. If there are many IBGP peers, large overhead is needed to establish a fully connected network.
Page 325 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration This command works on IBGP peer groups only. By default, all IBGP routes in an AS must be full-connected, and neighbors do not advertise learned IBGP routes to one another.
Page 326 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration 6.2.16 Configuring BGP AS Confederation Attribute Confederation provides the method to handle the booming IBGP network connections inside AS. It divides the AS into multiple sub-AS, in each of which all IBGP peers are fully connected, and are connected with other sub-AS of the confederation.
Page 327 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration The configured sub-AS number is valid only inside the confederation. In addition, the number cannot be the same as the AS number of a peer in the peer group for which you have not configured an AS number.
Page 328 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration AS100 Router A Router B Router C Router E Router D AS200 Figure 6-2 A schematic diagram of BGP load balancing As shown in Figure 6-2, Router D and Router E are IBGP peers of Router C. When...
Page 329 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration By default, the BGP does not implement load balancing. 6.2.18 Clearing BGP Connection After the user changes BGP policy or protocol configuration, they must cut off the current connection so as to enable the new configuration.
Page 330 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Table 6-46 Display and debug BGP Operation Command Display the routing information in BGP display bgp routing-table [ ip-address routing table [ mask ] ] Display filtered AS path information in...
Page 331 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Operation Command Enable/disable debugging of all BGP [ undo ] debugging bgp all packets Enable/disable BGP event debugging [ undo ] debugging bgp event Enable/disable Keepalive...
Page 332 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration II. Network diagram AS100 Switch B AS1001 Switch A AS1002 172.68.10.1 172.68.10.2 Ethernet 172.68.10.3 172.68.1.1 172.68.1.2 156.10.1.1 Switch C Switch D AS1003 156.10.1.2 Switch E AS200 Figure 6-3 Network diagram for AS confederation configuration III.
Page 333 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration # Configure Switch C: [Switch C] bgp 1003 [Switch C-bgp] confederation id 100 [Switch C-bgp] confederation peer-as 1001 1002 [Switch C-bgp] group confed1001 external [Switch C-bgp] peer confed1001 as-number 1001...
Page 334 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration [Switch A-Vlan-interface100] ip address 1.1.1.1 255.0.0.0 [Switch A-Vlan-interface100] quit [Switch A] bgp 100 [Switch A-bgp] network 1.0.0.0 255.0.0.0 [Switch A-bgp] group ex external [Switch A-bgp] peer 192.1.1.2 group ex as-number 200...
Page 335 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration group in internal [Switch D-bgp] peer 194.1.1.1 group in Using the display bgp routing-table command, you can view BGP routing table on Switch B. Note: Switch B has known the existence of network 1.0.0.0.
Page 336 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration [Switch A-bgp] group ex192 external [Switch A-bgp] peer 192.1.1.2 group ex192 as-number 200 [Switch A-bgp] group ex193 external [Switch A-bgp] peer 193.1.1.2 group ex193 as-number 200...
Page 337 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Configure Switch C: [Switch C] interface Vlan-interface 3 [Switch C-Vlan-interface3] ip address 193.1.1.2 255.255.255.0 [Switch C] interface vlan-interface 5 [Switch C-Vlan-interface5] ip address 195.1.1.2 255.255.255.0 [Switch C] ospf [Switch C-ospf-1] area 0 [Switch C-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255...
Page 338 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration [Switch C-acl-basic-2000] rule deny source any Define a route policy named Localpref, and set the local preference of routes matching ACL 2000 to 200, and that of routes not matching to 100.
Page 339 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 6 BGP Configuration Solution: Route imported by the network command should be same as a route in the current routing table, which should include destination segment and mask. Route covering large network segment cannot be imported.
Page 340 7.1.1 Filter In S9500 series, five kinds of filters, Route-policy, ACL, AS-path, Community-list, and IP-prefix, are provided to be called by the routing protocols. The following sections introduce these filters respectively.
Page 341 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration its matching objects are the destination address information domain of the routing information. An IP-prefix is identified by the IP-prefix name. Each IP-prefix can include multiple list items, and each list item can independently specify the match range of the network prefix forms and is identified with an index-number.
Page 342 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration Note: For the configuration of ACL, refer to the “QoS/ACL Operation” part of this manual. Applications of routing policies include: Applying Route Policy on Imported Routes Applying Route Policy on Received or Advertised Routes 7.2.1 Configuring a Route-policy...
Page 343 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration The nodes have the “OR” relationship. In other words, the router will test the route against the nodes in the route-policy in sequence. Once a node is matched, the route-policy filtering will be passed.
Page 344 OSPF routing information Note: For the details about the if-match mpls-label and if-match vpn-target commands, refer to the 08-MPLS command module in the H3C S9500 Series Routing Switches Command Manual. By default, no matching will be performed. Note the following: The if-match clauses for a node in the route-policy have the relationship of “AND”...
Page 345 Cancel the tag domain of the OSPF undo apply tag routing information Note: For the details about the apply mpls-label command, refer to the 08-MPLS command module in the H3C S9500 Series Routing Switches Command Manual. By default, perform no settings.
Page 346 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration Note that if the routing information meets the match conditions specified in the route-policy and also notifies the MED value configured with the apply cost-type internal when notifying the IGP route to the EBGP peers, then this value will be regarded as the MED value of the IGP route.
Page 347 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration Table 7-5 Define the AS path list Operation Command ip as-path-acl acl-number { permit | Define the AS path list deny } as-regular-expression Delete the specified AS path list undo ip as-path-acl acl-number By default, no AS path list is defined.
Page 348 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration Perform the following configuration in routing protocol view. Table 7-7 Configure to import the routes of other protocols Operation Command import-route protocol [ med med | cost...
Page 349 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration II. Configuring to filter the advertised routes You may define a route advertisement policy to filter advertised routing information. This can be done by referencing an ACL or IP prefix-list to filter routing information that does not meet the conditions, or by specifying a protocol to filter routing information of that protocol only.
Page 350 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration Operation Command Display the path information of the AS display ip as-path-acl [ acl-number ] filter in BGP Display the address prefix list information display ip ip-prefix [ ip-prefix-name ] 7.4 Typical IP Routing Policy Configuration Example...
Page 351 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 # Import the static routes [Switch A-ospf-1] import-route static Configure Switch B: # Configure the IP address of VLAN interface.
Page 352 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 7 IP Routing Policy Configuration as to let all the other routes pass the filtering (If less-equal 32 is not specified, only the default route will be matched). 7-13...
Page 353 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 8 Route Capacity Configuration Chapter 8 Route Capacity Configuration 8.1 Introduction to Route Capacity Configuration In an actual network application, a routing table may contain a large quantity of route entries (especially OSPF routes and BGP routes).
Page 354 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 8 Route Capacity Configuration 8.1.3 Setting the Maximum Number of VRFs Supported by the System Table 8-3 Set the maximum number of VRFs supported by the system Configuration steps...
Page 355 Operation Manual – Routing Protocol H3C S9500 Series Routing Switches Chapter 9 Recursive Routing Configuration Chapter 9 Recursive Routing Configuration 9.1 Recursive Routing Overview Every route entry must have its next hop address. For a common route, its next hop address is within the network segment to which the router is directly connected;...
Page 356 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 IP Multicast Overview....................1-1 1.1 IP Multicast Overview ......................1-1 1.1.1 Problems with Unicast/Broadcast ................1-1 1.1.2 Advantages of Multicast ..................1-2 1.1.3 Application of Multicast ...................
Page 357 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Table of Contents 4.2.2 Configuring Multicast Routing Table Size Limit ............4-2 4.2.3 Clearing MFC Forwarding Entries or Its Statistic Information......... 4-2 4.2.4 Clearing Route Entries from the Kernel Multicast Routing Table ......4-2 4.3 Managed multicast Configuration ..................
Page 358 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Table of Contents 6.2.5 Configuring the Filtering of Multicast Source/Group ..........6-5 6.2.6 Configuring the Filtering of PIM Neighbor............... 6-5 6.2.7 Configuring the Maximum Number of PIM Neighbor on an Interface ..... 6-5 6.2.8 Clearing PIM Routing Table Entries................
Page 359 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Table of Contents 8.2.8 Controlling the Source Information Created............8-8 8.2.9 Controlling the Source Information Forwarded ............8-9 8.2.10 Controlling the Received Source Information ............. 8-10 8.2.11 Configuring MSDP Mesh Group................8-10 8.2.12 Configuring the MSDP Connection Retry Period ..........
Page 360 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview Chapter 1 IP Multicast Overview Note: An Ethernet switch functions as a router when it runs IP multicast protocol. A router that is referred to in the following represents a generalized router or a layer 3 Ethernet switch running IP multicast protocol.
Page 361 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview over the network if there is a large number of users in need of this information. As the bandwidth would turn short, the unicast mode is incapable of massive transmission.
Page 362 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview User A User A User B User B Multicast Multicast User C User C User D User D Server Server User E User E Figure 1-3 Data transmission in multicast mode Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the information can reach them smoothly.
Page 363 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview Occasional communication for training and cooperation Data storage and finance (stock) operation Point-to-multipoint data distribution With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace.
Page 364 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview Table 1-1 Ranges and meanings of Class D addresses Class D address range Description Reserved multicast addresses (addresses of 224.0.0.0∼224.0.0.255 permanent groups). All but 224.0.0.0 can be allocated by routing protocols.
Page 365 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview Class D address range Description 224.0.0.17 All SBMS 224.0.0.18 VRRP …… …… II. Ethernet Multicast MAC Addresses When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver.
Page 366 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview User A IGMP User B User C MBGP/MSDP IGMP Multicast User D IGMP Server User E Figure 1-5 Application positions of multicast-related protocols I. Multicast group management protocol Multicast groups use Internet group management protocol (IGMP) as the management protocols.
Page 367 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 1 IP Multicast Overview uses the source address of a received multicast packet to query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the shortest path from the receiving station to the source.
Page 368 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview 2.1.1 IGMP Snooping Principle Running on the link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 369 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Video stream Video stream Multicast group member Non-multicast...
Page 370 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement IGMP...
Page 371 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration If the corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer.
Page 372 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration By default, IGMP Snooping is disabled. Caution: First enable IGMP Snooping globally in system view, and then enable IGMP Snooping in VLAN view. Otherwise, IGMP Snooping will not take effect.
Page 373 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration 2.2.3 Configuring Maximum Response Time This task is to manually configure the maximum response time. If the Ethernet switch receives no report message from a port within the maximum response time, it will remove the port from the multicast group.
Page 374 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration there is no member port or router port, the packets will be directly dropped, instead of being forwarded. Caution: If IGMP snooping is not enabled on the VLAN (nor Layer 3 multicast), unknown multicast packets are broadcasted within the VLAN no matter whether this function is enabled or not.
Page 375 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration Operation Command Cancel the filtering rule of multicast undo igmp-snooping group-policy groups in the specified VLAN By default, no filtering rule is set for a VLAN. In this case, a host can be joined to any multicast group.
Page 376 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration For detailed configuration, refer to the H3C S9500 Series Routing Switches Command Manual. Note: Fast leave configurations that are configured in system view and Ethernet port view operate separately.
Page 377 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration 2.3.3 Configuring a Multicast Static Routing Port You can configure a port in a VLAN to be a static routing port in VLAN view. Table 2-8 Configure a port in a VLAN to be a static routing port in VLAN view...
Page 378 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration Caution: You will fail to configure a port to be a static routing port if the port identified by the port-number argument does not exist, or the port does not belong to the VLAN.
Page 379 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration 2.5 IGMP Snooping Configuration Example 2.5.1 Enable IGMP Snooping I. Networking requirements To implement IGMP Snooping on the switch, you need to enable IGMP Snooping on the switch first.
Page 380 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 2 IGMP Snooping Configuration [H3C-vlan10] igmp-snooping enable 2.6 Troubleshoot IGMP Snooping Fault: Multicast function cannot be implemented on the switch. Troubleshooting: IGMP Snooping is disabled. Carry out the display current-configuration command in any view to display the status of IGMP Snooping.
Page 381 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 3 Multicast VLAN Configuration Chapter 3 Multicast VLAN Configuration 3.1 Multicast VLAN Overview Based on the current multicast on demand, when users in different VLANs request the service, multicast flow is duplicated in each VLAN and thus a great deal of bandwidth is wasted.
Page 382 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 3 Multicast VLAN Configuration Note: A port can only belong to one multicast VLAN. The type of the ports connected to user terminals must be hybrid untagged. The current system supports up to three multicast VLANS.
Page 383 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 3 Multicast VLAN Configuration II. Network diagram Sw itch A Sw itch A Sw itch A Sw itch A Sw itch A Sw itch A Sw itch A Sw itch A...
Page 384 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 3 Multicast VLAN Configuration Configure Switch B # Enable IGMP Snooping. <Switch B> system-view System View: return to User View with Ctrl+Z. [Switch B] igmp-snooping enable # Enable IGMP-Snooping on VLAN 2 and VLAN 3.
Page 385 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration Chapter 4 Common Multicast Configuration 4.1 Introduction to Common Multicast Configuration The multicast common configuration is for both the multicast group management protocol and the multicast routing protocol. The configuration includes enabling IP multicast routing, displaying multicast routing table and multicast forwarding table, etc.
Page 386: Configuring Multicast Routing Table Size Limit
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration 4.2.2 Configuring Multicast Routing Table Size Limit Because too many multicast routing table entries may exhaust the router memory, you need to limit the size of the multicast routing table.
Page 387: Managed Multicast Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration 4.3 Managed multicast Configuration 4.3.1 Managed multicast Overview The managed multicast feature controls user’s authority to join multicast groups. This feature is based on ports: users must first pass the 802.1x authentication set for their ports.
Page 388: Managed Multicast Configuration Example
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration Table 4-7 Configure managed multicast in local user view Operation Command Set multicast group which users are multicast ip-address ip-address authorized to join (managed multicast) &<1-9>...
Page 389: Configuring Broadcast/Multicast Suppression
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration III. Configuration procedure Managed multicast is a module combined with 802.1x, so you need to perform the following configuration beside multicast configuration: # Enable managed multicast globally.
Page 390: Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration 4.4.2 Configuration Table 4-8 Configuring Broadcast/Multicast Suppression Operation Command Description Enter system view system-view Required Enter Ethernet port interface interface-type interface-type must view interface-number Ethernet...
Page 391 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 4 Common Multicast Configuration Table 4-9 Displaying and Debugging Common Multicast Configuration Operation Command display multicast routing-table group-address mask mask mask-length } ] | source-address [ mask Display the multicast routing table...
Page 392: Chapter 5 Igmp Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Chapter 5 IGMP Configuration 5.1 IGMP Overview 5.1.1 Introduction to IGMP Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring routers.
Page 393: Introduction To Igmp Proxy
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration address is elected as the querier when there are multiple multicast routers on the same network segment. II. Leaving group mechanism In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router.
Page 394 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration I. Description of IGMP proxy configuration Exterior network Exterior network Switch A Switch A Switch A Switch A Switch A 外部网络外部网络 33.33.33.1 33.33.33.1 33.33.33.1 33.33.33.1 33.33.33.1...
Page 395: Igmp Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Switch A processes the message after receiving the IGMP message sent by Switch B through the interface of VLAN 100, just as the message is sent by a host directly connected to the interface of VLAN 100.
Page 396: Configuring The Igmp Version
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Table 5-1 Enabling/Disabling IGMP on an interface Operation Command Enable IGMP on an interface igmp enable Disable IGMP on an interface undo igmp enable Caution: If the VLAN VPN is enabled on a port, the IGMP Snooping feature cannot be enabled on the VLAN for the port or the IGMP feature cannot be enabled on the corresponding VLAN interface.
Page 397: Configuring The Interval To Send Igmp Query Message
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration 5.2.4 Configuring the Interval to Send IGMP Query Message Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast routers send query messages periodically to refresh their knowledge of members present on their networks.
Page 398: Configuring The Present Time Of Igmp Querier
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration I. Configuring interval for querying IGMP packets Table 5-4 Configuring interval for querying IGMP packets Operation Command Configure interval for querying igmp lastmember-queryinterval seconds IGMP packets...
Page 399: Configuring Maximum Response Time For Igmp Query Message
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration 5.2.7 Configuring Maximum Response Time for IGMP Query Message When a router receives a query message, the host will set a timer for each multicast group it belongs to. The value of the timer is randomly selected between 0 and the maximum response time.
Page 400: Configuring A Router To Join Specified Multicast Group
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration 5.2.9 Configuring a Router to Join Specified Multicast Group Usually, the host operating IGMP will respond to IGMP query packet of the multicast router. In case of response failure, the multicast router will consider that there is no multicast member on this network segment and will cancel the corresponding path.
Page 401: Configuring The Filtering Rule Of Multicast Groups
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Table 5-10 Deleting IGMP groups joined on an interface Operation Command Delete IGMP groups reset igmp group { all | interface vlan-interface joined on an interface...
Page 402: Enabling/Disabling Igmp Fast Leaving
Disable IGMP fast leave [ vlan { vlan-id [ to vlan-id ] } &<1-10> ] For detailed configuration, refer to the H3C S9500 Series Routing Switches Command Manual. Note: Fast leaves that are configured in system view and Ethernet port view operate separately.
Page 403: Igmp Proxy Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Caution: If the specified VLANs do not exists, the port does not belongs to any of the specified VLANs, or the VLANs do not have IGMP enabled, you can still configure the fast leave feature, but the configuration will not take effect.
Page 404: Igmp Configuration Example
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Caution: You need to enable PIM protocol for a VLAN interface before executing the igmp proxy command in its VLAN interface view. If you configure the IGMP proxy interface for a VLAN interface multiple times, the latest configured IGMP proxy interface will be effective.
Page 405 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration II. Network diagram Exterior network Exterior network Switch A Switch A Switch A Switch A Switch A 外部网络外部网络 33.33.33.1 33.33.33.1 33.33.33.1 33.33.33.1 33.33.33.1 VL AN interface 1...
Page 406: Displaying And Debugging Igmp
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration # Configure the interface of VLAN 100 to be the IGMP proxy interface of the interface of VLAN 200. [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface 200] igmp proxy Vlan-interface 100 Configure Switch A.
Page 407 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 5 IGMP Configuration Table 5-14 Displaying and debugging IGMP Operation Command Display information about display igmp group [ group-address | members of IGMP multicast groups interface vlan-interface interface-number ]...
Page 408: Chapter 6 Pim-Dm Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration Chapter 6 PIM-DM Configuration 6.1 PIM-DM Overview 6.1.1 Introduction to PIM-DM PIM-DM (Protocol Independent Multicast, Dense Mode) belongs to dense mode multicast routing protocols. PIM-DM is suitable for small networks. Members of multicast groups are relatively dense in such network environments.
Page 409 IP address will be the upstream neighbor of the (S, G) entry, which is responsible for forwarding the (S, G) multicast packet. Note: Currently assert mechanism is not available on the H3C S9500 Series Routing Switches.
Page 410: Pim-Dm Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration IV. Graft When the pruned downstream node needs to be restored to the forwarding state, the node will send a graft packet to inform the upstream node.
Page 411: Configuring The Time Intervals For Ports To Send Hello Packets
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration 6.2.3 Configuring the Time Intervals for Ports to Send Hello Packets When protocol independent multicast (PIM) protocol is enabled for a port, the port sends Hello packets periodically. The time intervals to send Hello packets vary with the bandwidth and type of the connected networks.
Page 412: Configuring The Filtering Of Multicast Source/Group
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration 6.2.5 Configuring the Filtering of Multicast Source/Group You can set to filter the source (and group) address of multicast data packets via this command. When this feature is configured, the router filters not only multicast data, but the multicast data encapsulated in the registration packets.
Page 413: Clearing Pim Routing Table Entries
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration Table 6-6 Configuring the maximum number of PIM neighbor on an interface Operation Command Configure the maximum number of PIM neighbor on an pim neighbor-limit limit...
Page 414: Pim-Dm Configuration Example
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration Table 6-9 Displaying and debugging PIM-DM Operation Command display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] | **rp [ rp-address...
Page 415 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration II. Networking diagram VL AN20 VL AN20 VL AN20 VL AN10 VL AN10 VL AN10 VL AN11 VL AN11 VL AN11 RECEIVER 1 RECEIVER 1 RECEIVER 1...
Page 416 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 6 PIM-DM Configuration [H3C-vlan-interface12] ip address 3.3.3.3 255.255.0.0 [H3C-vlan-interface11] igmp enable [H3C-vlan-interface12] pim dm Note: You should enable PIM-DM on all equal-cost routes if there are any.
Page 417: Chapter 7 Pim-Sm Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Chapter 7 PIM-SM Configuration 7.1 PIM-SM Overview 7.1.1 Introduction to PIM-SM PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope in which group members are relatively sparse.
Page 418: Preparations Before Configuring Pim-Sm
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration I. Build the RP shared tree (RPT) When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the receivers of multicast group G. In this way, the leaf...
Page 419: Pim-Sm Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Caution: One RP can serve multiple multicast groups or all multicast groups. Each multicast group can correspond to one unique RP at a time rather than multiple RPs.
Page 420: Enabling Multicast
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Configuring the filtering of multicast source/group Configuring the filtering of PIM neighbor Configuring the maximum number of PIM neighbor on an interface Configuring RP to filter the register messages...
Page 421: Configuring The Time Intervals For Ports To Send Hello Packets
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration 7.2.4 Configuring the Time Intervals for Ports to Send Hello Packets In general, PIM-SM broadcasts Hello packets on the PIM-SM-enabled port periodically to detect PIM neighbors and determine the designated router (DR).
Page 422: Configuring Candidate-Rps
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Caution: One router can only be configured with one candidate-BSR. When a candidate-BSR is configured on another interface, it will replace the previous configuration. 7.2.6 Configuring Candidate-RPs In PIM-SM, the shared tree built by multicast routing data is rooted at the RP.
Page 423: Configuring The Pim-Sm Domain Border
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Caution: When the RP elected by BSR mechanism is effective, static RP does not work. All routers in the PIM domain must be configured with this command simultaneously, with the same RP address specified.
Page 424: Limiting The Range Of Legal Bsr
Restore to the default setting undo bsr-policy For detailed information of bsr-policy, refer to the H3C S9500 Series Routing Switches Command Manual. 7.2.13 Limiting the range of legal C-RP To avoid C-RP spoofing, you can limit the range of legal C-RP and limit the groups that each C-RP servers.
Page 425: Clearing Multicast Route Entries From Pim Routing Table
Restore to the default setting undo crp-policy For detailed information of crp-policy, refer to the H3C S9500 Series Routing Switches Command Manual 7.2.14 Clearing multicast route entries from PIM routing table Refer to 6.2.8 Clearing PIM Routing Table.
Page 426: Pim-Sm Configuration Example
VL AN12 VL AN12 Figure 7-2 PIM-SM configuration networking III. Configuration procedure Configure LSA # Enable PIM-SM. <H3C>system-view System View: return to User View with Ctrl+Z. [H3C] multicast routing-enable [H3C] vlan 10 [H3C-vlan10] port ethernet 2/1/2 to ethernet 2/1/3 7-10...
Page 427 [H3C-vlan10] quit [H3C] interface vlan-interface 10 [H3C-vlan-interface10] igmp enable [H3C-vlan-interface10] pim sm [H3C-vlan-interface10] quit [H3C] vlan 11 [H3C-vlan11] port ethernet 2/1/4 to ethernet 2/1/5 [H3C-vlan11] quit [H3C] interface vlan-interface 11 [H3C-vlan-interface11] igmp enable [H3C-vlan-interface11] pim sm [H3C-vlan-interface11] quit [H3C] vlan 12...
Page 428 PIM domain and cannot receive the BSR information transmitted from LSB any more. Configure LSC. # Enable PIM-SM. [H3C] multicast routing-enable [H3C] vlan 10 [H3C-vlan10] port ethernet 2/1/2 to ethernet 2/1/3 [H3C-vlan10] quit [H3C] interface vlan-interface 10 [H3C-vlan-interface10] igmp enable [H3C-vlan-interface10] pim sm [H3C-vlan-interface10] quit...
Page 429 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 7 PIM-SM Configuration Note: You should enable PIM-SM on all equal-cost routes if there are any. 7-13...
Page 430: Chapter 8 Msdp Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Chapter 8 MSDP Configuration 8.1 MSDP Overview 8.1.1 Introduction No ISP would like to forward multicast traffic depending on the RP of competitors, though it has to obtain information from the source and distribute it among its members, regardless of the location of the source RP.
Page 431: Working Principle
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration 8.1.2 Working Principle I. Identifying multicast source and receiving multicast data As shown in Figure 8-1, the RPs of PIM-SM domains 1, 2 and 3 establish peer relationship between them.
Page 432 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration After the reverse forwarding path is created, the multicast source data is sent directly to the RP in domain 3, which then RP forwards the data along the RPT. In this case, the last hop router connected with the group member in domain 3 can choose whether to switch to SPT.
Page 433: Msdp Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration If the SA message is sent from a MSDP peer in a same domain, and the peer is the next hop along the optimal path to the RP in the domain of source, as in the case when the message is from Switch E to Switch F, it is received and forwarded to other peers.
Page 434: Configuring Msdp Peers
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Table 8-1 Enabling MSDP Operation Command Enable MSDP and enter MSDP view msdp Clear all MSDP configurations undo msdp 8.2.2 Configuring MSDP Peers To run MSDP, you need to configure MSDP peers locally.
Page 435: Configuring Originating Rp
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Note: The peer command must be configured before the configuration of static-rpf-peer command. If only one MSDP peer is configured via the peer command, the MSDP peer will be regarded as the static RPF peer.
Page 436: Configuring The Maximum Number Of Sa Caching
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Please perform the following configurations in MSDP view. Table 8-5 Configuring SA caching state Operation Command Configure SA caching state cache-sa-enable Disable SA caching state undo cache-sa-enable By default, the router caches the SA state, or rather the (S, G) entry when receiving an SA message.
Page 437: Controlling The Source Information Created
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Operation Command undo peer peer-address Restore the default configuration request-sa-enable The SA request message sent by a local RP will get the immediate response about all active sources.
Page 438: Controlling The Source Information Forwarded
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Operation Command Remove the configuration of filtering SA undo peer peer-address request messages sa-request-policy By default, only the routers which caches SA messages can respond to SA request messages.
Page 439: Controlling The Received Source Information
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Please perform the following configurations in MSDP view. Table 8-11 Using TTL to filter SA messages with encapsulated data Operation Command Filter off the multicast data encapsulated in...
Page 440: Configuring The Msdp Connection Retry Period
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Table 8-13 Configuring MSDP full connection group Operation Command Configure an MSDP peer to be a peer peer-address mesh-group name member of an MSDP Mesh Group...
Page 441: Displaying And Debugging Msdp
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration Table 8-16 Clearing MSDP connections, statistics and SA caching configuration Operation Command Clear a specified TCP connection and reset counters MSDP reset msdp peer peer-address information...
Page 442: Msdp Configuration Examples
8.4 MSDP Configuration Examples 8.4.1 Configuring Static RPF Peers I. Networking requirements In the following networking environment shown in Figure 8-3, four H3C S9500 Series routing Switches all are in the PIM-SM domains with no BGP or MBGP running among them.
Page 443 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration II. Networking diagram PIM-SM PIM-SM Domain 1 Domain 1 10.10.1.1 10.10.1.1 SwitchA SwitchA Static RPF peer Static RPF peer PIM-SM PIM-SM Domain 4 Domain 4 Static RPF peer...
Page 444: Configuring Anycast Rp
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchD] ip ip-prefix list-c permit 10.25.0.0 16 [SwitchD] msdp [SwitchD-msdp] peer 10.25.1.1 connect-interface Vlan-interface30 [SwitchD-msdp] static-rpf-peer 10.25.1.1 rp-policy list-c 8.4.2 Configuring Anycast RP I. Networking requirements To configure Anycast RP in the PIM-SM domain, establish MSDP peer relationship between Switch A and Switch B;...
Page 445 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration III. Configuration procedure Configure SwitchB: # Configure VLAN <SwitchB> system-view System View: return to User View with Ctrl+Z. [SwitchB] vlan 10 [SwitchB-vlan10] port ethernet1/1/2 [SwitchB-vlan10] quit...
Page 446 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.10.2.0 0.255.255.255 [SwitchB-ospf-1-area-0.0.0.0] network 10.10.3.0 0.255.255.255 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.10.1.1 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch A as its MSDP peer.
Page 447 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchA-LoopBack10] quit # Configure the IP address of interface Vlan-interface20 and enable IGMP and PIM-SM. [SwitchA] interface Vlan-interface20 [SwitchA-Vlan-interface20] ip address 10.21.2.1 255.255.255.0 [SwitchA-Vlan-interface20] igmp enable...
Page 448: Msdp Integrated Networking
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration 8.4.3 MSDP Integrated Networking I. Networking requirement In the following network, enable MSDP and configure an Anycast RP in PIM-SM domain 1; establish MSDP peer relationship among RPs across PIM-SM domains; and use MBGP between domains.
Page 449 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration # Configuring VLAN <SwitchA> system-view System View: return to User View with Ctrl+Z. [SwitchA] vlan 10 [SwitchA-vlan10] port ethernet1/1/2 [SwitchA-vlan10] quit [SwitchA] vlan 30 [SwitchA-vlan30] port ethernet1/1/3 [SwitchA-vlan30] quit # Enable multicast.
Page 450 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.25.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure BGP. [SwitchA] bgp 100 [SwitchA-bgp] undo synchronization [SwitchA-bgp] group in internal [SwitchA-bgp] peer 10.26.1.2 group in [SwitchA-bgp] peer 10.27.1.2 group in...
Page 451 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration # Configuring VLAN <SwitchE> system-view System View: return to User View with Ctrl+Z. [SwitchE] vlan 10 [SwitchE-vlan10] port ethernet1/1/2 [SwitchE-vlan10] quit [SwitchE] vlan 20 [SwitchE-vlan20] port ethernet1/1/3 [SwitchE-vlan20] quit # Enable multicast.
Page 452 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchE-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0 [SwitchE-ospf-1-area-0.0.0.0] network 10.26.1.2 0.0.0.0 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit # Configure BGP. [SwitchE] bgp 100 [SwitchE-bgp] undo synchronization [SwitchE-bgp] group in internal [SwitchE-bgp] peer 10.25.1.1 group in [SwitchE-bgp] peer 10.27.1.2 group in...
Page 453 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 8 MSDP Configuration [SwitchE-pim] c-bsr loopback 0 30 Note: The configuration on the switches other than SwitchA and SwitchE is omitted here. 8-24...
Page 454: Chapter 9 Mbgp Multicast Extension Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration Chapter 9 MBGP Multicast Extension Configuration 9.1 MBGP Multicast Extension Overview 9.1.1 Introduction At present, the most widely used inter-domain unicast routing protocol is BGP-4.
Page 455: Mbgp Operating Mode And Message Type
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration (Network Layer Reachability Information), with value 1 for the unicast mode of NLRI, and value 2 for the multicast mode of NLRI. I. MP_REACH_NLRI attribute MP_REACH_NLRI is an optional non-transitive attribute, and can be used to: Send the routing information of a new reachable protocol.
Page 456: Mbgp Multicast Extension Configuration
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration 9.2 MBGP Multicast Extension Configuration Basic configuration tasks of MBGP multicast extension include Enable MBGP multicast extension protocol Specify the network routes notified by the MBGP multicast extension...
Page 457: Specifying Network Routes Notified By Mbgp Multicast Extension
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration Table 9-1 Enabling MBGP multicast extension protocol Operation Command Enter the MBGP multicast address ipv4-family multicast family view Remove MBGP multicast undo ipv4-family multicast address family view By default, the system does not run the MBGP multicast extension protocol.
Page 458: Configuring Local Preference
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration 9.2.5 Configuring Local Preference Different local preference can be configured as a reference of the MBGP route selection. When an MBGP router gets routes with the same destination but different next hops through different neighbors, it will choose the route with the highest local preference.
Page 459 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration I. Creating a peer group with members To configure a MBGP peer (group), configure a peer group in BGP view and add peers to this peer group. For details, refer to “BGP Configuration” in the Routing Protocol part.
Page 460 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration Table 9-6 Configuring a peer (group) as an MBGP route reflector client Operation Command Configure a peer (group) as an MBGP peer group-name reflect-client...
Page 461 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration By default, no routing policy is specified for any peer (group). VIII. Configuring IP-ACL-based route filtering policy for a peer (group) Please perform the following configurations in IPV4 multicast sub-address family view.
Page 462: Configuring Mbgp Route Aggregation
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration Table 9-11 Configuring prefix-list-based route filtering policy for a peer (group) Operation Command Configure filtering policy for peer { group-name | peer-address } ip-prefix...
Page 463: Configure Mbgp Community Attributes
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration routing information with them. The route reflectors transfer (reflect) information between the clients in turn. For the details of the principles and configurations, refer to “BGP Configuration” of the Routing Protocol part.
Page 464: Configuring Mbgp Route Filtering
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration 9.2.13 Configuring MBGP Route Filtering The route filtering configuration of MBGP is the same as that of unicast BGP. For details, refer to “BGP Configuration” of the Routing Protocol part.
Page 465: Mbgp Multicast Extension Configuration Example
Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration 9.4 MBGP Multicast Extension Configuration Example I. Networking requirement This example describes how the administrator uses the MBGP attributes to manage route selection. All switches are configured with MBGP. The IGP in AS200 uses OSPF.
Page 466 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration [SwitchA-bgp] ipv4-family multicast # Specify target network for MBGP. [SwitchA-bgp-af-mul] network 1.0.0.0 [SwitchA-bgp-af-mul] network 2.0.0.0 [SwitchA-bgp-af-mul] quit # Configure peers relationship. [SwitchA-bgp] bgp 100 [SwitchA-bgp] group a1 external [SwitchA-bgp] peer 192.1.1.2 group a1 as-number 200...
Page 467 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration [SwitchB] interface vlan-interface 20 [SwitchB-Vlan-interface20] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface20] quit [SwitchB] vlan 40 [SwitchB-vlan40] port ethernet2/1/4 [SwitchB-vlan40] quit [SwitchB] interface vlan-interface 40 [SwitchB-Vlan-interface40] ip address 194.1.1.2 255.255.255.0...
Page 468 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration [SwitchC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit [SwitchC] bgp 200 [SwitchC-bgp] undo synchronization [SwitchC-bgp] group c1 external [SwitchC-bgp] peer 193.1.1.1 group c1 as-number 100 [SwitchC-bgp] group c2 internal [SwitchC-bgp] peer 194.1.1.2 group c2...
Page 469 Operation Manual – Multicast Protocol H3C S9500 Series Routing Switches Chapter 9 MBGP Multicast Extension Configuration [SwitchD-vlan50] quit [SwitchD] interface vlan-interface 50 [SwitchD-Vlan-interface50] ip address 195.1.1.1 255.255.255.0 [SwitchD-Vlan-interface50] quit [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 4.0.0.0 0.0.0.255...
Page 470 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 Introduction to ACL ....................1-1 1.1.2 ACLs Supported ...................... 1-2 1.2 ACL Configuration Tasks....................1-3 1.2.1 Configuring Time Range ..................
Page 471 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Table of Contents Chapter 3 Logon User ACL Control Configuration..............3-1 3.1 Overview ..........................3-1 3.2 Configuring ACL for Telnet/SSH Users ................3-1 3.2.1 Configuration Prerequisites..................3-1 3.2.2 Configuration Tasks ....................3-2 3.2.3 Layer 2 ACL Control Configuration Example ............
Page 472: Chapter 1 Acl Configuration
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview 1.1.1 Introduction to ACL A series match rules must be configured to recognize the packets before they are filtered. Only when packets are identified, can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset policies.
Page 473: Acls Supported
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Note: Depth first principle means putting the statement with smaller packet range in the front. You can know the packet range by comparing IP address wildcards: The smaller the wildcard is, the smaller host range is.
Page 474: Acl Configuration Tasks
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-1 Requirements for defining ACLs Item Number range Maximum number Number-based basic ACL 2000 to 2999 1000 Number-based advanced ACL 3000 to 3999 1000 Number-based Layer 2 ACL...
Page 475 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-3 ACL configuration tasks interface cards Item Command Description Enter system view system-view time-range time-name { start-time to end-time days-of-the-week [ from Configure time start-time start-date ] [ to end-time...
Page 476: Configuring Time Range
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Item Command Description acl { number acl-number | name Required. Service acl-name [ advanced | basic | processor cards Enter ACL view user ] } [ match-order { config |...
Page 477: Defining And Applying Flow Template
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration start-time and end-time days-of-the-week define period time range together. start-time start-date and end-time end-date define absolute time range together. If a time range only defines the period time range, the time range is only active within the period time range.
Page 478 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-7 Length of template elements Name Description Length in template bt-flag BT flag bit 6 bytes The 802.1p priority in the most external 802.1QTag carried by the packet 2 bytes VLAN ID in the most exterior 802.1QTag...
Page 479: Defining Acl
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Note: The numbers listed in the table are not the actual length of these elements in IP packets, but their length in flow template. DSCP field is one byte in flow template, but six bits in IP packets.
Page 480 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Note: If the time-range keyword is not selected, the ACL will be effective at any time after being activated. You can define multiple sub rules for the ACL by using the rule command several times.
Page 481 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-10 Define advanced ACL Operation Command Enter advanced ACL acl { number acl-number | name acl-name advanced } view (system view) [ match-order { config | auto } ]...
Page 482: Activating Acl
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-11 Define Layer 2 ACLs Operation Command Enter Layer 2 ACL view acl { number acl-number | name acl-name link } (system view) [ match-order { config | auto } ]...
Page 483: Displaying And Debugging Acl Configurations
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-13 Activate ACL Operation Command packet-filter inbound ip-group { acl-number | Activate ip group ACL acl-name } [ rule rule] [ system-index index] slot slotid undo packet-filter inbound ip-group { acl-number |...
Page 484: Acl Configuration Example
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 1 ACL Configuration Table 1-14 Display and debug ACL configurations Operation Command Display the configuration and display time-range { all | name } status of the current time range display acl config { all | acl-number |...
Page 485 # Create a name-based advanced ACL “traffic-of-payserver” and enter it. [H3C] acl name traffic-of-payserver advanced # Define ACL rule for the wage server. [H3C-acl-adv-traffic-of-payserver] rule 1 deny ip source any destination 129.110.1.2 0.0.0.0 time-range H3C Activate the ACL. # Activate the ACL “traffic-of-payserver”.
Page 486: Basic Acl Configuration Example
# Create a name-based basic ACL “traffic-of-host” and enter it. [H3C] acl name traffic-of-host basic # Define ACL rule for source IP 10.1.1.1. [H3C-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.1 0 time-range H3C Activate the ACL. # Activate the ACL “traffic-of-host”.
Page 487: Layer 2 Acl Configuration Example
# Define the time range from 8:00 to 18:00. [H3C] time-range H3C 8:00 to 18:00 daily Define a user-defined flow template [H3C] flow-template user-defined slot 2 ethernet-protocol smac 0-0-0 dmac 0-0-0 Define the traffic with source MAC 00e0-fc01-0101 and destination MAC 00e0-fc01-0303.
Page 488: Example Of Bt Traffic Control Configuration
1.0.0.1/8 1.0.0.1/8 2.0.0.1/8 2.0.0.1/8 Figure 1-4 Network diagram for BT traffic control III. Configuration procedure Define a user-defined flow template [H3C] flow-template user-defined slot 7 ip-protocol bt-flag sip 0.0.0.0 dport Define an advanced ACL rule [H3C] acl number 3000 1-17...
Page 489 H3C S9500 Series Routing Switches Chapter 1 ACL Configuration [H3C-acl-adv-3000] rule 0 deny tcp bt-flag [H3C-acl-adv-3000] quit Enter the port GE7/1/8 and configure BT traffic control on the port [H3C] interface GigabitEthernet 7/1/8 [H3C-GigabitEthernet7/1/8] flow-template user-defined [H3C-GigabitEthernet7/1/8] packet-filter inbound ip-group 3000 rule 0 1-18...
Page 490: Chapter 2 Qos Configuration
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Chapter 2 QoS Configuration 2.1 QoS Overview Conventional packet network treats all packets equally. Each switch/router processes all packets in First-in-First-out (FIFO) mode and then transfers them to the destination in the best effort, but it provides no commitment and guarantee to such transmission performance as delay and jitter.
Page 491 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration traffic to pass. Ethernet switches use complex classification rules, so that traffic flow can be filtered purposefully to enhance network security. There are two key steps in packet filtering: Step 1: Classify the traffic at the port according to a specific rule.
Page 492 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Figure 2-2 Ethernet frame with 802.1Q tag header In the above figure, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag header after the source address in Ethernet header.
Page 493 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration high priority queue 7 Packets sent via this queue 6 interface Packets sent queue 5 queue 4 Dequeue Sending queue Classify queue 3 queue 2 queue 1...
Page 494: Qos Configuration
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Another merit for WRR algorithm: Though the queues are scheduled by turn, they are not configured with fixed time quantum. If a queue has no packets, the system immediately schedules the next queue.
Page 495 (LSB1NATB0 cards in the context of this document) is somewhat different from that for interface cards. Refer to related description in the manual. The service processor cards now supported by the S9500 series have no egress interface, therefore, they do not support the configuration commands in Ethernet port view.
Page 496: Configuring Service Parameter Allocation Rule
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration 2.2.1 Configuring Service Parameter Allocation Rule QoS is based on service parameters, a set of parameters for a packet, including 802.1p priority (CoS priority), DSCP priority, EXP priority, local precedence and drop precedence.
Page 497: Configuring Traffic Policing
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Operation Command cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec — Configure > cos3-map-local-prec Local-precedence mapping table cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec Restore the default values of CoS —> undo qos cos-local-precedence-map...
Page 498 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Table 2-4 Configure mapping table Operation Command conform-level Enter conform level view (System view) conform-level-value Configure the DSCP + Conform-Level —> dscp dscp-list : dscp-value exp-value cos-value...
Page 499 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Table 2-5 Configure traffic parameters Operation Command Configure traffic traffic-params traffic-index commited-info-rate parameters commited-base-size ebs exceed-base-size [ pir peak-info-rate ] III. Configuring traffic policing The purpose of this configuration task is to implement traffic policing on ACL-matched data streams, and then take normal actions on data streams within the traffic limit and take other actions (discarding packets, for example) on those exceeding the limit.
Page 500 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Note: It is required that CIR is less than or equal to PIR and CBS is less than or equal to EBS. You are recommended to configure CBS and EBS to numbers that are 100 to 150 times of CIR.
Page 501: Configuring Traffic Shaping
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration traffic policing-related parameters predefined. For example, if CIR (committed information rate) of the traffic that matches ACL1 is set to 10 kbps and that for ACL2 to 10 kbps, and their traffic policing indexes are the same, then the average rate of the traffic that matches ACL1 and ACL2 shall be limited to 10kbps.
Page 502: Configuring Traffic Priority
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration 2.2.4 Configuring Traffic Priority This configuration re-labels priority value for the packets that match the ACL in these ways: using the service parameters allocated by the switch, re-allocating service...
Page 503 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Table 2-10 Mark packet priority Operation Command traffic-priority inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { auto | Mark the packets matching...
Page 504: Configuring Traffic Redirection
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Note: If you remove the card with QoS/ACL configured when the system operates, the corresponding system index value is automatically released and is then used for a newly delivered flow rule.
Page 505 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Operation Command traffic-redirect inbound ip-group { acl-number | Configure traffic redirection acl-name } [ rule rule ] link-group { acl-number | which applies IP group ACL acl-name } [ rule rule ] { cpu | interface...
Page 506: Configuring Queue Scheduling
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Note: If you remove the card with QoS/ACL configured when the system operates, the corresponding system index value is automatically released and is then used for a newly delivered flow rule.
Page 507: Configuring Wred Parameters
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Table 2-13 Configure queue scheduling Operation Command queue-scheduler group1 queue-id Configuring queue queue-weight } &<1-8> group2 queue-id scheduling queue-weight } &<1-8> }* Restore the default setting undo queue-scheduler [ queue-id ] &<1-8>...
Page 508 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Perform the following configurations in system view. Table 2-14 Configure WRED parameters Operation Command Enter WRED index view (system view) wred wred-index Restore the default WRED parameters...
Page 509: Configuring Traffic Mirroring
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Table 2-15 Configure drop algorithm Operation Command Configure drop algorithm drop-mode { tail-drop | wred } [ wred-index ] Restore the default algorithm undo drop-mode By default, tail drop mode is selected.
Page 510: Configuring Port Mirroring
Up to 20 mirroring groups can be configured at a port, with each group including one monitoring port and multiple monitored ports. Note: S9500 series support cross-card mirroring, that is, the monitoring and monitored ports can be at different cards. Consider these issues when configuring port mirroring: For intra-card mirroring, only one monitoring port can be configured for the mirroring groups in the same direction.
Page 511: Configuring Traffic Statistics
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration You can only configure eight monitored ports for all the mirroring groups in transmit group. One port can act as mirroring port and mirrored port at the same time for different mirroring group.
Page 512: Displaying And Debugging Qos Configuration
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Note: If you remove the card with QoS/ACL configured when the system operates, the corresponding system index value is automatically released and is then used for a newly delivered flow rule.
Page 513: Qos Configuration Example
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration Operation Command Display traffic priority display qos-vlan [ vlan-id ] traffic-priority configuration of a VLAN Display traffic limit configuration display qos-vlan [ vlan-id ] traffic-limit of a VLAN...
Page 514: Port Mirroring Configuration Example
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 2 QoS Configuration II. Network diagram GE7/1/8 GE7/1/8 GE7/1/2 GE7/1/2 GE7/1/1 GE7/1/1 VLAN2, VLAN2, VLAN3, VLAN3, 1.0.0.1/8 1.0.0.1/8 2.0.0.1/8 2.0.0.1/8 Figure 2-5 Network diagram for QoS configuration III. Configuration procedure # Enter Ethernet port view.
Page 515: Traffic Priority Configuration Example
# Define the CoS — > Conform-Level mapping table. The switch allocates drop precedence (all as 0 for the sake of simplification) for them when receiving packets. [H3C] qos cos-drop-precedence-map 0 0 0 0 0 0 0 0 The modified CoS—> Conform-Level mapping table:...
Page 516: Traffic Redirection Configuration Example
PC1 according the mapping table for DSCP 63. [H3C] qos conform-level 0 [H3C-conform-level-0] dscp 63 : 32 4 4 4 0 The modified DSCP + Conform-Level —> Service parameter mapping table: Table 2-21 Modified DSCP + Conform-Level —> Service parameter mapping table...
Page 517: Queue Scheduling Configuration Example
[H3C] acl number 2000 # Define ACL rule for the traffic from PC1. [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range H3C Modify the next hop for the packets from PC1. # Define the next hop for the packets from PC1 as 2.0.0.1.
Page 518 # Re-specify the mapping between 802.1p priority and local precedence. [H3C] qos cos-local-precedence-map 7 6 5 4 3 2 1 0 # Use WRR algorithm for the queues 0 to 5. Set the queues 0, 1 and 2 into WRR queue 1, with weight respectively as 20, 20 and 30;...
Page 519: Wred Parameters Configuration Example
# Configure parameters for WRED 0. [H3C] wred 0 [H3C-wred-0] queue 7 150 500 5 100 150 10 50 100 15 10 Set drop algorithm and thresholds. # Define the port GE7/1/1 in WRED drop mode, set the parameters of WRED 0.
Page 520: Traffic Statistics Configuration Example
# Define ACL rule for the traffic from PC1. [H3C] acl number 2000 [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0.0.0.0 time-range H3C Count the packets to PC1 and display the result using the display command. [H3C-GigabitEthernet7/1/1] traffic-statistic inbound ip-group 2000 rule 0...
Page 521: Chapter 3 Logon User Acl Control Configuration
Telnet Security shell (SSH) Simple network management protocol (SNMP) An S9500 series switch provides security control for these three access measures to prevent unauthorized users from logging in/and accessing it. There are two levels of security controls. The first level is implemented by applying ACLs to filter the users that are to connect to the switch.
Page 522: Configuration Tasks
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 3 Logon User ACL Control Configuration 3.2.2 Configuration Tasks Table 3-1 Configuration tasks Configuration Command Description procedure Enter system view system-view Required. command Define an ACL and number acl-number only...
Page 523 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 3 Logon User ACL Control Configuration Configuration Command Description procedure acl-number1 parameter Apply indicates basic acl-number1 inbound number of the Apply advanced outbound } basic ACLs ACLs advanced ACLs, restrict...
Page 524: Layer 2 Acl Control Configuration Example
<H3C>system-view System View: return to User View with Ctrl+Z. [H3C] acl number 4000 match-order config # Define rules. [H3C-acl-link-4000] rule 1 permit ingress 00e0-fc01-0101 0000-0000-0000 [H3C-acl-link-4000] rule 2 permit ingress 00e0-fc01-0303 0000-0000-0000 [H3C-acl-link-4000] rule 3 deny ingress any [H3C-acl-link-4000] quit...
Page 525: Configuring Acl For Snmp Users
3.3 Configuring ACL for SNMP Users S9500 series switches can be managed remotely through network management software (NMS). Administrators can use SNMP to access an S9500 series switch. Proper ACL configuration can prevent unauthorized network management users from logging onto the switch.
Page 526: Configuration Tasks
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 3 Logon User ACL Control Configuration 3.3.2 Configuration Tasks Table 3-2 Configuration tasks Configuration Command Description procedure Enter system view system-view Required. This command only number acl-number define a number-based...
Page 527 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 3 Logon User ACL Control Configuration Configuration Command Description procedure The SNMP community name is a feature of SNMP V1 and SNMP Apply snmp-agent community V2. Applying an ACL in...
Page 528: Acl Control Over Snmp Users Configuration Example
[H3C-acl-baisc-2000] rule 2 permit source 10.110.100.46 0 [H3C-acl-basic-2000] rule 3 deny source any [H3C-acl-baisc-2000] quit # Apply the ACL. [H3C] snmp-agent community read H3C acl 2000 [H3C] snmp-agent group v3 H3Cgroup acl 2000 [H3C] snmp-agent usm-user v3 H3C user H3Cgroup acl 2000...
Page 529: Chapter 4 Vlan-Acl Configuration
Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 4 VLAN-ACL Configuration Chapter 4 VLAN-ACL Configuration 4.1 VLAN-ACL Overview VLAN-ACL is VLAN-based ACL. You can configure QACL for a VLAN to control accesses made to all ports in the VLAN.
Page 530 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 4 VLAN-ACL Configuration Configuration Command Description step Configure packet packet-filter inbound ip-group filtering (activating { acl-number | acl-name } [ rule rule Optional ACLs) [ system-index index ] ] traffic-limit...
Page 531 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 4 VLAN-ACL Configuration Configuration Command Description step View the ports to which VLAN-ACL display vlan-acl-member-ports this configuration vlan vlan-id command in any view. synchronized the VLAN The VLAN-ACL configuration is subject to the following limitations: Limitations on flow templates: The system only applies VLAN-ACL to ports with the default flow template applied.
Page 532: Vlan-Acl Configuration Example
[H3C-acl-basic-2000] quit Configure packet redirection in VLAN 2. # Set the next hop IP addresses of all the packets forwarded on ports in VLAN 2 to 3.0.0.1. [H3C] vlan 2 [H3C-vlan2] traffic-redirect inbound ip-group 2000 rule 0 next-hop 3.0.0.1 View configuration.
Page 533 Operation Manual – QoS/ACL H3C S9500 Series Routing Switches Chapter 4 VLAN-ACL Configuration # View whether VLAN-ACL is configured on all ports in VLAN 2 (ports GigabitEthernet7/1/1 and GigabitEthernet7/1/2). [H3C-vlan2] display vlan-acl-member-ports vlan 2 Vlan-acl member port(s): GigabitEthernet7/1/1 GigabitEthernet7/1/2...
Page 534 Operation Manual – MPLS H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 MPLS Architecture....................... 1-1 1.1 MPLS Overview ......................... 1-1 1.2 MPLS Basic Concepts ....................... 1-1 1.2.1 FEC ......................1-1 1.2.2 Label ......................1-2 1.2.3 LDP ......................1-4 1.3 MPLS Architecture ......................
Page 535 Operation Manual – MPLS H3C S9500 Series Routing Switches Table of Contents 3.1.4 Hierarchical BGP/MPLS VPN Implementation ..........3-7 3.1.5 Introduction to OSPF Multi-instance............3-8 3.1.6 Introduction to Multi-Role Host..............3-9 3.2 BGP/MPLS VPN Configuration..................3-10 3.2.1 Configuring Various Kinds of Routers ............ 3-10 3.2.2 Configuring CE Router ................
Page 536 Operation Manual – MPLS H3C S9500 Series Routing Switches Table of Contents 5.2 Restrictions in Intermixing Networking................5-2 5.2.1 Rules of Intermixing Configuration ............5-2 5.2.2 Restrictions in Card Intermixing ...............5-3 5.3 Introduction to intermixing configuration task ..............5-4 5.3.1 Configuring Routing Protocols ..............5-4 5.3.2 Configuring Basic Capability of MPLS ............5-4...
Page 537: Chapter 1 Mpls Architecture
Chapter 1 MPLS Architecture Note: The H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series) running MPLS can serve as routers. Routers mentioned in this manual can be either a router in common sense, or a layer 3 Ethernet switch running MPLS.
Page 538: Label
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture based on network layer address. Packets of the same FEC are processed in the same way in MPLS network. 1.2.2 Label I. Label definition A label is a locally significant short identifier with fixed length, which is used to identify a FEC.
Page 539 Upstream and downstream are just on a relative basis: For a packet forwarding process, the transmit router serves as upstream LSR and receive router serves as downstream LSR. Currently, the S9500 series adopt the DU label distribution mode. Label assignment control mode There are two modes to control the assignment and distribution of labels: independent mode and ordered mode.
Page 540: Ldp
FEC or the LSR serves as LSP (Label Switching Path) egress node. Note: Currently, the S9500 series adopt the ordered label control mode. Label retention mode There are two label-retention modes: liberal label retention mode and conservative label retention mode.
Page 541: Forwarding Labeled Packets
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture with labels, distributes label binding messages, establishes and maintains label forwarding table. The network consisting of LSRs is called MPLS domain. The LSR that is located at the edge of the domain is called edge LSR (LER, Labeled Edge Router).
Page 542: Establishing Lsp
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture 1.3.3 Establishing LSP Actually, the establishment of LSP refers to the process of binding FEC with the label, and then advertising this binding to the adjacent LSR on LSP. This process is implemented through LDP, which regulates the message in interactive processing and message structure between LSRs as well as routing mode.
Page 543: Lsp Tunnel And Hierarchy
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture received the returned label map message from its downstream LSR. Usually, the upstream LSR selects the downstream LSR according to the information in its routing table. In Figure 1-4, LSRs on the way along LSP1 use the sequential label control mode, and the LSR F on LSP2 uses independent label control mode.
Page 544: Mpls And Other Protocols (Routing Protocols)
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture As shown in Figure 1-5, LSP <R2 R21 R22 R3> is a tunnel between R2 and R3. II. Multi-layer label stack In MPLS, a packet may carry multiple labels which are in the form of stack. Operations to the stack follow the “last in first out”...
Page 545 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 1 MPLS Architecture Private Private network branch 3 network branch 3 Private Private Private Private Backbone network Backbone network network branch 1 network branch 1 network branch 2 network branch 2 Figure 1-6 MPLS-Based VPN The basic structure of MPLS-based VPN is shown in Figure 1-6.
Page 546: Chapter 2 Mpls Basic Capability Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Chapter 2 MPLS Basic Capability Configuration 2.1 MPLS Basic Capability Overview Basic MPLS forwarding functions includes LDP session establishment and LSP path maintenance. The typical configuration procedure for enabling basic MPLS functions on a routing...
Page 547: Enabling Mpls And Entering Mpls View
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-1 Define MPLS LSR ID Operation Command mpls lsr-id ip-address Define LSR ID undo mpls lsr-id Delete LSR ID By default, LSR ID is not defined.
Page 548: Configuring Static Lsp
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration 2.2.4 Configuring Static LSP You can manually set an LSR to be a node along an LSP, and place a limit on the traffic over the LSP. Depending on the position in an MPLS domain, an LSR along an LSP can be the ingress node, an intermediate node (also called transit node), or the egress node.
Page 549: Enabling Ldp Protocol
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration 2.3.1 Enabling LDP protocol To configure LDP, first enable LDP. Perform the following configuration in the system view. Table 2-5 Enable/disable LDP view Operation Command...
Page 550: Configuring Session Parameters
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-7 Enter Remote-peer view Operation Command mpls ldp remote-peer index Enter Remote-peer view undo mpls ldp remote-peer index Delete the corresponding Remote-peer There is no default remote-peer.
Page 551 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Caution: Modifying the holdtime parameter results in re-establish the original session, as well as the LSP over this session. Here the session refers to Basic session, but not Remote session.
Page 552: Configuring Ldp Loop Detection Control
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-11 Configure Hello transport-address Operation Command mpls transport-ip interface Configure Hello transport-address ip-address } Return default Hello undo mpls ldp transport-ip transport-address Transport-address defaults to the MPLS LSR ID of the current LSR.
Page 553: Configuring Ldp Authentication Mode Between Every Two Routers
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration II. Setting the maximum hop count for loop detection When maximum hop count mode is adopted for loop detection, the maximum hop-count value can be defined. And if the maximum value is exceeded, it is considered that a loop happens and the LSP establishment fails.
Page 554: Displaying And Debugging Mpls Basic Capability
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-15 Configure LDP authentication mode (between every two routers) Operation Command mpls ldp password [ cipher | simple ] Configure LDP authentication Mode password...
Page 555 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-18 Display information of the MPLS-enabled interfaces Operation Command Display information display mpls interface MPLS-enabled interfaces IV. Displaying MPLS LSP information Execute the following commands in any view to display the information related to MPLS LSP.
Page 556: Displaying And Debugging Ldp
Disable the LSP Trap function of MPLS 2.4.2 Displaying and Debugging LDP I. LDP display commands The H3C S9500 provides abundant MPLS monitoring commands for monitoring states of LSRs, LDP sessions, interfaces and peers. These commands are the powerful debugging and diagnosing tools.
Page 557: Typical Mpls Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration Table 2-23 Enable/disable debugging for MPLS LDP Operation Command debugging mpls ldp { all | main | advertisement | Enable debugging for session | pdu | notification | remote }[ interface...
Page 558 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration III. Configuration procedure Configure Switch A # Configure LSR ID and enable MPLS and LDP. [H3C] mpls lsr-id 168.1.1.1 [H3C] mpls [H3C-mpls] quit [H3C] mpls ldp # Configure IP address and enable MPLS and LDP for VLAN interface 201.
Page 559 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration [H3C-vlan203] quit [H3C] interface vlan-interface 203 [H3C-Vlan-interface203] ip address 172.17.1.1 255.255.0.0 [H3C-Vlan-interface203] mpls [H3C-Vlan-interface203] mpls ldp enable [H3C-Vlan-interface203] mpls ldp transport-ip interface # Configure IP address and enable MPLS and LDP for VLAN interface 202.
Page 560: Troubleshooting Mpls Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 2 MPLS Basic Capability Configuration # Enable OSPF on the interface connecting Switch C with Switch B. [H3C] Router id 100.10.1.1 [H3C] ospf [H3C-ospf-1] area 0 [H3C-ospf-1-area-0.0.0.0] network 100.10.1.0 0.0.0.255 Configure Switch D # Configure LSR ID and enable MPLS and LDP.
Page 561: Chapter 3 Bgp/Mpls Vpn Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Chapter 3 BGP/MPLS VPN Configuration 3.1 BGP/MPLS VPN Overview Traditional VPN, for which layer 2 tunneling protocols (L2TP, L2F and PPTP, and so on.) or layer 3 tunnel technology (IPSec, GRE and so on.) is adopted, is a great success and is therefore widely used.
Page 562: Bgp/Mpls Vpn Model
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration 3.1.1 BGP/MPLS VPN Model I. BGP/MPLS VPN model site 1 site 1 site 1 site 1 site 1 site 1 site 1 site 1 site 1...
Page 563 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration VPNs. These disadvantages not only increase the network operating cost, but also bring relevant management and security issues. The nested VPN is a better solution. Its main idea is to transfer VPNv4 route between...
Page 564 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration MBGP MBGP (multiprotocol extensions for BGP-4, see RFC2283) propagates VPN membership information and routes between PE routers. It features backward compatibility: It not only supports traditional IPv4 address family, but also supports other address families, for example, VPN-IPv4 address family.
Page 565: Bgp/Mpls Vpn Implementation
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration imported into the VPN routing table and then advertised to the connected CE . Otherwise, the route will be rejected. ERT: Export Route Targets IPv4 address...
Page 566 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration LSP setup between PEs LSPs must be set up between PEs for VPN data traffic forwarding with MPLS LSP. The PE router which receives packets from CE and create label protocol stack is called Ingress LSR, while the BGP next hop (Egress PE router) is Egress LSR.
Page 567: Nested Bgp/Mpls Vpn Implementation
As PE is required to aggregate multiple VPN routes on a BGP/MPLS VPN, it is prone to forming a bottleneck in a large-scale deployment or in the case that PE capacity is small. To solve the problem, H3C Technologies introduced the HoVPN (Hierarchy of VPN, Hierarchical BGP/MPLS VPN) solution.
Page 568: Introduction To Ospf Multi-Instance
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration primarily function to access the VPN clients at the edges. Congruous with the IP network model, HoVPN model improves the scalability of BGP/MPLS VPN, and hence allows lower-layer MPLS VPNs comprising low-end equipment to provide MPLS VPN accessing and interconnect through the high-end MPLS VPN backbone.
Page 569: Introduction To Multi-Role Host
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Therefore IETF raised two new OSPF VPN extension drafts, to provide a complete solution to SPPF problems in BGP/MPLS VPN application when OSPF is used as PE-CE routing protocol.
Page 570: Bgp/Mpls Vpn Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration the same ingress interface belong to the same VPN; but in actual network environments, a CE may need to access multiple VPNs through one physical interface.
Page 571: Configuring Ce Router
III. Configuring OSPF If you select OSPF mode for CE-PE route switching, you should then configure OSPF on CE. For configuring OSPF, see the routing protocol part in H3C S9500 Series Routing Switches Operation Manual. You must configure OSPF multi-instance to isolate services of different VPNs on CE router, which is now called Multi-VPN-Instance CE.
Page 572: Configuring Pe Router
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration IV. Configuring EBGP If you select BGP mode for CE-PE route switching, you should then configure EBGP peer, import direct-connect route, static route and other IGP routes, for BGP to advertise VPN routes to PE.
Page 573 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration The parameter in the above command has no default value. A VPN-instance works only when a RD is configured for it. Other parameters for a VPN-instance cannot be configured before configuring a RD for it.
Page 574 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Operation Command undo vpn-target Delete specified VPN-target vpn-target-extcommunity attribute from the VPN-target attribute import-extcommunity list associated with the VPN-instance export-extcommunity | both ] By default, the value is both. In general all Sites in a VPN can be interconnected, and the import-extcommunity and export-extcommunity attributes are the same, so you can execute the command only with the both option.
Page 575 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Table 3-8 Configure the vlan id range of MPLS/VPN VLANs allowed to pass the Ethernet port of C card Operation Command port trunk mpls vlan from...
Page 576 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Caution: As executing the ip binding vpn-instance command on an interface will delete the IP address of the interface, you must configure the IP address of the interface after executing that command when you bind the interface with a VPN-instance.
Page 577 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Table 3-11 Configure PE-CE RIP instance Operation Command ipv4-family unicast vpn-instance Create PE-CE RIP instance vpn-instance-name undo ipv4-family [ unicast ] vpn-instance Delete PE-CE RIP instance vpn-instance-name Then configuring RIP multi-instance to import IBGP route.
Page 578 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration only one Domain ID; different processes can be configured with the same Domain ID or different Domain IDs. Perform the following configuration in the OSPF view.
Page 579 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration tag-number is used to identify Tag value; by default, the first two bytes are fixed, that is, 0xD000, and the last two bytes is AS number of local BGP. For example, the AS number of local BGP is 100, and then its default tag value is 3489661028 in decimal notation.
Page 580 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration By default, the peer group is configured as internal. When BGP mode is used for PE-CE route switching, they often belong to different ASs, so you should configure EBGP peer as external.
Page 581 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Table 3-19 Import IGP route Operation Command import-route protocol [ process-id ] [ med med ] Import IGP route undo import-route protocol Remove IGP route import Step 5: Configure BGP as asynchronous.
Page 582 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration IV. Configuring PE-PE route exchanging To exchange VPN-IPv4 routing information between PEs, you should configure MP-IBGP on PEs. Perform the following configuration in BGP view or PVN instance address family sub-view.
Page 583 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Table 3-23 Configure VPNv4 address family Operation Command ipv4-family vpnv4 [ unicast ] Enter VPNv4 sub-address family view Delete VPNv4 sub-address family view undo ipv4-family vpnv4 [ unicast ]...
Page 584: Configuring P Router
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Step 5: Transfer BGP update packet without AS number (optional) Perform the following configuration in VPNv4 sub-address family view. Table 3-27 Transfer BGP update packet without AS number...
Page 585: Displaying And Debugging Bgp/Mpls Vpn
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Step 1: Configure MPLS basic capacity and enable LDP on the interfaces connecting P router to PE router, for forwarding MPLS packets. See Chapter 2 MPLS Basic Capability Configuration.
Page 586 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Table 3-32 Display VPN-instance related information Operation Command Display VPN-instance related display vpn-instance information, including its RD, description, [ vpn-instance-name | verbose ] the interfaces associated with it, and so on.
Page 587: Typical Bgp/Mpls Vpn Configuration Example
VPNA includes CE1 and CE3; VPNB includes CE2 and CE4. Subscribers in different VPNs cannot access each other. The VPN-target attribute for VPNA is 111:1 and that for VPNB is 222:2. The PEs and P are H3C switches supporting MPLS, and CEs are common layer 3 switches. Note: The configuration in this case is focused on: Configure EBGP to exchange VPN routing information between CEs and PEs.
Page 588 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Configure CE1. # Configure CE1 and PE1 as EBGP neighbors, import direct-connect routes and static routes to import intra-CE1 VPN routes into BGP and advertise to PE1.CE1connects to PE1 through interface Gigabitethernet 2/1/1.
Page 589 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Bind the VLAN interface connecting PE1 and CE1 to the VPNA. Note that you should first configure association between the VLAN interface and VPN-instance, and then configure the IP address of the VLAN interface.
Page 590 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE1] bgp 100 [PE1-bgp] group 202 internal [PE1-bgp] peer 202.100.1.3 group 202...
Page 591 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [P-Vlan-interface303] mpls [P-Vlan-interface303] mpls ldp enable [P-Vlan-interface303] quit [P] vlan 304 [P-vlan304] port gigabitethernet 3/1/4 [P-vlan304] quit [P] interface Vlan-interface 304 [P-Vlan-interface304] ip address 172.4.1.2 255.255.0.0...
Page 592 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE3-bgp-af-vpn-instance] import-route direct [PE3-bgp-af-vpn-instance] group 168 external [PE3-bgp-af-vpn-instance] peer 168.3.1.1 group 168 as-number 65430 [PE3-bgp-af-vpn-instance] quit [PE3-bgp] quit # Bind the interface connecting PE3 and CE3 to VPNA.
Page 593: Extranet Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information. [PE3] bgp 100 [PE3-bgp] group 202 internal [PE3-bgp] peer 202.100.1.1 group 202 as-number 100 [PE3-bgp] peer 202.100.1.1 connect-interface loopback0...
Page 594 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram SP network SP network AS100 AS100 AS100 PE-A PE-A PE-A PE-C PE-C PE-C PE-B PE-B PE-B 10.1.1.1 10.1.1.1 10.1.1.1 20.1.1.1 20.1.1.1 20.1.1.1 30.1.1.1 30.1.1.1...
Page 595 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE-A-bgp-af-vpn-instance] import-route direct [PE-A-bgp-af-vpn-instance] import-route static [PE-A-bgp-af-vpn-instance] group 172 external [PE-A-bgp-af-vpn-instance] peer 172.15.1.1 group 172 as-number 65011 [PE-A-bgp-af-vpn-instance] quit [PE-A-bgp] quit # Bind VPN-instance1 with the interface of VLAN301 which connects CE-A.
Page 596 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE-C-vpn-2] quit # Set up MP-EBGP adjacency between PE-C and CE-C, import intra-CE-C VPN routes learned into MBGP VPN-instance address family. [PE-C] bgp 100 [PE-C-bgp] ipv4-family vpn-instance vpn-instance2...
Page 597 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE-C-bgp-af-vpn] peer 30 enable [PE-C-bgp-af-vpn] peer 30.1.1.1 group 30 [PE-C-bgp-af-vpn] quit Configure PE-B: # Create VPN-instance 3 for VPN2 on PE-B, so that it can send and receive VPN routing information of VPN-target 222:2.
Page 598: Hub&Spoke Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE-B] bgp 100 [PE-B-bgp] group 20 [PE-B-bgp] peer 20.1.1.1 group 20 [PE-B-bgp] peer 20.1.1.1 connect-interface loopback 0 [PE-B-bgp] ipv4-family vpnv4 [PE-B-bgp-af-vpn] peer 20 enable [PE-B-bgp-af-vpn] peer 20.1.1.1 group 20 [PE-B-bgp-af-vpn] quit 3.4.3 Hub&Spoke Configuration Example...
Page 599 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Note: In this case the configuration is focused on four points: Route advertisement can be controlled by VPN-target settings on different PEs. Routing loop is permitted only once, so that PE can receive route update messages with AS number included from CE.
Page 600 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Configure PE1 # Configure two VPN-instances on PE1, set specified VPN-target for the routes received from PE2 and PE3. [PE1] ip vpn-instance vpn-instance2 [PE1-vpn-vpn-instance2] route-distinguisher 100:2...
Page 601 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-vlan202] port gigabitethernet 2/1/2 [PE1-vlan202] quit [PE1] interface Vlan-interface 202 [PE1-Vlan-interface202] ip binding vpn-instance vpn-instance3 [PE1-Vlan-interface202] ip address 172.17.0.1 255.255.0.0 [PE1-Vlan-interface202] quit # Configure Loopback interface [PE1] interface loopback 0 [PE1-LoopBack0] ip address 11.1.1.1 255.255.255.255...
Page 602 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] peer 172.15.1.1 group 172 as-number 65003 [PE2-bgp-af-vpn-instance] quit [PE2-bgp] quit # Bind the interface of the VLAN to which the port connecting PE2 and CE2 belongs to VPN-instance.
Page 603: Ce Dual-Home Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE3-bgp-af-vpn-instance] import-route direct [PE3-bgp-af-vpn-instance] group 172 external [PE3-bgp-af-vpn-instance] peer 172.18.1.1 group 172 as-number 65001 [PE3-bgp-af-vpn-instance] quit [PE3-bgp] quit # Bind the interface of the VLAN to which the port connecting PE3 and CE3 belongs to VPN-instance.
Page 604 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration CE1 and CE3 are in one VPN, and CE2 and CE4 are in another VPN. The two VPNs cannot intercommunicate with each other. II. Network diagram...
Page 605 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1] ip vpn-instance vpn-instance1.2 [PE1-vpn-vpn-instance1.2] route-distinguisher 2.2.2.2:2 [PE1-vpn-vpn-instance1.2] vpn-target 2.2.2.2:2 [PE1-vpn-vpn-instance1.2] quit # Set up EBGP adjacency between PE1 and CE1 in VPN-instance 1, import intra-CE1 VPN routes learned into VPN-instance 1.1.
Page 606 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255 [PE1-LoopBack0] quit # Configure MPLS basic capacity, enable LDP on the interface connecting PE1 and PE2 and the interface connecting PE1 and PE3.
Page 607 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-bgp] peer 2.2.2.2 group 2 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE1-bgp] group 3 [PE1-bgp] peer 3.3.3.3 group 3 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 2 enable [PE1-bgp-af-vpn] peer 2.2.2.2 group 2...
Page 608 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] import-route static [PE2-bgp-af-vpn-instance] group 17222 external [PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 17222 as-number 65002 [PE2-bgp-af-vpn] quit [PE2-bgp] quit # Bind the interface connecting PE2 and CE1 to VPN-instance 2.1 and the interface connecting PE2 and CE2 to VPN-instance 2.2.
Page 609: Cross-Domain Bgp/Mpls Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Set up EBGP adjacency between PE3 and CE3 in VPN-instance3.1, import intra-CE3 VPN routes learned into VPN-instance3.1. [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn-instance3.1 [PE3-bgp-af-vpn-instance] import-route direct...
Page 610 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration AS100 as the AS number; site in City B accesses to the MPLS/VPN network of service provider in City B, and gets AS200 as the AS number. The VPN goes through two ASs.
Page 611 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-vpn-vpnb] route-distinguisher 100:2 [PE1-vpn-vpnb] vpn-target 100:2 both # Configure VLAN interface connecting PE1 and P1. [PE1] vlan 205 [PE1-vlan205] port gigabitethernet 2/2/1 [PE1-vlan205] quit [PE1] interface Vlan-interface 205...
Page 612 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-bgp] quit Configure PE2 # Configure MPLS. [PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp # Configure the VLAN interface connecting CE. [PE2] vlan 203...
Page 613 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-Vlan-interface204] ip address 172.22.22.1 255.255.255.0 [PE2-Vlan-interface204] quit # Enable EBGP between PE and CE. [PE2] bgp 200 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-12 external [PE2-bgp-af-vpn-instance] peer 172.12.12.2 group 172-12 as-number 65012...
Page 614: Cross-Domain Bgp/Mpls Vpn Configuration Example - Option C
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [P1] vlan 206 [P1-vlan206] port gigabitethernet 2/1/2 [P1-vlan206] quit [P1] interface Vlan-interface 206 [P1-Vlan-interface206] mpls [P1-Vlan-interface206] mpls ldp enable [P1-Vlan-interface206] ip address 98.98.98.1 255.255.255.0 [P1-Vlan-interface206] quit # Configure IBGP neighbors and EBGP neighbors.
Page 615 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne BGP/MPLS Backbo ne...
Page 616 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [ASBR-PE1-LoopBack 0] quit [ASBR-PE1] vlan 110 [ASBR-PE1-vlan110] interface vlan 110 [ASBR-PE1-Vlan-interface110] ip address 172.1.1.1 255.255.0.0 [ASBR-PE1-Vlan-interface110] quit [ASBR-PE2] vlan 210 [ASBR-PE1-vlan210] interface vlan 210 [ASBR-PE1-Vlan-interface210] ip address 192.1.1.1 255.255.255.0...
Page 617 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [ASBR-PE2-ospf-1] area 0 [ASBR-PE2-ospf-1-area-0.0.0.0] network 162.1.0.0 0.0.255.255 [ASBR-PE2-ospf-1-area-0.0.0.0] network 202.200.1.1 0.0.0.0 [ASBR-PE2-ospf-1-area-0.0.0.0] quit [ASBR-PE2-ospf-1] quit Configure basic MPLS capability on the MPLS backbone network to enable the network to forward VPN traffic.
Page 618 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface vlan 310 [ASBR-PE2-Vlan-interface310] mpls [ASBR-PE2-Vlan-interface310] mpls ldp [ASBR-PE2-Vlan-interface310] quit [ASBR-PE2] interface vlan 210 [ASBR-PE2-Vlan-interface210] mpls...
Page 619 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [CE2] vlan 510 [CE2-vlan510] interface vlan 510 [CE2-Vlan-interface510] ip address 168.2.2.2 255.255.0.0 [CE2-Vlan-interface510] quit # Create a VPN instance on PE2 and bind it to the interface connected to CE2...
Page 620 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-bgp-af-vpn-instance] quit [PE1-bgp] group 20 [PE1-bgp] peer 20 label-route-capability [PE1-bgp] peer 202.100.1.1 group 20 [PE1-bgp] peer 202.100.1.1 connect-interface loopback0 [PE1-bgp] group 30 external [PE1-bgp] peer 30 ebgp-max-hop [PE1-bgp] peer 200.200.1.2 group 30 as-number 200...
Page 621 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [ASBR-PE1-bgp] quit # Configure CE2. [CE2] bgp 65002 [CE2-bgp] group 10 external [CE2-bgp] peer 168.2.2.1 group 10 as-number 200 [CE2-bgp] quit # Configure PE2: set up EBGP peer relation with CE2, IBGP peer relation with ASBR-PE2, and Multihop MP-EBGP peer relation with PE1.
Page 622: Hierarchical Bgp/Mpls Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Configure ASBR-PE2: set up EBGP peer relation with ASBR-PE1, and IBGP peer relation with PE2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] import-route ospf [ASBR-PE2-bgp] group 10 external...
Page 623 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram MPLS backbone MPLS backbone MPLS 骨干网 MPLS 骨干网 Upper VPN Upper VPN VLAN201 VLAN201 VLAN201 VLAN201 Loopbac k0:10.0.0.2 Loopbac k0:10.0.0.2 Loopbac k0:10.0.0.2 Loopbac k0:10.0.0.2 10.
Page 624 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [SPE-vlan201] quit [SPE] interface Vlan-interface 201 [SPE-Vlan-interface201] ip address 10.0.0.1 255.0.0.0 [SPE-Vlan-interface201] mpls [SPE-Vlan-interface201] mpls ldp enable [SPE-Vlan-interface201] quit [SPE] interface loopback0 [SPE-LoopBack 0] ip address 1.0.0.2 255.255.255.255...
Page 625: Ospf Multi-Instance Sham-Link Configuration Example
I. Network requirements As shown in the following picture, a company connects to a WAN through OSPF multi-instance function of H3C router. OSPF is bind to VPN1.MPLS VPN backbone runs between PEs and OSPF runs between PE and CE. Configure a Sham-link between PE1 and PE2 to ensure the traffic between CE1 and CE2 does not pass the Backdoor link that directly connects CE1 and CE2.
Page 626 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram LoopBack0: 1.1.1.1 LoopBack0: 1.1.1.1 LoopBack0: 3.3.3.3 LoopBack0: 3.3.3.3 VLAN202 VLAN202 1.1.1.1 1.1.1.1 VLAN202 VLAN202 3.3.3.3 3.3.3.3 10.10.10.10 10.10.10.10 168.1.13.1/24 168.1.13.1/24 168.1.13.2/24 168.1.13.2/24 VLAN201...
Page 627 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-vlan201] port gigabitethernet 2/1/1 [PE1-vlan201] quit [PE1] interface Vlan-interface 201 [PE1-Vlan-interface201] ip binding vpn-instance vpn1 [PE1-Vlan-interface201] ip address 10.1.1.2 255.255.255.0 [PE1-Vlan-interface201] ospf cost 1 [PE1-Vlan-interface201] quit...
Page 628 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-bgp-af-vpn] peer 50.1.1.2 group fc # Bind OSPF process to VPN-instance. [PE1] ospf 100 router-id 1.1.1.1 vpn-instance vpn1 [PE1-ospf-100] import-route bgp [PE1-ospf-100] area 0.0.0.0 [PE1-ospf-100-area-0.0.0.0] network 10.1.1.0 0.0.0.255...
Page 629 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-Vlan-interface201] ospf cost 1 [PE2-Vlan-interface201] quit [PE2] vlan 202 [PE2-vlan202] port gigabitethernet 2/1/2 [PE2-vlan202] quit [PE2] interface Vlan-interface 202 [PE2-Vlan-interface202] ip address 168.1.23.2 255.255.255.0 [PE2-Vlan-interface202] ospf cost 1...
Page 630 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-ospf-100] area 0.0.0.0 [PE2-ospf-100-area-0.0.0.0] network 20.1.1.0 0.0.0.255 # Configuring Sham-link [PE2-ospf-100-area-0.0.0.0] sham-link 2.2.2.2 1.1.1.1 # Configure static route to PE1 and PE3. [PE2] ip route-static 50.1.1.1 255.255.255.255 168.1.12.1 [PE2] ip route-static 50.1.1.3 255.255.255.255 168.1.23.3...
Page 631: Nested Bgp/Mpls Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [CE2-Vlan-interface202] ip address 12.1.1.2 255.255.255.0 [CE2-Vlan-interface202] ospf cost 100 [CE2-Vlan-interface202] quit [CE2] vlan 201 [CE2-vlan201] port gigabitethernet 2/1/1 [CE2-vlan201] quit [CE2] interface Vlan-interface 201 [CE2-Vlan-interface201] ip address 20.1.1.1 255.255.255.0 [CE2-Vlan-interface201] ospf cost 1 # Configure OSPF.
Page 632 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram VLAN 210 VLAN 210 18.1.1.2/8 18.1.1.2/8 18.1.1.2/8 18.1.1.2/8 AS100 AS100 AS100 AS100 VPN1 VPN1 VPN1 VPN1 prov_pe1 prov_pe1 prov_pe1 prov_pe1 prov_pe2 prov_pe2 prov_pe2...
Page 633 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration # Configure prov_pe2. <H3C> system-view [H3C] sysname prov_pe2 [prov_pe2] interface LoopBack0 [prov_pe2-LoopBack0] ip address 4.4.4.4 255.255.255.255 [prov_pe2-LoopBack0] quit [prov_pe1] vlan 110 [prov_pe1-vlan110] interface vlan-interface 110 [prov_pe1-Vlan-interface110] ip address 10.1.1.2 255.0.0.0...
Page 634 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [prov_pe1-bgp] quit # Configure prov_pe2. [prov_pe2] bgp 100 [prov_pe2-bgp] group ibgp internal [prov_pe2-bgp] peer 5.5.5.5 group ibgp [prov_pe2-bgp] peer 5.5.5.5 connect-interface LoopBack0 [prov_pe2-bgp] ipv4-family vpnv4 [prov_pe2-bgp-af-vpn] peer ibgp enable [prov_pe2-bgp-af-vpn] peer ibgp next-hop-local [prov_pe2-bgp-af-vpn] peer 5.5.5.5 group ibgp...
Page 635 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [prov_pe2- Vlan-interface410] ip address 2.1.1.2 255.0.0.0 [prov_pe2- Vlan-interface410] mpls [prov_pe2- Vlan-interface410] quit # Configure cust_pe1. <H3C> system-view [H3C] sysname cust_pe1 [cust_pe1] interface LoopBack0 [cust_pe1-LoopBack0] ip address 6.6.6.6 255.255.255.255 [cust_pe1-LoopBack0] quit [cust_pe1] mpls lsr-id 6.6.6.6...
Page 636 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [prov_pe1-bgp-af-vpn] quit # Configure prov_pe1 to access CE5 [prov_pe1-bgp] ipv4-family vpn-instance vpn1 [prov_pe1-bgp-af-vpn-instance] group ebgp external [prov_pe1-bgp-af-vpn-instance] peer 18.1.1.2 group ebgp as-number 50003 # Configure prov_pe2 to access the corresponding Customer PE.
Page 637: Ospf Multi-Instance Ce Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [cust_pe1-vpn-instance] route-distinguisher 1:1 [cust_pe1-vpn-instance] vpn-target 1:1 [cust_pe1-vpn-instance] quit [cust_pe1] interface vlan 510 [cust_pe1-Vlan-interface510] ip binding vpn-instance vpn1 [cust_pe1- Vlan-interface510] ip address 15.1.1.2 255.0.0.0 [cust_pe1-Vlan-interface510] quit [cust_pe1] bgp 600...
Page 638 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram VLAN202 VLAN202 ospf 100 ospf 100 VLAN201 VLAN201 10.2.1.2/24 10.2.1.2/24 vpn1 vpn1 10.1.1.2/24 10.1.1.2/24 vpn2 vpn2 VLAN204 VLAN204 VLAN203 VLAN203 ospf 300 ospf 300 20.1.1.2/24...
Page 639: Multi-Role Host Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [CE] vlan 203 [CE-vlan203] port gigabitethernet 2/1/3 [CE-vlan203] quit [CE] interface Vlan-interface 203 [CE-Vlan-interface203] ip binding vpn-instance vpn2 [CE-Vlan-interface203] ip address 20.1.1.2 255.255.255.0 # Configure VLAN204.
Page 640 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration II. Network diagram 172.18.0.1/16 172.18.0.1/16 172.18.0.1/16 172.18.0.1/16 Ethernet2/1/0 Ethernet2/1/0 Ethernet2/1/0 Ethernet2/1/0 AS65410 AS65410 AS65410 AS65410 172.18.0.2/16 172.18.0.2/16 172.18.0.2/16 172.18.0.2/16 Ethernet1/1/0 Ethernet1/1/0 Ethernet1/1/0 Ethernet1/1/0 20.2.1.1/24 20.2.1.1/24 20.2.1.1/24 20.2.1.1/24...
Page 641 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] vlan 110 [PE2-vlan110] interface vlan-interface 110 [PE1-Vlan-interface110] ip address 192.168.1.2 24 [PE2-Vlan-interface110] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255...
Page 642 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE1-vlan210] interface vlan-interface 210 [PE1-Vlan-interface210] ip binding vpn-instance vpn2 [PE1-Vlan-interface210] ip address 20.1.1.2 24 [PE1-Vlan-interface210] quit # Configure basic MPLS capability on PE2. [PE2] mpls lsr-id 2.2.2.9...
Page 643 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [CE2-Vlan-interface210] ip address 20.1.1.1 24 [CE2-Vlan-interface210] quit # Configure CE3: [CE3] vlan 210 [CE3-vlan210] interface vlan-interface 210 [CE3-Vlan-interface210] ip address 20.3.1.1 24 [CE3-Vlan-interface210] quit [CE3] bgp 65430...
Page 644: Troubleshooting
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn] peer 1.1.1.9 group 10 [PE2-bgp-af-vpn] quit [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 20 external [PE2-bgp-af-vpn-instance] peer 20.3.1.1 group 20 as-number 65430 [PE2-bgp-af-vpn-instance] quit...
Page 645 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 3 BGP/MPLS VPN Configuration Check whether the loopback interface configured on the PE has the address with 32-bit mask. Check whether the tag of private network route is correct. Check whether the LDP session is established using the display mpls ldp session command.
Page 646: Chapter 4 Mpls L2Vpn
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Chapter 4 MPLS L2VPN Note: L2VPN mentioned in the following section refers to the L2VPN implemented through virtual leased line (VLL). 4.1 MPLS L2VP Overview 4.1.1 Introduction to MPLS L2VP MPLS L2VPN provides MPLS network-based Layer 2 VPN services.
Page 647: Packet Forwarding
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Reliability and privacy of user routes. As no user routing information is imported, there is no need for MPLS L2VPN to obtain and process the information, ensuring the privacy of user routes.
Page 648: Implementation
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU L2 PDU...
Page 649 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Table 4-1 Features and implementation ways of the three types of MPLS L2VPNs VPN type Implementation Feature Configures static LSPs Data is transmitted through implement MPLS L2VPN.
Page 650: Ccc Mpls L2Vpn Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Note: You also can configure LSPs without P devices. 4.2 CCC MPLS L2VPN Configuration 4.2.1 Configuring CCC MPLS L2VPN Table 4-2 Configure CCC MPLS L2VPN Configuration Command...
Page 651: Ccc Mpls L2Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Configuration Command Description step Required. Two types of CCC Establish local ccc-connection-name connections exist: local CCC interface vlan-interface CCC connection connection and remote CCC vlan-id out-interface connection.
Page 652 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN II. Network diagram CE B CE B CE B CE B CE B CE B Local connection Local connection Local connection VLAN213 VLAN213 VLAN213 VLAN211 VLAN211 VLAN211...
Page 653 # Configure a static LSP, with the out-label of 100 and the egress interface being the interface of VLAN 214. [H3C] mpls [H3C-mpls] static-lsp ingress PEA-PEB l2vpn nexthop 5.5.5.2 out-label 100 # Configure a static LSP, with the in-label of 211 and the ingress interface being the interface of VLAN 214.
Page 654 # Configure a static LSP, with the in-label of 101 and the ingress interface being the interface of VLAN 212. [H3C-mpls] static-lsp egress PEA-PEB l2vpn incoming-interface vlan-interface 212 in-label 101 # Configure the remote connection. [H3C] ccc remote-connection interface vlan-interface 211 transmit-lsp PEB-PEA receive-lsp PEA-PEB Configure P. [H3C] mpls lsr-id 10.0.0.2 [H3C] mpls...
Page 655: Martini Mpls L2Vpn Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Caution: Following must be met to make a local CCC connection to go up: The interfaces of the two CE are physically up. The encapsulation types of the interfaces of the two CEs are the same and are supported by the MPLS L2VPN.
Page 656: Martini Mpls L2Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Configuration step Command Description Required. To configure a Martini MPLS L2VPN on a PE, you need to provide the Create a Martini MPLS IP address (Lsr-id) of the...
Page 657 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN [H3C-A-mpls] quit [H3C-A] mpls ldp [H3C-A] mpls l2vpn # Configure VLAN 212. [H3C-A] vlan 212 [H3C-A-vlan212] port gigabitethernet 2/1/2 [H3C-A-vlan212]interface vlan-interface 212 [H3C-Vlan-interface212] quit # Configure the VLAN interface.
Page 658 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN [H3C-B] mpls l2vpn # Configure VLAN 211. [H3C-B] vlan 211 [H3C-B-vlan211] port gigabitethernet 2/1/1 [H3C-B-vlan211] interface Vlan-interface 211 [H3C-Vlan-interface 211] quit # Configure the VLAN interface. [H3C-B] vlan 212...
Page 659 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN [H3C-P] mpls l2vpn # Configure an IP address for the Loopback interface, which is used as the LSR ID. [H3C-P] interface loopback 0 [H3C-P-LoopBack0] ip address 192.1.1.3 255.255.255.255 [H3C-P-LoopBack0] quit # Configure the VLAN interface.
Page 660: Kompella Mpls L2Vpn Configuration
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN 4.4 Kompella MPLS L2VPN Configuration 4.4.1 Configuring Kompella MPLS L2VPN Table 4-4 Configure Kompella MPLS L2VPN Configuration step Command Description system-view Enter system view mpls lsr-id X.X.X.X...
Page 661 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Configuration step Command Description Required. For an MPLS L2VPN, you must configure the RD before performing other configurations. An RD cannot be modified once it is configured.
Page 662: Kompella Mpls L2Vpn Configuration Example
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Caution: You can only change the CE range to a number larger than the existing one. For example, you can change a CE range from 10 to 20, rather than from 10 to 5. The only way to change a CE range to a smaller number is to remove the CE and create a new one.
Page 663 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN [H3C] interface loopback 0 [H3C-LoopBack0] ip address 1.1.1.1 32 # Enable MPLS L2VPN globally. [H3C] mpls l2vpn # Configure VLAN 211. [H3C] vlan 211 [H3C-vlan211] port gigabitethernet 2/1/1...
Page 664 H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN [H3C-mpls-l2vpn-vpn1] vpn-target 100:1 # Create CE1 and configure the corresponding connection. [H3C-mpls-l2vpn-vpn1] ce ce1 id 1 range 200 [H3C-mpls-l2vpn-vpn1-ce1] connection ce-offset 2 interface vlan-interface [H3C-mpls-l2vpn-vpn1-ce1] connection ce-offset 3 interface vlan-interface [H3C-mpls-l2vpn-vpn1-ce1] quit # Enable OSPF.
Page 665 [H3C] mpls l2vpn vpn1 encapsulation ethernet [H3C-mpls-l2vpn-vpn1] route-distinguisher 100 :1 [H3C-mpls-l2vpn-vpn1] vpn-target 100 :1 # Create CE2 and configure the corresponding connection. [H3C-mpls-l2vpn-vpn1] ce ce2 id 2 range 200 [H3C-mpls-l2vpn-vpn1-ce2] connection ce-offset 1 interface vlan-interface [H3C-mpls-l2vpn-vpn1-ce2] quit [H3C-mpls-l2vpn-vpn1] ce ce3 id 3 range 200...
Page 666: Displaying And Debugging Mpls L2Vpn
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN 4.5 Displaying and Debugging MPLS L2VPN After the above configuration, you can verify your configuration concerning MPLS L2VPN by executing the display command in any view and checking the output information.
Page 667 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 4 MPLS L2VPN Symptom 2: Fail to ping the peer from one end of a Martini MPLS L2VPN connection. The VC is down and the Remote value is invalid. Solution: VC state being down indicates the encapsulation types or VC IDs of the two ends are not the same.
Page 668: Chapter 5 Card Intermixing For Mpls Support
5.1 Overview 5.1.1 Introduction to Card Intermixing For S9500 series routing switches, only the interface cards with suffixes C, CA and CB and VPLS service processor cards support MPLS function. If you want to enable MPLS VPN function of S9500 switches, you need MPLS-supporting interface cards or VPLS service processor cards.
Page 669: Restrictions In Intermixing Networking
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support The port on the MPLS card can also be used for the access to the service private network side of the MPLS VPN. In this case, you do not need to configure card intermixing, and you must use the port of the MPLS card for the connection with the MPLS public network side.
Page 670: Restrictions In Card Intermixing
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support only VLANs with two ports: one is the source port (port of the non-MPLS card) and the other is the destination port (port of the MPLS card);...
Page 671: Introduction To Intermixing Configuration Task
P devices and PE devices. The routing protocols available currently include: static routing, RIP, OSPF, BGP and so on. Refer to the “Routing Protocols” part of the H3C S9500 Routing Switches Operation Manual I for detailed configuration information.
Page 672 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support I. For L2VPN Table 5-2 Configure the flow template and ACL of L2VPN Operation Command Description system-view Enter system view acl { number acl-number...
Page 673: Applying Flow Template And Redirection In Port Mode
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support Operation Command Description Required. Layer rule rule [ rule-id ] permit configure VLAN+DMAC. ingress egress Configure Layer 2 vlan-id DMAC refers to the virtual dest-mac-addr MAC of the switch.
Page 674: Typical Networking Example
C is shared, and in PE2, a Layer 2 switch is shared to connect with the host directly. The PE devices (PE1 and PE2) are S9500 series switches, and the PE devices need to support the MPLS function. CE1 and CE2 are common mid-range and low-end routers.
Page 675 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support II. Networking diagram MPLSNetwork MPLSNetwork MPLSNetwork MPLSNetwork MPLSNetwork MPLSNetwork MPLS Netw ork MPLS Netw ork vlan 10 vlan 10 vlan 10 vlan 10 vlan 10 vlan 10 Loopback0 1.1.1.1/32...
Page 676 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support [PE1] interface loopback0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] vlan 100 [PE1-vlan100] port GigabitEthernet 2/2/1 [PE1-vlan100] interface vlan-interface 100 [PE1-vlan-interface100] ip address 196.168.1.1 255.255.255.0...
Page 677 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support Caution: If the VRRP protocol is enabled on the VLAN port to which the source port of MPLS VPN redirection belongs, you must configure another ACL rule to redirect the packets...
Page 678 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support [PE1-bgp] peer 2.2.2.2 connect-interface loopback0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 100 enable [PE1-bgp-af-vpn] peer 2.2.2.2 group 100 Configure P # Configure global MPLS. [P] mpls lsr-id 3.3.3.3...
Page 679 Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support [PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] vlan 300 [PE2-vlan300] port GigabitEthernet 2/2/1 [PE2-vlan300] interface vlan-interface 300 [PE2-vlan-interface300] ip address 196.168.2.1 255.255.255.0 [PE2-vlan-interface300] mpls...
Page 680: Restrictions In Networking Of Various Mpls Cards
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support [PE2-Ethernet3/1/1] flow-template user-defined [PE2-Ethernet3/1/1] traffic-redirect inbound ip-group 2000 rule 0 link-group 4000 rule 0 interface GigabitEthernet 2/1/1 10 l3-vpn # Bind VPN A on the VLAN interface between PE2 and CE3.
Page 681: Exclusively Non-Mpls Cards
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support Note: MPLS cards with suffix CA support VLL and BGP/MPLS VPN, and common MPLS cards (with suffix C0) do not support VLL. 5.4.1 Exclusively non-MPLS Cards I.
Page 682: Combination Of Multiple Mpls Cards And Multiple Non-Mpls Cards
Operation Manual – MPLS H3C S9500 Series Routing Switches Chapter 5 Card Intermixing for MPLS Support In card intermixing networking, non-MPLS cards can only be used for access at the private network side, and MPLS card must be used for access at the public network side.
Page 683 Operation Manual – STP H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 MSTP Region-configuration ..................1-1 1.1 Introduction to MSTP ....................... 1-1 1.1.1 MSTP Concepts ....................1-1 1.1.2 MSTP Principles ....................1-6 1.1.3 MSTP Implementation on the Switch ..............1-11 1.2 Configuring MSTP ......................
Page 684 Operation Manual – STP H3C S9500 Series Routing Switches Table of Contents 3.2.2 Enabling/disabling VLAN VPN on Ethernet port ..........3-2 3.3 BPDU Tunnel Configuration Example ................3-2...
Page 685: Chapter 1 Mstp Region-Configuration
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Chapter 1 MSTP Region-configuration 1.1 Introduction to MSTP MSTP stands for Multiple Spanning Tree Protocol, which is compatible with Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP).
Page 686 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration CIST: common and Area A0 internal spanning tree VLAN 1 mapped to Instance 1 VLAN 2 mapped to Instance 2 MSTI: multiple spanning Other VLANs mapped to CIST...
Page 687 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration the CIST. For example, every MST region in Figure 1-1 has an IST, which is a fragment of CIST. IV. CST Common Spanning Tree (CST): a LAN has only one CST. CST connects the spanning trees of all MST regions.
Page 688 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration The designated port is the one through which the data are forwarded to the downstream network segment or switch. Master port is the port connecting the entire region to the Common Root Bridge and located on the shortest path between them.
Page 689 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration MSTP modules communicate with each other among bridges by MSTP BPDU packets. The following figure shows the MSTP BPDU packet format: Figure 1-3 BPDU packet format Figure 1-4 MSTI information format of the last part in BPDU packets Besides field root bridge priority, root path cost, local bridge priority and port priority, the field flags which takes one byte in an instance is also used for role selection.
Page 690: Mstp Principles
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration TcAck TcAck Agreement Agreement Forwarding Forwarding Learning Learning Proposal Proposal Figure 1-5 Meaning of 1-byte Flags in BPDU packets The second and third bits together indicate MSTP port role.
Page 691 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Switch A Switch C Switch B Figure 1-6 Designated bridge and designated port For a switch, the designated bridge is a switch in charge of forwarding BPDU to the local switch via a port called the designated port accordingly.
Page 692 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration priorities of Switch A, B and C are 0, 1 and 2 and the path costs of their links are 5, 10 and 4 respectively. Initial state...
Page 693 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration BPDU for every port: substituting the root ID with the root ID in the configuration BPDU of the root port, the cost of path to root with the value made by the root path cost plus the path cost corresponding to the root port, the designated bridge ID with the local switch ID and the designated port ID with the local port ID.
Page 694 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration CP2 receives from the BP2 of Switch B the configuration BPDU {1, 0, 1, BP2} that has not been updated and then the updating process is launched. The configuration BPDU is updated as {1, 0, 1, BP2}.
Page 695: Mstp Implementation On The Switch
MSTP is compatible with STP and RSTP. The MSTP switch can recognize both the STP and RSTP packets and calculate the spanning tree with them. Besides the basic MSTP functions, H3C Ethernet Switch Series also provide some features easy to manage from users’ point of view. These features include root bridge hold, secondary root bridge, ROOT protection, BPDU protection, loop protection, hot swapping of the interface boards, master/slave switchover, and so on.
Page 696: Configuring Mstp
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration 1.2 Configuring MSTP MSTP configuration includes: Configuring the MST Region for a Switch Specifying the Switch as a Primary or a Secondary Root bridge Configuring the MSTP Running Mode...
Page 697: Configuring The Mst Region For A Switch
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration 1.2.1 Configuring the MST Region for a Switch Which MST region a switch belongs to is determined with the configurations of the region name, VLAN mapping table, and MSTP revision level. You can perform the following configurations to put a switch into an MST region.
Page 698 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration A user manually activates the configured parameters related to the MST region, using the active region-configuration command. A user enables MSTP using the stp enable command. By default, the MST region name is the switch MAC address, all the VLANs in the MST region are mapped to the STI 0, and the MSTP region revision level is 0.
Page 699: Specifying The Switch As A Primary Or A Secondary Root Bridge
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Table 1-4 Activate the MST region configuration and exit the MST region view Operation Command Show the configuration information of the MST check region-configuration region under revision...
Page 700: Configuring The Mstp Running Mode
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration When configuring the primary and secondary switches, you can also configure the network diameter and hello time of the specified switching network. For detailed information, refer to the configuration tasks “Configure switching network diameter” and “Configure the Hello Time of the switch”.
Page 701: Configuring The Bridge Priority For A Switch
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration automatically transit back to MSTP mode after the STP switch is removed. In this case, you can execute the stp mcheck command to restore the MSTP mode.
Page 702: Configuring The Switching Network Diameter
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Perform the following configuration in system view. Table 1-8 Configure the max hops in an MST region Operation Command Configure the max hops in an MST region...
Page 703: Configuring The Time Parameters Of A Switch
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Note: The stp bridge-diameter command configures the switching network diameter and determines the three MSTP time parameters (Hello Time, Forward Delay, and Max Age) accordingly. 1.2.7 Configuring the Time Parameters of a Switch The switch has three time parameters, Forward Delay, Hello Time, and Max Age.
Page 704: Setting The Timeout Factor Of A Specific Bridge
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Every switch on the switching network adopts the values of the time parameters configured on the root bridge of the CIST. Caution: The Forward Delay configured on a switch depends on the switching network diameter.
Page 705: Configuring The Max Transmission Speed On A Port
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration You can use the following command to set the multiple value of hello time of a specified bridge. Perform the following configurations in system view. Table 1-11 Setting the timeout factor of a specific switch...
Page 706: Configuring A Port As An Edge Port Or Non-Edge Port
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration You can configure the max transmission speed on a port with either of the earlier-mentioned measures. For more about the commands, refer to the Command Manual. This parameter only takes a relative value without units. If it is set too large, too many packets will be transmitted during every Hello Time and too many network resources will be occupied.
Page 707: Configuring The Path Cost Of A Port
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration After configured as an edge port, the port can fast transit from blocking state to forwarding state without any delay. You can only set the port connecting with the terminal as an edge port.
Page 708: Three Standards For Calculating Stp Path Cost On An Stp Port
By default, MSTP is responsible for calculating the path cost of a port. 1.2.12 Three Standards for Calculating STP Path Cost on an STP Port The H3C S9500 Series Routing Switches support DOT1T calculation , DOT1D-1998 calculation and legacy path cost calculation. By default, legacy standard is applied for S9500 series.
Page 709 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Full-duplex and non-aggregation port at a rate less than 1 GE Path cost = [200,000,000 / (rate × 10)] – 1 Other ports Path cost = 200,000,000 / (rate × 10) II.
Page 710: Configuring The Priority Of A Port
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration The actual rate counts, but the rate is 0 if the port is down. Calculating the path cost Table 1-19 details the correspondence between the rate range and the value range of the path cost of the ports.
Page 711: Configuring The Port (Not) To Connect With The Point-To-Point Link
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Table 1-21 Configure the port priority Operation Command stp interface interface-list instance Configure the port priority. instance-id port priority priority undo interface interface-list Restore the default port priority.
Page 712 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Table 1-23 Configure the port (not) to connect with the point-to-point link Operation Command Configure port connect with interface interface-list point-to-point link. point-to-point force-true Configure the port not to connect with the...
Page 713: Configuring The Mcheck Variable Of A Port
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration This configuration takes effect on the CIST and all the MSTIs. The settings of a port whether to connect the point-to-point link will be applied to all the STIs to which the port belongs.
Page 714: Configuring The Switch Protection Function
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Table 1-26 Configure the mCheck variable of a port Operation Command Perform mCheck operation on a port. stp mcheck You can configure mCheck variable on a port with either of the earlier-mentioned measures.
Page 715 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Note: For the loop protection-enabled port, when the loop protection takes effect because the port cannot receive the BPDU sent by the upstream switches, if the port participates in STP calculation, all the instances of the port will be always set to be in discarding state regardless of the port role.
Page 716 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Operation Command Restore the disabled loop protection state, as stp loop-protection defaulted (from Ethernet port view) Enable the loop protection function of the switch interface interface-list (from system view)
Page 717: Enabling/Disabling Mstp On The Device
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Note: The port configured with loop protection can only turn into discarding state on every instance. That such a port receives no configuration message for a long time indicates that it is about to change its state and role.
Page 718: Disabling Bpdu Packets From Flooding In The Default Vlans
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Table 1-29 Enable/Disable MSTP on a port Operation Command Enable MSTP on a port. stp interface interface-list enable Disable MSTP on a port. stp interface interface-list disable II.
Page 719: Displaying And Debugging Mstp
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Caution: It is recommended that after enabling STP, you disable the broadcasting function of BPDU to prevent the BPDU packets, which are received by ports that did not participate in the generation of spanning trees, from being forwarded to other ports, (which can cause errors during STP generations).
Page 720: Typical Mstp Configuration Example
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration Operation Command Disable packet debugging of MSTP undo debugging stp packet Enable global debugging debugging stp all Disable global debugging undo debugging stp all Enable instance debugging of MSTP...
Page 721 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration II. Network diagram Permit :all VLAN Permit :all VLAN Switch A Switch A Switch B Switch B Permit : Permit : Permit : Permit : VLAN 10, 20...
Page 722 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 1 MSTP Region-configuration [H3C-mst-region] instance 4 vlan 40 [H3C-mst-region] revision-level 0 # Manually activate MST region configuration. [H3C-mst-region] active region-configuration # Specify Switch B as the root of instance 3...
Page 723: Chapter 2 Digest Snooping Configuration
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 2 Digest Snooping Configuration Chapter 2 Digest Snooping Configuration 2.1 Introduction to Digest Snooping According to IEEE 802.1s, two connected switches can communicate with each other through multiple spanning tree instances (MSTIs) in a multiple spanning tree protocol (MSTP) region only when they are configured with the same region settings.
Page 724: Digest Snooping Configuration
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 2 Digest Snooping Configuration 2.2 Digest Snooping Configuration Configure digest snooping on a switch to enable it to communicate in MSTP regions through MSTI with other switches that are configured with some proprietary protocols to calculate configuration digest.
Page 725: Digest Snooping Configuration Example
H3C E Figure 2-1 Network diagram for digest snooping configuration III. Configuration procedure # H3C B is directly connected to A through GE 1/1 and GE 1/2 ports. Enable digest snooping on these two ports by executing the following command: <H3C>system-view System View: return to User View with Ctrl+Z.
Page 726: Chapter 3 Bpdu Tunnel Configuration
Operation Manual – STP H3C S9500 Series Routing Switches Chapter 3 BPDU Tunnel Configuration Chapter 3 BPDU Tunnel Configuration 3.1 BPDU Tunnel Overview BPDU Tunnel enables geographically segmented user network to transmit BPDU packets transparently over the specified VLAN VPN on the operator’s network. This allows the user network to participate in a uniform spanning tree calculation while maintaining a separate spanning tree from the operator network.
Page 727: Enabling/Disabling Bpdu Tunnel
3.3 BPDU Tunnel Configuration Example I. Network requirements The S9500 Series Routing Switches are used as the access devices of the operator’s network, that is, Switch C and Switch D in the following figure.
Page 728 [H3C] vlan 10 [H3C- Ethernet 0/1] port link-type trunk [H3C- Ethernet 0/1]port trunk permit vlan 10 Configure Switch B # Enable RSTP on the device. [H3C] stp enable # Set the port Ethernet 0/1 as a trunk port and configure it to permit VLAN 10 to pass through.
Page 729 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 3 BPDU Tunnel Configuration [H3C] stp enable # Enable BPDU Tunnel on the device. [H3C] vlan-vpn tunnel # Add the port Ethernet 4/1/1 into VLAN 20. [H3C] vlan [H3C-Vlan 20] port Ethernet 4/1/1 # First disable STP and then enable VLAN VPN on the port Ethernet 4/1/1.
Page 730 Operation Manual – STP H3C S9500 Series Routing Switches Chapter 3 BPDU Tunnel Configuration [H3C-Ethernet3/1/3] stp disable [H3C-Ethernet3/1/3] vlan-vpn enable Caution: The STP protocol must be enabled on those devices that have enabled BPDU TUNNEL; otherwise after BPDUs of the client network enter the switch, they will not be processed by the CPU, so their MAC addresses cannot be replaced, that is to say, they cannot be transparently transported.
Page 731 Operation Manual – Security H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ......................1-1 1.1.1 802.1x Standard Overview .................... 1-1 1.1.2 802.1x System Architecture ..................1-1 1.1.3 802.1x Authentication Process ..................1-2 1.1.4 Implementing 802.1x on Ethernet Switches ..............
Page 732 Operation Manual – Security H3C S9500 Series Routing Switches Table of Contents 2.3.2 Setting IP Address and Port Number of a RADIUS Server ........2-15 2.3.3 Setting the RADIUS Packet Encryption Key ............. 2-17 2.3.4 Configuring VPN of RADIUS Server ................2-18 2.3.5 Setting the Maximum Retry Times for RADIUS Request Packets ......
Page 733: Chapter 1 802.1X Configuration
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 802.1x Overview 1.1.1 802.1x Standard Overview IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication.
Page 734: Authentication Process
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration is to be encapsulated in the packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the Authentication Server. Such procedure is called EAP Relay.
Page 735: Implementing 802.1X On Ethernet Switches
AAA configuration. 1.1.4 Implementing 802.1x on Ethernet Switches H3C Series Ethernet Switches not only support the port access authentication method regulated by 802.1x, but also extend and optimize it in the following way: Support to connect several End Stations in the downstream via a physical port.
Page 736: Enabling/Disabling 802.1X
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration Among the above tasks, the first one is compulsory; otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements.
Page 737: Setting Port Access Control Method
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources. The authorized-force keyword specifies the port to operate in authorized-force mode.
Page 738: Setting Supplicant Number On A Port
] By default, 802.1x allows up to 1024 supplicants on each port for H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series), and an S9500 series routing switch can accommodate total of 2048 supplicants.
Page 739: Configuring Authentication Method For 802.1X User
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration Table 1-6 Set the Authentication in DHCP Environment Operation Command Disable the switch to trigger the user ID authentication over the users who configure static dot1x dhcp-launch...
Page 740: Setting The Maximum Times Of Authentication Request Message Retransmission
Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration Table 1-8 Configure Guest VLAN Operation Command Enable Guest VLAN dot1x guest-vlan vlan-id [ interface interface-list ] Disable Guest VLAN undo dot1x guest-vlan vlan-id [ interface interface-list ]...
Page 741 Operation Manual – Security H3C S9500 Series Routing Switches Chapter 1 802.1x Configuration Table 1-10 Configure 802.1x timers Operation Command dot1x timer handshake-period handshake-period-value quiet-period Configure timers quiet-period-value tx-period tx-period-value supp-timeout supp-timeout-value | server-timeout server-timeout-value } Restore default settings undo dot1x timer { handshake-period | quiet-period...
Page 742: Enabling/Disabling Quiet-Period Timer
You can use the following commands to enable/disable a Quiet-Period timer of an Authenticator (such as a H3C Series Switch). If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for a while (which is specified by dot1x timer quiet-period command) before launching the authentication again.
Page 743: Packet Attack Prevention Configuration
With the expansion of Internet scale and the increase of Internet users, the possibility that networking equipment gets attacked is increasing. Specific to some typical attack modes, the S9500 series switches provides a series of schemes of preventing attacks against packets to protect the networking equipment against attacked from IP, ARP, 802.1x and unknown multicast packets.
Page 744: Configuration Example
Internet. The access control mode is configured as based on the MAC address All the supplicants belong to the default domain H3C.net, which can contain up to 30 users. RADIUS authentication is performed first. If there is no response from the RADIUS server, local authentication will be performed.
Page 745 # Set the access control mode. (This command could not be configured, when it is configured as MAC-based by default.) [H3C] dot1x port-method macbased interface Ethernet 3/1/1 # Create the RADIUS scheme radius1 and enters its configuration mode. [H3C] radius scheme radius1...
Page 746 # Create the user domain H3C.net and enters its configuration mode. [H3C] domain H3C.net # Specify radius1 as the RADIUS scheme for the users in the domain H3C.net. [H3C-isp-H3C.net] radius-scheme radius1 # Set a limit of 30 users to the domain H3C.net.
Page 747: Chapter 2 Aaa And Radius/Hwtacacs Protocol Configuration
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Chapter 2 AAA and RADIUS/HWTACACS Protocol Configuration 2.1 AAA and RADIUS/HWTACACS Protocol Overview 2.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
Page 748: Hwtacacs Protocol Overview
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.
Page 749 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-1 HWTACACS vs. RADIUS HWTACACS RADIUS Adopts TCP, providing more reliable network Adopts UDP. transmission. Encrypts the entire packet except for the Encrypts only the password field in standard HWTACACS header.
Page 750 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration The TACACS server sends back an authentication response, requesting for the login password. Upon receiving the response, the TACACS client requests the user for the login password.
Page 751: Implementing Aaa/Radius On A Switch
By now, we understand that in the above-mentioned AAA/RADIUS framework, H3C Series Switches, serving as the user access device (NAS), is the client end of RADIUS. In other words, the AAA/RADIUS concerning client-end is implemented on H3C Series Switches. Figure 2-3 illustrates the RADIUS authentication network including H3C...
Page 752: Aaa Configuration
ISP. Generally, for a username in the userid@isp-name format, taking gw20010608@H3C.net as an example, the isp-name (i.e. H3C.net) following the @ is the ISP domain name. When H3C Series Switches control user access, as for an ISP user whose username is in userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.
Page 753: Configuring Relevant Attributes Of An Isp Domain
ISP domain attributes on a per-ISP domain basis, which includes AAA policy (RADIUS scheme applied etc.) For H3C Series Switches, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name, the system will put it into the default domain.
Page 754 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration users already online. An ISP is in Active state once it is created, that is, at that time, all the users in the domain are allowed to request network services.
Page 755: Configuring Self-Service Server Url
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration By default, the Local scheme is adopted, an ISP domain is in Active state once it is created, no limit is set to the amount of supplicants, accounting optional is disabled, idle-cut is disabled, and no IP address pool is defined.
Page 756: Setting The Attributes Of A Local User
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-5 Create/Delete a local user Operation Command local-user { username | multicast [ domain Add a local user domain-name ] ipaddress | password-display-mode...
Page 757: Disconnecting A User By Force
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-7 Set/Remove the attributes concerned with a specified user Operation Command password password { simple | cipher } password specified user Remove the password set...
Page 758: Configuring Dynamic Vlan Delivering
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-8 Disconnect a user by force Operation Command cut connection { all | access-type { dot1x | gcm | mac-authentication } | domain domain-name | interface...
Page 759 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Note: When configuring a VLAN delivering mode, keep the mode configured on the switch consistent with the mode configured on the Radius Server.. For the string delivery mode, the value range of the VLAN name supported by the switch is 1-32 characters.
Page 760: Configuring Radius Protocol
By default, the delivered VLAN does not have a name. 2.3 Configuring RADIUS Protocol For the H3C Series Switches, the RADIUS protocol is configured on the per RADIUS scheme basis. In real networking environment, a RADIUS scheme can be an independent RADIUS server or a set of primary/secondary RADIUS servers with the same configuration but two different IP addresses.
Page 761: Creating/Deleting A Radius Scheme
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Among the above tasks, creating RADIUS scheme and setting IP address of RADIUS server are required, while other takes are optional and can be performed as your requirements.
Page 762 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-12 Set IP Address and Port Number of RADIUS Server Operation Command Set IP address and port number of primary primary authentication RADIUS authentication/authorization server.
Page 763: Setting The Radius Packet Encryption Key
1645 and accounting port number is 1646.) The RADIUS/HWTACACS service port settings on H3C Series Switches are supposed to be consistent with the port settings on RADIUS server. Normally, RADIUS accounting service port is 1813 and the authentication/authorization service port is 1812.
Page 764: Configuring Vpn Of Radius Server
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-13 Set RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet key authentication string encryption key Restore default RADIUS undo key authentication...
Page 765: Setting Radius Server Response Timeout Timer
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Perform the following configuration in RADIUS scheme view. Table 2-15 Set the maximum retry times of sending RADIUS request packets Operation Command Set the maximum retry times of sending RADIUS...
Page 766: Enabling The Selection Of Radius Accounting Option
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-17 Set quiet time of RADIUS Server Operation Command Set quiet time of RADIUS Server timer quiet minutes Restore quiet time of RADIUS Server to...
Page 767: Setting The Maximum Times Of Real-Time Accounting Request Failing To Be Responded
Accordingly, it is necessary to disconnect the user at NAS end and on RADIUS server synchronously when some unpredictable failure exists. H3C Series Switches support to set maximum times of real-time accounting request failing to be responded. NAS will disconnect the user if it has not received real-time accounting response from RADIUS server for some specified times.
Page 768: Enabling/Disabling Stopping Accounting Request Buffer
RADIUS accounting server. Accordingly, if the request from H3C Series Switches to RADIUS accounting server has not been responded, switch shall save it in the local buffer and retransmit it until the server responds or discards the messages after transmitting for specified times.
Page 769: Setting The Supported Type Of Radius Server
By default, the stopping accounting request can be retransmitted for up to 500 times. 2.3.13 Setting the Supported Type of RADIUS Server H3C Series Switches support the standard RADIUS protocol and the extended RADIUS service platforms, such as IP Hotel, 201+ and Portal, independently developed by H3C.
Page 770: Setting The Username Format Transmitted To Radius Server
2.3.15 Setting the Username Format Transmitted to RADIUS Server As mentioned above, the supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. H3C Series Switches will put the users into different ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name.
Page 771: Configuring The Source Address Used By Nas In Radius Packets
2.3.18 Configuring a Local RADIUS Authentication Server RADIUS service, which adopts authentication/authorization/accounting servers to manage users, is widely used in H3C series switches. Besides, local authentication/authorization service is also used in these products and it is called local RADIUS function, i.e. realize basic RADIUS function on the switch.
Page 772: Configuring Hwtacacs Protocol
The password configured by local-server command must be the same as that of the RADIUS authentication/authorization packet configured by the command key authentication in radius scheme view. S9500 series serving as local RADIUS authentication servers currently only support the CHAP and PAP authentication modes; they do not support the MD5-challenge mode.
Page 773: Creating A Hwtacas Scheme
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration In the above configuration tasks, creating HWTACACS scheme and configuring TACACS authentication/authorization server are required; all other tasks are optional and you can determine whether to perform these configurations as needed.
Page 774: Configuring Hwtacacs Authorization Servers
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration The primary and secondary authentication servers cannot use the same IP address. The default port number is 49. If you execute this command repeatedly, the new settings will replace the old settings.
Page 775: Configuring The Source Address For Hwtacacs Packets Sent By Nas
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-33 Configure HWTACACS accounting servers Operation Command Configure the primary TACACS accounting primary accounting ip-address server [ port-number ] Delete the primary TACACS accounting server...
Page 776: Setting A Key For Securing The Communication With Tacacs Server
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-35 Configure the source address for HWTACACS packets sent by the NAS Operation Command Configure the source address for HWTACACS packets nas-ip ip-address...
Page 777: Setting The Unit Of Data Flows Destined For The Tacacs Server
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-37 Set the username format acceptable to the TACACS server Operation Command Send username with domain name user-name-format with-domain Send username without domain name user-name-format without-domain By default, each username sent to a TACACS server contains a domain name.
Page 778 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Table 2-40 Set the quiet timer for the primary TACACS server Operation Command Set the quiet timer for the primary timer quiet minutes TACACS server...
Page 779: Displaying And Debugging Aaa And Radius Protocol
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Real-time accounting interval (in Number of users minutes) 500 to 999 ú1000 ú15 The real-time accounting interval defaults to 12 minutes. 2.5 Displaying and Debugging AAA and RADIUS Protocol...
Page 780: Aaa And Radius/Hwtacacs Protocol Configuration Examples
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Operation Command display stop-accounting-buffer { radius-scheme radius-scheme-name Display the stop-accounting requests | session-id session-id | time-range saved in buffer without response start-time stop-time user-name...
Page 781: Configuring Authentication At Remote Radius Server
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration 2.6.1 Configuring Authentication at Remote RADIUS Server Note: Configuring Telnet user authentication at the remote server is similar to configuring FTP users. The following description is based on Telnet users.
Page 782: Configuring Authentication At Local Radius Authentication Server
Protocol Configuration Note: For details about configuring FTP and Telnet users, refer to User Interface Configuration of Getting Started Operation part in S9500 Series Routing Switches Operation Manual. # Configure remote authentication mode for the Telnet user, i.e. Scheme mode.
Page 783: Configuring Authentication At Remote Tacacs Server
Here it is omitted. Note: The configuration of the FTP and Telnet users can refer to User Interface Configuration of Getting Started Operation part in S9500 Series Routing Switches Operation Manual. # Configure a HWTACACS scheme. [H3C] hwtacacs scheme hwtac [H3C-hwtacacs-hwtac] primary authentication 10.110.91.164...
Page 784: Troubleshooting Aaa And Radius/Hwtacacs
Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration [H3C-hwtacacs-hwtac] primary authorization 10.110.91.164 [H3C-hwtacacs-hwtac] key authentication expert [H3C-hwtacacs-hwtac] key authorization expert [H3C-hwtacacs-hwtac] user-name-format without-domain [H3C-hwtacacs-hwtac] quit # Associate the Domain with the HWTACACS scheme.
Page 785 Operation Manual – Security Chapter 2 AAA and RADIUS/HWTACACS H3C S9500 Series Routing Switches Protocol Configuration Ports of authentication/authorization and accounting services may not be set properly. So make sure they are consistent with the ports provided by RADIUS/HWTACACS server.
Page 786 Operation Manual – Reliability H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 Introduction to VRRP ......................1-1 1.2 Configuring VRRP ......................1-2 1.2.1 Enabling/Disabling the Function to Ping the Virtual IP Address ......1-3 1.2.2 Enabling/Disabling the Check of TTL Value of VRRP Packet ........
Page 787: Chapter 1 Vrrp Configuration
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration 1.1 Introduction to VRRP Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as shown in the following internetworking...
Page 788: Configuring Vrrp
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Network Actual IP address10.100.10.2 Actual IP address10.100.10.3 Master Backup Virtual IP address10.100.10.1 Virtual IP address10.100.10.1 Ethernet 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 Figure 1-2 Network diagram for virtual router This virtual router has its own IP address: 10.100.10.1 (which can be the interface...
Page 789: Enabling/Disabling The Function To Ping The Virtual Ip Address
So H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series) provide the ping function to ping the virtual IP address of the virtual router.
Page 790: Adding/Deleting A Virtual Ip Address
Due to the chips installed, some switches support matching one IP address to multiple MAC addresses. S9500 series not only guarantee correct data forwarding in the sub-net, but also support such function: the user can choose to match the virtual IP address with the real MAC address or virtual MAC address of the routing interface.
Page 791: Configuring The Priority Of Switches In The Virtual Router
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration The virtual-address can be an unused address in the network segment where the virtual router resides, or the IP address of an interface in the virtual router. If the IP address is of the switch in the virtual router, it can also be configured as virtual-address.
Page 792: Configuring Authentication Type And Authentication Key
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration is higher than that of the current Master switch. Accordingly, the former Master switch will become the Backup switch. Together with preemption settings, a delay can also be set. In this way, a Backup will wait for a period of time before becoming a Master.
Page 793: Configuring Virtual Router Timer
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration to authenticate the VRRP packets. In this case an authentication key not exceeding 8 characters should be configured. Those packets failing to pass the authentication will be discarded and a trap packet will be sent to the network management system.
Page 794: Configuring Switch To Track A Specified Interface
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration Table 1-8 Configure virtual router timer Operation Command vrrp vrid virtual-router-ID timer advertise Configure virtual router timer adver-interval Clear virtual router timer undo vrrp vrid virtual-router-ID timer advertise By default, adver-interval is configured to be 1.
Page 795: Displaying And Debugging Vrrp
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration 1.3 Displaying and debugging VRRP After the above configuration, execute display command in any view to display the running of the VRRP configuration, and to verify the configuration. Execute debugging command in user view to debug VRRP configuration.
Page 796 Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration II. Networking diagram 10.2.3.1 Host B Internet V LAN-interface3: 10.100.1 0.2 Switch_A Switch_B VLAN-interf ace2: 202.38.160.1 VLAN-int erface2 : 202.3 8.160.2 Virt ual IP address: 202.38.1 60.111 202.38.
Page 797: Vrrp Tracking Interface Example
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration [LSW-B-vlan-interface2] quit # Configure VRRP. [LSW-B] vrrp ping-enable [LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 [LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode The virtual router can be used soon after configuration. Host A can configure the default gateway as 202.38.160.111.
Page 798: Multiple Virtual Routers Example
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration # Set the authentication key for the virtual router. [LSW_A-vlan-interface2] vrrp authentication-mode md5 switch # Set Master to send VRRP packets every 5 seconds. [LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5 # Track an interface.
Page 799: Troubleshooting Vrrp
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration II. Networking diagram Refer to Figure 1-3. III. Configuration Procedure Configure switch A # Configure VLAN2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create virtual router 1.
Page 800 Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration I. Fault 1: Frequent prompts of configuration errors on the console This indicates that an incorrect VRRP packet has been received. It may be because of the inconsistent configuration of another switch within the virtual router, or the attempt of some devices to send out illegal VRRP packets.
Page 801: Chapter 2 Ha Configuration
S9500 series support hot swap of master and slave boards. The hot swap of master boards will cause master-slave switchover.
Page 802: Configuring Ha
2.2.3 Enabling/Disabling Automatic Synchronization S9500 series support automatic synchronization. The active system stores its configuration file and backup the configuration file to the slave system simultaneously when the master's configuration file is modified, ensuring the consistency of the...
Page 803: Synchronizing The Configuration File Manually
2.2.5 Configuring the Load Mode of the Master and Slave boards S9500 series support two kinds of load modes (balance and single) between the master and slave boards. You can use the xbar command to configure XBar (cross bar) load mode.
Page 804: Displaying And Debugging Ha Configuration
Operation Manual – Reliability H3C S9500 Series Routing Switches Chapter 2 HA Configuration Caution: When a single SRPU is in position, the load-balance mode is not effective and the SRPU changes to the load-single mode automatically. 2.3 Displaying and Debugging HA Configuration After the above configuration, execute display command in relevant view to display the running of the ACL configuration, and to verify the configuration.
Page 805 Operation Manual – System Management H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File System Configuration....................1-1 1.1.1 File System Overview ...................... 1-1 1.1.2 Directory Operation ......................1-1 1.1.3 File Operation ........................1-2 1.1.4 Storage Device Operation....................
Page 806 Operation Manual – System Management H3C S9500 Series Routing Switches Table of Contents 2.3.2 Configuring Maximum MAC Address Number Learned by Ethernet Port and Forwarding Option Example ......................... 2-4 2.4 Configuring Max Number of MAC Addresses That Can Be Learned in a VLAN....2-5 2.5 Displaying and Debugging MAC Address Tables..............
Page 807 Operation Manual – System Management H3C S9500 Series Routing Switches Table of Contents 4.5.7 Sending the Configuration Information to the Trap Buffer ..........4-24 4.5.8 Sending the Configuration Information to SNMP Network Management ....4-26 4.5.9 Displaying and Debugging Info-center ................4-28 4.5.10 Configuration Examples of Sending Log to the Unix Loghost........
Page 808 Operation Manual – System Management H3C S9500 Series Routing Switches Table of Contents 7.1.2 Basic Operating Principle of NTP ..................7-1 7.2 NTP Configuration ......................7-3 7.2.1 Configuring NTP Operating Mode ................... 7-3 7.2.2 Configuring NTP ID Authentication.................. 7-7 7.2.3 Setting NTP Authentication Key ..................7-7 7.2.4 Setting Specified Key as Reliable..................
Page 809: Chapter 1 File System Management
Setting the Prompt Mode of the File System Note: H3C S9500 series routing switches (hereinafter referred to as S9500 series) support master/slave SRPU switchover. The two boards both have a program system. The program user can operate the programs on both boards. When you specify the bootstrap APP program for use by the slave board at the next startup, make sure that the URL of the program starts with “slot[No.]#[flash: | cf:]/”, where [No.] is the slave...
Page 810: File Operation
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Table 1-1 Directory operation Operation Command Create a directory mkdir directory Delete a directory rmdir directory Display the current working directory Display the information about directories or files...
Page 811: Storage Device Operation
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Caution: When you use the delete command without the unreserved option to delete a file, the file is in fact saved in the recycle bin and still occupies some of the storage space. So, the frequent uses of this command may results in insufficient storage space of the Ethernet switch., In this case, you should find out the unused files kept in the recycle bin...
Page 812: Setting The Prompt Mode Of The File System
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management 1.1.5 Setting the Prompt Mode of the File System The following command can be used for setting the prompt mode of the current file system.
Page 813: Modifying And Saving The Current-Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management will begin the initialization with the default parameters. Relative to the saved-configuration, the configuration in effect during the operating process of the system is called current-configuration. You can use the following commands to display the current-configuration and saved-configuration information of the Ethernet switch.
Page 814: Erasing Configuration Files From Flash Memory
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management 1.2.4 Erasing Configuration Files from Flash Memory The reset saved-configuration command can be used to erase configuration files from Flash Memory. The system will use the default configuration parameters for initialization when the Ethernet switch is powered on for the next time.
Page 815: Ftp Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management 1.3 FTP Configuration Note: The system supports FTP services over VPN. 1.3.1 FTP Overview FTP (File Transfer Protocol) is a universal method for transmitting files on the Internet and IP networks.
Page 816: Enabling/Disabling Ftp Server
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Table 1-10 Configuration of the switch as FTP client Device Configuration Default Description You need first get FTP user Log into the remote FTP command and password, and...
Page 817: Configuring The Ftp Server Authentication And Authorization
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Table 1-12 Enable/disable FTP Server Operation Command Enable the FTP server ftp server enable Disable the FTP server undo ftp server FTP server supports multiple users to access at the same time. A remote FTP client sends request to the FTP server.
Page 818: Configuring The Running Parameters Of Ftp Server
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Operation Command service-type { ftp [ ftp-directory directory lan-access call-number call-number Configure service type local callback-nocheck | callback-number user(local user view) callback-number ] | ssh [ level level |...
Page 819: Disconnecting An Ftp User
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Table 1-15 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users. display ftp-user The display ftp-server command can be used for displaying the configuration information about the current FTP server, including the maximum amount of users supported by FTP server and the FTP connection timeout.
Page 820 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management II. Network diagram Network Network Switch Switch Switch Figure 1-2 Network diagram for FTP configuration III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read and write authority over the Switch directory on the PC.
Page 821: Ftp Server Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management # Use the get command to download the switch.app from the FTP server to the Flash directory on the FTP server. [ftp] get switch.app # Use the quit command to release FTP connection and return to user view.
Page 822: Tftp Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management [H3C-luser-switch] password simple hello Run FTP client on the PC and establish FTP connection. Upload the switch.app to the switch under the Flash directory and download the config.txt from the switch.
Page 823: Downloading Files By Means Of Tftp
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management Network Network Switch Switch Switch Figure 1-4 TFTP configuration Table 1-17 lists the configuration of the switch as TFTP client. Table 1-17 Configuration of the switch as TFTP client...
Page 824: Uploading Files By Means Of Tftp
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management 1.4.3 Uploading Files by Means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files.
Page 825 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 1 File System Management <H3C> system-view [H3C] Caution: If the Flash Memory of the switch is not enough, you need to first delete the existing programs in the Flash Memory and then upload the new ones.
Page 826: Chapter 2 Mac Address Table Management
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 2 MAC Address Table Management Chapter 2 MAC Address Table Management 2.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.
Page 827: Mac Address Table Management Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 2 MAC Address Table Management The Ethernet switch also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table.
Page 828: Maximum Mac Address Number Learned By Ethernet Port And Forwarding Option Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 2 MAC Address Table Management If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.
Page 829: Maximum Mac Address Number Learned By A Port And Forwarding Option Configuration Tasks
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 2 MAC Address Table Management You can also set the switch to forward corresponding packets when the number of MAC addresses learned by the port exceeds the configured threshold.
Page 830: Configuring Max Number Of Mac Addresses That Can Be Learned In A Vlan
2.4 Configuring Max Number of MAC Addresses That Can Be Learned in a VLAN The MAC address learning function enables S9500 series routing switches to obtain the MAC addresses of the network devices in network segments connected to a VLAN.
Page 831: Displaying And Debugging Mac Address Tables
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 2 MAC Address Table Management 2.5 Displaying and Debugging MAC Address Tables After the above configuration, execute the display command in any view to display the running of the MAC address table configuration, and to verify the effect of the configuration.
Page 832 # Enter the system view of the switch. <H3C> system-view # Add a MAC address (specify the native VLAN, port and state). [H3C] mac-address static 00e0-fc35-dc71 interface ethernet2/1/2 vlan 1 # Set the address aging time to 500s. [H3C] mac-address timer 500 # Display the MAC address configurations in any view.
Page 833: Chapter 3 Device Management
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 3 Device management Chapter 3 Device management 3.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices.
Page 834: Specifying The Bootstrap Programs For The Routing Switch
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 3 Device management Table 3-2 Enable the Timing Reboot Function Operation Command Enable the timing reboot function of the schedule reboot hh:mm switch, and set specified time and date...
Page 835: Upgrading Bootrom
B, C, A, D Note: The H3C S9500 series routing switches (hereinafter referred to as S9500 series) support master/slave SRPU switchover. The two boards both have a program system. The program user can operate the programs on both boards. When you specify the bootstrap APP program for use by the slave board at the next startup, make sure that the URL of the program starts with “slot[No.]#[flash: | cf:]/”, where [No.] is the slave...
Page 836: Setting Slot Temperature Limit
3.2.6 Updating Service Processing Boards The size of the flash for a main control board in a S9500 series routing switch is 16MB, while the size of current host software including the host application of service processing board reaches over 15MB. If a compact flash (CF) card is not configured, the current flash cannot provide enough room to save loading files.
Page 837: Displaying And Debugging Device Management
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 3 Device management 3.3 Displaying and Debugging Device Management After the above configuration, execute display command in any view to display the running of the device management configuration, and to verify the effect of the configuration.
Page 838 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 3 Device management II. Network diagram Network Network Switch Switch Switch Figure 3-1 Network diagram for FTP configuration III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read &...
Page 839: Use The Switch As An Ftp Server To Implement The Remote Upgrade (S9505 As Example)
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 3 Device management # Use the get command to download the switch.app and boot.app files from the FTP server to the flash directory on the FTP client. [ftp] get switch.app [ftp] get boot.app...
Page 840 # You can use the boot boot-loader command to specify the new file as the application program on the next booting and reboot the switch to implement the upgrading of the application program. <H3C> boot boot-loader primary flash:/switch.app slot 0 <H3C> reboot...
Page 841: Chapter 4 System Maintenance And Debugging
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Chapter 4 System Maintenance and Debugging 4.1 Basic System Configuration The basic system configuration and management include: Switch name setting System clock setting Time zone setting Summer time setting 4.1.1 Setting a Name for a Switch...
Page 842: Setting The Summer Time
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-3 Set the time zone Operation Command clock timezone zone-name { add | Set the local time minus } HH:MM:SS Restore to the default UTC time zone undo clock timezone By default, the UTC time zone is adopted.
Page 843: System Debugging
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Operation Command display fiber-module Display the information about the optical module connected with a in-place optical port on current display fiber-module interface-type frame interface-number ] 4.3 System Debugging...
Page 844: Displaying Diagnostic Information
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-6 Enabling/Disabling the debugging Operation Command debugging { all | timeout interval | Enable the protocol debugging module-name [ debugging-option ] } undo debugging { all | module-name...
Page 845: Testing Tools For Network Connection
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging 4.4 Testing Tools for Network Connection 4.4.1 ping The ping command can be used to check the network connection and if the host is reachable.
Page 846: Logging Function
When the log information is output to info-center, the first part will be “<Priority>”. For example: % <189>Jun 7 05:22:03 2003 H3C IFNET/6/UPDOWN:Line protocol on interface Ethernet0/0/0, changed state to UP The description of the components of log information is as follows: In practical output, some of the information is started with the % character, which means a logging is necessary.
Page 847 "hh:mm:ss" is time field, "hh" is from 00 to 23, "mm" and "ss" are from 00 to 59. "yyyy" is year field. Sysname The sysname is the host name, the default value is "H3C". User can change the host name through sysname command. Notice: There is a blank between sysname and module name.
Page 848 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Module name Description Domain name server module DRVMPLS Multiprotocol label switching drive module DRVL2 Layer 2 drive module DRVL3 Layer 3 drive module DRVL3MC...
Page 849 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Module name Description MPLSFW MPLS forward module Multicast port management module MSDP Multicast source discovery protocol module MSTP Multiple spanning tree protocol module Network address translation module...
Page 850: Info-Center Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Notice: There is a slash ('/') between module name and severity. Severity Switch information falls into three categories: log information, debugging information and trap information. The info-center classifies every kind of information into 8 severity or urgent levels.
Page 851 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Output direction Channel number Default channel name Info-center loghost loghost Trap buffer trapbuf Logging buffer logbuf snmp snmpagent Log file logfile Note: The settings in the 7 directions are independent from each other. The settings will take effect only after enabling the information center.
Page 852 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Default Device Configuration Configuration description value Refer to configuration Loghost cases for related log host configuration Sending the configuration information to the console terminal Table 4-15 Send the configuration information to the console terminal.
Page 853 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-16 Send the configuration information to the monitor terminal Default Device Configuration Configuration description value By default, Other configurations are valid info-center Enable info-center...
Page 854 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-18 Send the configuration information to the trap buffer Default Device Configuration Configuration description value By default, Other configurations are valid info-center Enable info-center...
Page 855: Sending The Configuration Information To The Loghost
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging 4.5.3 Sending the Configuration Information to the Loghost To send configuration information to the loghost, follow the steps below: Enabling info-center Perform the following configuration in system view.
Page 856: Sending The Configuration Information To Console Terminal
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging By this configuration, you can define the information that sent to console terminal is generated by which modules, information type, information level, and so on.
Page 857 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Enabling info-center Perform the following configuration in system view. Table 4-23 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default.
Page 858 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging modu-name specifies the module name; default represents all the modules; all represents all the information filter configuration in channel channel-number except default; level refers to the severity levels; severity specifies the severity level of information.
Page 859: Sending The Configuration Information To Telnet Terminal Or Dumb Terminal
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-27 Enable terminal display function Operation Command Enable terminal display function of debugging terminal debugging information Disable terminal display function of debugging undo terminal debugging...
Page 860 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-29 Configure to output information to Telnet terminal or dumb terminal Operation Command Output information to Telnet terminal or info-center monitor channel dumb terminal...
Page 861 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Note: When there are more than one Telnet users or monitor users at the same time, some configuration parameters should be shared among the users, such as module-based filtering settings and severity threshold.
Page 862: Sending The Configuration Information To The Log Buffer
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-32 Enable terminal display function Operation Command Enable terminal display function of log, debugging terminal monitor and trap information Disable terminal display function of the above...
Page 863 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-34 Configure to output information to log buffer Operation Command info-center logbuffer channel Output information to log buffer { channel-number | channel-name } | size...
Page 864: Sending The Configuration Information To The Trap Buffer
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 865 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-38 Configure to output information to trap buffer Operation Command info-center trapbuffer [ size buffersize | Output information to trap buffer channel channel-number...
Page 866: Sending The Configuration Information To Snmp Network Management
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 867 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Perform the following configuration in system view. Table 4-42 Configure to output information to SNMP NM Operation Command info-center snmp channel Output information to SNMP NM...
Page 868: Displaying And Debugging Info-Center
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Page 869: Configuration Examples Of Sending Log To The Unix Loghost
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Operation Command display logbuffer [ summary ] [ level [ levelnum | emergencies | alerts | critical Display the attribute of logbuffer and | debugging | errors | informational |...
Page 870 ARP and IP. [H3C] info-center loghost 202.38.1.10 facility local4 language english [H3C] info-center source arp channel loghost log level informational [H3C] info-center source ip channel loghost log level informational Configuration on the loghost This configuration is performed on the loghost.
Page 871: Configuration Examples Of Sending Log To Linux Loghost
English; set all the modules are allowed output information. [H3C] info-center loghost 202.38.1.10 facility local7 language english [H3C] info-center source default channel loghost log level informational Configuration on the loghost This configuration is performed on the loghost.
Page 872 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging # mkdir /var/log/H3C # touch /var/log/H3C/information Step 2: Edit file /etc/syslog.conf as the super user (root), add the following selector/actor pairs. # H3C configuration messages local7.info...
Page 873: Configuration Examples Of Sending Log To The Console Terminal
[H3C] info-center console channel console [H3C] info-center source arp channel console log level informational [H3C] info-center source ip channel console log level informational # Enable terminal display function.
Page 874: Configuring Clock Module
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging SRPU, responds to the query commands of the SRPU, and reports the card status changes and alarms. 4.6.2 Configuring Clock Module Table 4-46 Configure clock module...
Page 875 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 4 System Maintenance and Debugging Table 4-47 Display and debug clock module on the SRPU Operation Command Query detailed information on clock device display clock device Query version information of clock device...
Page 876: Chapter 5 Snmp Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration Chapter 5 SNMP Configuration 5.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
Page 877 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration Figure 5-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device.
Page 878: Configuring Snmp
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration MIB attribute MIB content References DHCP MIB QACL MIB ADBM MIB Private MIB RSTP MIB VLAN MIB Device management Interface management 5.3 Configuring SNMP The following sections describe the SNMP configuration tasks.
Page 879: Setting The System Information
{ { v1 | v2c | v3 }* | all } } By default, the contact information for system maintenance is "Hangzhou H3C Technologies Co., Ltd.", the physical location information is "Hangzhou ,China", and the version is SNMPv3 5.3.3 Enabling/Disabling SNMP Agent to Send Trap...
Page 880: Setting The Destination Address Of Trap
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration Table 5-4 Enable/disable SNMP Agent to send Trap Operation Command snmp-agent trap enable [ standard authentication coldstart Enable the sending of trap(system view) [ linkdown ] [ linkup...
Page 881: Setting The Engine Id Of A Local Or Remote Device
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration Table 5-6 Set the lifetime of Trap message Operation Command Set lifetime of Trap message snmp-agent trap life seconds Restore lifetime of Trap message undo snmp-agent trap life By default, the lifetime of Trap message is 120 seconds.
Page 882: Setting The Source Address Of Trap
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration 5.3.8 Setting the Source Address of Trap You can use the following commands to set or remove the source address of the trap. Perform the following configuration in system view.
Page 883: Creating/Updating View Information Or Deleting A View
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration 5.3.10 Creating/Updating View Information or Deleting a View You can specify the view to control the access to the MIB by SNMP manager. You can use either the predefined views or the self-defined views. You can use the following commands to create, update the information of views or delete a view.
Page 884: Displaying And Debugging Snmp
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration 5.4 Displaying and Debugging SNMP After the above configuration, execute the display command in any view to display the running of the SNMP configuration, and to verify the effect of the configuration.
Page 885 [H3C] snmp-agent trap enable standard coldstart [H3C] snmp-agent trap enable standard linkup [H3C] snmp-agent trap enable standard linkdown [H3C] snmp-agent target-host trap address udp-domain 129.102.149.23 udp-port 5000 params securityname public IV. Configure network management system The PC on which the network management resides requires for login configuration. As for Mib-Browser, the login configuration is as follows: SNMPV1/V2 logs in using the default community name public, and the SNMPV3 logs in using managev3user.
Page 886 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 5 SNMP Configuration The Ethernet Switch supports iManager Quidview NMS. Users can query and configure the Ethernet switch through the network management system. For details, see the manuals for the network management products.
Page 887: Chapter 6 Rmon Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration Chapter 6 RMON Configuration 6.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network.
Page 888: Configuring Rmon
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration 6.2 Configuring RMON Note: Before configuring RMON, you must ensure that the SNMP agent is properly configured. See Chapter 8 SSH Terminal Service for the SNMP agent configuration.
Page 889: Adding/Deleting An Entry To/From The Extended Rmon Alarm Table
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration Note: Before adding an entry to the alarm table, you need to define the event referenced in the alarm table by using the rmon event command.
Page 890: Adding/Deleting An Entry To/From The History Control Table
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration Note: Before adding extended alarm entry, you need to define the referenced event in the extended alarm entry by using the rmon event command. You can define up to 50 prialarm entries.
Page 891: Adding/Deleting An Entry To/From The Statistics Table
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration You can use the following commands to add/delete an entry to/from the history control table. Perform the following configuration in Ethernet port view. Table 6-6 Add/delete an entry to/from the history control table...
Page 892: Rmon Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration Table 6-8 Display and debug RMON Operation Command Display the RMON statistics display rmon statistics [ port-num ] Display the history information of RMON display rmon history [ port-num ]...
Page 893 Description: null. Will cause log when triggered, last triggered at 1days 01h:42m:09s. #Configure an alarm group. [H3C]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 delta rising_threshold 1000 1 falling_threshold 100 1 owner H3C-rmon [H3C]dis rmon alarm 1 Alarm table 1 owned by H3C-rmon is VALID.
Page 894 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 6 RMON Configuration Variable formula ((.1.3.6.1.4.1.2011.6.1.2.1.1.2.0-.1.3.6.1.4.1.2011.6.1.2.1.1. 3.0)*100/.1.3.6.1.4.1.2011.6.1.2.1.1.2.0) Description : prialarm1 Sampling interval : 10(sec) Rising threshold : 70(linked with event 1) Falling threshold : 50(linked with event 1) When startup enables : risingOrFallingAlarm This entry will exist : forever.
Page 895: Chapter 7 Ntp Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration Chapter 7 NTP Configuration 7.1 Brief Introduction to NTP 7.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network.
Page 896 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration NTP packet NTP packet 10:00:00AM 10:00:00AM 10:00:00AM 10:00:00AM 10:00:00AM 10:00:00AM NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK NETWORK LS_A LS_A LS_A LS_A...
Page 897: Ntp Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration Now Ethernet Switch A collects enough information to calculate the following two important parameters: The delay for a round trip of an NTP packet traveling between the Switch A and B:...
Page 898 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration Configure NTP multicast server mode Configure NTP multicast client mode I. Configuring NTP Server Mode Set a remote server whose ip address is ip-address as the local time server. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address.
Page 899 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration NTP version number number ranges from 1 to 3 and defaults to 3; the authentication key ID keyid ranges from 1 to 4294967295; interface-type interface-number specifies...
Page 900 Multicast IP address ip-address defaults to 224.0.1.1; this command can only be configured on the interface where the NTP multicast packets will be received. Actually, for the S9500 series, you can set 224.0.1.1 as the multicast IP address only.
Page 901: Configuring Ntp Id Authentication
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration 7.2.2 Configuring NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key. A Client will synchronize itself by a server only if the serve can provide a reliable key.
Page 902: Designating An Interface To Transmit Ntp Messages
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration 7.2.5 Designating an Interface to Transmit NTP Messages If the local equipment is configured to transmit all the NTP messages, these packets will have the same source IP address, which is taken from the IP address of the designated interface.
Page 903: Setting Maximum Local Sessions
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration with peer, server, server only, and query only in an ascending order of the limitation. The first matched authority will be given. Perform the following configuration in system view.
Page 904: Ntp Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration Table 7-14 Display and debug NTP Operation Command Display the status of NTP service display ntp-service status Display the status of sessions maintained by display ntp-service...
Page 905 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration # Enter system view. <H3C1> system-view # Set the local clock as the NTP master clock at stratum 2. [H3C1] ntp-service refclock-master 2 Configure Ethernet Switch H3C2: # Enter system view.
Page 906: Ntp Peer Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration [H3C2] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************** [12345]1.0.1.11 LOCAL(0) -0.4 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured 7.4.2 NTP Peer Configuration Example I.
Page 907 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration [H3C4] ntp-service unicast-server 3.0.1.31 # Set H3C5 as peer [H3C4] ntp-service unicast-peer 3.0.1.33 Configure Ethernet Switch H3C5.(H3C4 has been synchronized by H3C3) # Enter system view.
Page 908: Configure Ntp Broadcast Mode
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration 7.4.3 Configure NTP Broadcast Mode I. Network requirements On H3C3, set local clock as the NTP master clock at stratum 2 and configure to broadcast packets from Vlan-interface2. Configure H3C4 and H3C1 to listen to the broadcast from their Vlan-interface2 respectively.
Page 909 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration [H3C4] interface vlan-interface 2 [H3C4-Vlan-Interface2] ntp-service broadcast-client Configure Ethernet Switch H3C1: # Enter system view. <H3C1> system-view # Enter Vlan-interface2 view. [H3C1] interface vlan-interface 2 [H3C1-Vlan-Interface2] ntp-service broadcast-client The above examples configured H3C4 and H3C1 to listen to the broadcast through Vlan-interface2, H3C3 to broadcast packets from Vlan-interface2.
Page 910: Configure Ntp Multicast Mode
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration 7.4.4 Configure NTP Multicast Mode I. Network requirements H3C3 sets the local clock as the master clock at stratum 2 and multicast packets from Vlan-interface2. Set H3C4 and H3C1 to receive multicast messages from their respective Vlan-interface2.
Page 911: Configure Authentication-Enabled Ntp Server Mode
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration [H3C4] interface vlan-interface 2 # Enable multicast client mode. [H3C4-Vlan-Interface2] ntp-service multicast-client Configure Ethernet Switch H3C1: # Enter system view. <H3C1> system-view # Enter Vlan-interface2 view.
Page 912 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 7 NTP Configuration III. Configuration procedure Configure Ethernet Switch H3C1. # Enter system view. <H3C1> system-view # Set the local clock as the master NTP clock at stratum 2.
Page 913: Chapter 8 Ssh Terminal Service
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Chapter 8 SSH Terminal Service 8.1 SSH Terminal Service 8.1.1 SSH Overview This chapter introduces the secure shell (SSH) feature. When a user telnets to the...
Page 914 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service W orkstation W orkstation Local switch Local Ethernet Local Ethernet Laptop Laptop W orkstation Server Server SSH client Remote Ethernet Remote Ethernet Remote switch SSH server...
Page 915: Ssh Server Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service The client sends its username information to the server. The server initiates a procedure to authenticate the user. If the server is configured not to authenticate the user, the process proceeds to session request phase directly.
Page 916 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Table 8-1 SSH2.0 Configuration tasks Item Command Description Entering system view <H3C> system-view Entering VTY type of user [H3C] user-interface vty X interface view Configure...
Page 917 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Item Command Description Optional By default, the Configure [H3C] ssh client first-time system does first-authentication enable perform server first authentication. Optional By default, the Configure...
Page 918 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service After this command is entered, the system prompts you to input the number of the key pair bits. Pay attention to the following: The host key and the server key must have a difference of at least 128 bits in length.
Page 919 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service By default, no login authentication mode is specified, that is, SSH users are unable to log in. IV. Configuring the updating cycle of the server key Use this configuration task to set the updating cycle of the server key to secure the SSH connection in best effort.
Page 920 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Table 8-7 Configure the number of SSH authentication retries Operation Command Configure number ssh server authentication-retries times authentication retries Restore the default number of SSH...
Page 921 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Table 8-9 Enter the public key edit view Operation Command Enter the public key edit view public-key-code begin IX. Exiting the public key edit view Use this configuration task to return from the public key edit view to the public key view and save the input public key.
Page 922: Ssh Client Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Table 8-12 Configure the compatibility mode Operation Command Set the server to be compatible with the ssh server compatible_ssh1x enable SSH 1.x client Set the server to be incompatible with undo ssh server compatible_ssh1x the SSH 1.x client...
Page 923: Displaying And Debugging Ssh
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service III. Configuring the first-time authentication of the server Use this configuration task to configure or cancel the first-time authentication of the server performed by the SSH client.
Page 924: Ssh Server Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service 8.1.5 SSH Server Configuration Example I. Network requirements As shown in Figure 8-3, a PC (SSH client) running SSH 2.0-enabled client software establishes a local connection with the switch (SSH server) to better guarantee the security of exchanged information.
Page 925 [H3C] #Allocate an existent public key H3C002 to user client002. [H3C] ssh user client002 assign rsa-key H3C002 Start the SSH client software on the terminal preserving the RSA private key, and perform the corresponding configurations to establish the SSH connection.
Page 926: Ssh Client Configuration Example
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service 8.1.6 SSH Client Configuration Example I. Network requirements As shown in Figure 8-4: Switch A is used as an SSH client. Switch B is used as the SSH server, and the IP address is 10.165.87.136.
Page 927: Sftp Service
Access the remote server and perform operations. Employ RSA public key authentication mode, and start using the corresponding encryption algorithm configured. [H3C] ssh2 10.165.87.136 22 perfer_kex dh_group1 perfer_ctos_cipher des perfer_stoc_cipher 3des perfer_ctos_hmac md5 perfer_stoc_hmac md5 Please input the username: client003 Trying 10.165.87.136...
Page 928: Sftp Client Configuration
Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Perform the following configuration in system view. Table 8-17 Configure the service type to be used Operation Command user username service-type Configure the service type to be used...
Page 929 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Item Command Description sftp-client> bye Shut down the SFTP client Optional sftp-client> exit sftp-client> quit Chang sftp-client> current directory [remote-path ] Return to the sftp-client> cdup...
Page 930 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Perform the following configuration in system view. Table 8-20 Start the SFTP client Operation Command sftp ipaddr prefer_kex dh_group1 dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des |...
Page 931 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service Operation Command dir [ remote-path ] Display the list of files in the specified directory ls [ remote-path ] Create a new directory on the server...
Page 932: Sftp Configuration Example
As shown in Figure 8-5: Switch A is used as the SFTP server, and its IP address is 10.111.27.91; Switch B is used as the SFTP client; An SFTP user is configured with the username “8040” and password “H3C". II. Network diagram Switch B...
Page 933 [H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC [H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16 [H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125 [H3C-rsa-key-code] public-key-code end [H3C-rsa-public-key] peer-public-key end [H3C] ssh client 10.111.27.91 assign rsa-key 10.111.27.91 # Establish the SSH connection between the client and the server. [H3C] ssh2 Please input the username:8040 Trying Press CTRL+K to abort Connected to 10.111.27.91 ...
Page 934 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1...
Page 935 Operation Manual – System Management H3C S9500 Series Routing Switches Chapter 8 SSH Terminal Service -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pu -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk sftp-client> # Exit SFTP. sftp-client> quit <H3C>...
Page 936 Operation Manual – PoE H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 PoE on the Switch....................1-1 1.1.2 External PSE4500-A Power System ............... 1-2 1.1.3 PoE-Capable Card ....................1-2 1.2 PoE Configuration......................
Page 937: Chapter 1 Poe Configuration
The S9500 series support LEGACY Power Supply standard. While they can also supply power to PDs noncompliant with the standard. The power supply of the S9500 series is administered by the SRP card; each PoE card on the switch can be viewed as a power sourcing equipment (PSE), which administers the power supplying of all the ports on it independently.
Page 938: External Pse4500-A Power System
The following service card of the S9500 series supports PoE: GV48D 1.2 PoE Configuration The S9500 series can automatically detect any connected device that needs remote power supply and feeds power to this device. Depending on your actual network requirement, you can set the maximum PoE power totally supplied by the switch through the command line.
Page 939 Operation Manual – PoE H3C S9500 Series Routing Switches Chapter 1 PoE Configuration Item Command Description Enable PoE on By default, PoE is disabled poe enable the port on a port. You can set the maximum Set the maximum PoE power supplied by a...
Page 940: Comprehensive Configuration Example
5 minutes 1.3 Comprehensive Configuration Example I. Network requirements Two PoE-capable cards are installed in slots 3 and 5 on an S9500 series routing switch. GigabitEthernet3/1/1 through GigabitEthernet3/1/48 are connected with IP phones and GigabitEthernet5/1/1 through GigabitEthernet5/1/48 are connected with access point (AP) devices.
Page 941 Operation Manual – PoE H3C S9500 Series Routing Switches Chapter 1 PoE Configuration II. Network diagram S9500 S9500 S9500 NETWORK NETWORK NETWORK Gigabit Ethernet3/1/1 - Gigabit Ethernet3/1/1 - Gigabit Ethernet3/1/1 - Gigabit Ethernet3/1/1 - Gigabit Ethernet3/1/1 - Gigabit Ethernet3/1/1 -...
Page 942: Chapter 2 Poe Psu Supervision Configuration
Chapter 2 PoE PSU Supervision Configuration 2.1 Introduction to PoE PSU Supervision The PoE-capable S9500 series can monitor the external PoE PSUs through the power supervision module on the PoE external power system. The PoE PSU supervision module enables you to: Set the alarm thresholds for the AC input voltages of the PoE PSUs.
Page 943: Ac Input Alarm Thresholds Configuration Example
Operation Manual – PoE H3C S9500 Series Routing Switches Chapter 2 PoE PSU Supervision Configuration Note: You can set the thresholds to any appropriate values in the range, but make sure the lower threshold is less than the upper threshold.
Page 944: Dc Output Alarm Thresholds Configuration Example
Operation Manual – PoE H3C S9500 Series Routing Switches Chapter 2 PoE PSU Supervision Configuration Set the undervoltage alarm poe-power Required, and the threshold of DC output (lower output-thresh lower range is 45.0 V to threshold) for the PoE PSUs string 47.0 V.
Page 945: Poe Psu Supervision Configuration Example
2.5 PoE PSU Supervision Configuration Example I. Network requirements Insert a PoE-capable card into slot 3 of the S9500 series routing switch. Connect GigabitEthernet3/1/1 to GigabitEthernet3/1/48 to IP phones. Set the AC input and DC output alarm thresholds to appropriate values.
Page 946 Operation Manual – PoE H3C S9500 Series Routing Switches Chapter 2 PoE PSU Supervision Configuration # Set the overvoltage alarm threshold of AC input for PoE PSUs to 264.0 V. [H3C] poe-power input-thresh upper 264.0 # Set the undervoltage alarm threshold of AC input for PoE PSUs to 181.0 V.
Page 947 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 NAT Configuration ..................... 1-1 1.1 NAT Overview ........................1-1 1.1.1 Introduction to NAT ....................1-1 1.2 NAT Features ........................1-3 1.2.1 NAT and NAT Control .................... 1-3 1.2.2 NAPT ........................
Page 948 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Table of Contents 3.5.1 Configuring Routing Protocols ................3-7 3.5.2 Configuring Basic MPLS Functions ..............3-7 3.5.3 Configuring LDP Expansion Session Peer ............3-8 3.5.4 Enable L2VPN ....................... 3-8 3.5.5 Creating a VPLS Instance ..................3-9 3.5.6 Configuring VLAN for User Access and Binding a VLPS Instance ....
Page 949: Chapter 1 Nat Configuration
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Chapter 1 NAT Configuration Note: The service processor cards mentioned in this chapter refer to LSBM1NATB boards. 1.1 NAT Overview 1.1.1 Introduction to NAT As described in RFC3022, network address translation (NAT) is the procedure translating the IP address in the header of an IP data packet into another IP address.
Page 950 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 202.120.10.2 202.120.10.2 1 ： 1 ： Datagram 1 Datagram 1 1 ： 1 ： Datagram 1 Datagram 1 192.168.1.3 192.168.1.3 192.168.1.3 192.168.1.3 Source IP Source IP IP ： 192.168.1.3 IP ：...
Page 951: Nat Features
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration encrypted. For example, the encrypted FTP connection cannot be used; otherwise, the FTP port cannot be translated correctly. 1.2 NAT Features 1.2.1 NAT and NAT Control According to the NAT procedure illustrated in Figure 1-1, when an internal host tries to access the external networks, NAT selects a proper public address and substitutes it for the source address in the packets.
Page 952: Napt
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Internet access authority, and refuses to perform address translation for those ineligible. In a word, this involves NAT control. Many-to-many NAT can be implemented by defining an address pool, and the control of NAT can be achieved by employing access control lists (ACLs).
Page 953: Easy Ip
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ： Datagram 1 ：...
Page 954: Configuring Nonstandard Ftp Internal Server
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration as that for an FTP server. You can even use 202.110.10.12:8080 as the public address for an internal WWW server. 1.2.5 Configuring Nonstandard FTP Internal Server A nonstandard FTP internal server is different from a common FTP internal server in that its private network port can use other ports in addition to the default port of FTP, namely port 21.
Page 955: Configuring An Address Pool
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Configuration Item Command Description nat server protocol pro-type global global-addr global-port1 [ global-port2 ] inside host-addr1 [ host-addr2 ] host-port slot slotno Configure internal Optional server nat server protocol pro-type global...
Page 956: Configuring Nat
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Perform the following configuration in system view. Table 1-3 Configure an address pool Operation Command nat address-group group-number start-addr Configure an address pool end-addr Delete an address pool...
Page 957 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration I. Configuring NAT Use the following command to associate an ACL with an address pool and specify an LSBM1NATB board to process NAT services. Perform the following configuration in VLAN interface view.
Page 958 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Without the no-pat keyword, NAPT is enabled, and you can implement many-to-many NAT. Caution: In the NAPT mode, the address pool can have up to three addresses.
Page 959: Configuring Internal Servers
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 1.3.3 Configuring Internal Servers By configuring standard internal servers, you can map external addresses and ports to internal servers, enabling external hosts to access internal servers. Use the nat server command to configure the mapping table between internal servers and external hosts.
Page 960: Configuring Nonstandard Ftp Server
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Note: If the ICMP internal server is configured, and the public IP address is the IP address of the VLAN interface, the external public IP address will not be successfully pinged from the NAT device.
Page 961: Configuring Nat Blacklist Attributes
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration 1.3.5 Configuring NAT Blacklist Attributes By configuring NAT blacklist attributes, you can control the number of connections and the setup rate, set the thresholds for controlling the number of connections and setup rate.
Page 962: Configuring The Aging Time Of Nat Connections
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Table 1-12 Set/Restore the thresholds for controlling the setup rate of all addresses or an individual IP address Operation Command Set the thresholds for controlling the nat blacklist limit rate { limit-rate }...
Page 963 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration I. Enabling NAT logging Use the ip userlog nat command to enable NAT logging. Perform the following configuration in system view. Table 1-14 Enable NAT logging Operation...
Page 964 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration Table 1-16 Set the address and port number of the destination server for log packets Operation Command Set the address and port number of the ip userlog nat export host ip-address...
Page 965: Displaying Nat Configuration
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 1 NAT Configuration The version-number parameter indicates the version of the log packets. By default, the version is 1. VI. Setting NAT logging mode Choose one of the following two NAT logging modes: Perform logging only when a NAT connection is deleted.
Page 966: Nat Configuration Example
The private IP addresses of the two PCs residing on internal VLAN2 are 192.168.1.2 and 192.168.1.3 respectively; In the H3C S9500 series routing switch, the board implementing NAT is in slot 3; The IP address of the VLAN interface of VLAN10 is 200.18.2.8;...
Page 967 [H3C-vlan2] quit [H3C] interface vlan-interface 2 [H3C-vlan-interface2] ip address 192.168.1.1 255.255.255.0 # At the end connecting with the H3C S9500 series routing switch, create VLAN3 and the corresponding VLAN interface, and configure the IP address. [H3C] vlan 3 [H3C-vlan3] port ethernet0/24...
Page 968: Chapter 2 Urpf Configuration
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 2 URPF Configuration Chapter 2 URPF Configuration Note: The service processor cards mentioned in the chapter refer to LSBM1NATB boards. 2.1 URPF Overview Unicast reverse path forwarding (URPF) serves as a safeguard against source address spoofing attacks.
Page 969 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 2 URPF Configuration Enable URPF on ports Display port configuration information Clear URPT statistical counters to zero Use the urpf enable command to enable URPF for a certain VLAN port and specify the service process board where the port locates.
Page 970: Urpf Configuration Example I
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 2 URPF Configuration Item Command Description Quit to system view quit Enter VLAN interface vlan-interface vlan-id interface view Required. Enable URPF in VLAN interface view. Specify Enable URPF on a...
Page 971 [H3C-acl-link-4000] rule 0 permit ip egress 01-02-03 00-00-00 # Configure packet redirecting on the corresponding Ethernet port. [H3C] interface ethernet 3/1/30 [H3C] flow-template user-defined [H3C-Ethernet3/1/30] traffic-redirect inbound link-group 4000 slot 5 vlan 1000 [H3C-Ethernet3/1/30] quit [H3C] interface GigabitEthernet 6/1/2 [H3C-GigabitEthernet6/1/2] flow-template user-defined...
Page 972: Urpf Configuration Example Ii
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 2 URPF Configuration [H3C] interface vlan 1000 [H3C-Vlan-Interface1000] urpf enable to slot 5 2.4 URPF Configuration Example II I. Network requirements NAT board is placed in slot 5. Create two virtual interfaces, VLAN interface 1000 and VLAN interface 1001; enable URPF on them and use the NAT service processor card in slot 5 to perform URPF check.
Page 973 [H3C] acl number 4000 # Permit the IP packets going into VLAN 1000 and the DMAX should be the virtual interface MAC00e0-fc39-a9b8. [H3C-acl-link-4000] rule 0 permit ip ingress 1000 egress 00e0-fc39-a9b8 0000-0000-0000 # Permit the IP packets going into VLAN 1001.
Page 974: Chapter 3 Vpls Configuration
With VPLS, users in different areas can be connected with each other through MAN/WAN just like they are in one LAN. S9500 series provide a VPLS solution. This solution uses MPLS-based virtual links as the links of Ethernet bridges and provides transparent transmission LAN services (TLS) over MPLS networks.
Page 975: Basic Vpls Network Architectures
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Acronym Full name Network provider edge Provider edge router Pseudo wires Penultimate hop popping User facing-provider edge Virtual leased line VPLS Virtual private LAN service Virtual switch instance Label switch path 3.2 Basic VPLS Network Architectures...
Page 976: Vpls Operational Principle
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Figure 3-2 Hierarchical VPLS network architecture As shown in Figure 3-2, the network topology of the VPLS network is hierarchical, and the access range of the network is expansible. The core devices (NPEs) in the core...
Page 977 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Figure 3-3 L2VPN universal transmission components The transmission components and their functions in a VPLS network are as follows: I. Attachment circuit An attachment circuit (AC) is a virtual connection link between CE and PE. User’s layer 2 and layer 3 data are transmitted to the peer site through AC without any modification.
Page 978: Concepts Related To Vpls
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration V. Encapsulation Standard PW encapsulation formats and technique are adopted when packets are transmitted over PWs. VPLS packets carried on PWs have two encapsulation modes: Tagged and Raw.
Page 979: Vsi
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration II. VLL This is a kind of point-to-point L2VPN service provided on public networks. VLL can connect two sites with each other as if they are directly connected by cables. However, it cannot provide switching directly between multiple points at the service provider level.
Page 980: Configuring Routing Protocols
(RIP), open shortest path first (OSPF), exterior border gateway protocol (EBGP), and so on. For specific configuration, refer to S9500 Series Routing Switches Operation Manual – Routing Protocol. 3.5.2 Configuring Basic MPLS Functions Configure basic MPLS functions to create LSP tunnels over public network.
Page 981: Configuring Ldp Expansion Session Peer
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration 3.5.3 Configuring LDP Expansion Session Peer Configure LDP remote peer to set up LDP remote session. I. Entering the remote-peer mode Perform the following configuration in system view.
Page 982: Creating A Vpls Instance
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration By default, MPLS L2VPN is disabled. 3.5.5 Creating a VPLS Instance I. Specifying a VPLS instance name Use the vsi command to create a VPLS instance or enter VSI view. When creating a...
Page 983: Configuring Vlan For User Access And Binding A Vlps Instance
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration III. Configuring an IP address of a peer PE Use the peer command to create a VPLS peer PE contained in an instance. When you create a VPLS peer PE, you must specify an IP address and peer type for the peer PE.
Page 984: Configuring Static Mac Address
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Caution: If any of GVRP, STP and 802.1x protocols is enabled on a port, you cannot enable VLAN VPN on the port; If IGMP Snooping is enabled in the VLAN to which the port belongs or if IGMP is enabled on the VLAN interface to which the port belongs, it is not allowed to enable VLAN VPN on the port, and vice versa;...
Page 985: Configuring User-Defined Flow Template
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Caution: User access mode of VSI determines whether you should enable VLAN-VPN on a port or not. If the access mode is Ethernet, you must enable VLAN-VPN on the access port such that your private VLAN Tag can be properly transferred.
Page 986: Configuring Acl Rules
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration When you define the flow template, the total size of all the elements in the template must be less than 16 bytes. 3.5.10 Configuring ACL rules Use the following commands to define a Layer 2 ACL.
Page 987: Configuring Vpls Characteristics
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Operation Command undo traffic-redirect inbound link-group Remove packet redirection acl-number [ rule rule ] Note: After you configure packet redirection, the ports of the public network add to the VALN (specified join-vlan).
Page 988 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Table 3-17 Configure VPN broadcast suppression percentage Operation Command Configure VPN broadcast suppression broadcast-restrain restrain-number percentage By default, VPN broadcast suppression percentage is 5%. III. Configuring packet MTU Use the mtu command to specify the maximum transmission unit (MTU) value for user access packets of this VPLS instance, which is in the range of 128 to 8,192.
Page 989: Displaying And Debugging Vpls
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration Table 3-20 Configure other VPLS characteristics Operation Command description TEXT Define/remove a description of this VPLS instance undo description shut Disable/enable the VPN service of the VPLS instance...
Page 990: Vpls Basic Configuration Example
3.7 VPLS Basic Configuration Example I. Network requirements S9500 series switch support all kinds of VPLS architectures and networking. Figure 3-4 shows a simple back-to-back network diagram. Where, two sites of VPN1 connect to port E6/1/48 of the two PEs (PE1 and PE2) respectively. Both PEs are configured with the private VLAN 100 and public VLAN 10 connected through G4/1/1 to implement basic VPLS service.
Page 991 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration # Configure a public VLAN, add a port to it, configure an IP address for the virtual interface, then, enable MPLS and MPLS LDP on the interface.
Page 992 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration [PE1] acl number 4000 [PE1-acl-link-4000] rule 0 permit mpls l2label-range ingress any egress any [PE1-acl-link-4000] quit # Define user flow template in port view and configure redirection rule to redirect VPLS packets back from the public network to the VPLS service processor card and specify the VLAN ID of the redirection flow.
Page 993: Troubleshooting Vpls
Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration [PE2] mpls ldp remote-peer 1 [PE2-mpls-remote2] remote-ip 5.6.7.8 # Enable L2VPN globally. [PE2] mpls l2vpn # Configure a VPLS instance and VSI-ID (VPN-ID). Enter VSI-LDP view to configure the IP address for PE1.
Page 994 Operation Manual – NAT-URPF-VPLS H3C S9500 Series Routing Switches Chapter 3 VPLS Configuration The LSP tunnel over the public network is not set up for the two ends: verify that the route is available on both ends, you can successfully ping the loopback port of the peer, and the LDP session is normal.
Page 995 Operation Manual – Integrated Management H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 HGMP V1 Configuration ....................1-1 1.1 HGMP V1 Overview......................1-1 1.2 HGMP Server Configuration ....................1-2 1.2.1 Enabling HGMP Server on a Management Device ........1-2 1.2.2 Upgrading Software on an Ethernet Switch through the Management Device1-3...
Page 996: Chapter 1 Hgmp V1 Configuration
It also maintains the communication with the management device. HGMP V1 can be implemented as follows: Use a H3C S9500 series routing switch as the HGMP Server, with Ethernet switches attached to it as the HGMP Clients. Use S2403F or S2008B/S2016B/S2026B/S3026 Ethernet switches as the HGMP Clients, other switches as the HGMP Servers.
Page 997: Hgmp Server Configuration
Note: An S3026/S2008/S2016/S2026/S2403H Ethernet switch can either be an HGMP Client and be under administration of a H3C S9500 series routing switch or be an HGMP Server and administrate Ethernet switches. But it cannot be both an HGMP Client and an HGMP Server simultaneously in a network.
Page 998: Upgrading Software On An Ethernet Switch Through The Management Device1-3
Operation Manual – Integrated Management H3C S9500 Series Routing Switches Chapter 1 HGMP V1 Configuration Operation Command spanning-hub { enable | Configure the Ethernet switches connected to the disable } slotno subslot port to be organized in star topology in HGMP view.
Page 999 For more information about the tftp get command, refer to H3C S9500 Series Routing Switches Command Manual.
Page 1000 Table 1-6 Delete a upgrade program from the management device Operation Command Delete a upgrade program from the delete [ /unreserved ] file-url management device For more information about the delete command, refer to H3C S9500 Series Routing Switches Command Manual.

This manual is also suitable for:

S9505 S9508 S9512

H3C S9500 Series Operation Manual

Table of Contents

Chapter 1 Product Overview

Chapter 2 Logging in to Switch

Chapter 3 Command Line Interface

Chapter 4 User Interface Configuration

Chapter 5 Management Interface Configuration

Chapter 6 Password Control Configuration

Igmp Configuration/Pim-DM Configuration

Chapter 7 PIM-SM Configuration

Chapter 8 MSDP Configuration

Chapter 9 MBGP Multicast Extension Configuration

Acl Configuration/Qos Configuration

Table of Contents

Table of Contents

Quick Links

Chapters

Troubleshooting

Related Manuals for H3C S9500 Series

Summary of Contents for H3C S9500 Series