H3C F5020 Interface Configuration Manual
Firewall devices
Hide thumbs
Also See for F5020:
- Installation manual (64 pages) ,
- Manual (41 pages) ,
- Configuration manual (39 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for H3C F5020
Summary of Contents for H3C F5020
- Page 1 H3C Firewall Devices Interface Configuration Guide (Comware V7) Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: F5020/F5040 firewalls ESS9304 M9006/M9010/M9014 security gateways ESS9114 VFW1000 virtual firewalls ESS9204 Document version: 5W100-20150116...
- Page 2 Copyright © 2015, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
- Page 3 Preface The H3C firewall devices configuration guides (Comware V7) describe the software features and configuration procedures for the Comware V7-based firewall devices in "Applicable devices." These guides also provide configuration examples to help you apply software features to different network scenarios.
- Page 4 Network administrators working with the firewall devices. • Conventions This section describes the conventions used in this document. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.
- Page 5 Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG card. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. About the H3C firewall documentation set The H3C firewall documentation set includes: Category Documents...
- Page 6 [Products & Solutions]—Provides information about products and technologies, as well as solutions. [Software Download]—Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
-
Page 7: Table Of Contents
Contents Bulk configuring interfaces ·········································································································································· 1 Configuration restrictions and guidelines ······················································································································· 1 Configuration procedure ·················································································································································· 2 Displaying and maintaining bulk interface configuration ····························································································· 2 Configuring Ethernet interfaces ··································································································································· 3 Configuring common Ethernet interface settings ··········································································································· 3 ... -
Page 8: Bulk Configuring Interfaces
The maximum number of interface range names is limited only by the system resources. To • guarantee bulk interface configuration performance, H3C recommends that you configure fewer than 1000 interface range names. After a command is executed in interface range view, one of the following situations might occur: •... -
Page 9: Configuration Procedure
Configuration procedure Step Command Remarks Enter system view. system-view • interface range { interface-type interface-number [ to interface-type By using the interface range name interface-number ] } &<1-5> command, you assign a name to an Enter interface range • interface range and can specify this interface range name name view. -
Page 10: Configuring Ethernet Interfaces
Configuring Ethernet interfaces Your device supports the following types of Ethernet interfaces: Layer 2 Ethernet interfaces—Physical Ethernet interfaces operating at the data link layer (Layer 2) • to switch packets. Layer 3 Ethernet interfaces—Physical Ethernet interfaces operating at the network layer (Layer 3) to •... -
Page 11: Configuring Basic Settings Of An Ethernet Interface Or Subinterface
If the copper port is active, the combo enable fiber command does not exist in the output. Changing the active port of a combo interface Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number Activate the copper combo By default, the copper combo port combo enable { copper | fiber } port or fiber combo port. -
Page 12: Configuring The Link Mode Of An Ethernet Interface
After you change the link mode of an Ethernet interface, all commands (except the shutdown and combo enable commands) on the Ethernet interface are restored to their defaults in the new link mode. The following matrix shows the feature and hardware compatibility: Hardware Link mode configuration compatibility F5020/F5040 M9006/M9010/M9014 VFW1000... -
Page 13: Configuring Jumbo Frame Support
Configuring jumbo frame support The following matrix shows the feature and hardware compatibility: Hardware Jumbo frame support compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 An Ethernet interface might receive frames larger than the standard Ethernet frame size during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames. -
Page 14: Configuring Physical State Change Suppression On An Ethernet Interface
Do not enable this feature on an interface with MSTP enabled. The following matrix shows the feature and hardware compatibility: Hardware Physical state change suppression compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 The physical link state of an Ethernet interface is either up or down. Each time the physical link of an interface comes up or goes down, the interface immediately reports the change to the CPU. -
Page 15: Configuring Dampening On An Ethernet Interface
Step Command Remarks By default, physical state change suppression is disabled on an Ethernet interface. You can configure different suppression intervals Configure physical link-delay [ msec ] for link-up and link-down events. state change delay-time [ mode { up | If you configure this command multiple times for suppression. -
Page 16: Performing A Loopback Test On An Ethernet Interface
Figure 1 Change rule of the penalty value Penalty Ceiling Suppress limit Reuse limit Time Not suppressed Suppressed Not suppressed Configuration restrictions and guidelines When you configure dampening on an Ethernet interface, follow these restrictions and guidelines: The dampening command and the link-delay command cannot be configured together on an •... -
Page 17: Configuring Generic Flow Control On An Ethernet Interface
Hardware Loopback test compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the problem. An Ethernet interface in a loopback test does not forward data traffic. Loopback tests include the following types: Internal loopback test—Tests all on-chip functions associated with the Ethernet interface. -
Page 18: Setting The Statistics Polling Interval
Setting the statistics polling interval The following matrix shows the supported views of firewall devices for the feature: Hardware Supported views F5020/F5040 Ethernet interface view M9006/M9010/M9014 Ethernet interface view VFW1000 System view To set the statistics polling interval in system view:... -
Page 19: Enabling Subinterface Rate Statistics Collection On An Ethernet Interface
Use this feature with caution, because it might consume a large amount of system resources. The following matrix shows the feature and hardware compatibility: Subinterface rate statistics collection Hardware compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 The following matrix shows the feature and hardware compatibility: Subinterface rate statistics collection... -
Page 20: Forcibly Bringing Up A Fiber Port
Forcibly bringing up a fiber port The following matrix shows the feature and hardware compatibility: Hardware Forcibly bringing up fiber ports compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 As shown in Figure 2, a fiber port uses separate fibers for transmitting and receiving packets. The physical state of the fiber port is up only when both transmit and receive fibers are physically connected. - Page 21 Figure 2 Forcibly bring up a fiber port Configuration restrictions and guidelines When you forcibly bring up a fiber port, follow these restrictions and guidelines: • The port up-mode command is mutually exclusive with the shutdown command. A fiber port forcibly brought up stays physically up whether or not a transceiver module or a fiber •...
-
Page 22: Configuring A Layer 2 Ethernet Interface
For a combo interface, only its copper combo port supports this feature. The following matrix shows the feature and hardware compatibility: Hardware Speed autonegotiation options compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 By default, speed autonegotiation enables an Ethernet interface to negotiate with its peer for the highest speed that both ends support. -
Page 23: Configuring Storm Suppression
To avoid congestion on GigabitEthernet 1/0/4, configure 100 Mbps as the only option available for speed negotiation on interfaces GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3. As a result, the transmission rate on each interface connected to a server is limited to 100 Mbps. To set speed options for autonegotiation on an Ethernet interface: Step Command... -
Page 24: Configuring Storm Control On An Ethernet Interface
Step Command Remarks Enable unknown unicast suppression and set the unicast-suppression { ratio | pps By default, unknown unicast unknown unicast suppression max-pps | kbps max-kbps } suppression is disabled. threshold. Configuring storm control on an Ethernet interface About storm control Storm control compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet interface. -
Page 25: Setting The Mdix Mode Of An Ethernet Interface
Step Command Remarks The default setting is 10 seconds. (Optional.) Set the statistics For network stability, use the polling interval of the storm storm-constrain interval seconds default or set a longer statistics control module. polling interval. interface interface-type Enter Ethernet interface view. interface-number (Optional.) Enable storm storm-constrain { broadcast |... -
Page 26: Testing The Cable Connection Of An Ethernet Interface
Configure the interface to operate in the same MDIX mode as its peer. Configure either end to operate in AutoMDIX mode. To set the MDIX mode of an Ethernet interface: Step Command Remarks Enter system view. system-view interface interface-type Enter Ethernet interface view. interface-number By default, a copper Ethernet Set the MDIX mode of the... -
Page 27: Configuring The Mac Address Of An Ethernet Interface Or Subinterface
Ethernet subinterface is the same as the of the Ethernet interface or mac-address mac-address MAC address of its main interface. subinterface. H3C recommends not configuring a MAC address in the VRRP-reserved MAC address range for a Layer 3 Ethernet subinterface. -
Page 28: Displaying And Maintaining An Ethernet Interface Or Subinterface
Displaying and maintaining an Ethernet interface or subinterface Execute display commands in any view and reset commands in user view. Task Command display counters { inbound | outbound } interface [ interface-type Display interface traffic statistics. [ interface-number | interface-number.subnumber ] ] Display traffic rate statistics of interfaces in display counters rate { inbound | outbound } interface up state over the last statistics polling... -
Page 29: Configuring Loopback, Null, And Inloopback Interfaces
Configuring loopback, null, and inloopback interfaces This chapter describes how to configure a loopback interface, a null interface, and an inloopback interface. Configuring a loopback interface A loopback interface is a virtual interface. The physical layer state of a loopback interface is always up unless the loopback interface is manually shut down. -
Page 30: Configuring A Null Interface
Configuring a null interface A null interface is a virtual interface and is always up, but you cannot use it to forward data packets or configure it with an IP address or link layer protocol. The null interface provides a simpler way to filter packets than ACL. -
Page 31: Configuring Blade Interfaces
For more information, see ACL and QoS Configuration Guide and ACL and QoS Command Reference. Feature and hardware compatibility Hardware Blade interface compatibility F5020/F5040 M9006/M9010/M9014 VFW1000 Displaying and maintaining a Blade interface Execute display commands in any view and reset commands in user view. -
Page 32: Index
Index C D F O Displaying and maintaining a Blade interface,24 Displaying and maintaining an Ethernet interface or Configuration procedure,2 subinterface,21 Configuration restrictions and guidelines,1 Displaying and maintaining bulk interface Configuring a Layer 2 Ethernet interface,15 configuration,2 Configuring a Layer 3 Ethernet interface or Displaying and maintaining loopback, null, and subinterface,19 inloopback...
Need help?
Do you have a question about the F5020 and is the answer not in the manual?
Questions and answers